| |
| |||||||
Log-Analyse und Auswertung: DealFinder eingefangen!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.06.2013, 20:19
| #1 |
| |  DealFinder eingefangen! Hallo zusammen, ich habe mir den sog. DealFinder eingefangen. Überall im Browser bekomme ich diese nervigen Werbefenster mit dem DealFinder Tag. Könnt ihr mir helfen mein System wieder auf sauberen Stand zu bringen? Hier mal die Logs von FRST: Frst.txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-06-2013 01
Ran by Thomas (administrator) on 20-06-2013 20:46:24
Running from F:\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Users\Thomas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ICQ, LLC.) C:\Program Files (x86)\ICQ7.7\ICQ.exe
(GARMIN Corp.) C:\Program Files (x86)\Garmin\Training Center\gStart.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Google) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Sysinternals - www.sysinternals.com) D:\SysinternalsSuite\autoruns.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [Ocs_SM] C:\Users\Thomas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2012-06-14] (OCS)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1832760 2012-09-20] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Google Update] "C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-04-29] (Google Inc.)
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKCU\...\Run: [HotKeyMan] [x]
HKCU\...\Run: [ICQ] "C:\Program Files (x86)\ICQ7.7\ICQ.exe" silent loginmode=4 [127040 2012-06-14] (ICQ, LLC.)
HKCU\...\Run: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKCU\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [1476104 2012-12-20] (Samsung)
HKCU\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]
HKCU\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
MountPoints2: {119ccf16-920e-11e1-ab31-806e6f6e6963} - K:\autorun.exe start.html
MountPoints2: {b4bc65b5-936f-11e1-8c1e-0002721e378f} - I:\start.exe /auto
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-07-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk
ShortcutTarget: Quicken Jubiläumsversion Zahlungserinnerung.lnk -> C:\Windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - {04F7F256-1ABF-49E8-9DB2-9E9EC6D22B0A} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=a6b196e4-c379-4a6d-b75c-c5cf82881128&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {0B3208FC-1990-4DFF-9555-8A432648A39E} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=a6b196e4-c379-4a6d-b75c-c5cf82881128&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {2838FC7A-9A63-4415-984F-3E45B44DC726} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=a6b196e4-c379-4a6d-b75c-c5cf82881128&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {73E46E3F-5FA5-4946-868D-CD1EDA8235CE} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=a6b196e4-c379-4a6d-b75c-c5cf82881128&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {C5689987-DAA2-4AAF-9AD2-E12F4D3A7870} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=a6b196e4-c379-4a6d-b75c-c5cf82881128&pid=murb&mode=bounce&k=0
SearchScopes: HKCU - {F9A5D7E9-03F6-44F9-92A9-767CB68D9935} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=a6b196e4-c379-4a6d-b75c-c5cf82881128&pid=murb&mode=bounce&k=0
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Plus-HD-2.6 - {11111111-1111-1111-1111-110311341140} - C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-bho.dll (Plus HD)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1026/Navigram.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\avdtadxr.default
FF Homepage: about:home
FF NetworkProxy: "http", "210.212.83.242"
FF NetworkProxy: "http_port", 1080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Citrix.com/npagee64,version=9.3.50.3 - C:\Program Files\Citrix\Secure Access Client\npagee64.dll (Citrix Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Citrix.com/npagee,version=9.3.50.3 - C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\avdtadxr.default\Extensions\7f404ccc-b0a9-4faf-b3c0-89ceea949aea@a6724a05-9380-4ebe-be02-e67e35a3402c.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\avdtadxr.default\Extensions\ich@maltegoetz.de
FF Extension: admin - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\avdtadxr.default\Extensions\admin@proxy-listen.de.xpi
FF Extension: proxyselector - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\avdtadxr.default\Extensions\proxyselector@mozilla.org.xpi
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Citrix Access Gateway) - C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npagee.dll (Citrix Systems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Google Update) - C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (ProxTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.3_0
CHR Extension: (Google Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Plus-HD-2.6) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfeggemggokijeahnacacopejaabljl\1.23.7_0
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 HPSLPSVC; C:\Users\Thomas\AppData\Local\Temp\7zS6764\hpslpsvc64.dll [1039360 2011-11-14] (Hewlett-Packard Co.)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-02] ()
R2 SearchAnonymizer; C:\Users\Thomas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2012-06-14] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2013-04-30] ()
==================== Drivers (Whitelisted) ====================
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-14] (Google Inc)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-01] (DT Soft Ltd)
S3 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [769816 2011-07-09] (www.ext2fsd.com)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
S3 VSPerfDrv100; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 VSPerfDrv100; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
U2 V2iMount;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-20 20:46 - 2013-06-20 20:46 - 00000000 ____D C:\FRST
2013-06-18 17:41 - 2013-06-18 17:41 - 00000000 ____D C:\Users\Thomas\Documents\Apowersoft Free Screen Recorder
2013-06-18 17:40 - 2013-06-18 17:40 - 05660536 ____A (Apowersoft ) C:\Users\Thomas\Desktop\apowersoft-free-screen-recorder.exe
2013-06-18 17:40 - 2013-06-18 17:40 - 00001432 ____A C:\Users\Public\Desktop\Apowersoft Free Screen Recorder.lnk
2013-06-18 17:40 - 2013-06-18 17:40 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Apowersoft
2013-06-18 17:40 - 2013-06-18 17:40 - 00000000 ____D C:\Program Files (x86)\Apowersoft
2013-06-18 17:40 - 2013-02-07 22:44 - 00584952 ___AH (Bytescout) C:\Windows\System32\ApowersoftScreenCapturing.dll
2013-06-18 17:40 - 2013-02-07 22:44 - 00429816 ___AH (Bytescout) C:\Windows\SysWOW64\ApowersoftScreenCapturing.dll
2013-06-18 17:40 - 2013-02-07 22:44 - 00372984 ___AH (Bytescout) C:\Windows\System32\ApowersoftScreenCapturingFilter.dll
2013-06-18 17:40 - 2013-02-07 22:44 - 00261880 ___AH (Bytescout) C:\Windows\SysWOW64\ApowersoftScreenCapturingFilter.dll
2013-06-18 17:40 - 2013-02-07 22:44 - 00231672 ___AH (Bytescout) C:\Windows\System32\ApowersoftVideoMixerFilter.dll
2013-06-18 17:40 - 2013-02-07 22:44 - 00175864 ___AH (Bytescout) C:\Windows\SysWOW64\ApowersoftVideoMixerFilter.dll
2013-06-18 17:40 - 2012-10-08 19:52 - 00031968 ____A (Wondershare) C:\Windows\System32\Drivers\Apowersoft_AudioDevice.sys
2013-06-18 17:39 - 2013-06-18 17:39 - 00004521 ____A C:\Users\Thomas\AppData\Roaming\CamStudio.cfg
2013-06-18 17:39 - 2013-06-18 17:39 - 00000408 ____A C:\Users\Thomas\AppData\Roaming\CamShapes.ini
2013-06-18 17:39 - 2013-06-18 17:39 - 00000408 ____A C:\Users\Thomas\AppData\Roaming\CamLayout.ini
2013-06-18 17:39 - 2013-06-18 17:39 - 00000042 ____A C:\Users\Thomas\AppData\Roaming\Camdata.ini
2013-06-18 17:37 - 2013-06-18 17:37 - 00000000 ____D C:\Program Files (x86)\CamStudio 2.7
2013-06-18 17:29 - 2013-06-18 17:29 - 00000000 ____D C:\Users\Thomas\Desktop\aufnahme
2013-06-18 17:27 - 2013-06-20 18:13 - 00001906 ____A C:\Windows\Tasks\Plus-HD-2.6-chromeinstaller.job
2013-06-18 17:27 - 2013-06-20 18:13 - 00001832 ____A C:\Windows\Tasks\Plus-HD-2.6-firefoxinstaller.job
2013-06-18 17:27 - 2013-06-20 18:13 - 00001200 ____A C:\Windows\Tasks\Plus-HD-2.6-codedownloader.job
2013-06-18 17:27 - 2013-06-20 18:13 - 00001196 ____A C:\Windows\Tasks\Plus-HD-2.6-updater.job
2013-06-18 17:27 - 2013-06-20 18:13 - 00001100 ____A C:\Windows\Tasks\Plus-HD-2.6-enabler.job
2013-06-18 17:27 - 2013-06-18 17:27 - 04898854 ____A C:\Users\Thomas\Desktop\setupautoscreenrecorderfree_3.1.115.exe
2013-06-18 17:27 - 2013-06-18 17:27 - 04808816 ____A (Bflyya) C:\Users\Thomas\Desktop\plus-hd-2-6.exe
2013-06-18 17:27 - 2013-06-18 17:27 - 00002060 ____A C:\Users\Thomas\Desktop\AutoScreenRecorder 3.1 Free.lnk
2013-06-18 17:27 - 2013-06-18 17:27 - 00002060 ____A C:\Users\SamsungTest\Desktop\AutoScreenRecorder 3.1 Free.lnk
2013-06-18 17:27 - 2013-06-18 17:27 - 00000000 ____D C:\Program Files (x86)\Wisdom-soft AutoScreenRecorder 3 Free
2013-06-18 17:27 - 2013-06-18 17:27 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.6
2013-06-16 16:32 - 2013-06-16 16:32 - 00000000 ____D C:\Program Files (x86)\Hex-Editor MX
2013-06-16 14:16 - 2013-06-16 14:16 - 00000000 ____D C:\Program Files\Ext2Fsd
2013-06-16 14:16 - 2011-07-09 01:32 - 00769816 ____A (www.ext2fsd.com) C:\Windows\System32\Drivers\ext2fsd.sys
2013-06-16 11:33 - 2013-06-16 11:33 - 00001164 ____A C:\Users\Public\Desktop\Synology Assistant.lnk
2013-06-16 11:33 - 2013-06-16 11:33 - 00000000 ____D C:\ProgramData\Synology
2013-06-16 11:33 - 2013-06-16 11:33 - 00000000 ____D C:\Program Files (x86)\Synology
2013-06-15 18:11 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 18:11 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 18:11 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 18:11 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 18:11 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 18:11 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 18:11 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 18:11 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 18:11 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 18:11 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-15 18:10 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 18:10 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 23:05 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 23:05 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 23:05 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 23:05 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 23:05 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 23:05 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 23:05 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 23:05 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 23:05 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 23:05 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 23:05 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 23:05 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 23:05 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 23:05 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 23:05 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 23:05 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 23:05 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 23:05 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 23:05 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 17:38 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 17:38 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 17:38 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 17:38 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 17:38 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 17:38 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 17:38 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 17:38 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 17:38 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 17:38 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 17:38 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 17:38 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 17:38 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 17:38 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 17:38 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 17:38 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 17:38 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 17:38 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 17:38 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-09 15:09 - 2013-06-09 15:09 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-28 23:49 - 2013-05-28 23:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-23 21:48 - 2013-05-23 21:56 - 00034610 ____A C:\Windows\DPINST.LOG
2013-05-22 23:00 - 2013-05-22 23:00 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-22 23:00 - 2013-05-22 23:00 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-22 23:00 - 2013-05-22 23:00 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-05-22 23:00 - 2013-05-22 23:00 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-22 23:00 - 2013-05-22 23:00 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-22 23:00 - 2013-05-22 23:00 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-22 23:00 - 2013-05-22 23:00 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-22 23:00 - 2013-05-22 23:00 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-05-22 23:00 - 2013-05-22 23:00 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-05-22 22:59 - 2013-05-22 23:04 - 00009228 ____A C:\Windows\IE10_main.log
==================== One Month Modified Files and Folders =======
2013-06-20 20:46 - 2013-06-20 20:46 - 00000000 ____D C:\FRST
2013-06-20 20:36 - 2012-04-29 18:41 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3400329253-3998918881-1476899671-1001UA.job
2013-06-20 20:13 - 2012-05-06 11:15 - 00000000 ____D C:\Users\Thomas\Documents\Outlook-Dateien
2013-06-20 20:02 - 2009-07-14 06:51 - 00302128 ____A C:\Windows\setupact.log
2013-06-20 19:52 - 2012-04-29 18:38 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-20 18:37 - 2012-04-29 18:41 - 00002374 ____A C:\Users\Thomas\Desktop\Google Chrome.lnk
2013-06-20 18:36 - 2012-04-29 18:41 - 00001072 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3400329253-3998918881-1476899671-1001Core.job
2013-06-20 18:19 - 2009-07-14 06:45 - 00013584 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-20 18:19 - 2009-07-14 06:45 - 00013584 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-20 18:16 - 2009-07-14 19:58 - 00766530 ____A C:\Windows\System32\perfh007.dat
2013-06-20 18:16 - 2009-07-14 19:58 - 00174416 ____A C:\Windows\System32\perfc007.dat
2013-06-20 18:16 - 2009-07-14 07:13 - 01808802 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-20 18:13 - 2013-06-18 17:27 - 00001906 ____A C:\Windows\Tasks\Plus-HD-2.6-chromeinstaller.job
2013-06-20 18:13 - 2013-06-18 17:27 - 00001832 ____A C:\Windows\Tasks\Plus-HD-2.6-firefoxinstaller.job
2013-06-20 18:13 - 2013-06-18 17:27 - 00001200 ____A C:\Windows\Tasks\Plus-HD-2.6-codedownloader.job
2013-06-20 18:13 - 2013-06-18 17:27 - 00001196 ____A C:\Windows\Tasks\Plus-HD-2.6-updater.job
2013-06-20 18:13 - 2013-06-18 17:27 - 00001100 ____A C:\Windows\Tasks\Plus-HD-2.6-enabler.job
2013-06-20 18:13 - 2012-04-29 19:09 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\ICQ
2013-06-20 18:12 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-19 01:25 - 2012-04-29 17:21 - 01164505 ____A C:\Windows\WindowsUpdate.log
2013-06-19 01:24 - 2012-04-29 18:54 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\vlc
2013-06-18 17:41 - 2013-06-18 17:41 - 00000000 ____D C:\Users\Thomas\Documents\Apowersoft Free Screen Recorder
2013-06-18 17:40 - 2013-06-18 17:40 - 05660536 ____A (Apowersoft ) C:\Users\Thomas\Desktop\apowersoft-free-screen-recorder.exe
2013-06-18 17:40 - 2013-06-18 17:40 - 00001432 ____A C:\Users\Public\Desktop\Apowersoft Free Screen Recorder.lnk
2013-06-18 17:40 - 2013-06-18 17:40 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Apowersoft
2013-06-18 17:40 - 2013-06-18 17:40 - 00000000 ____D C:\Program Files (x86)\Apowersoft
2013-06-18 17:39 - 2013-06-18 17:39 - 00004521 ____A C:\Users\Thomas\AppData\Roaming\CamStudio.cfg
2013-06-18 17:39 - 2013-06-18 17:39 - 00000408 ____A C:\Users\Thomas\AppData\Roaming\CamShapes.ini
2013-06-18 17:39 - 2013-06-18 17:39 - 00000408 ____A C:\Users\Thomas\AppData\Roaming\CamLayout.ini
2013-06-18 17:39 - 2013-06-18 17:39 - 00000042 ____A C:\Users\Thomas\AppData\Roaming\Camdata.ini
2013-06-18 17:37 - 2013-06-18 17:37 - 00000000 ____D C:\Program Files (x86)\CamStudio 2.7
2013-06-18 17:29 - 2013-06-18 17:29 - 00000000 ____D C:\Users\Thomas\Desktop\aufnahme
2013-06-18 17:27 - 2013-06-18 17:27 - 04898854 ____A C:\Users\Thomas\Desktop\setupautoscreenrecorderfree_3.1.115.exe
2013-06-18 17:27 - 2013-06-18 17:27 - 04808816 ____A (Bflyya) C:\Users\Thomas\Desktop\plus-hd-2-6.exe
2013-06-18 17:27 - 2013-06-18 17:27 - 00002060 ____A C:\Users\Thomas\Desktop\AutoScreenRecorder 3.1 Free.lnk
2013-06-18 17:27 - 2013-06-18 17:27 - 00002060 ____A C:\Users\SamsungTest\Desktop\AutoScreenRecorder 3.1 Free.lnk
2013-06-18 17:27 - 2013-06-18 17:27 - 00000000 ____D C:\Program Files (x86)\Wisdom-soft AutoScreenRecorder 3 Free
2013-06-18 17:27 - 2013-06-18 17:27 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.6
2013-06-16 23:25 - 2013-04-17 22:40 - 00000600 ____A C:\Users\Thomas\AppData\Roaming\winscp.rnd
2013-06-16 22:34 - 2013-04-13 02:06 - 00000600 ____A C:\Users\Thomas\AppData\Local\PUTTY.RND
2013-06-16 16:32 - 2013-06-16 16:32 - 00000000 ____D C:\Program Files (x86)\Hex-Editor MX
2013-06-16 14:16 - 2013-06-16 14:16 - 00000000 ____D C:\Program Files\Ext2Fsd
2013-06-16 11:33 - 2013-06-16 11:33 - 00001164 ____A C:\Users\Public\Desktop\Synology Assistant.lnk
2013-06-16 11:33 - 2013-06-16 11:33 - 00000000 ____D C:\ProgramData\Synology
2013-06-16 11:33 - 2013-06-16 11:33 - 00000000 ____D C:\Program Files (x86)\Synology
2013-06-13 22:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 23:05 - 2012-04-29 18:57 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 20:52 - 2012-04-29 18:38 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 20:52 - 2012-04-29 18:38 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-09 18:39 - 2012-06-03 15:24 - 00002036 ___AH C:\Users\Thomas\Documents\Default.rdp
2013-06-09 15:09 - 2013-06-09 15:09 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-09 15:09 - 2012-07-08 00:45 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-09 15:09 - 2012-05-01 11:40 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-09 15:09 - 2012-05-01 11:40 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-09 15:09 - 2012-05-01 11:40 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-09 15:09 - 2012-05-01 11:40 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-09 15:09 - 2012-05-01 11:40 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-09 14:49 - 2012-07-15 16:38 - 00000869 ____A C:\Windows\wiso.ini
2013-06-09 14:37 - 2012-07-15 16:38 - 00000000 ____D C:\Users\Thomas\AppData\Local\Buhl
2013-06-09 14:37 - 2012-07-15 16:38 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2013-06-09 14:37 - 2012-07-15 16:38 - 00000000 ____D C:\Program Files (x86)\WISO
2013-06-09 14:37 - 2012-04-29 19:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-08 16:08 - 2013-06-15 18:11 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 18:10 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 18:11 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 18:11 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 18:11 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 18:11 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 18:11 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 18:11 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 18:11 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 18:11 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:40 - 2013-06-15 18:10 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:13 - 2013-06-15 18:11 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-30 10:35 - 2012-04-29 18:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-28 23:49 - 2013-05-28 23:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-27 21:33 - 2012-05-01 11:43 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-05-23 21:56 - 2013-05-23 21:48 - 00034610 ____A C:\Windows\DPINST.LOG
2013-05-23 18:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-05-22 23:04 - 2013-05-22 22:59 - 00009228 ____A C:\Windows\IE10_main.log
2013-05-22 23:00 - 2013-05-22 23:00 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-22 23:00 - 2013-05-22 23:00 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-22 23:00 - 2013-05-22 23:00 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-05-22 23:00 - 2013-05-22 23:00 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-22 23:00 - 2013-05-22 23:00 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-22 23:00 - 2013-05-22 23:00 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-22 23:00 - 2013-05-22 23:00 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-22 23:00 - 2013-05-22 23:00 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-05-22 23:00 - 2013-05-22 23:00 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-22 23:00 - 2013-05-22 23:00 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-22 23:00 - 2013-05-22 23:00 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-13 22:37
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2013 01
Ran by Thomas at 2013-06-20 20:47:38 Run:
Running from F:\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.3) - Deutsch (Version: 10.1.3)
Amazon MP3-Downloader 1.0.17 (Version: 1.0.17)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.938.1)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
Apowersoft Free Screen Recorder V1.1.4 (Version: 1.1.4)
Arduino (Version: 1.0.5)
ArgoUML 0.34 (Version: 0.34)
Avira Free Antivirus (Version: 12.1.9.1236)
Battlefield 3™ (Version: 1.4.0.0)
Battlelog Web Plugins (Version: 2.1.2)
CamStudio version 2.7 (Version: 2.7)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (Version: 2012.1219.1520.27485)
CCC Help Czech (Version: 2012.1219.1520.27485)
CCC Help Danish (Version: 2012.1219.1520.27485)
CCC Help Dutch (Version: 2012.1219.1520.27485)
CCC Help English (Version: 2012.1219.1520.27485)
CCC Help Finnish (Version: 2012.1219.1520.27485)
CCC Help French (Version: 2012.1219.1520.27485)
CCC Help German (Version: 2012.1219.1520.27485)
CCC Help Greek (Version: 2012.1219.1520.27485)
CCC Help Hungarian (Version: 2012.1219.1520.27485)
CCC Help Italian (Version: 2012.1219.1520.27485)
CCC Help Japanese (Version: 2012.1219.1520.27485)
CCC Help Korean (Version: 2012.1219.1520.27485)
CCC Help Norwegian (Version: 2012.1219.1520.27485)
CCC Help Polish (Version: 2012.1219.1520.27485)
CCC Help Portuguese (Version: 2012.1219.1520.27485)
CCC Help Russian (Version: 2012.1219.1520.27485)
CCC Help Spanish (Version: 2012.1219.1520.27485)
CCC Help Swedish (Version: 2012.1219.1520.27485)
CCC Help Thai (Version: 2012.1219.1520.27485)
CCC Help Turkish (Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
Citrix Access Gateway Endpoint Analysis (Version: 9.3.50.3)
Citrix Online Plug-in - Web (Version: 12.1.44.1)
Citrix Online Plug-in (DV) (Version: 12.1.44.1)
Citrix Online Plug-in (HDX) (Version: 12.1.44.1)
Citrix Online Plug-in (USB) (Version: 12.1.44.1)
Citrix Online Plug-in (Web) (Version: 12.1.44.1)
Crystal Reports for Visual Studio (Version: 12.51.0.240)
CrystalDiskInfo 5.6.2 (Version: 5.6.2)
DAEMON Tools Lite (Version: 4.45.4.0315)
DDBAC (Version: 5.3.3)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Desktop Icon für Amazon (Version: 1.0.1 (de))
Dotfuscator Software Services - Community Edition - DEU (Version: 5.0.2300.0)
eReg (Version: 1.20.138.34)
ESN Sonar (Version: 0.70.4)
Ext2Fsd 0.51 (Version: 0.51)
Free M4a to MP3 Converter 7.1
Garmin Training Center (Version: 3.6.5)
GetDataBack for NTFS (Version: 4.25.000)
Google Calendar Sync
Google Chrome (Version: 27.0.1453.116)
Hex-Editor MX (Version: 6.0)
High-Definition Video Playback (Version: 11.1.11100.4.196)
ICQ 7.7 Build #6547 Banner Remover 1.0
ICQ7.7 (Version: 7.7)
ID3-TagIT 3 (Version: 3)
ImgBurn (Version: 2.5.7.0)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 31 (Version: 6.0.310)
JavaFX 2.1.1 (Version: 2.1.1)
JDownloader 0.9 (Version: 0.9)
Kalenderdruck-Assistent für Microsoft Office Outlook 2007 (Version: 12.0.6612.1000)
Kits Configuration Installer (Version: 8.59.25584)
Lexware Info Service (Version: 2.80.00.0007)
Lexware online banking (Version: 15.00.00.0005)
Logitech SetPoint 6.32 (Version: 6.32.20)
Loxone Config (Version: 4.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft ASP.NET MVC 2 - DEU (Version: 2.0.50331.0)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (Version: 2.0.50331.0)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (Version: 2.0.50217.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Facebook 32-bit (Version: 14.0.6114.5003)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Silverlight 3 SDK - Deutsch (Version: 3.0.40818.0)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server Compact 3.5 SP2 DEU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) de (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 de (Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) de (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - DEU (Version: 10.0.30319)
Microsoft Team Foundation Server 2010-Objektmodell - DEU (Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual F# 2.0 Runtime (Version: 10.0.30319)
Microsoft Visual F# 2.0 Runtime Language Pack - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Performance Collection Tools - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio 2010 Ultimate - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio Macro Tools - DEU Language Pack (Version: 9.0.30729)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
Music Manager
MyPhoneExplorer (Version: 1.8.4)
Notepad++ (Version: 6.1.2)
Oracle VM VirtualBox 4.1.6 (Version: 4.1.6)
Origin (Version: 9.0.15.65)
Paragon Backup and Recovery™ 2013 Plus Edition (Version: 90.00.0003)
PDF Settings CS6 (Version: 11.0)
Plus-HD-2.6 (Version: 1.27.153.5)
PunkBuster Services (Version: 0.991)
Quicken DELUXE Jubiläumsversion (Version: 20.36.00.0134)
Quicken Import Export Server Jubiläumsversion (Version: 20.30.00.0099)
Realtek HDMI Audio Driver for ATI (Version: 6.0.1.6519)
Realtek High Definition Audio Driver (Version: 6.0.1.6602)
Recuva (Version: 1.46)
roomeon 3D-Planer (Version: 1.4.0)
Samsung Kies (Version: 2.5.1.12123_2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
SDK Debuggers (Version: 8.59.25584)
SearchAnonymizer (Version: 1.0.1 (de))
Secure Download Manager (Version: 3.1.0)
Service Pack 1 für SQL Server 2008 (KB 968369) (64-bit) (Version: 10.1.2531.0)
Servicepack Datumsaktualisierung (Version: 1.00.00.0005)
SportTracks 3.1 (Version: 3.1.4518)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
StarUML 5.0.2.1570
StreamTransport version: 1.0.2.2171
Subversion (Version: 1.7.9)
Synology Assistant (remove only)
TeamViewer 7 (Version: 7.0.13989)
theRenamer 7.6
Trillian
TrueCrypt (Version: 7.1a)
Unity (Version: )
Unity Web Player (Version: )
Unterstützungsdateien für Microsoft SQL Server 2008-Setup (Version: 10.1.2731.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Visual Studio 2010 Prerequisites - English (Version: 10.0.30319)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (Version: 4.0.8080.0)
VLC media player 2.0.1 (Version: 2.0.1)
VLC media player 2.0.5 (Version: 2.0.5)
Web Deployment Tool (Version: 1.1.0618)
Welcome App (Start-up experience) (Version: 11.0.23500.0.0)
Wertpapieranalyse 2012 (Version: 1.01.0006)
Winamp (Version: 5.623 )
Winamp Erkennungs-Plug-in (Version: 1.0.0.1)
Windows Hotkey Explorer
Windows Software Development Kit (Version: 8.59.25584)
Windows Software Development Kit EULA (Version: 8.59.25584)
WinRAR 4.11 (64-Bit) (Version: 4.11.0)
Wisdom-soft Set up ASR 3.1 Free
WPT Redistributables (Version: 8.59.25584)
WPTx64 (Version: 8.59.25584)
XMind 2012 (v3.3.1) (Version: 3.3.1.201212250029)
==================== Restore Points =========================
11-06-2013 15:38:24 Windows Update
12-06-2013 21:04:48 Windows Update
15-06-2013 16:10:47 Windows Update
16-06-2013 09:33:42 Gerätetreiber-Paketinstallation: Synology USB-Controller
18-06-2013 15:40:46 Gerätetreiber-Paketinstallation: Apowersoft Audio-, Video- und Gamecontroller
==================== Hosts content: ==========================
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# #
# 127.0.0.1 localhost
There are more than 52 lines starting with "127.0.0.1"
==================== Scheduled Tasks (whitelisted) =============
Task: {105442A0-066A-4008-A53B-1AFE6BDEC4DD} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe No File
Task: {1DADA355-5973-4B46-9DA1-5DFBC4570366} - System32\Tasks\Plus-HD-2.6-updater => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-updater.exe [2013-06-18] (Plus HD)
Task: {29A073A4-65B0-4B63-8AAE-856293E5BBBD} - System32\Tasks\Plus-HD-2.6-firefoxinstaller => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-firefoxinstaller.exe [2013-06-18] (Plus HD)
Task: {2FF8D554-64FD-4CBD-9603-1C318E1B4669} - System32\Tasks\{FE35A2CC-72CD-459B-BF01-85A7948D6BCB} => C:\Program Files (x86)\ICQ7.7\ICQ.exe [2012-06-14] (ICQ, LLC.)
Task: {3B145386-D788-45BD-93F8-A264C92BE542} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {6141625C-E79C-4EC0-BD17-382C6EE5DD08} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3400329253-3998918881-1476899671-1001Core => C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-29] (Google Inc.)
Task: {61717A39-1DEA-4491-91F2-F67787817CC3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3400329253-3998918881-1476899671-1001UA => C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-29] (Google Inc.)
Task: {A1704BCA-C412-45E2-88BA-DC5DAD18FCA7} - System32\Tasks\{EB8678FD-6E95-4AAC-998B-EE411D018B93} => C:\Program Files (x86)\ICQ7.7\ICQ.exe [2012-06-14] (ICQ, LLC.)
Task: {AAFDD79B-FA6C-4EBC-901F-FCDB1D84AB74} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {B6038290-626C-46FD-92CA-CAB1D815F39B} - System32\Tasks\Plus-HD-2.6-codedownloader => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-codedownloader.exe [2013-06-18] (Plus HD)
Task: {F232267D-9B4B-47F5-8A27-6CD98EA22E2B} - System32\Tasks\Plus-HD-2.6-chromeinstaller => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-chromeinstaller.exe [2013-06-18] (Plus HD)
Task: {FCA1D6BD-F7B9-488E-A7D7-8ACB0FBADAE1} - System32\Tasks\Plus-HD-2.6-enabler => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-enabler.exe [2013-06-18] (Plus HD)
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/19/2013 01:14:46 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (06/19/2013 01:14:46 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (06/18/2013 05:40:00 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (06/18/2013 05:39:59 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (06/18/2013 05:39:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (06/18/2013 05:26:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (06/18/2013 05:26:34 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (06/18/2013 05:26:33 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (06/16/2013 10:00:49 PM) (Source: Application Hang) (User: )
Description: Programm notepad++.exe, Version 6.1.2.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e74
Startzeit: 01ce6a8eb982e70c
Endzeit: 59
Anwendungspfad: C:\Program Files (x86)\Notepad++\notepad++.exe
Berichts-ID: 6f0f4c44-d6bf-11e2-93fd-00241d7f1901
Error: (06/11/2013 11:09:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7a485
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x27c8
Startzeit der fehlerhaften Anwendung: 0xwmplayer.exe0
Pfad der fehlerhaften Anwendung: wmplayer.exe1
Pfad des fehlerhaften Moduls: wmplayer.exe2
Berichtskennung: wmplayer.exe3
System errors:
=============
Error: (06/15/2013 06:10:45 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "T:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (06/10/2013 05:25:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit Scanner" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/10/2013 05:25:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/09/2013 02:04:03 AM) (Source: Ntfs) (User: )
Description: Auf dem Volume "T:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (06/08/2013 05:46:41 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
Error: (06/08/2013 05:46:41 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
Error: (06/08/2013 05:46:40 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
Error: (06/08/2013 05:46:40 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
Error: (06/08/2013 05:46:39 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
Error: (06/08/2013 05:18:57 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR5 gefunden.
Microsoft Office Sessions:
=========================
Error: (06/19/2013 01:14:46 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestF:\Downloads\SoftonicDownloader_fuer_autoscreenrecorder.exe
Error: (06/19/2013 01:14:46 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestF:\Downloads\SoftonicDownloader_for_apowersoft-free-screen-recorder.exe
Error: (06/18/2013 05:40:00 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestF:\Downloads\SoftonicDownloader_for_apowersoft-free-screen-recorder.exe
Error: (06/18/2013 05:39:59 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestF:\Downloads\SoftonicDownloader_for_apowersoft-free-screen-recorder.exe
Error: (06/18/2013 05:39:57 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestF:\Downloads\SoftonicDownloader_for_apowersoft-free-screen-recorder.exe
Error: (06/18/2013 05:26:35 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestF:\Downloads\SoftonicDownloader_fuer_autoscreenrecorder.exe
Error: (06/18/2013 05:26:34 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestF:\Downloads\SoftonicDownloader_fuer_autoscreenrecorder.exe
Error: (06/18/2013 05:26:33 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestF:\Downloads\SoftonicDownloader_fuer_autoscreenrecorder.exe
Error: (06/16/2013 10:00:49 PM) (Source: Application Hang)(User: )
Description: notepad++.exe6.1.2.0e7401ce6a8eb982e70c59C:\Program Files (x86)\Notepad++\notepad++.exe6f0f4c44-d6bf-11e2-93fd-00241d7f1901
Error: (06/11/2013 11:09:43 PM) (Source: Application Error)(User: )
Description: wmplayer.exe12.0.7601.175144ce7a485unknown0.0.0.000000000c00000050000000027c801ce66e7f859cb57C:\Program Files (x86)\Windows Media Player\wmplayer.exeunknown3c67f1db-d2db-11e2-9e38-00241d7f1901
CodeIntegrity Errors:
===================================
Date: 2013-03-26 20:14:35.826
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-11-16 18:10:14.996
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\hidusb.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-05-01 17:31:27.362
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\atikmdag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 44%
Total physical RAM: 8187.49 MB
Available physical RAM: 4506.95 MB
Total Pagefile: 16373.17 MB
Available Pagefile: 11437.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.24 GB) (Free:31.16 GB) NTFS (Disk=3 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: (Programme) (Fixed) (Total:195.31 GB) (Free:49.01 GB) NTFS (Disk=2 Partition=3)
Drive e: (Eigene) (Fixed) (Total:195.31 GB) (Free:46.59 GB) NTFS (Disk=2 Partition=2)
Drive f: (Downloads) (Fixed) (Total:1006.64 GB) (Free:25.31 GB) NTFS (Disk=2 Partition=1)
Drive g: (Musik) (Fixed) (Total:135.86 GB) (Free:90.59 GB) NTFS (Disk=1 Partition=2)
Drive h: (Sonstiges) (Fixed) (Total:13.18 GB) (Free:5.34 GB) NTFS (Disk=1 Partition=1)
Drive i: (WISO_ST2013) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS
Drive j: (USB-DISK) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32 (Disk=4 Partition=1)
Drive k: (HP) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 373 GB) (Disk ID: BDABBDAB)
Partition 1: (Active) - (Size=373 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 149 GB) (Disk ID: 16DE16DD)
Partition 1: (Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=136 GB) - (Type=OF Extended)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 0414848C)
Partition 1: (Not Active) - (Size=1007 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 344E0A20)
Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (Size: 4 GB) (Disk ID: 00699EEF)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
==================== End Of Log ============================
Schöne Grüße |
|
20.06.2013, 20:22
| #2 |
| /// Malwareteam   |  DealFinder eingefangen! Mein Name ist Heiko. Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld 
__________________ |
|
21.06.2013, 07:58
| #3 |
| /// Malwareteam | DealFinder eingefangen!Die Bereinigung deines Systems ist individuell auf dich zugeschnitten und mitunter mit viel Arbeit für uns beide verbunden.  Bitte Lesen:Regeln für die Bereinigung Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schließn von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist. Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du mit der abarbeitung der Schritte beginnst.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Dann fangen wir mal mit Schritt 1 an: Deinstalliere folgende Programme über Start - Systemsteuerung - Programme Code:
ATTFilter SearchAnonymizer (Version: 1.0.1 (de))
Java(TM) 6 Update 31 (Version: 6.0.310)
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3: Datei überprüfen Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Schritt 4: Kontrollscan Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
__________________ |
|
21.06.2013, 14:55
| #4 |
| | DealFinder eingefangen! Hallo, ich habe alle Schritte durchgeführt: 1. Programme deinstalliert 2. Adaware entfernt. Hier das Log: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 21/06/2013 um 14:54:47 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Thomas - THOMAS-PC
# Bootmodus : Normal
# Ausgeführt unter : F:\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\avdtadxr.default\foxydeal.sqlite
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfeggemggokijeahnacacopejaabljl
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\OCS
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033440.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033440.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033440.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033440.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344344440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341140}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311341140}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322342240}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550355345540}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660366346640}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341140}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345540}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346640}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.startfenster.com --> hxxp://www.google.com
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\avdtadxr.default\prefs.js
Gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.3344[...]
Gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.3344[...]
Gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.3344[...]
Gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.3344[...]
-\\ Google Chrome v27.0.1453.116
Datei : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Users\Thomas\AppData\Roaming\Opera\Opera\operaprefs.ini
Gelöscht : Home URL=hxxp://www.startfenster.com
*************************
AdwCleaner[S1].txt - [4402 octets] - [21/06/2013 14:54:47]
########## EOF - C:\AdwCleaner[S1].txt - [4462 octets] ##########
3. Datei bei Virustotal überprüft. Ist kein Malware. Also safe! |
|
21.06.2013, 14:57
| #5 |
| | DealFinder eingefangen! ... 4. Mit OTL gescannt OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.06.2013 15:10:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = F:\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 4,32 Gb Available Physical Memory | 54,07% Memory free 15,99 Gb Paging File | 11,12 Gb Available in Paging File | 69,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 31,52 Gb Free Space | 26,44% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 49,01 Gb Free Space | 25,09% Space Free | Partition Type: NTFS Drive E: | 195,31 Gb Total Space | 46,59 Gb Free Space | 23,85% Space Free | Partition Type: NTFS Drive F: | 1006,64 Gb Total Space | 25,31 Gb Free Space | 2,51% Space Free | Partition Type: NTFS Drive G: | 135,86 Gb Total Space | 90,59 Gb Free Space | 66,67% Space Free | Partition Type: NTFS Drive H: | 13,18 Gb Total Space | 5,34 Gb Free Space | 40,48% Space Free | Partition Type: NTFS Drive I: | 549,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 3,73 Gb Total Space | 3,73 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive K: | 36,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - F:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe () PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr) PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.) ========== Modules (No Company Name) ========== MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll () MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll () MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\libglesv2.dll () MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\libegl.dll () MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ded1c6dbf61d19f839da66c951d8fa9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll () MOD - C:\Program Files (x86)\Notepad++\plugins\XMLTools.dll () MOD - C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll () MOD - C:\Program Files (x86)\Notepad++\plugins\NppExport.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (UsbClientService) -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (HPSLPSVC) -- C:\Users\Thomas\AppData\Local\Temp\7zS6764\hpslpsvc64.dll (Hewlett-Packard Co.) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (MSSQL$SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare) DRV:64bit: - (busenum) -- C:\Windows\SysNative\drivers\busenum.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.) DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.) DRV:64bit: - (Ext2Fsd) -- C:\Windows\SysNative\drivers\ext2fsd.sys (www.ext2fsd.com) DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc) DRV:64bit: - (GenericMount) -- C:\Windows\SysNative\drivers\GenericMount.sys (Symantec Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 BD 5E C0 06 B6 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: proxyselector%40mozilla.org:1.16 FF - prefs.js..extensions.enabledAddons: 7f404ccc-b0a9-4faf-b3c0-89ceea949aea%40a6724a05-9380-4ebe-be02-e67e35a3402c.com:0.91.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.http: "210.212.83.242" FF - prefs.js..network.proxy.http_port: 1080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks_version: 4 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Citrix.com/npagee64,version=9.3.50.3: C:\Program Files\Citrix\Secure Access Client\npagee64.dll (Citrix Systems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.3.50.3: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Thomas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.06.29 19:49:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.28 23:49:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.28 23:49:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.28 23:49:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.28 23:49:06 | 000,000,000 | ---D | M] [2012.04.29 18:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions [2013.06.18 17:27:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\avdtadxr.default\extensions [2013.06.18 17:27:47 | 000,000,000 | ---D | M] ("Plus-HD-2.6") -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\avdtadxr.default\extensions\7f404ccc-b0a9-4faf-b3c0-89ceea949aea@a6724a05-9380-4ebe-be02-e67e35a3402c.com [2013.04.09 20:47:54 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\avdtadxr.default\extensions\ich@maltegoetz.de [2013.06.18 17:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\avdtadxr.default\extensions\7f404ccc-b0a9-4faf-b3c0-89ceea949aea@a6724a05-9380-4ebe-be02-e67e35a3402c.com\chrome\content\extensionCode [2013.01.18 00:42:34 | 000,013,955 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\avdtadxr.default\extensions\admin@proxy-listen.de.xpi [2013.05.30 03:16:07 | 000,041,895 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\avdtadxr.default\extensions\proxyselector@mozilla.org.xpi [2013.06.21 14:53:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.28 23:49:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.28 23:49:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011.04.25 01:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2011.04.25 02:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2011.04.25 01:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2011.04.25 01:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2011.04.25 02:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011.04.25 02:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Citrix Access Gateway (Enabled) = C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npagee.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Google Update (Enabled) = C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.3_0\ CHR - Extension: Google Docs = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Plus-HD-2.6 = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfeggemggokijeahnacacopejaabljl\1.23.7_0\crossrider CHR - Extension: Plus-HD-2.6 = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfeggemggokijeahnacacopejaabljl\1.23.7_0\ CHR - Extension: Google Mail = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.06.30 10:14:48 | 000,003,009 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 48 more lines... O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.) O4 - HKCU..\Run: [HotKeyMan] File not found O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1026/Navigram.cab (Navigram Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D83876F3-FB71-4436-BCE6-D09E2535D35F}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\ica - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.08.04 14:22:33 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2012.11.01 21:00:00 | 000,000,052 | R--- | M] () - I:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2002.08.29 00:51:43 | 000,040,448 | R--- | M] () - K:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2002.08.29 00:56:23 | 000,000,038 | R--- | M] () - K:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{119ccf16-920e-11e1-ab31-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{119ccf16-920e-11e1-ab31-806e6f6e6963}\Shell\AutoRun\command - "" = K:\autorun.exe start.html O33 - MountPoints2\{b4bc65b5-936f-11e1-8c1e-0002721e378f}\Shell - "" = AutoRun O33 - MountPoints2\{b4bc65b5-936f-11e1-8c1e-0002721e378f}\Shell\AutoRun\command - "" = I:\start.exe -- [2012.11.01 21:00:00 | 000,087,704 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.21 14:52:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO [2013.06.20 21:08:52 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\temp [2013.06.20 20:46:20 | 000,000,000 | ---D | C] -- C:\FRST [2013.06.18 17:41:06 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\Apowersoft Free Screen Recorder [2013.06.18 17:40:38 | 000,429,816 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\ApowersoftScreenCapturing.dll [2013.06.18 17:40:38 | 000,261,880 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\ApowersoftScreenCapturingFilter.dll [2013.06.18 17:40:38 | 000,175,864 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\ApowersoftVideoMixerFilter.dll [2013.06.18 17:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft [2013.06.18 17:40:37 | 000,584,952 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\ApowersoftScreenCapturing.dll [2013.06.18 17:40:37 | 000,372,984 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\ApowersoftScreenCapturingFilter.dll [2013.06.18 17:40:37 | 000,231,672 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\ApowersoftVideoMixerFilter.dll [2013.06.18 17:40:37 | 000,031,968 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys [2013.06.18 17:40:36 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Apowersoft [2013.06.18 17:40:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apowersoft [2013.06.18 17:40:20 | 005,660,536 | ---- | C] (Apowersoft ) -- C:\Users\Thomas\Desktop\apowersoft-free-screen-recorder.exe [2013.06.18 17:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7 [2013.06.18 17:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio 2.7 [2013.06.18 17:29:14 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\aufnahme [2013.06.18 17:27:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plus-HD-2.6 [2013.06.18 17:27:34 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Free [2013.06.18 17:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Free [2013.06.18 17:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft AutoScreenRecorder 3 Free [2013.06.18 17:27:06 | 004,808,816 | ---- | C] (Bflyya) -- C:\Users\Thomas\Desktop\plus-hd-2-6.exe [2013.06.16 16:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX [2013.06.16 16:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hex-Editor MX [2013.06.16 14:16:10 | 000,769,816 | ---- | C] (www.ext2fsd.com) -- C:\Windows\SysNative\drivers\ext2fsd.sys [2013.06.16 14:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ext2Fsd [2013.06.16 14:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ext2Fsd [2013.06.16 11:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Synology [2013.06.16 11:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology [2013.06.16 11:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synology [2013.06.15 18:11:02 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.15 18:11:02 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.06.12 23:05:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.06.12 23:05:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.06.12 23:05:30 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.06.12 23:05:30 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.06.12 23:05:30 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.06.12 23:05:30 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.06.12 23:05:29 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.06.12 23:05:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.06.12 23:05:29 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.06.12 23:05:28 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.06.12 23:05:28 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.06.12 23:05:28 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.06.12 23:05:27 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.06.12 17:38:49 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.06.12 17:38:49 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.06.12 17:38:47 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013.06.12 17:38:47 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013.06.12 17:38:46 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.06.12 17:38:44 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.06.12 17:38:44 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013.06.12 17:38:44 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013.06.12 17:38:44 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.06.12 17:38:44 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013.06.12 17:38:44 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013.06.12 17:38:41 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.06.12 17:38:41 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.06.09 15:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.06.09 15:09:08 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.05.28 23:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.22 23:00:43 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.22 23:00:43 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.22 23:00:43 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.05.22 23:00:43 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.05.22 23:00:43 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.05.22 23:00:43 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.05.22 23:00:43 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.05.22 23:00:43 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.05.22 23:00:43 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.05.22 23:00:43 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.05.22 23:00:43 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.05.22 23:00:43 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.05.22 23:00:43 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.05.22 23:00:43 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.22 23:00:43 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.22 23:00:43 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.05.22 23:00:43 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.05.22 23:00:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.05.22 23:00:43 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.05.22 23:00:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.05.22 23:00:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.05.22 23:00:43 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.05.22 23:00:43 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.22 23:00:43 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.05.22 23:00:43 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.05.22 23:00:43 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.05.22 23:00:43 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.05.22 23:00:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.05.22 23:00:43 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.22 23:00:43 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.05.22 23:00:43 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.05.22 23:00:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.05.22 23:00:43 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.05.22 23:00:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.05.22 23:00:43 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.05.22 23:00:43 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.05.22 23:00:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.05.22 23:00:42 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.22 23:00:42 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.22 23:00:42 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.05.22 23:00:42 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.05.22 23:00:42 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.05.22 23:00:42 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.05.22 23:00:42 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.05.22 23:00:42 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.05.22 23:00:42 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.22 23:00:42 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.05.22 23:00:42 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.05.22 23:00:42 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.05.22 23:00:42 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.05.22 23:00:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.05.22 23:00:42 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.05.22 23:00:42 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe ========== Files - Modified Within 30 Days ========== [2013.06.21 15:04:12 | 000,013,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.21 15:04:12 | 000,013,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.21 15:02:52 | 001,808,802 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.21 15:02:52 | 000,766,530 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.21 15:02:52 | 000,721,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.21 15:02:52 | 000,174,416 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.21 15:02:52 | 000,147,204 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.21 14:57:27 | 000,001,196 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.6-updater.job [2013.06.21 14:57:26 | 000,001,906 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.6-chromeinstaller.job [2013.06.21 14:57:26 | 000,001,832 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.6-firefoxinstaller.job [2013.06.21 14:57:25 | 000,001,200 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.6-codedownloader.job [2013.06.21 14:57:25 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.6-enabler.job [2013.06.21 14:56:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.21 14:56:53 | 2143,936,511 | -HS- | M] () -- C:\hiberfil.sys [2013.06.21 14:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.20 21:36:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3400329253-3998918881-1476899671-1001UA.job [2013.06.20 18:37:44 | 000,002,374 | ---- | M] () -- C:\Users\Thomas\Desktop\Google Chrome.lnk [2013.06.20 18:36:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3400329253-3998918881-1476899671-1001Core.job [2013.06.18 17:40:38 | 000,001,432 | ---- | M] () -- C:\Users\Public\Desktop\Apowersoft Free Screen Recorder.lnk [2013.06.18 17:40:23 | 005,660,536 | ---- | M] (Apowersoft ) -- C:\Users\Thomas\Desktop\apowersoft-free-screen-recorder.exe [2013.06.18 17:39:53 | 000,004,521 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\CamStudio.cfg [2013.06.18 17:39:53 | 000,000,408 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\CamShapes.ini [2013.06.18 17:39:53 | 000,000,408 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\CamLayout.ini [2013.06.18 17:39:53 | 000,000,042 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Camdata.ini [2013.06.18 17:27:34 | 000,002,060 | ---- | M] () -- C:\Users\Thomas\Desktop\AutoScreenRecorder 3.1 Free.lnk [2013.06.18 17:27:14 | 004,808,816 | ---- | M] (Bflyya) -- C:\Users\Thomas\Desktop\plus-hd-2-6.exe [2013.06.18 17:27:09 | 004,898,854 | ---- | M] () -- C:\Users\Thomas\Desktop\setupautoscreenrecorderfree_3.1.115.exe [2013.06.16 23:25:37 | 000,000,600 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\winscp.rnd [2013.06.16 22:34:08 | 000,000,600 | ---- | M] () -- C:\Users\Thomas\AppData\Local\PUTTY.RND [2013.06.16 11:33:35 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\Synology Assistant.lnk [2013.06.12 20:52:14 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.06.12 20:52:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.06.09 18:39:58 | 000,002,036 | -H-- | M] () -- C:\Users\Thomas\Documents\Default.rdp [2013.06.09 15:09:04 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.06.09 15:09:04 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.06.09 15:09:04 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.06.09 15:09:04 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.06.09 15:09:04 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.06.09 15:09:04 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.06.09 14:49:40 | 000,000,869 | ---- | M] () -- C:\Windows\wiso.ini [2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.26 12:00:05 | 000,291,961 | ---- | M] () -- C:\Users\Thomas\Desktop\Storyboard Rengi.pdf [2013.05.22 23:00:43 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.22 23:00:43 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.22 23:00:43 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.05.22 23:00:43 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.05.22 23:00:43 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.05.22 23:00:43 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.05.22 23:00:43 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.05.22 23:00:43 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.05.22 23:00:43 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.05.22 23:00:43 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.05.22 23:00:43 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.05.22 23:00:43 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.05.22 23:00:43 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.05.22 23:00:43 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.22 23:00:43 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.22 23:00:43 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.05.22 23:00:43 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.05.22 23:00:43 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.05.22 23:00:43 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.05.22 23:00:43 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.05.22 23:00:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.05.22 23:00:43 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.05.22 23:00:43 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.22 23:00:43 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.05.22 23:00:43 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.05.22 23:00:43 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.05.22 23:00:43 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.05.22 23:00:43 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.05.22 23:00:43 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.22 23:00:43 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.05.22 23:00:43 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.05.22 23:00:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.05.22 23:00:43 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.05.22 23:00:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.05.22 23:00:43 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.05.22 23:00:43 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.22 23:00:43 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.22 23:00:43 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.05.22 23:00:43 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.05.22 23:00:42 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.22 23:00:42 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.22 23:00:42 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.05.22 23:00:42 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.05.22 23:00:42 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.05.22 23:00:42 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.05.22 23:00:42 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.05.22 23:00:42 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.05.22 23:00:42 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.22 23:00:42 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.05.22 23:00:42 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.05.22 23:00:42 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.05.22 23:00:42 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.05.22 23:00:42 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.05.22 23:00:42 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.05.22 23:00:42 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe ========== Files Created - No Company Name ========== [2013.06.18 17:40:38 | 000,001,432 | ---- | C] () -- C:\Users\Public\Desktop\Apowersoft Free Screen Recorder.lnk [2013.06.18 17:39:53 | 000,004,521 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\CamStudio.cfg [2013.06.18 17:39:53 | 000,000,408 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\CamShapes.ini [2013.06.18 17:39:53 | 000,000,408 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\CamLayout.ini [2013.06.18 17:39:53 | 000,000,042 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\Camdata.ini [2013.06.18 17:27:55 | 000,001,196 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.6-updater.job [2013.06.18 17:27:52 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.6-enabler.job [2013.06.18 17:27:51 | 000,001,200 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.6-codedownloader.job [2013.06.18 17:27:46 | 000,001,832 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.6-firefoxinstaller.job [2013.06.18 17:27:45 | 000,001,906 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.6-chromeinstaller.job [2013.06.18 17:27:34 | 000,002,060 | ---- | C] () -- C:\Users\Thomas\Desktop\AutoScreenRecorder 3.1 Free.lnk [2013.06.18 17:27:06 | 004,898,854 | ---- | C] () -- C:\Users\Thomas\Desktop\setupautoscreenrecorderfree_3.1.115.exe [2013.06.16 11:33:35 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\Synology Assistant.lnk [2013.05.22 23:00:43 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.22 23:00:43 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.17 22:40:58 | 000,000,600 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\winscp.rnd [2013.04.13 02:06:31 | 000,000,600 | ---- | C] () -- C:\Users\Thomas\AppData\Local\PUTTY.RND [2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.11.25 23:38:20 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.25 23:38:20 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.07.15 16:38:49 | 000,000,869 | ---- | C] () -- C:\Windows\wiso.ini [2012.06.05 17:52:02 | 000,007,679 | ---- | C] () -- C:\Users\Thomas\AppData\Local\resmon.resmoncfg [2012.06.03 21:33:51 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI [2012.05.14 21:26:37 | 000,038,423 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2012.05.14 17:16:04 | 001,785,760 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.29 18:02:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.29 11:52:10 | 000,138,608 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2012.03.29 11:52:10 | 000,074,608 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2012.03.29 11:52:08 | 000,309,616 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2007.03.12 18:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files (x86)\navigram_register.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.06.2013 15:10:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 4,32 Gb Available Physical Memory | 54,07% Memory free
15,99 Gb Paging File | 11,12 Gb Available in Paging File | 69,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 31,52 Gb Free Space | 26,44% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 49,01 Gb Free Space | 25,09% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 46,59 Gb Free Space | 23,85% Space Free | Partition Type: NTFS
Drive F: | 1006,64 Gb Total Space | 25,31 Gb Free Space | 2,51% Space Free | Partition Type: NTFS
Drive G: | 135,86 Gb Total Space | 90,59 Gb Free Space | 66,67% Space Free | Partition Type: NTFS
Drive H: | 13,18 Gb Total Space | 5,34 Gb Free Space | 40,48% Space Free | Partition Type: NTFS
Drive I: | 549,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 3,73 Gb Total Space | 3,73 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive K: | 36,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3-TagIT] -- "C:\Program Files (x86)\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3-TagIT] -- "C:\Program Files (x86)\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0359CE8A-1FA6-470D-AFBD-6114C25E1B11}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32C61622-2ADD-466A-BE4D-B847D2C70BD8}" = lport=7070 | protocol=17 | dir=in | name=loxoneminiserversearch |
"{34223F16-B709-43B4-9A91-952443D65161}" = lport=138 | protocol=17 | dir=in | app=system |
"{3A26303F-116A-48B7-B48A-4D4B936A2920}" = lport=445 | protocol=6 | dir=in | app=system |
"{3B0B5819-1BA1-4B65-8D19-A1F713DA3160}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{46DE8636-B370-4B10-982C-FC19805DE34B}" = rport=138 | protocol=17 | dir=out | app=system |
"{4C9569BA-A744-4CA2-B137-9D4CA6BA0099}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50B96CF2-2347-43FE-B217-084841B6553B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5187723B-02A3-43A2-80B9-F0EDFA69286D}" = lport=7071 | protocol=17 | dir=in | name=loxoneminiserversearchanswer |
"{61DB779E-909A-45FA-887B-B355D83D9219}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6BE289D8-05EB-4E98-A103-D2F26898DC5E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F96DF5B-8361-4516-8318-49BDF2BC6405}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7072288B-A10B-4827-B0B7-CD9B95C76B6B}" = lport=7071 | protocol=17 | dir=in | name=loxoneminiserversearchanswer |
"{75479177-6465-41A6-95FF-806316876ABA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C8FEEC6-1099-42D8-ACBD-8E4264E59AB1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8778254F-824F-4FDB-B38D-07F0E7604EC6}" = lport=7070 | protocol=17 | dir=in | name=loxoneminiserversearch |
"{89717DED-A9AC-454E-A0ED-5BF1548EEEA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{94F83FC2-3BC9-4901-B736-18E5D1FAECFC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A00BA795-D29D-4576-AA7E-8016F5D84102}" = lport=137 | protocol=17 | dir=in | app=system |
"{A15EE636-2669-4027-802A-8C62E1CA3AA0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A59FBDFF-1885-4259-951D-F93B44E24D40}" = rport=139 | protocol=6 | dir=out | app=system |
"{A60CA8EA-36E4-4B83-8E15-3314859BF554}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AB966309-604F-4D1C-9A97-C962FCCFC103}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD0F27E2-7A35-423A-9AD6-463EF8FA203A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD893C20-BB29-4F48-88B5-865A292B99AD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D4BFD8E3-FB60-4673-80BE-FCE8A73CB7D7}" = rport=137 | protocol=17 | dir=out | app=system |
"{DA532370-AB76-4469-99BB-8706E717159B}" = lport=139 | protocol=6 | dir=in | app=system |
"{FD153EBF-DCCF-4E63-A041-DBE96779BFC4}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0490120E-5B84-460D-8A6E-4BB28F18AF31}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{0612DBD0-467E-48E0-AE80-09013178385B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0A4206FD-772C-43F7-B66F-56FFBC414ED4}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\local\temp\7zs6764\hppiw.exe |
"{0ADAD779-672D-46E3-8361-5E27ED398315}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1285732B-A1C6-4C69-B300-25F828C38B80}" = protocol=6 | dir=out | app=system |
"{21B59AC0-A19D-4DEF-A850-9982597BA988}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{22DB66FE-5EDF-4C5F-BC07-7F815129625B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{27EF6638-5535-4A42-B704-5A38EDA11FD1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{36806422-2280-499F-B321-B6BC8A6C3F8F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{38DD71AB-B80C-4F3A-AF4F-32BED76470BD}" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"{3DB5DA97-9B02-4C66-9187-9B354368B6C3}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{3DDED774-82D2-48CE-904A-FA88E65D84F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3F9C7B8B-9DAE-42B3-8DE0-F7A79E7A710A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{401D0863-5DAE-4462-8246-C9A0EC06BA00}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{40B414AE-425B-4E98-B943-78732847E1CE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{4184CAC8-EB43-4CB5-8408-EAF8F3576D80}" = protocol=17 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"{491CB53C-7BBE-43A2-8415-FF2588876A4C}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\local\temp\7zs6bf1\hppiw.exe |
"{49E317BA-95C2-4DAC-BF92-6518D478789B}" = protocol=6 | dir=in | app=c:\program files (x86)\wertpapieranalyse 2012\wm60.exe |
"{582B6A77-552B-48C9-8CC3-8E9A3DEDCBC7}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{5FC54ABA-86B8-4ED0-96EE-2BB7272F9870}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{61818C49-012C-4F18-BC49-FF995F4F951C}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{61F43BF0-7477-487B-A052-D1D697F7F928}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{631F273C-F1A8-4D0D-86B1-2ABAD8DE518D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{65AEC451-D73A-4358-BA32-E5B80BB8BC10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65D1D92D-A069-4FD8-9646-7F047666FE3A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{66425954-BD7A-47AE-B72B-9F0F65B21322}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{6BF8B6A8-16A7-4892-9BE4-7F0AF49D3161}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{72327EAA-FE3B-4BF7-BDC1-D7536DC18E45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{77FCA204-EE0F-44DC-AFED-47338B19652C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7BFFE86F-753B-4EDD-9510-C22AF20A2E5B}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{86301794-68EA-453B-9AE9-DE47C1D79DF5}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{88EBA921-B8C8-46F4-8FA2-91F6C9ACB539}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8CB787F7-B871-4C31-8820-737290ADB44D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{906D80D8-D61D-461F-8AD0-C93ADE000D90}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{961EA39A-FFFD-403E-8DF6-EEC9F11FB3CE}" = protocol=17 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"{98E8BAEA-49DD-46F7-B89E-C40D0C308B66}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{9F45A715-9163-4F15-AE7D-D6C60AEABF20}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A2B8D852-BA67-4DCF-A11B-6F235EAB371A}" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"{A35A84DA-6EB9-4168-8CE4-65022E018123}" = dir=out | app=c:\program files\citrix\secure access client\nsepa.exe |
"{A3736483-1ACE-43B6-9018-FA318E7B6865}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A6462215-BCA3-49FA-B5EC-88006586C8AB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AD367AC6-E355-4A1D-93BA-EBF0FE160A85}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{ADAB9F13-BE47-40A2-9818-3D38F2E04A97}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{B2613B3D-3342-458C-A2D9-DA3F0D34B268}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B27CA48C-4B8A-4864-8C6A-8F2620EC1D45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3139BC7-BA4E-49B4-9B6F-F29167B8783F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{B7D9F27C-CE53-402B-B1ED-4E03B5B4C86F}" = protocol=17 | dir=in | app=c:\program files (x86)\wertpapieranalyse 2012\wm60.exe |
"{B7E9164D-D8A3-49DC-B6D5-8DE82B9A2293}" = protocol=6 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"{C419C366-E77B-48EB-AD5F-A6547010D381}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CBF01A0C-64B5-4F77-842C-FA2555EF8700}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{D22698C3-2455-4BF4-8F02-0DC176CEEC57}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D2E6EF66-5703-4B38-95DB-2216AE4E9E50}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\local\temp\7zs6bf1\hppiw.exe |
"{D318FBFB-3182-418D-ACF7-638B59800D58}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{D3D78F18-331B-497B-887F-1002A4D72373}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\local\temp\7zs6764\hppiw.exe |
"{D5D7D476-E26C-4F19-901A-09E52CF2D156}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D92E597A-0794-4C8A-9B68-DAA6D0B2EDB9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{E3ECD0B8-4E70-49CB-AD25-DA7E7E562BEC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E4340E9D-83A4-44E0-A1D8-FAFCC2DAB77A}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\battlefield 3\bf3.exe |
"{E574F0D7-DA6E-459C-8CE0-9246E222FE92}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{E5A7AA5D-5E4D-4571-9704-A8082B2E32F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EB0C10AD-CBE6-4663-A1DE-C129C113C291}" = dir=in | app=c:\program files\citrix\secure access client\nsepa.exe |
"{ED533E05-4740-4211-8868-B003A0731C70}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{F55C233A-03E0-40FD-A42D-F899A8CCF872}" = protocol=6 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"{F7AE903E-8A35-4828-81FC-A41EC680E84F}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\battlefield 3\bf3.exe |
"{FBC40B4A-E213-47A8-BB95-771D46FE434B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{24FCE1C9-27AC-4714-A4F3-C90023188BA4}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{279B957E-E44C-4705-98C5-D58F8C6691F5}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"TCP Query User{2F799F9B-0985-4405-9AC2-3DF4B6FC4AFA}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{4735ADB0-C567-4274-9DCC-36625BB6F967}C:\program files (x86)\unity\editor\unity.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"TCP Query User{668077C2-FDF0-416B-BC0F-42627258CDA1}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"TCP Query User{B00D5BFD-7790-452B-A440-2A12C8727D3A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{C2C638A4-F6CF-470A-8B4E-2C3B0D250305}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{C62CCF2A-15CA-4970-A5DA-73088D8FE77A}C:\program files (x86)\wertpapieranalyse 2012\wm60.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wertpapieranalyse 2012\wm60.exe |
"TCP Query User{FF07B3C7-28DA-4CEF-9E41-61ECADA2C615}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{12E6F666-E0FF-4D69-BA5A-E750D1080266}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{1FCFA785-EB17-4614-BC36-B7A14BA640AB}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{49EEB019-E4A1-4F6F-8310-E14477E6C880}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"UDP Query User{70CF364D-35E7-4447-811B-795451D0CFEC}C:\program files (x86)\wertpapieranalyse 2012\wm60.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wertpapieranalyse 2012\wm60.exe |
"UDP Query User{872630AC-79EB-4D74-946F-86669F81932D}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"UDP Query User{A9F2C93B-62F1-4A6B-BEBC-90175E99EC9B}C:\program files (x86)\unity\editor\unity.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"UDP Query User{AE5BF3B5-8880-4A21-AB39-4370D656089B}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{B93B5BC2-FFCB-4F88-AC09-18703B01503E}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{BBE757D4-A83F-417D-8120-F813619AC5E6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008C42A1-FB22-7DB4-618F-08E2C5059C0C}" = ccc-utility64
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{393D3B4C-1F95-CDD2-4F0A-395D99D5F553}" = AMD Accelerated Video Transcoding
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{53A19094-2C04-A9B9-7309-3E92152D4845}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{7AC00305-D1AE-47ED-A7EF-31DA0523E152}" = Citrix Access Gateway Endpoint Analysis
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{C0FFB192-3484-9AA0-7505-3A5B6688752F}" = AMD Media Foundation Decoders
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{E704008B-0515-490F-83E1-95AA2A7F4641}" = Oracle VM VirtualBox 4.1.6
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Ext2Fsd_is1" = Ext2Fsd 0.51
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"Recuva" = Recuva
"sp6" = Logitech SetPoint 6.32
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{021BC94E-D464-4B9D-96F1-C6566B476A71}" = DDBAC
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.7 Build #6547 Banner Remover 1.0
"{0AA86CEE-2C8C-4ABB-8F95-B8D8E852C62C}" = SportTracks 3.1
"{1050A3D4-BC3B-4443-BD60-68C2BAE65EF4}" = CCC Help English
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1321BDD4-C5FC-BCFA-F281-7C66D5DE187F}" = CCC Help French
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1D6DF721-54B7-6AA4-2050-7E286CCE13E8}" = Catalyst Control Center
"{1EF73F13-8A60-7910-A59D-8F62A8BCD47D}" = CCC Help Swedish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22E62B37-5D05-C5AD-F53E-691342495A45}" = CCC Help Spanish
"{23528772-43DB-1E20-E845-DB1CE00FBB10}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2C41394E-E15B-47DC-B33C-54D33EA85B68}" = Lexware online banking
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{484119B8-71CD-478E-9F00-43FF9023DB82}" = Subversion
"{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}" = Paragon Backup and Recovery™ 2013 Plus Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4EFA42DB-E4EC-4537-9DF3-5158D08A9785}_is1" = Apowersoft Free Screen Recorder V1.1.4
"{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = Welcome App (Start-up experience)
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{556F81B4-EDCD-4009-8A07-95BFE1E19F28}" = roomeon 3D-Planer
"{55B6344C-AE4F-4DA8-BF32-D7AE0CB4D2BE}_is1" = theRenamer 7.6
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5F32FD5A-6F9D-50FD-1896-0AEC107DE5D0}" = CCC Help Portuguese
"{60AAE030-8621-5187-F7CF-41A241698407}" = CCC Help Dutch
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{619DC4E1-DA11-48A1-4587-4E3E3D02D103}" = Catalyst Control Center Graphics Previews Common
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6F05E0AC-22D3-BE6E-05DD-623504F54FB2}" = CCC Help Chinese Standard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix Online Plug-in (DV)
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7668B02B-DDDA-A67C-F86B-9D1061DD08CD}" = CCC Help Hungarian
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7BA420C3-3629-2AD6-19D0-0A6E27D6B782}" = CCC Help Thai
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{7FE9F5F5-8C9B-49F2-989C-BD885BD79B8D}" = Quicken Import Export Server Jubiläumsversion
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8EFA9357-75F9-EF3D-B7F9-BC913BA8DAC5}" = CCC Help Norwegian
"{90120000-00A7-0407-0000-0000000FF1CE}" = Kalenderdruck-Assistent für Microsoft Office Outlook 2007
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{91DA5EBA-C240-289B-0AB4-6604CDE6A27F}" = CCC Help Czech
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{9711CA3C-614D-5B3B-E10F-062FD292075E}" = CCC Help Italian
"{986EABFC-92F6-CECD-9E5A-B13CAC40BB1D}" = WPTx64
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9FCBD98D-F8B3-6ECC-5293-9C28817E3269}" = Catalyst Control Center InstallProxy
"{A0B1B905-88E8-CBBB-C936-0FFECD06BBDC}" = Catalyst Control Center Localization All
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{a3717ca4-b44e-422d-8268-ee4dabb332fd}" = Windows Software Development Kit
"{A5D42D71-4036-5F88-5085-657C9DF9F1DD}" = WPT Redistributables
"{A907A713-DA24-4352-8786-96C7A6944646}" = Quicken DELUXE Jubiläumsversion
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix Online Plug-in (HDX)
"{AF749638-8C8C-84E8-DA4A-37D014824E33}" = CCC Help German
"{B0B4575E-EB62-1BDC-994A-A42ED7E8FF46}" = CCC Help Greek
"{B1504E18-0D34-1554-20FB-2BF6459D4683}" = CCC Help Russian
"{B90B9B89-2B62-B281-25C3-A59B189C249F}" = CCC Help Finnish
"{C5ED3F69-3A6D-EA6E-EE57-342C0274FE5F}" = CCC Help Japanese
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D4F102C5-EEA1-CAE1-8E67-1A7FCE27F673}" = Windows Software Development Kit EULA
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix Online Plug-in (USB)
"{DBD353DB-F37D-3CBB-65A7-0B3BA8634263}" = CCC Help Turkish
"{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}" = Kits Configuration Installer
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E63A3353-003C-E4C2-230B-F155212D1479}" = SDK Debuggers
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EE6EBBD2-C278-5F48-B021-C9314ABE7593}" = CCC Help Korean
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F5C1211F-8F5E-B4BE-8046-3BB6B7944BA0}" = CCC Help Polish
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix Online Plug-in (Web)
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FA115E3B-1A2D-F0F1-52CE-99D1BD346C08}" = CCC Help Chinese Traditional
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Arduino" = Arduino
"ArgoUML" = ArgoUML 0.34
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.6.2
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1
"Google Calendar Sync" = Google Calendar Sync
"ID3-TagIT 3_is1" = ID3-TagIT 3
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LoxPLAN_is1" = Loxone Config
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"Plus-HD-2.6" = Plus-HD-2.6
"PunkBusterSvc" = PunkBuster Services
"StarUML_is1" = StarUML 5.0.2.1570
"Synology Assistant" = Synology Assistant (remove only)
"TeamViewer 7" = TeamViewer 7
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"Unity" = Unity
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"Windows Hotkey Explorer" = Windows Hotkey Explorer
"Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free
"XMind_is1" = XMind 2012 (v3.3.1)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MusicManager" = Music Manager
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.01.2013 17:13:11 | Computer Name = Thomas-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "F:\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 14.01.2013 18:55:23 | Computer Name = Thomas-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "F:\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 14.01.2013 18:57:34 | Computer Name = Thomas-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "F:\Downloads\SoftonicDownloader_fuer_switch-audio-file-converter.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 14.01.2013 18:57:34 | Computer Name = Thomas-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "F:\Downloads\SoftonicDownloader_fuer_getdataback.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 14.01.2013 19:01:22 | Computer Name = Thomas-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "F:\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 21.01.2013 15:08:22 | Computer Name = Thomas-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
Datei unknown. [ACCESS_VIOLATION Exception!! EIP = 0xb91232] Bitte Avira informieren
und die obige Datei übersenden!
Error - 21.01.2013 15:08:25 | Computer Name = Thomas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avguard.exe, Version: 12.3.0.15,
Zeitstempel: 0x4fa05b53 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x624 Startzeit der fehlerhaften Anwendung: 0x01cdf7f9748c9615 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: edbcad19-63fd-11e2-a75e-00241d7f1901
Error - 21.01.2013 17:59:30 | Computer Name = Thomas-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "F:\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 21.01.2013 18:02:28 | Computer Name = Thomas-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "F:\Downloads\SoftonicDownloader_fuer_switch-audio-file-converter.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 21.01.2013 18:02:29 | Computer Name = Thomas-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "F:\Downloads\SoftonicDownloader_fuer_getdataback.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
[ System Events ]
Error - 08.06.2013 11:18:57 | Computer Name = Thomas-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR5 gefunden.
Error - 08.06.2013 11:46:39 | Computer Name = Thomas-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
Error - 08.06.2013 11:46:40 | Computer Name = Thomas-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
Error - 08.06.2013 11:46:40 | Computer Name = Thomas-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
Error - 08.06.2013 11:46:41 | Computer Name = Thomas-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
Error - 08.06.2013 11:46:41 | Computer Name = Thomas-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR6 gefunden.
Error - 08.06.2013 20:04:03 | Computer Name = Thomas-PC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "T:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
Error - 10.06.2013 11:25:56 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Echtzeit Scanner" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 10.06.2013 11:25:59 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Echtzeit Scanner" wurde unerwartet beendet. Dies
ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 15.06.2013 12:10:45 | Computer Name = Thomas-PC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "T:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
< End of report >
|
|
23.06.2013, 11:36
| #6 |
| /// Malwareteam | DealFinder eingefangen! Hallo MalerWick Im Moment sitze ich an der Auswertung deiner neuen Logfiles...  Macht das System noch Probleme? wir haben hier ein Paar kleine Unstimmigkeiten in deinen Logfiles: OTL Logfile: Code:
ATTFilter O1 HOSTS File: ([2012.06.30 10:14:48 | 000,003,009 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 48 more lines...
...
Fehler beim Generieren des Aktivierungskontexts
...
Code:
ATTFilter There are more than 52 lines starting with "127.0.0.1"
Oder Einträge im OTL Logfile gelöscht? Schritt 2: Antivirenscanner austausch Du nutzt Avira AnitVir , diesen Virenscanner ersetzen wir mit einer weit aus besseren Freien Alternative: Bitte deinstalliere Avira da der Scanner probleme bereiten kann. Folge dieser Anleitung zur Installation von avast! Antivirus. http://www.trojaner-board.de/127580-...tml#post964496 Nach der erfolgten Installation registriere das Produkt mit deiner Email Adresse. Es entstehen keine Kosten daruch und du erhälst ein Jahr Schutz.
__________________ --> DealFinder eingefangen! |
|
23.06.2013, 20:52
| #7 |
| | DealFinder eingefangen! Hallo Aneri, ich habe Avira Antivir durch Avast Antivir ersetzt und das System nochmals gescannt. Leider ist der Dealfinder immer noch in meinem Browser aktiv. Die OTL.txt habe ich an der Host Stelle editiert. Da das System auch mein Entwicklungsrechner ist, habe ich dort zu Testzwecken einige Hosts eingetragen. Sorry, wenn das etwas Verwirrung gestiftet hat. Wie geht es jetzt weiter? Schon mal danke für die Unterstützung. Gruß MalerWick |
|
24.06.2013, 08:00
| #8 |
| /// Malwareteam | DealFinder eingefangen! Hallo MalerWick mit der Aktion hast du mir einiges an Arbeit gemacht, aber nun gut. Taucht Dealfinder bei allen Browsern auf oder nur bei bestimmten? Ich hab das gefühl das es nur bei Chrome noch vorhanden ist. Schritt 1 In deinen Logfiles taucht Plus-HD-2.6 noch auf. Das Tool ist bekannt dafür unerwünschte Programme nachzuladen. Bitte versuche es zu deinstallieren. Zusätzlich löschen wir noch die Reste des Programms aus deinem System. Schritt 2
Code:
ATTFilter :OTL
[2013.06.18 17:27:47 | 000,000,000 | ---D | M] ("Plus-HD-2.6") -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\avdtadxr.default\extensions\7f404ccc-b0a9-4faf-b3c0-89ceea949aea@a6724a05-9380-4ebe-be02-e67e35a3402c.com
BHO-x32: Plus-HD-2.6 - {11111111-1111-1111-1111-110311341140} - C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-bho.dll (Plus HD)
CHR - Extension: Plus-HD-2.6 = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfeggemggokijeahnacacopejaabljl\1.23.7_0\crossrider
CHR - Extension: Plus-HD-2.6 = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfeggemggokijeahnacacopejaabljl\1.23.7_0\
[2013.06.18 17:27:14 | 004,808,816 | ---- | M] (Bflyya) -- C:\Users\Thomas\Desktop\plus-hd-2-6.exe
[2013.06.21 14:57:27 | 000,001,196 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.6-updater.job
[2013.06.21 14:57:26 | 000,001,906 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.6-chromeinstaller.job
[2013.06.21 14:57:26 | 000,001,832 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.6-firefoxinstaller.job
[2013.06.21 14:57:25 | 000,001,200 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.6-codedownloader.job
[2013.06.21 14:57:25 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.6-enabler.job
Schritt 3 Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. |
|
24.06.2013, 17:42
| #9 |
| | DealFinder eingefangen! Hallo, ich habe Plus-HD deinstalliert. Sieht so aus als wäre es das gewesen. Der Dealfinder erscheint nicht mehr im Browser. Hier nochmal das Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.06.2013 18:19:40 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = F:\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,11 Gb Available Physical Memory | 76,38% Memory free 15,99 Gb Paging File | 13,71 Gb Available in Paging File | 85,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 31,23 Gb Free Space | 26,19% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 48,76 Gb Free Space | 24,97% Space Free | Partition Type: NTFS Drive E: | 195,31 Gb Total Space | 46,59 Gb Free Space | 23,85% Space Free | Partition Type: NTFS Drive F: | 1006,64 Gb Total Space | 25,20 Gb Free Space | 2,50% Space Free | Partition Type: NTFS Drive G: | 135,86 Gb Total Space | 90,59 Gb Free Space | 66,67% Space Free | Partition Type: NTFS Drive H: | 13,18 Gb Total Space | 5,34 Gb Free Space | 40,48% Space Free | Partition Type: NTFS Drive I: | 549,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive K: | 36,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - F:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe () PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.) ========== Modules (No Company Name) ========== MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll () MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll () MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\libglesv2.dll () MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\libegl.dll () MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ded1c6dbf61d19f839da66c951d8fa9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (UsbClientService) -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (HPSLPSVC) -- C:\Users\Thomas\AppData\Local\Temp\7zS6764\hpslpsvc64.dll (Hewlett-Packard Co.) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (MSSQL$SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare) DRV:64bit: - (busenum) -- C:\Windows\SysNative\drivers\busenum.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.) DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.) DRV:64bit: - (Ext2Fsd) -- C:\Windows\SysNative\drivers\ext2fsd.sys (www.ext2fsd.com) DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc) DRV:64bit: - (GenericMount) -- C:\Windows\SysNative\drivers\GenericMount.sys (Symantec Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 BD 5E C0 06 B6 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: proxyselector%40mozilla.org:1.16 FF - prefs.js..extensions.enabledAddons: 7f404ccc-b0a9-4faf-b3c0-89ceea949aea%40a6724a05-9380-4ebe-be02-e67e35a3402c.com:0.91.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.http: "210.212.83.242" FF - prefs.js..network.proxy.http_port: 1080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks_version: 4 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Citrix.com/npagee64,version=9.3.50.3: C:\Program Files\Citrix\Secure Access Client\npagee64.dll (Citrix Systems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.3.50.3: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Thomas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.23 13:04:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.28 23:49:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.28 23:49:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.28 23:49:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.28 23:49:06 | 000,000,000 | ---D | M] [2012.04.29 18:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions [2013.06.24 18:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\avdtadxr.default\extensions [2013.04.09 20:47:54 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\avdtadxr.default\extensions\ich@maltegoetz.de [2013.01.18 00:42:34 | 000,013,955 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\avdtadxr.default\extensions\admin@proxy-listen.de.xpi [2013.05.30 03:16:07 | 000,041,895 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\avdtadxr.default\extensions\proxyselector@mozilla.org.xpi [2013.06.21 14:53:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.28 23:49:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.28 23:49:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\USERS\THOMAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AVDTADXR.DEFAULT\EXTENSIONS\7F404CCC-B0A9-4FAF-B3C0-89CEEA949AEA@A6724A05-9380-4EBE-BE02-E67E35A3402C.COM [2011.04.25 01:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2011.04.25 02:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2011.04.25 01:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2011.04.25 01:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2011.04.25 02:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011.04.25 02:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Citrix Access Gateway (Enabled) = C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npagee.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Google Update (Enabled) = C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.3_0\ CHR - Extension: Google Docs = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.06.30 10:14:48 | 000,003,009 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.) O4 - HKCU..\Run: [HotKeyMan] File not found O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1026/Navigram.cab (Navigram Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D83876F3-FB71-4436-BCE6-D09E2535D35F}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\ica - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.08.04 14:22:33 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2012.11.01 21:00:00 | 000,000,052 | R--- | M] () - I:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2002.08.29 00:51:43 | 000,040,448 | R--- | M] () - K:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2002.08.29 00:56:23 | 000,000,038 | R--- | M] () - K:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{119ccf16-920e-11e1-ab31-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{119ccf16-920e-11e1-ab31-806e6f6e6963}\Shell\AutoRun\command - "" = K:\autorun.exe start.html O33 - MountPoints2\{b4bc65b5-936f-11e1-8c1e-0002721e378f}\Shell - "" = AutoRun O33 - MountPoints2\{b4bc65b5-936f-11e1-8c1e-0002721e378f}\Shell\AutoRun\command - "" = I:\start.exe -- [2012.11.01 21:00:00 | 000,087,704 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.23 13:05:05 | 000,378,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.06.23 13:05:05 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013.06.23 13:05:05 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013.06.23 13:05:05 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013.06.23 13:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.06.23 13:05:04 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.06.23 13:05:04 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.06.23 13:05:04 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.06.23 13:04:48 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.06.23 13:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.06.23 13:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.06.21 14:52:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO [2013.06.20 21:08:52 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\temp [2013.06.20 20:46:20 | 000,000,000 | ---D | C] -- C:\FRST [2013.06.18 17:41:06 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\Apowersoft Free Screen Recorder [2013.06.18 17:40:38 | 000,429,816 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\ApowersoftScreenCapturing.dll [2013.06.18 17:40:38 | 000,261,880 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\ApowersoftScreenCapturingFilter.dll [2013.06.18 17:40:38 | 000,175,864 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\ApowersoftVideoMixerFilter.dll [2013.06.18 17:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft [2013.06.18 17:40:37 | 000,584,952 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\ApowersoftScreenCapturing.dll [2013.06.18 17:40:37 | 000,372,984 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\ApowersoftScreenCapturingFilter.dll [2013.06.18 17:40:37 | 000,231,672 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\ApowersoftVideoMixerFilter.dll [2013.06.18 17:40:37 | 000,031,968 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys [2013.06.18 17:40:36 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Apowersoft [2013.06.18 17:40:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apowersoft [2013.06.18 17:40:20 | 005,660,536 | ---- | C] (Apowersoft ) -- C:\Users\Thomas\Desktop\apowersoft-free-screen-recorder.exe [2013.06.18 17:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7 [2013.06.18 17:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio 2.7 [2013.06.18 17:29:14 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\aufnahme [2013.06.18 17:27:34 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Free [2013.06.18 17:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Free [2013.06.18 17:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft AutoScreenRecorder 3 Free [2013.06.16 16:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX [2013.06.16 16:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hex-Editor MX [2013.06.16 14:16:10 | 000,769,816 | ---- | C] (www.ext2fsd.com) -- C:\Windows\SysNative\drivers\ext2fsd.sys [2013.06.16 14:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ext2Fsd [2013.06.16 14:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ext2Fsd [2013.06.16 11:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Synology [2013.06.16 11:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology [2013.06.16 11:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synology [2013.06.09 15:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.28 23:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.06.24 18:18:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.24 18:18:43 | 2143,936,511 | -HS- | M] () -- C:\hiberfil.sys [2013.06.24 18:13:11 | 000,013,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.24 18:13:11 | 000,013,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.24 18:10:25 | 001,808,802 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.24 18:10:25 | 000,766,530 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.24 18:10:25 | 000,721,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.24 18:10:25 | 000,174,416 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.24 18:10:25 | 000,147,204 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.23 22:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.23 22:36:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3400329253-3998918881-1476899671-1001UA.job [2013.06.23 13:05:05 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.06.23 13:05:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.06.21 18:36:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3400329253-3998918881-1476899671-1001Core.job [2013.06.20 18:37:44 | 000,002,374 | ---- | M] () -- C:\Users\Thomas\Desktop\Google Chrome.lnk [2013.06.18 17:40:38 | 000,001,432 | ---- | M] () -- C:\Users\Public\Desktop\Apowersoft Free Screen Recorder.lnk [2013.06.18 17:40:23 | 005,660,536 | ---- | M] (Apowersoft ) -- C:\Users\Thomas\Desktop\apowersoft-free-screen-recorder.exe [2013.06.18 17:39:53 | 000,004,521 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\CamStudio.cfg [2013.06.18 17:39:53 | 000,000,408 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\CamShapes.ini [2013.06.18 17:39:53 | 000,000,408 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\CamLayout.ini [2013.06.18 17:39:53 | 000,000,042 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Camdata.ini [2013.06.18 17:27:34 | 000,002,060 | ---- | M] () -- C:\Users\Thomas\Desktop\AutoScreenRecorder 3.1 Free.lnk [2013.06.18 17:27:09 | 004,898,854 | ---- | M] () -- C:\Users\Thomas\Desktop\setupautoscreenrecorderfree_3.1.115.exe [2013.06.16 23:25:37 | 000,000,600 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\winscp.rnd [2013.06.16 22:34:08 | 000,000,600 | ---- | M] () -- C:\Users\Thomas\AppData\Local\PUTTY.RND [2013.06.16 11:33:35 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\Synology Assistant.lnk [2013.06.09 18:39:58 | 000,002,036 | -H-- | M] () -- C:\Users\Thomas\Documents\Default.rdp [2013.06.09 14:49:40 | 000,000,869 | ---- | M] () -- C:\Windows\wiso.ini [2013.05.26 12:00:05 | 000,291,961 | ---- | M] () -- C:\Users\Thomas\Desktop\Storyboard Rengi.pdf ========== Files Created - No Company Name ========== [2013.06.23 13:05:05 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.06.23 13:05:04 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.06.23 13:05:04 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013.06.23 13:05:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2013.06.18 17:40:38 | 000,001,432 | ---- | C] () -- C:\Users\Public\Desktop\Apowersoft Free Screen Recorder.lnk [2013.06.18 17:39:53 | 000,004,521 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\CamStudio.cfg [2013.06.18 17:39:53 | 000,000,408 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\CamShapes.ini [2013.06.18 17:39:53 | 000,000,408 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\CamLayout.ini [2013.06.18 17:39:53 | 000,000,042 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\Camdata.ini [2013.06.18 17:27:34 | 000,002,060 | ---- | C] () -- C:\Users\Thomas\Desktop\AutoScreenRecorder 3.1 Free.lnk [2013.06.18 17:27:06 | 004,898,854 | ---- | C] () -- C:\Users\Thomas\Desktop\setupautoscreenrecorderfree_3.1.115.exe [2013.06.16 11:33:35 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\Synology Assistant.lnk [2013.05.26 12:00:05 | 000,291,961 | ---- | C] () -- C:\Users\Thomas\Desktop\Storyboard Rengi.pdf [2013.04.17 22:40:58 | 000,000,600 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\winscp.rnd [2013.04.13 02:06:31 | 000,000,600 | ---- | C] () -- C:\Users\Thomas\AppData\Local\PUTTY.RND [2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.11.25 23:38:20 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.25 23:38:20 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.07.15 16:38:49 | 000,000,869 | ---- | C] () -- C:\Windows\wiso.ini [2012.06.05 17:52:02 | 000,007,679 | ---- | C] () -- C:\Users\Thomas\AppData\Local\resmon.resmoncfg [2012.06.03 21:33:51 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI [2012.05.14 21:26:37 | 000,038,423 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2012.05.14 17:16:04 | 001,785,760 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.29 18:02:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.29 11:52:10 | 000,138,608 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2012.03.29 11:52:10 | 000,074,608 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2012.03.29 11:52:08 | 000,309,616 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2007.03.12 18:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files (x86)\navigram_register.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.07.17 22:10:15 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Amazon [2013.06.18 17:40:36 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Apowersoft [2013.03.06 23:05:28 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Arduino [2012.09.19 17:25:45 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Buhl Data Service [2012.05.27 00:22:26 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DAEMON Tools Lite [2012.06.06 11:12:36 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DataDesign [2012.11.02 20:45:14 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\e-academy Inc [2013.03.31 16:55:11 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\GalileoPress [2012.09.18 16:57:07 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Garmin [2012.05.13 22:47:07 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Hulubulu [2012.06.29 10:18:22 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ICAClient [2013.06.24 18:06:56 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ICQ [2012.05.17 22:22:09 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ID3-TagIT 3 [2012.12.27 17:00:42 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ImgBurn [2012.04.29 19:13:12 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Leadertech [2012.06.08 16:01:08 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Lexware [2013.03.30 00:07:09 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Loxone [2013.01.08 23:37:57 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\MyPhoneExplorer [2012.06.24 19:09:27 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Notepad++ [2012.06.14 18:57:11 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Opera [2012.12.02 16:37:44 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Origin [2013.01.08 22:10:32 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Samsung [2012.06.30 12:46:58 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.04.20 11:02:08 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Subversion [2012.05.07 19:29:00 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TeamViewer [2012.05.18 10:13:31 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Trillian [2012.05.01 12:15:18 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TrueCrypt [2013.04.06 17:58:40 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Unity ========== Purity Check ========== < End of report > [/CODE] Nochmals vielen Dank für die Hilfe. Schöne Grüße Hier noch der Log nach dem Entfernen mit OTL: Code:
ATTFilter ========== OTL ==========
Folder C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\avdtadxr.default\extensions\7f404ccc-b0a9-4faf-b3c0-89ceea949aea@a6724a05-9380-4ebe-be02-e67e35a3402c.com\ not found.
File C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfeggemggokijeahnacacopejaabljl\1.23.7_0\crossrider not found.
File C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfeggemggokijeahnacacopejaabljl\1.23.7_0 not found.
C:\Users\Thomas\Desktop\plus-hd-2-6.exe moved successfully.
File C:\Windows\tasks\Plus-HD-2.6-updater.job not found.
File C:\Windows\tasks\Plus-HD-2.6-chromeinstaller.job not found.
File C:\Windows\tasks\Plus-HD-2.6-firefoxinstaller.job not found.
File C:\Windows\tasks\Plus-HD-2.6-codedownloader.job not found.
File C:\Windows\tasks\Plus-HD-2.6-enabler.job not found.
OTL by OldTimer - Version 3.2.69.0 log created on 06242013_181655
|
|
24.06.2013, 17:48
| #10 |
| /// Malwareteam | DealFinder eingefangen! Hi MalerWick, bleib bitte dran bis ich dir sage dass du clean bist es geht noch weiter Geändert von Aneri (24.06.2013 um 18:07 Uhr) |
|
24.06.2013, 18:52
| #11 |
| /// Malwareteam | DealFinder eingefangen! Hallo MalerWick dann schauen wir uns das nochmal an. Schritt 1 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 2 ESET Online Scanner
Schritt 3 Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. Schritt 4 Downloade Dir bitte  SecurityCheck und:
|
|
26.06.2013, 17:46
| #12 |
| | DealFinder eingefangen! Hallo Aneri, hier meine Logs. ESET musste ich nach 5 Stunden abbrechen. Da hatte er noch nicht mal die Hälfte gescannt. 1. Malewarebytes Antimalware: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.24.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Thomas :: THOMAS-PC [Administrator] 26.06.2013 18:34:46 mbam-log-2013-06-26 (18-34-46).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 250361 Laufzeit: 3 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) kein File 3. OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.06.2013 18:20:21 - Run 3 OTL by OldTimer - Version 3.2.35.1 Folder = F:\Downloads\Antivir 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 4,71 Gb Available Physical Memory | 58,96% Memory free 15,99 Gb Paging File | 11,98 Gb Available in Paging File | 74,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 31,35 Gb Free Space | 26,29% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 48,76 Gb Free Space | 24,97% Space Free | Partition Type: NTFS Drive E: | 195,31 Gb Total Space | 46,59 Gb Free Space | 23,85% Space Free | Partition Type: NTFS Drive F: | 1006,64 Gb Total Space | 25,17 Gb Free Space | 2,50% Space Free | Partition Type: NTFS Drive G: | 135,86 Gb Total Space | 90,59 Gb Free Space | 66,67% Space Free | Partition Type: NTFS Drive H: | 13,18 Gb Total Space | 5,34 Gb Free Space | 40,48% Space Free | Partition Type: NTFS Drive I: | 549,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive K: | 36,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - F:\Downloads\Antivir\SecurityCheck.exe () PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe () PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr) PRC - F:\Downloads\Antivir\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.) ========== Modules (No Company Name) ========== MOD - F:\Downloads\Antivir\SecurityCheck.exe () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\winamp.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\vis_milk2.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\vis_avs.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\ml_local.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\ml_disc.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\ml_pmp.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\gen_jumpex.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\pmp_wifi.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\pmp_ipod.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\ombrowser.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\ml_plg.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\gen_classicart.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\in_mp3.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\gen_ff.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\gen_ml.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\pmp_android.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\in_midi.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\in_mod.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\out_ds.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\in_wm.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\ml_wire.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\ml_online.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\in_cdda.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\dsp_sps.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\ml_playlists.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\pmp_usb.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\in_nsv.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\gen_skinmanager.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\in_vorbis.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\gen_hotkeys.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\gen_undo.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\gen_timerestore.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\ml_downloads.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\gen_nopro.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\ml_history.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\ml_devices.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\ml_transcode.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\gen_tray.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\vis_nsfs.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\out_wave.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\gen_orgler.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\gen_crasher.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\ml_autotag.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\in_wav.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\in_dshow.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\enc_fhgaac.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\tagz.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\out_disk.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\enc_wma.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\in_wave.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\in_flac.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\enc_lame.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\ml_rg.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\ml_impex.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\ml_bookmarks.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\in_mp4.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\in_avi.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\pmp_activesync.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\ml_enqplay.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\in_wv.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\in_mkv.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\winampa.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\pmp_p4s.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\ml_orb.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\gen_find_on_disk.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\enc_wav.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\enc_vorbis.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\enc_flac.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\pmp_njb.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\ml_nowplaying.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\ml_addons.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\in_swf.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\in_linein.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\in_flv.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\playlist.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\burnlib.lng () MOD - C:\Users\Thomas\AppData\Local\Temp\WLZD7A9.tmp\auth.lng () MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll () MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll () MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\libglesv2.dll () MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\libegl.dll () MOD - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ded1c6dbf61d19f839da66c951d8fa9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll () MOD - C:\Program Files (x86)\Winamp\System\jnetlib.w5s () MOD - C:\Program Files (x86)\Winamp\nsutil.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac () MOD - C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_wm.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_local.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll () MOD - C:\Program Files (x86)\Winamp\libsndfile.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll () MOD - C:\Program Files (x86)\Winamp\System\auth.w5s () MOD - C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_mod.dll () MOD - C:\Program Files (x86)\Winamp\System\jpeg.w5s () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_online.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_midi.dll () MOD - C:\Program Files (x86)\Winamp\System\png.w5s () MOD - C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll () MOD - C:\Program Files (x86)\Winamp\System\xml.w5s () MOD - C:\Program Files (x86)\Winamp\System\playlist.w5s () MOD - C:\Program Files (x86)\Winamp\tataki.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_plg.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll () MOD - C:\Program Files (x86)\Winamp\nde.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_avi.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_flac.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\out_ds.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_history.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll () MOD - C:\Program Files (x86)\Winamp\zlib.dll () MOD - C:\Program Files (x86)\Winamp\System\devices.w5s () MOD - C:\Program Files (x86)\Winamp\Plugins\in_flv.dll () MOD - C:\Program Files (x86)\Winamp\System\timer.w5s () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_swf.dll () MOD - C:\Program Files (x86)\Winamp\System\albumart.w5s () MOD - C:\Program Files (x86)\Winamp\System\tagz.w5s () MOD - C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll () MOD - C:\Program Files (x86)\Winamp\System\gif.w5s () MOD - C:\Program Files (x86)\Winamp\System\bmp.w5s () MOD - C:\Program Files (x86)\Winamp\Plugins\out_wave.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_wave.dll () MOD - C:\Program Files (x86)\Winamp\System\dlmgr.w5s () MOD - C:\Program Files (x86)\Winamp\System\gracenote.w5s () MOD - C:\Program Files (x86)\Winamp\System\filereader.w5s () MOD - C:\Program Files (x86)\Winamp\System\primo.w5s () MOD - C:\Program Files (x86)\Winamp\Plugins\in_linein.dll () MOD - C:\Program Files (x86)\Notepad++\plugins\XMLTools.dll () MOD - C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll () MOD - C:\Program Files (x86)\Notepad++\plugins\NppExport.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll () MOD - C:\PROGRA~2\MICROS~2\Office12\CPAOAD~1.DLL () ========== Win32 Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (UsbClientService) -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (HPSLPSVC) -- C:\Users\Thomas\AppData\Local\Temp\7zS6764\hpslpsvc64.dll (Hewlett-Packard Co.) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare) DRV:64bit: - (busenum) -- C:\Windows\SysNative\drivers\busenum.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.) DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.) DRV:64bit: - (Ext2Fsd) -- C:\Windows\SysNative\drivers\ext2fsd.sys (www.ext2fsd.com) DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc) DRV:64bit: - (GenericMount) -- C:\Windows\SysNative\drivers\GenericMount.sys (Symantec Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 BD 5E C0 06 B6 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..network.proxy.http: "210.212.83.242" FF - prefs.js..network.proxy.http_port: 1080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks_version: 4 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Citrix.com/npagee64,version=9.3.50.3: C:\Program Files\Citrix\Secure Access Client\npagee64.dll (Citrix Systems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.3.50.3: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Thomas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.23 13:04:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.28 23:49:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.28 23:49:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.28 23:49:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.28 23:49:06 | 000,000,000 | ---D | M] [2012.04.29 18:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions [2013.06.24 18:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\avdtadxr.default\extensions [2013.04.09 20:47:54 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\avdtadxr.default\extensions\ich@maltegoetz.de [2013.06.21 14:53:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.28 23:49:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.28 23:49:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\USERS\THOMAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AVDTADXR.DEFAULT\EXTENSIONS\7F404CCC-B0A9-4FAF-B3C0-89CEEA949AEA@A6724A05-9380-4EBE-BE02-E67E35A3402C.COM () (No name found) -- C:\USERS\THOMAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AVDTADXR.DEFAULT\EXTENSIONS\PROXYSELECTOR@MOZILLA.ORG.XPI [2011.04.25 01:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2011.04.25 02:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2011.04.25 01:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2011.04.25 01:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2011.04.25 02:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011.04.25 02:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Citrix Access Gateway (Enabled) = C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npagee.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Google Update (Enabled) = C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.3_0\ CHR - Extension: Google Docs = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.06.30 10:14:48 | 000,003,009 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.) O4 - HKCU..\Run: [HotKeyMan] File not found O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1026/Navigram.cab (Navigram Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D83876F3-FB71-4436-BCE6-D09E2535D35F}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\ica - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.08.04 14:22:33 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2012.11.01 21:00:00 | 000,000,052 | R--- | M] () - I:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2002.08.29 00:51:43 | 000,040,448 | R--- | M] () - K:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2002.08.29 00:56:23 | 000,000,038 | R--- | M] () - K:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{119ccf16-920e-11e1-ab31-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{119ccf16-920e-11e1-ab31-806e6f6e6963}\Shell\AutoRun\command - "" = K:\autorun.exe start.html O33 - MountPoints2\{b4bc65b5-936f-11e1-8c1e-0002721e378f}\Shell - "" = AutoRun O33 - MountPoints2\{b4bc65b5-936f-11e1-8c1e-0002721e378f}\Shell\AutoRun\command - "" = I:\start.exe -- [2012.11.01 21:00:00 | 000,087,704 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013.06.24 20:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.06.24 20:38:12 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes [2013.06.24 20:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.24 20:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.24 20:37:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.06.24 20:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.23 13:05:05 | 000,378,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.06.23 13:05:05 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013.06.23 13:05:05 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013.06.23 13:05:05 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013.06.23 13:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.06.23 13:05:04 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.06.23 13:05:04 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.06.23 13:05:04 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.06.23 13:04:48 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.06.23 13:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.06.23 13:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.06.21 14:52:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO [2013.06.20 21:08:52 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\temp [2013.06.20 20:46:20 | 000,000,000 | ---D | C] -- C:\FRST [2013.06.18 17:41:06 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\Apowersoft Free Screen Recorder [2013.06.18 17:40:38 | 000,429,816 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\ApowersoftScreenCapturing.dll [2013.06.18 17:40:38 | 000,261,880 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\ApowersoftScreenCapturingFilter.dll [2013.06.18 17:40:38 | 000,175,864 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\ApowersoftVideoMixerFilter.dll [2013.06.18 17:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft [2013.06.18 17:40:37 | 000,584,952 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\ApowersoftScreenCapturing.dll [2013.06.18 17:40:37 | 000,372,984 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\ApowersoftScreenCapturingFilter.dll [2013.06.18 17:40:37 | 000,231,672 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\ApowersoftVideoMixerFilter.dll [2013.06.18 17:40:37 | 000,031,968 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys [2013.06.18 17:40:36 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Apowersoft [2013.06.18 17:40:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apowersoft [2013.06.18 17:40:20 | 005,660,536 | ---- | C] (Apowersoft ) -- C:\Users\Thomas\Desktop\apowersoft-free-screen-recorder.exe [2013.06.18 17:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7 [2013.06.18 17:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio 2.7 [2013.06.18 17:29:14 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\aufnahme [2013.06.18 17:27:34 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Free [2013.06.18 17:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Free [2013.06.18 17:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft AutoScreenRecorder 3 Free [2013.06.16 16:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX [2013.06.16 16:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hex-Editor MX [2013.06.16 14:16:10 | 000,769,816 | ---- | C] (www.ext2fsd.com) -- C:\Windows\SysNative\drivers\ext2fsd.sys [2013.06.16 14:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ext2Fsd [2013.06.16 14:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ext2Fsd [2013.06.16 11:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Synology [2013.06.16 11:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology [2013.06.16 11:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synology [2013.06.09 15:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.28 23:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.06.26 17:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.26 17:36:14 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3400329253-3998918881-1476899671-1001UA.job [2013.06.26 16:47:30 | 000,013,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.26 16:47:30 | 000,013,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.26 16:44:35 | 001,808,802 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.26 16:44:35 | 000,766,530 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.26 16:44:35 | 000,721,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.26 16:44:35 | 000,174,416 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.26 16:44:35 | 000,147,204 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.26 16:40:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.26 16:40:18 | 2143,936,511 | -HS- | M] () -- C:\hiberfil.sys [2013.06.25 18:36:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3400329253-3998918881-1476899671-1001Core.job [2013.06.23 13:05:05 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.06.23 13:05:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.06.20 18:37:44 | 000,002,374 | ---- | M] () -- C:\Users\Thomas\Desktop\Google Chrome.lnk [2013.06.18 17:40:38 | 000,001,432 | ---- | M] () -- C:\Users\Public\Desktop\Apowersoft Free Screen Recorder.lnk [2013.06.18 17:40:23 | 005,660,536 | ---- | M] (Apowersoft ) -- C:\Users\Thomas\Desktop\apowersoft-free-screen-recorder.exe [2013.06.18 17:39:53 | 000,004,521 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\CamStudio.cfg [2013.06.18 17:39:53 | 000,000,408 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\CamShapes.ini [2013.06.18 17:39:53 | 000,000,408 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\CamLayout.ini [2013.06.18 17:39:53 | 000,000,042 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Camdata.ini [2013.06.18 17:27:34 | 000,002,060 | ---- | M] () -- C:\Users\Thomas\Desktop\AutoScreenRecorder 3.1 Free.lnk [2013.06.18 17:27:09 | 004,898,854 | ---- | M] () -- C:\Users\Thomas\Desktop\setupautoscreenrecorderfree_3.1.115.exe [2013.06.16 23:25:37 | 000,000,600 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\winscp.rnd [2013.06.16 22:34:08 | 000,000,600 | ---- | M] () -- C:\Users\Thomas\AppData\Local\PUTTY.RND [2013.06.16 11:33:35 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\Synology Assistant.lnk [2013.06.09 18:39:58 | 000,002,036 | -H-- | M] () -- C:\Users\Thomas\Documents\Default.rdp [2013.06.09 14:49:40 | 000,000,869 | ---- | M] () -- C:\Windows\wiso.ini ========== Files Created - No Company Name ========== [2013.06.23 13:05:05 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.06.23 13:05:04 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.06.23 13:05:04 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013.06.23 13:05:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2013.06.18 17:40:38 | 000,001,432 | ---- | C] () -- C:\Users\Public\Desktop\Apowersoft Free Screen Recorder.lnk [2013.06.18 17:39:53 | 000,004,521 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\CamStudio.cfg [2013.06.18 17:39:53 | 000,000,408 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\CamShapes.ini [2013.06.18 17:39:53 | 000,000,408 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\CamLayout.ini [2013.06.18 17:39:53 | 000,000,042 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\Camdata.ini [2013.06.18 17:27:34 | 000,002,060 | ---- | C] () -- C:\Users\Thomas\Desktop\AutoScreenRecorder 3.1 Free.lnk [2013.06.18 17:27:06 | 004,898,854 | ---- | C] () -- C:\Users\Thomas\Desktop\setupautoscreenrecorderfree_3.1.115.exe [2013.06.16 11:33:35 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\Synology Assistant.lnk [2013.04.17 22:40:58 | 000,000,600 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\winscp.rnd [2013.04.13 02:06:31 | 000,000,600 | ---- | C] () -- C:\Users\Thomas\AppData\Local\PUTTY.RND [2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.11.25 23:38:20 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.25 23:38:20 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.07.15 16:38:49 | 000,000,869 | ---- | C] () -- C:\Windows\wiso.ini [2012.06.05 17:52:02 | 000,007,679 | ---- | C] () -- C:\Users\Thomas\AppData\Local\resmon.resmoncfg [2012.06.03 21:33:51 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI [2012.05.14 21:26:37 | 000,038,423 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2012.05.14 17:16:04 | 001,785,760 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.29 18:02:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.29 11:52:10 | 000,138,608 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2012.03.29 11:52:10 | 000,074,608 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2012.03.29 11:52:08 | 000,309,616 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012.07.17 22:10:15 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Amazon [2013.06.18 17:40:36 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Apowersoft [2013.03.06 23:05:28 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Arduino [2012.09.19 17:25:45 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Buhl Data Service [2012.05.27 00:22:26 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DAEMON Tools Lite [2012.06.06 11:12:36 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DataDesign [2012.11.02 20:45:14 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\e-academy Inc [2013.03.31 16:55:11 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\GalileoPress [2012.09.18 16:57:07 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Garmin [2012.05.13 22:47:07 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Hulubulu [2012.06.29 10:18:22 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ICAClient [2013.06.26 16:40:50 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ICQ [2012.05.17 22:22:09 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ID3-TagIT 3 [2012.12.27 17:00:42 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ImgBurn [2012.04.29 19:13:12 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Leadertech [2012.06.08 16:01:08 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Lexware [2013.03.30 00:07:09 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Loxone [2013.01.08 23:37:57 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\MyPhoneExplorer [2012.06.24 19:09:27 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Notepad++ [2012.06.14 18:57:11 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Opera [2012.12.02 16:37:44 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Origin [2013.01.08 22:10:32 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Samsung [2012.06.30 12:46:58 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.04.20 11:02:08 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Subversion [2012.05.07 19:29:00 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TeamViewer [2012.05.18 10:13:31 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Trillian [2012.05.01 12:15:18 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TrueCrypt [2013.04.06 17:58:40 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Unity [2013.05.03 09:54:48 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > 4. SecurityCheck: Code:
ATTFilter Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 JavaFX 2.1.1 Java 7 Update 21 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.3 Adobe Reader out of Date! Mozilla Firefox 21.0 Firefox out of Date! Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbam.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
27.06.2013, 21:26
| #13 |
| /// Malwareteam | DealFinder eingefangen! Hallo Schritt 1 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 1.2 Update: Firefox, Addons und Plugins
Schritt 1.3 Aktualisiere deine Version vom Adobe Reader Schritt 2 Fixen mit OTL
Code:
ATTFilter :commands
[emptytemp]
[createrestorepoint]
Schritt 3 Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. |
|
30.06.2013, 21:02
| #14 |
| /// Malwareteam | DealFinder eingefangen! Hi, ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos. Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen. |
|
02.07.2013, 07:59
| #15 |
| /// Malwareteam | DealFinder eingefangen! Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen |
|
| Themen zu DealFinder eingefangen! |
| antivir, antivirus, avira, branding, browser, converter, dealfinder, desktop, error, excel, farbar, farbar recovery scan tool, fehler, flash player, frst:, google, homepage, installation, mozilla, musik, performance, plug-in, port, realtek, registry, richtlinie, rundll, server, svchost.exe, symantec, synology, system, thomas, virtualbox, virus, visual studio, werbefenster |
Beim ersten Anzeichen illegal genutzter Software (Cracks, Patches und Co) wird der Support ohne Diskussion beendet.
Textbox.
Gruß Aneri 
Linear-Darstellung
