| |
| |||||||
Log-Analyse und Auswertung: bizcoaching.infoWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.07.2013, 15:30
| #1 |
 |  bizcoaching.info FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Holger (administrator) on 04-07-2013 16:20:56
Running from C:\Users\Holger\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Hardcopy\hcdll2_ex_Win32.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Fred's Software) C:\Program Files\PrintKey2000\Printkey2000.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(sw4you, Siegfried Weckmann) C:\Program Files\Hardcopy\hardcopy.exe
(Microsoft Corporation) C:\Windows\system32\schtasks.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-01-26] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36800 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [823224 2012-07-27] (Adobe Systems Inc.)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent [1641896 2013-06-07] (Valve Corporation)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: E - E:\LaunchU3.exe
MountPoints2: {a7f5b2e8-79e1-11e2-9211-00138ff9b6fa} - E:\LaunchU3.exe
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\NewShortcut1.lnk
ShortcutTarget: NewShortcut1.lnk -> C:\Program Files\USB_video_device\Utility\RemoteTool\BDARemote.exe (No File)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Printkey2000.lnk
ShortcutTarget: Printkey2000.lnk -> C:\Program Files\PrintKey2000\Printkey2000.exe (Fred's Software)
Startup: C:\Users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=18de14e0-3ad0-4800-b96f-92ec9372c9db&searchtype=ds&q={searchTerms}&installDate=28/06/2013
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: FastestTube - {3E532CE8-C6D9-4A10-8ACE-4348C96E8B6A} - C:\Program Files\FastestTube\2.1.9\WombatBHO.dll (Kwizzu)
BHO: LyricsContainer - {463B0ED4-8AFA-404B-90E7-4063A0708050} - C:\Program Files\LyricsContainer\116.dll (RYD Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {78e516ef-11de-47a1-8364-a99b917ec5ee} - No File
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: LyricsTube - {B399EDE8-1525-458C-8DD9-31EADF632D06} - C:\Program Files\LyricsTube\lrcstube.dll (Hansen & Destar Apps)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: DeLorme Send To GPS - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files\DeLorme\SendToGPS\PNPluginForIE.dll (DeLorme)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -No Name - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\g82eolbz.default
FF NetworkProxy: "type", 0
FF Homepage: user_pref("browser.startup.homepage", );
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @delorme.com/SendToGPS - C:\Program Files\DeLorme\SendToGPS\nppnplugin.dll (DeLorme)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Holger\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: LyricsContainer - C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\g82eolbz.default\Extensions\116
FF Extension: Wajam - C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\g82eolbz.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}
FF Extension: Yahoo! Toolbar - C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\g82eolbz.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKCU\...\Firefox\Extensions: [LrcsTb@hansenapps.com] C:\Program Files\LyricsTube\FF\
FF Extension: No Name - C:\Program Files\LyricsTube\FF\
FF HKCU\...\Firefox\Extensions: [Lyrics@LyricsContainer.co] C:\Program Files\LyricsContainer\116.xpi
FF Extension: No Name - C:\Program Files\LyricsContainer\116.xpi
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (LyricsContainer) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh\1.116_0
CHR Extension: (LyricsTube) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebdghdpchfhbbmfeddkijldlpnkbjkk\1.114_0
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [641832 2011-09-23] (Nero AG)
==================== Drivers (Whitelisted) ====================
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [271360 2012-02-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-09-16] (Avira GmbH)
R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc. )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2012-02-28] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-07-03] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2009-10-08] (Avira GmbH)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-04 16:20 - 2013-07-04 16:20 - 00000000 ____D C:\FRST
2013-07-04 16:19 - 2013-07-04 16:19 - 01373373 ____A (Farbar) C:\Users\Holger\Desktop\FRST.exe
2013-07-03 22:14 - 2013-07-03 22:14 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-07-03 17:07 - 2013-07-03 17:07 - 02347384 ____A (ESET) C:\Users\Holger\Desktop\esetsmartinstaller_enu.exe
2013-07-03 17:07 - 2013-07-03 17:07 - 00000000 ____D C:\Program Files\ESET
2013-07-03 17:03 - 2013-07-03 18:53 - 00033036 ____A C:\Users\Holger\Desktop\SystemLook.txt
2013-07-03 17:03 - 2013-07-03 17:03 - 00139264 ____A C:\Users\Holger\Desktop\SystemLook.exe
2013-07-03 16:59 - 2013-07-03 16:59 - 00165376 ____A C:\Users\Holger\Desktop\SystemLook_x64.exe
2013-07-03 16:42 - 2013-07-03 16:42 - 00448512 ____A (OldTimer Tools) C:\Users\Holger\Desktop\TFC.exe
2013-07-03 16:39 - 2013-07-03 16:39 - 00000845 ____A C:\Users\Holger\Desktop\JRT.txt
2013-07-03 16:37 - 2013-07-03 16:37 - 00000000 ____D C:\Windows\ERUNT
2013-07-03 16:37 - 2013-07-03 16:37 - 00000000 ____D C:\JRT
2013-07-03 16:35 - 2013-07-03 16:35 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Holger\Desktop\JRT494.exe
2013-07-03 16:30 - 2013-07-03 16:31 - 00039544 ____A C:\AdwCleaner[S1].txt
2013-07-03 16:27 - 2013-07-03 16:27 - 00648201 ____A C:\Users\Holger\Desktop\adwcleaner2303.exe
2013-07-02 17:13 - 2013-07-02 17:53 - 00000000 ____D C:\Users\Holger\Downloads\MalwaBytAntMalKege
2013-07-02 17:12 - 2013-07-02 17:12 - 00843658 ____A C:\Users\Holger\Downloads\MalwaBytAntMalKege.rar
2013-07-02 17:11 - 2013-07-02 17:11 - 00000000 ____D C:\Users\Holger\AppData\Roaming\Malwarebytes
2013-07-02 17:10 - 2013-07-02 17:10 - 00001071 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-02 17:10 - 2013-07-02 17:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-02 17:10 - 2013-07-02 17:10 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-02 17:10 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-01 18:00 - 2013-07-01 18:00 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-01 17:59 - 2013-07-01 17:59 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-07-01 05:18 - 2013-07-01 05:18 - 00000161 ____A C:\Users\Holger\Downloads\vs0fcj2x9d56f8b3.js
2013-07-01 05:17 - 2013-07-01 05:17 - 00000161 ____A C:\Users\Holger\Downloads\vs0fcj2xec041bdc.js
2013-06-30 14:00 - 2013-06-30 14:00 - 01122806 ____A C:\Users\Holger\Downloads\Pixel_Perfection_V1.8 (1).zip
2013-06-30 13:58 - 2013-06-30 13:58 - 00774080 ____A C:\Users\Holger\Downloads\ImageEditorSetup.exe
2013-06-30 08:58 - 2013-06-30 10:43 - 00000000 ____D C:\Users\Public\Documents\Skins
2013-06-29 20:03 - 2013-06-29 09:57 - 00000000 ____D C:\Users\Holger\Downloads\GLTAS126iDL
2013-06-29 19:57 - 2013-06-29 20:00 - 13813990 ____A C:\Users\Holger\Downloads\GLTAS126iDL.part4.rar
2013-06-29 18:40 - 2013-06-29 19:24 - 106857600 ____A C:\Users\Holger\Downloads\GLTAS126iDL.part1.rar
2013-06-29 17:32 - 2013-06-30 07:45 - 00000000 ____D C:\Users\Holger\AppData\Roaming\vlc
2013-06-29 17:08 - 2013-06-29 17:43 - 106857600 ____A C:\Users\Holger\Downloads\GLTAS126iDL.part3.rar
2013-06-29 17:04 - 2013-06-29 17:49 - 106857600 ____A C:\Users\Holger\Downloads\GLTAS126iDL.part2.rar
2013-06-29 15:37 - 2013-06-29 15:37 - 00002205 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-29 15:35 - 2013-07-04 16:15 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-29 15:35 - 2013-07-03 22:08 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-29 15:34 - 2013-06-29 15:37 - 00000000 ____D C:\Program Files\Google
2013-06-29 15:32 - 2013-06-29 15:38 - 00000000 ____D C:\Users\Holger\AppData\Local\Google
2013-06-29 15:14 - 2013-06-29 15:14 - 00013507 ____A C:\Users\Holger\Downloads\MemTest4.zip
2013-06-28 18:16 - 2013-06-28 18:16 - 00000000 ____D C:\Users\Holger\Desktop\COPY TO 'lang' FOLDER IN 'minecraft.jar'
2013-06-28 18:16 - 2013-06-28 18:16 - 00000000 ____D C:\Users\Holger\Desktop\anim
2013-06-28 18:15 - 2013-06-28 18:17 - 11906468 ____A C:\Users\Holger\Documents\Minecraft t.zip
2013-06-28 18:15 - 2013-01-12 12:41 - 00001776 ____N C:\Users\Holger\Desktop\READ ME.txt
2013-06-28 18:08 - 2013-07-04 16:15 - 00000386 ____A C:\Windows\Tasks\LyricsContainer Update.job
2013-06-28 18:08 - 2013-06-28 18:08 - 00000000 ____D C:\Users\Holger\AppData\Local\Downloaded Installations
2013-06-28 18:08 - 2013-06-28 18:08 - 00000000 ____D C:\Program Files\LyricsContainer
2013-06-28 18:07 - 2013-06-28 18:07 - 00243776 ____A C:\Users\Holger\Downloads\Setup.exe
2013-06-28 18:07 - 2013-06-28 18:07 - 00243776 ____A C:\Users\Holger\Downloads\Setup (1).exe
2013-06-28 07:03 - 2013-06-22 09:19 - 00000000 ____D C:\Users\Holger\Downloads\GLTAS125iDL
2013-06-27 15:51 - 2013-06-27 15:51 - 00001643 ____A C:\Users\Holger\Desktop\server.log
2013-06-27 15:51 - 2013-06-27 15:51 - 00000000 ____D C:\Users\Holger\Desktop\world
2013-06-27 15:51 - 2013-06-27 15:51 - 00000000 ____A C:\Users\Holger\Desktop\white-list.txt
2013-06-27 15:51 - 2013-06-27 15:51 - 00000000 ____A C:\Users\Holger\Desktop\ops.txt
2013-06-27 15:39 - 2013-06-27 15:51 - 02542151 ____A C:\Users\Holger\Downloads\Minecraft_Server.exe
2013-06-21 16:32 - 2013-06-28 18:16 - 00000000 ____D C:\Users\Holger\Desktop\title
2013-06-21 14:43 - 2013-06-28 18:16 - 00000000 ____D C:\Users\Holger\Desktop\mob
2013-06-21 14:43 - 2013-06-28 18:16 - 00000000 ____D C:\Users\Holger\Desktop\misc
2013-06-21 14:43 - 2013-06-28 18:16 - 00000000 ____D C:\Users\Holger\Desktop\gui
2013-06-21 14:43 - 2013-06-28 18:16 - 00000000 ____D C:\Users\Holger\Desktop\font
2013-06-21 14:43 - 2013-06-28 18:16 - 00000000 ____D C:\Users\Holger\Desktop\environment
2013-06-21 14:43 - 2013-06-28 18:16 - 00000000 ____D C:\Users\Holger\Desktop\art
2013-06-21 14:43 - 2013-06-28 18:16 - 00000000 ____D C:\Users\Holger\Desktop\armor
2013-06-21 14:43 - 2013-06-28 18:16 - 00000000 ____D C:\Users\Holger\Desktop\achievement
2013-06-21 14:43 - 2013-06-21 14:43 - 00000000 ____D C:\Users\Holger\AppData\Roaming\WinRAR
2013-06-21 14:43 - 2013-05-18 11:05 - 00000000 ____D C:\Users\Holger\Desktop\ctm
2013-06-21 14:42 - 2013-06-21 14:42 - 00215096 ____A C:\Users\Holger\Downloads\FromDocToPDF.exe
2013-06-20 19:09 - 2013-06-20 19:09 - 00673024 ____A () C:\Users\Holger\Downloads\77ZipSetup.exe
2013-06-20 17:53 - 2013-06-20 17:51 - 00263186 ____A C:\Users\Holger\Desktop\Minecraft.exe
2013-06-20 17:52 - 2013-06-20 17:52 - 00263186 ____A C:\Users\Holger\Downloads\Minecraft (1).exe
2013-06-20 17:51 - 2013-06-20 17:51 - 00263186 ____A C:\Users\Holger\Downloads\Minecraft.exe
2013-06-20 16:58 - 2013-06-20 16:58 - 00000000 ____D C:\Users\Holger\AppData\Roaming\Avira
2013-06-20 16:56 - 2013-06-30 15:32 - 00000000 ____D C:\Users\Holger\AppData\Roaming\.minecraft
2013-06-20 16:55 - 2013-06-20 16:55 - 00000000 ____D C:\Users\Holger\AppData\Roaming\Macromedia
2013-06-20 16:53 - 2013-06-24 06:31 - 00000000 ____D C:\Users\Holger\AppData\Roaming\Adobe
2013-06-20 16:53 - 2013-06-20 16:53 - 00000000 ____D C:\Users\Holger\AppData\Roaming\ATI
2013-06-20 16:33 - 2013-06-20 16:33 - 00000000 ____D C:\ProgramData\Sun
2013-06-20 16:33 - 2013-06-20 16:32 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-20 16:33 - 2013-06-20 16:32 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-20 16:33 - 2013-06-20 16:32 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-20 16:33 - 2013-06-20 16:32 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-20 16:33 - 2013-06-20 16:32 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-20 16:33 - 2013-06-20 16:32 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-20 16:04 - 2013-06-20 16:04 - 00002229 ____A C:\Users\Public\Desktop\MINECRAFTinstall.net.lnk
2013-06-20 15:28 - 2013-06-20 15:30 - 236939036 ____A C:\Users\Holger\Downloads\Jus485.rar
2013-06-20 15:28 - 2013-06-20 15:29 - 236599307 ____A C:\Users\Holger\Downloads\Jus484.rar
2013-06-20 14:49 - 2013-06-20 14:49 - 49842964 ____A C:\Users\Holger\Downloads\Minecraft_Cracked_v1.5.2.rar
2013-06-20 14:49 - 2013-05-30 14:05 - 50044213 ____A (MINECRAFTinstall.net) C:\Users\Holger\Downloads\Minecraft_Cracked_v1.5.2.exe
2013-06-19 19:29 - 2013-06-20 16:26 - 00000000 ____D C:\Users\Holger\Downloads\Minecraft4Boerse
2013-06-16 20:13 - 2013-05-28 15:05 - 00163328 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerUpdateService.exe
2013-06-16 13:39 - 2013-06-16 13:39 - 00000000 ____D C:\Users\Holger\Downloads\GoPal.6.1.PE.94809.Installationsdaten-RHB
2013-06-16 13:31 - 2013-06-16 13:33 - 533610922 ____A C:\Users\Holger\Downloads\GoPal.6.1.PE.94809.Installationsdaten-RHB.rar
2013-06-16 13:28 - 2013-06-16 13:28 - 00000000 ____A C:\Users\Holger\Downloads\GP.6.PE.SD.I.part3.rar
2013-06-16 13:28 - 2013-06-16 13:28 - 00000000 ____A C:\Users\Holger\Downloads\GP.6.PE.SD.I.part2.rar
2013-06-16 13:28 - 2013-06-16 13:28 - 00000000 ____A C:\Users\Holger\Downloads\GP.6.PE.SD.I.part1.rar
2013-06-16 13:27 - 2013-06-16 16:56 - 00000000 ____D C:\Users\Holger\Downloads\Medion GoPal 6.x _ 7.0 Q_04_12 Europa
2013-06-16 09:18 - 2013-06-16 09:21 - 205716600 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part16.rar
2013-06-16 09:17 - 2013-06-16 09:19 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part15.rar
2013-06-16 09:15 - 2013-06-16 09:19 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part14.rar
2013-06-16 09:15 - 2013-06-16 09:19 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part13.rar
2013-06-16 09:15 - 2013-06-16 09:19 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part12.rar
2013-06-16 09:15 - 2013-06-16 09:19 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part10.rar
2013-06-16 09:15 - 2013-06-16 09:18 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part11.rar
2013-06-16 09:14 - 2013-06-16 09:18 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part09.rar
2013-06-16 09:14 - 2013-06-16 09:17 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part08.rar
2013-06-16 09:12 - 2013-06-16 09:12 - 00001648 ____A C:\Users\Holger\Downloads\dnfa6e4ppom54x3.dlc
2013-06-16 09:10 - 2013-06-16 09:14 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part07.rar
2013-06-16 09:10 - 2013-06-16 09:14 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part06.rar
2013-06-16 09:10 - 2013-06-16 09:14 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part05.rar
2013-06-16 09:10 - 2013-06-16 09:14 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part04.rar
2013-06-16 09:10 - 2013-06-16 09:14 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part02.rar
2013-06-16 09:10 - 2013-06-16 09:13 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part03.rar
2013-06-16 09:10 - 2013-06-16 09:13 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part01.rar
2013-06-16 09:10 - 2013-06-16 09:10 - 00002692 ____A C:\Users\Holger\Downloads\kvyj1x54p4n9f14-ul.to.dlc
2013-06-16 08:13 - 2013-06-07 15:37 - 00000000 ____D C:\Users\Holger\Downloads\Stirb.Langsam.Ein.guter.Tag.zu.Sterben.BDRiP.GERMAN.AC3.XViD-PSH
2013-06-16 08:10 - 2012-11-02 22:06 - 00000000 ____D C:\Users\Holger\Downloads\Superman.Returns.German.2006.AC3.BDRip.XviD.iNTERNAL-VideoStar
2013-06-16 08:09 - 2013-06-16 08:13 - 525336579 ____A C:\Users\Holger\Downloads\psh-stirb.langsam.5.bdrip.part2.rar
2013-06-16 08:09 - 2013-06-16 08:13 - 525336579 ____A C:\Users\Holger\Downloads\psh-stirb.langsam.5.bdrip.part1.rar
2013-06-16 08:09 - 2013-06-16 08:12 - 329079695 ____A C:\Users\Holger\Downloads\psh-stirb.langsam.5.bdrip.part3.rar
2013-06-16 08:08 - 2013-06-16 08:09 - 39437608 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part15.rar
2013-06-16 08:08 - 2013-06-16 08:09 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part12.rar
2013-06-16 08:07 - 2013-06-16 08:09 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part14.rar
2013-06-16 08:07 - 2013-06-16 08:09 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part13.rar
2013-06-16 08:07 - 2013-06-16 08:09 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part11.rar
2013-06-16 08:07 - 2013-06-16 08:09 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part10.rar
2013-06-16 08:07 - 2013-06-16 08:09 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part09.rar
2013-06-16 08:06 - 2013-06-16 08:08 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part08.rar
2013-06-16 08:05 - 2013-06-16 08:07 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part07.rar
2013-06-16 08:05 - 2013-06-16 08:07 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part06.rar
2013-06-16 08:05 - 2013-06-16 08:07 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part05.rar
2013-06-16 08:05 - 2013-06-16 08:07 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part04.rar
2013-06-16 08:05 - 2013-06-16 08:07 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part03.rar
2013-06-16 08:05 - 2013-06-16 08:07 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part02.rar
2013-06-16 08:05 - 2013-06-16 08:06 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part01.rar
2013-06-16 08:05 - 2013-06-16 08:05 - 00001432 ____A C:\Users\Holger\Downloads\605lhwmcun3a6h5.dlc
2013-06-16 08:02 - 2013-06-16 08:02 - 00004484 ____A C:\Users\Holger\Downloads\UL_Superman.Returns.German.2006.AC3.BDRip.XviD.iNTERNAL-VideoStar-k2kpvcmq74k5.dlc
2013-06-15 18:25 - 2007-11-06 03:58 - 242409472 ____A C:\Users\Holger\Downloads\(69) Justice League Unlimited - 3x17_DoomssdaySanction.avi
2013-06-15 18:25 - 2007-11-06 03:54 - 221775872 ____A C:\Users\Holger\Downloads\(70) Justice League Unlimited - 3x18_DoppeltesDate.avi
2013-06-15 18:24 - 2007-11-06 04:02 - 211304448 ____A C:\Users\Holger\Downloads\(68) Justice League Unlimited - 3x16_DerMonddesJägers.avi
2013-06-15 18:23 - 2007-11-06 04:02 - 242526208 ____A C:\Users\Holger\Downloads\(67) Justice League Unlimited - 3x15_Balance.avi
2013-06-15 18:00 - 2007-11-06 04:03 - 208192278 ____A C:\Users\Holger\Downloads\(66) Justice League Unlimited - 3x14_The Cat and the Canary.avi
2013-06-15 17:59 - 2013-06-15 18:24 - 236718543 ____A C:\Users\Holger\Downloads\Jus369.rar
2013-06-15 17:59 - 2013-06-15 18:24 - 217475710 ____A C:\Users\Holger\Downloads\Jus370.rar
2013-06-15 17:59 - 2013-06-15 18:24 - 205671559 ____A C:\Users\Holger\Downloads\Jus368.rar
2013-06-15 17:59 - 2013-06-15 18:22 - 236811911 ____A C:\Users\Holger\Downloads\Jus367.rar
2013-06-15 17:59 - 2013-06-15 18:00 - 200422907 ____A C:\Users\Holger\Downloads\Jus366.rar
2013-06-15 16:11 - 2007-08-23 02:35 - 244697088 ____A C:\Users\Holger\Downloads\(65) Justice League Unlimited - 3x13.avi
2013-06-15 16:11 - 2007-08-23 02:14 - 244699136 ____A C:\Users\Holger\Downloads\(64) Justice League Unlimited - 3x12.avi
2013-06-15 16:11 - 2007-08-23 01:53 - 244678656 ____A C:\Users\Holger\Downloads\(63) Justice League Unlimited - 3x11.avi
2013-06-15 16:09 - 2013-06-15 16:11 - 240994336 ____A C:\Users\Holger\Downloads\Jus364.rar
2013-06-15 16:09 - 2013-06-15 16:11 - 240699385 ____A C:\Users\Holger\Downloads\Jus363.rar
2013-06-15 16:09 - 2013-06-15 16:11 - 240412209 ____A C:\Users\Holger\Downloads\Jus365.rar
2013-06-15 15:38 - 2013-06-15 09:57 - 00000000 ____D C:\Users\Holger\Downloads\GLTAS124iDL
2013-06-15 15:11 - 2012-07-22 20:05 - 00000000 ____D C:\Users\Holger\Downloads\Star.Trek.X.Nemesis.2002.German.AC3.HDRiP.XviD-JENGI
2013-06-15 15:05 - 2013-06-15 15:10 - 524288000 ____A C:\Users\Holger\Downloads\StTr_X.part3.rar
2013-06-15 15:05 - 2013-06-15 15:10 - 524288000 ____A C:\Users\Holger\Downloads\StTr_X.part2.rar
2013-06-15 15:05 - 2013-06-15 15:10 - 524288000 ____A C:\Users\Holger\Downloads\StTr_X.part1.rar
2013-06-15 15:05 - 2013-06-15 15:09 - 328970500 ____A C:\Users\Holger\Downloads\StTr_X.part4.rar
2013-06-13 18:20 - 2013-06-11 00:49 - 1616578560 ____A C:\Users\Holger\Downloads\ind-12runden2-xvid.avi
2013-06-13 18:20 - 2013-06-11 00:09 - 00000672 ____A C:\Users\Holger\Downloads\abusefile
2013-06-13 18:20 - 2013-06-11 00:05 - 00000335 ____A C:\Users\Holger\Downloads\ind-12runden2-nfo.nfo
2013-06-13 18:19 - 2013-06-13 18:20 - 199229440 ____A C:\Users\Holger\Downloads\f15530bd2c753adabc6d4ddd166dd623.part08.rar
2013-06-13 18:19 - 2013-06-13 18:19 - 22745130 ____A C:\Users\Holger\Downloads\f15530bd2c753adabc6d4ddd166dd623.part09.rar
2013-06-13 18:16 - 2013-06-13 18:19 - 199229440 ____A C:\Users\Holger\Downloads\f15530bd2c753adabc6d4ddd166dd623.part07.rar
2013-06-13 18:16 - 2013-05-12 15:44 - 00000000 ____D C:\Users\Holger\Downloads\SW814
2013-06-13 18:15 - 2013-06-13 18:18 - 199229440 ____A C:\Users\Holger\Downloads\f15530bd2c753adabc6d4ddd166dd623.part06.rar
2013-06-13 18:15 - 2013-06-13 18:18 - 199229440 ____A C:\Users\Holger\Downloads\f15530bd2c753adabc6d4ddd166dd623.part05.rar
2013-06-13 18:14 - 2013-06-13 18:18 - 199229440 ____A C:\Users\Holger\Downloads\f15530bd2c753adabc6d4ddd166dd623.part04.rar
2013-06-13 18:14 - 2013-06-13 18:18 - 199229440 ____A C:\Users\Holger\Downloads\f15530bd2c753adabc6d4ddd166dd623.part03.rar
2013-06-13 18:14 - 2013-06-13 18:18 - 199229440 ____A C:\Users\Holger\Downloads\f15530bd2c753adabc6d4ddd166dd623.part02.rar
2013-06-13 18:14 - 2013-06-13 18:18 - 199229440 ____A C:\Users\Holger\Downloads\f15530bd2c753adabc6d4ddd166dd623.part01.rar
2013-06-13 18:14 - 2013-06-13 18:16 - 106857600 ____A C:\Users\Holger\Downloads\SW814.part2.rar
2013-06-13 18:14 - 2013-06-13 18:14 - 18610500 ____A C:\Users\Holger\Downloads\SW814.part5.rar
2013-06-13 18:14 - 2013-05-26 10:41 - 00000000 ____D C:\Users\Holger\Downloads\SW815
2013-06-13 18:13 - 2013-06-13 18:14 - 106857600 ____A C:\Users\Holger\Downloads\SW814.part1.rar
2013-06-13 18:13 - 2013-06-13 18:13 - 00002840 ____A C:\Users\Holger\Downloads\q25s5ur3g42bj2j.dlc
2013-06-13 18:12 - 2013-06-13 18:14 - 106857600 ____A C:\Users\Holger\Downloads\SW815.part4.rar
2013-06-13 18:12 - 2013-06-13 18:14 - 106857600 ____A C:\Users\Holger\Downloads\SW815.part3.rar
2013-06-13 18:12 - 2013-06-13 18:14 - 106857600 ____A C:\Users\Holger\Downloads\SW815.part2.rar
2013-06-13 18:12 - 2013-06-13 18:14 - 106857600 ____A C:\Users\Holger\Downloads\SW815.part1.rar
2013-06-13 18:12 - 2013-06-13 18:14 - 106857600 ____A C:\Users\Holger\Downloads\SW814.part4.rar
2013-06-13 18:12 - 2013-06-13 18:14 - 106857600 ____A C:\Users\Holger\Downloads\SW814.part3.rar
2013-06-13 18:12 - 2013-06-13 18:13 - 17730716 ____A C:\Users\Holger\Downloads\SW815.part5.rar
2013-06-13 03:05 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 03:05 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 03:05 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 03:05 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 03:05 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 03:05 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 03:01 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 03:01 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 03:01 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 17:47 - 2007-08-23 01:30 - 244660224 ____A C:\Users\Holger\Downloads\(62) Justice League Unlimited - 3x10.avi
2013-06-12 17:47 - 2007-08-23 01:07 - 244674560 ____A C:\Users\Holger\Downloads\(61) Justice League Unlimited - 3x09.avi
2013-06-12 17:47 - 2007-08-23 00:44 - 244674560 ____A C:\Users\Holger\Downloads\(60) Justice League Unlimited - 3x08.avi
2013-06-12 17:47 - 2007-08-22 04:10 - 244654080 ____A C:\Users\Holger\Downloads\(59) Justice League Unlimited - 3x07.avi
2013-06-12 17:46 - 2007-08-22 03:48 - 244824064 ____A C:\Users\Holger\Downloads\(58) Justice League Unlimited - 3x06.avi
2013-06-12 17:43 - 2013-06-12 17:47 - 240712992 ____A C:\Users\Holger\Downloads\Jus361.rar
2013-06-12 17:43 - 2013-06-12 17:46 - 241701924 ____A C:\Users\Holger\Downloads\Jus358.rar
2013-06-12 17:43 - 2013-06-12 17:46 - 241517831 ____A C:\Users\Holger\Downloads\Jus362.rar
2013-06-12 17:43 - 2013-06-12 17:46 - 241014957 ____A C:\Users\Holger\Downloads\Jus360.rar
2013-06-12 17:43 - 2013-06-12 17:46 - 240555113 ____A C:\Users\Holger\Downloads\Jus359.rar
2013-06-12 16:37 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 16:37 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 16:36 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 16:36 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 16:36 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 16:36 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 16:36 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 16:36 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 16:35 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 16:35 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 16:35 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 16:35 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 16:34 - 2007-08-22 03:27 - 244658176 ____A C:\Users\Holger\Downloads\(57) Justice League Unlimited - 3x05.avi
2013-06-12 16:34 - 2007-08-22 02:43 - 244674560 ____A C:\Users\Holger\Downloads\(55) Justice League Unlimited - 3x03.avi
2013-06-12 16:33 - 2007-08-22 03:06 - 244670464 ____A C:\Users\Holger\Downloads\(56) Justice League Unlimited - 3x04.avi
2013-06-12 16:31 - 2013-06-12 16:34 - 241926875 ____A C:\Users\Holger\Downloads\Jus357.rar
2013-06-12 16:31 - 2013-06-12 16:33 - 241284989 ____A C:\Users\Holger\Downloads\Jus355.rar
2013-06-12 16:31 - 2013-06-12 16:33 - 240632548 ____A C:\Users\Holger\Downloads\Jus356.rar
2013-06-10 19:08 - 2007-08-22 02:20 - 244664320 ____A C:\Users\Holger\Downloads\(54) Justice League Unlimited - 3x02.avi
2013-06-10 19:07 - 2013-06-10 19:07 - 00000000 ____D C:\Users\Holger\Downloads\Jus353
2013-06-10 19:07 - 2007-08-21 23:49 - 244682752 ____A C:\Users\Holger\Downloads\(53) Justice League Unlimited - 3x01.avi
2013-06-10 19:06 - 2013-06-10 19:08 - 241357894 ____A C:\Users\Holger\Downloads\Jus354.rar
2013-06-10 19:05 - 2013-06-10 19:06 - 241087282 ____A C:\Users\Holger\Downloads\Jus353.rar
2013-06-08 18:42 - 2013-06-08 18:42 - 00000000 ____D C:\Users\Holger\Downloads\3NarniaiNCEPTiON
2013-06-08 17:15 - 2010-12-03 19:18 - 00000000 ____D C:\Users\Holger\Downloads\Nox.to-Tiger.Team.Der.Berg.der.1000.Drachen.German.2010.DVDRiP.XViD-ROOR
2013-06-07 22:39 - 2013-06-07 22:39 - 00000000 ____D C:\Users\Holger\Downloads\2NarniaiNCEPTiON
2013-06-06 17:01 - 2013-06-05 08:28 - 00000000 ____D C:\Users\Holger\Downloads\Sons.of.Anarchy.S03E13.NS.German.Dubbed.BDRip.XviD-ITG
2013-06-06 16:59 - 2013-06-05 08:28 - 00000000 ____D C:\Users\Holger\Downloads\Sons.of.Anarchy.S03E12.Bis.dass.der.Tod.German.Dubbed.HDTV.XviD-ITG
==================== One Month Modified Files and Folders ========
2013-07-04 16:20 - 2013-07-04 16:20 - 00000000 ____D C:\FRST
2013-07-04 16:19 - 2013-07-04 16:19 - 01373373 ____A (Farbar) C:\Users\Holger\Desktop\FRST.exe
2013-07-04 16:19 - 2012-02-10 15:32 - 01429774 ____A C:\Windows\WindowsUpdate.log
2013-07-04 16:15 - 2013-06-29 15:35 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-04 16:15 - 2013-06-28 18:08 - 00000386 ____A C:\Windows\Tasks\LyricsContainer Update.job
2013-07-04 16:15 - 2013-03-15 15:43 - 00000000 ____D C:\Program Files\Steam
2013-07-04 16:15 - 2012-02-29 11:40 - 00000298 ____A C:\Windows\Tasks\Updater.job
2013-07-04 16:15 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-04 16:15 - 2009-07-14 06:39 - 00122166 ____A C:\Windows\setupact.log
2013-07-03 22:27 - 2012-04-26 06:14 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-03 22:14 - 2013-07-03 22:14 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-07-03 22:08 - 2013-06-29 15:35 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-03 18:58 - 2012-02-10 15:48 - 00006436 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-03 18:53 - 2013-07-03 17:03 - 00033036 ____A C:\Users\Holger\Desktop\SystemLook.txt
2013-07-03 18:47 - 2012-09-27 06:17 - 00000000 ____D C:\Users\Holger\Downloads\FIFA 13 [S3FX69]
2013-07-03 17:07 - 2013-07-03 17:07 - 02347384 ____A (ESET) C:\Users\Holger\Desktop\esetsmartinstaller_enu.exe
2013-07-03 17:07 - 2013-07-03 17:07 - 00000000 ____D C:\Program Files\ESET
2013-07-03 17:03 - 2013-07-03 17:03 - 00139264 ____A C:\Users\Holger\Desktop\SystemLook.exe
2013-07-03 16:59 - 2013-07-03 16:59 - 00165376 ____A C:\Users\Holger\Desktop\SystemLook_x64.exe
2013-07-03 16:42 - 2013-07-03 16:42 - 00448512 ____A (OldTimer Tools) C:\Users\Holger\Desktop\TFC.exe
2013-07-03 16:40 - 2009-07-14 06:34 - 00018784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 16:40 - 2009-07-14 06:34 - 00018784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 16:39 - 2013-07-03 16:39 - 00000845 ____A C:\Users\Holger\Desktop\JRT.txt
2013-07-03 16:37 - 2013-07-03 16:37 - 00000000 ____D C:\Windows\ERUNT
2013-07-03 16:37 - 2013-07-03 16:37 - 00000000 ____D C:\JRT
2013-07-03 16:35 - 2013-07-03 16:35 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Holger\Desktop\JRT494.exe
2013-07-03 16:31 - 2013-07-03 16:30 - 00039544 ____A C:\AdwCleaner[S1].txt
2013-07-03 16:27 - 2013-07-03 16:27 - 00648201 ____A C:\Users\Holger\Desktop\adwcleaner2303.exe
2013-07-02 17:53 - 2013-07-02 17:13 - 00000000 ____D C:\Users\Holger\Downloads\MalwaBytAntMalKege
2013-07-02 17:33 - 2012-02-23 04:29 - 00176688 ____A C:\Windows\PFRO.log
2013-07-02 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-07-02 17:12 - 2013-07-02 17:12 - 00843658 ____A C:\Users\Holger\Downloads\MalwaBytAntMalKege.rar
2013-07-02 17:11 - 2013-07-02 17:11 - 00000000 ____D C:\Users\Holger\AppData\Roaming\Malwarebytes
2013-07-02 17:10 - 2013-07-02 17:10 - 00001071 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-02 17:10 - 2013-07-02 17:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-02 17:10 - 2013-07-02 17:10 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-02 16:35 - 2009-07-14 06:53 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-01 18:00 - 2013-07-01 18:00 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-01 17:59 - 2013-07-01 17:59 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-07-01 17:32 - 2012-02-16 18:57 - 00119832 ____A C:\Users\Holger\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-01 17:31 - 2009-07-14 06:33 - 00429960 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-01 17:30 - 2013-04-06 12:03 - 00005304 ____A C:\ProgramData\hpzinstall.log
2013-07-01 17:30 - 2013-04-06 12:03 - 00000000 ____D C:\ProgramData\HP
2013-07-01 17:29 - 2013-04-06 12:05 - 00000000 ____D C:\Program Files\HP
2013-07-01 17:29 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-07-01 17:28 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\twain_32
2013-07-01 05:18 - 2013-07-01 05:18 - 00000161 ____A C:\Users\Holger\Downloads\vs0fcj2x9d56f8b3.js
2013-07-01 05:17 - 2013-07-01 05:17 - 00000161 ____A C:\Users\Holger\Downloads\vs0fcj2xec041bdc.js
2013-06-30 15:32 - 2013-06-20 16:56 - 00000000 ____D C:\Users\Holger\AppData\Roaming\.minecraft
2013-06-30 14:00 - 2013-06-30 14:00 - 01122806 ____A C:\Users\Holger\Downloads\Pixel_Perfection_V1.8 (1).zip
2013-06-30 13:58 - 2013-06-30 13:58 - 00774080 ____A C:\Users\Holger\Downloads\ImageEditorSetup.exe
2013-06-30 10:43 - 2013-06-30 08:58 - 00000000 ____D C:\Users\Public\Documents\Skins
2013-06-30 07:45 - 2013-06-29 17:32 - 00000000 ____D C:\Users\Holger\AppData\Roaming\vlc
2013-06-29 20:00 - 2013-06-29 19:57 - 13813990 ____A C:\Users\Holger\Downloads\GLTAS126iDL.part4.rar
2013-06-29 19:24 - 2013-06-29 18:40 - 106857600 ____A C:\Users\Holger\Downloads\GLTAS126iDL.part1.rar
2013-06-29 17:49 - 2013-06-29 17:04 - 106857600 ____A C:\Users\Holger\Downloads\GLTAS126iDL.part2.rar
2013-06-29 17:43 - 2013-06-29 17:08 - 106857600 ____A C:\Users\Holger\Downloads\GLTAS126iDL.part3.rar
2013-06-29 15:38 - 2013-06-29 15:32 - 00000000 ____D C:\Users\Holger\AppData\Local\Google
2013-06-29 15:37 - 2013-06-29 15:37 - 00002205 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-29 15:37 - 2013-06-29 15:34 - 00000000 ____D C:\Program Files\Google
2013-06-29 15:32 - 2012-03-17 20:01 - 00000000 ____D C:\Users\Holger\AppData\Local\Deployment
2013-06-29 15:14 - 2013-06-29 15:14 - 00013507 ____A C:\Users\Holger\Downloads\MemTest4.zip
2013-06-29 09:57 - 2013-06-29 20:03 - 00000000 ____D C:\Users\Holger\Downloads\GLTAS126iDL
2013-06-28 18:17 - 2013-06-28 18:15 - 11906468 ____A C:\Users\Holger\Documents\Minecraft t.zip
2013-06-28 18:16 - 2013-06-28 18:16 - 00000000 ____D C:\Users\Holger\Desktop\COPY TO 'lang' FOLDER IN 'minecraft.jar'
2013-06-28 18:16 - 2013-06-28 18:16 - 00000000 ____D C:\Users\Holger\Desktop\anim
2013-06-28 18:16 - 2013-06-21 16:32 - 00000000 ____D C:\Users\Holger\Desktop\title
2013-06-28 18:16 - 2013-06-21 14:43 - 00000000 ____D C:\Users\Holger\Desktop\mob
2013-06-28 18:16 - 2013-06-21 14:43 - 00000000 ____D C:\Users\Holger\Desktop\misc
2013-06-28 18:16 - 2013-06-21 14:43 - 00000000 ____D C:\Users\Holger\Desktop\gui
2013-06-28 18:16 - 2013-06-21 14:43 - 00000000 ____D C:\Users\Holger\Desktop\font
2013-06-28 18:16 - 2013-06-21 14:43 - 00000000 ____D C:\Users\Holger\Desktop\environment
2013-06-28 18:16 - 2013-06-21 14:43 - 00000000 ____D C:\Users\Holger\Desktop\art
2013-06-28 18:16 - 2013-06-21 14:43 - 00000000 ____D C:\Users\Holger\Desktop\armor
2013-06-28 18:16 - 2013-06-21 14:43 - 00000000 ____D C:\Users\Holger\Desktop\achievement
2013-06-28 18:08 - 2013-06-28 18:08 - 00000000 ____D C:\Users\Holger\AppData\Local\Downloaded Installations
2013-06-28 18:08 - 2013-06-28 18:08 - 00000000 ____D C:\Program Files\LyricsContainer
2013-06-28 18:07 - 2013-06-28 18:07 - 00243776 ____A C:\Users\Holger\Downloads\Setup.exe
2013-06-28 18:07 - 2013-06-28 18:07 - 00243776 ____A C:\Users\Holger\Downloads\Setup (1).exe
2013-06-28 14:29 - 2012-02-16 18:46 - 00000000 ____D C:\Users\Holger\AppData\Local\Adobe
2013-06-27 15:51 - 2013-06-27 15:51 - 00001643 ____A C:\Users\Holger\Desktop\server.log
2013-06-27 15:51 - 2013-06-27 15:51 - 00000000 ____D C:\Users\Holger\Desktop\world
2013-06-27 15:51 - 2013-06-27 15:51 - 00000000 ____A C:\Users\Holger\Desktop\white-list.txt
2013-06-27 15:51 - 2013-06-27 15:51 - 00000000 ____A C:\Users\Holger\Desktop\ops.txt
2013-06-27 15:51 - 2013-06-27 15:39 - 02542151 ____A C:\Users\Holger\Downloads\Minecraft_Server.exe
2013-06-24 06:43 - 2012-02-10 15:49 - 00000000 ____D C:\Program Files\JDownloader
2013-06-24 06:31 - 2013-06-20 16:53 - 00000000 ____D C:\Users\Holger\AppData\Roaming\Adobe
2013-06-22 09:19 - 2013-06-28 07:03 - 00000000 ____D C:\Users\Holger\Downloads\GLTAS125iDL
2013-06-21 14:43 - 2013-06-21 14:43 - 00000000 ____D C:\Users\Holger\AppData\Roaming\WinRAR
2013-06-21 14:42 - 2013-06-21 14:42 - 00215096 ____A C:\Users\Holger\Downloads\FromDocToPDF.exe
2013-06-20 19:09 - 2013-06-20 19:09 - 00673024 ____A () C:\Users\Holger\Downloads\77ZipSetup.exe
2013-06-20 17:52 - 2013-06-20 17:52 - 00263186 ____A C:\Users\Holger\Downloads\Minecraft (1).exe
2013-06-20 17:51 - 2013-06-20 17:53 - 00263186 ____A C:\Users\Holger\Desktop\Minecraft.exe
2013-06-20 17:51 - 2013-06-20 17:51 - 00263186 ____A C:\Users\Holger\Downloads\Minecraft.exe
2013-06-20 16:58 - 2013-06-20 16:58 - 00000000 ____D C:\Users\Holger\AppData\Roaming\Avira
2013-06-20 16:55 - 2013-06-20 16:55 - 00000000 ____D C:\Users\Holger\AppData\Roaming\Macromedia
2013-06-20 16:53 - 2013-06-20 16:53 - 00000000 ____D C:\Users\Holger\AppData\Roaming\ATI
2013-06-20 16:33 - 2013-06-20 16:33 - 00000000 ____D C:\ProgramData\Sun
2013-06-20 16:33 - 2012-02-25 16:10 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-20 16:32 - 2013-06-20 16:33 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-20 16:32 - 2013-06-20 16:33 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-20 16:32 - 2013-06-20 16:33 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-20 16:32 - 2013-06-20 16:33 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-20 16:32 - 2013-06-20 16:33 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-20 16:32 - 2013-06-20 16:33 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-20 16:32 - 2012-02-25 16:10 - 00000000 ____D C:\Program Files\Java
2013-06-20 16:26 - 2013-06-19 19:29 - 00000000 ____D C:\Users\Holger\Downloads\Minecraft4Boerse
2013-06-20 16:04 - 2013-06-20 16:04 - 00002229 ____A C:\Users\Public\Desktop\MINECRAFTinstall.net.lnk
2013-06-20 15:30 - 2013-06-20 15:28 - 236939036 ____A C:\Users\Holger\Downloads\Jus485.rar
2013-06-20 15:29 - 2013-06-20 15:28 - 236599307 ____A C:\Users\Holger\Downloads\Jus484.rar
2013-06-20 14:49 - 2013-06-20 14:49 - 49842964 ____A C:\Users\Holger\Downloads\Minecraft_Cracked_v1.5.2.rar
2013-06-16 16:56 - 2013-06-16 13:27 - 00000000 ____D C:\Users\Holger\Downloads\Medion GoPal 6.x _ 7.0 Q_04_12 Europa
2013-06-16 13:39 - 2013-06-16 13:39 - 00000000 ____D C:\Users\Holger\Downloads\GoPal.6.1.PE.94809.Installationsdaten-RHB
2013-06-16 13:33 - 2013-06-16 13:31 - 533610922 ____A C:\Users\Holger\Downloads\GoPal.6.1.PE.94809.Installationsdaten-RHB.rar
2013-06-16 13:28 - 2013-06-16 13:28 - 00000000 ____A C:\Users\Holger\Downloads\GP.6.PE.SD.I.part3.rar
2013-06-16 13:28 - 2013-06-16 13:28 - 00000000 ____A C:\Users\Holger\Downloads\GP.6.PE.SD.I.part2.rar
2013-06-16 13:28 - 2013-06-16 13:28 - 00000000 ____A C:\Users\Holger\Downloads\GP.6.PE.SD.I.part1.rar
2013-06-16 09:21 - 2013-06-16 09:18 - 205716600 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part16.rar
2013-06-16 09:19 - 2013-06-16 09:17 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part15.rar
2013-06-16 09:19 - 2013-06-16 09:15 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part14.rar
2013-06-16 09:19 - 2013-06-16 09:15 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part13.rar
2013-06-16 09:19 - 2013-06-16 09:15 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part12.rar
2013-06-16 09:19 - 2013-06-16 09:15 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part10.rar
2013-06-16 09:18 - 2013-06-16 09:15 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part11.rar
2013-06-16 09:18 - 2013-06-16 09:14 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part09.rar
2013-06-16 09:17 - 2013-06-16 09:14 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part08.rar
2013-06-16 09:14 - 2013-06-16 09:10 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part07.rar
2013-06-16 09:14 - 2013-06-16 09:10 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part06.rar
2013-06-16 09:14 - 2013-06-16 09:10 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part05.rar
2013-06-16 09:14 - 2013-06-16 09:10 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part04.rar
2013-06-16 09:14 - 2013-06-16 09:10 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part02.rar
2013-06-16 09:13 - 2013-06-16 09:10 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part03.rar
2013-06-16 09:13 - 2013-06-16 09:10 - 209715200 ____A C:\Users\Holger\Downloads\M.G.Q04.12.part01.rar
2013-06-16 09:12 - 2013-06-16 09:12 - 00001648 ____A C:\Users\Holger\Downloads\dnfa6e4ppom54x3.dlc
2013-06-16 09:10 - 2013-06-16 09:10 - 00002692 ____A C:\Users\Holger\Downloads\kvyj1x54p4n9f14-ul.to.dlc
2013-06-16 08:13 - 2013-06-16 08:09 - 525336579 ____A C:\Users\Holger\Downloads\psh-stirb.langsam.5.bdrip.part2.rar
2013-06-16 08:13 - 2013-06-16 08:09 - 525336579 ____A C:\Users\Holger\Downloads\psh-stirb.langsam.5.bdrip.part1.rar
2013-06-16 08:12 - 2013-06-16 08:09 - 329079695 ____A C:\Users\Holger\Downloads\psh-stirb.langsam.5.bdrip.part3.rar
2013-06-16 08:09 - 2013-06-16 08:08 - 39437608 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part15.rar
2013-06-16 08:09 - 2013-06-16 08:08 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part12.rar
2013-06-16 08:09 - 2013-06-16 08:07 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part14.rar
2013-06-16 08:09 - 2013-06-16 08:07 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part13.rar
2013-06-16 08:09 - 2013-06-16 08:07 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part11.rar
2013-06-16 08:09 - 2013-06-16 08:07 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part10.rar
2013-06-16 08:09 - 2013-06-16 08:07 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part09.rar
2013-06-16 08:08 - 2013-06-16 08:06 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part08.rar
2013-06-16 08:07 - 2013-06-16 08:05 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part07.rar
2013-06-16 08:07 - 2013-06-16 08:05 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part06.rar
2013-06-16 08:07 - 2013-06-16 08:05 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part05.rar
2013-06-16 08:07 - 2013-06-16 08:05 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part04.rar
2013-06-16 08:07 - 2013-06-16 08:05 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part03.rar
2013-06-16 08:07 - 2013-06-16 08:05 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part02.rar
2013-06-16 08:06 - 2013-06-16 08:05 - 107520000 ____A C:\Users\Holger\Downloads\ReturnsVideoStar.part01.rar
2013-06-16 08:05 - 2013-06-16 08:05 - 00001432 ____A C:\Users\Holger\Downloads\605lhwmcun3a6h5.dlc
2013-06-16 08:02 - 2013-06-16 08:02 - 00004484 ____A C:\Users\Holger\Downloads\UL_Superman.Returns.German.2006.AC3.BDRip.XviD.iNTERNAL-VideoStar-k2kpvcmq74k5.dlc
2013-06-15 18:24 - 2013-06-15 17:59 - 236718543 ____A C:\Users\Holger\Downloads\Jus369.rar
2013-06-15 18:24 - 2013-06-15 17:59 - 217475710 ____A C:\Users\Holger\Downloads\Jus370.rar
2013-06-15 18:24 - 2013-06-15 17:59 - 205671559 ____A C:\Users\Holger\Downloads\Jus368.rar
2013-06-15 18:22 - 2013-06-15 17:59 - 236811911 ____A C:\Users\Holger\Downloads\Jus367.rar
2013-06-15 18:00 - 2013-06-15 17:59 - 200422907 ____A C:\Users\Holger\Downloads\Jus366.rar
2013-06-15 16:11 - 2013-06-15 16:09 - 240994336 ____A C:\Users\Holger\Downloads\Jus364.rar
2013-06-15 16:11 - 2013-06-15 16:09 - 240699385 ____A C:\Users\Holger\Downloads\Jus363.rar
2013-06-15 16:11 - 2013-06-15 16:09 - 240412209 ____A C:\Users\Holger\Downloads\Jus365.rar
2013-06-15 15:10 - 2013-06-15 15:05 - 524288000 ____A C:\Users\Holger\Downloads\StTr_X.part3.rar
2013-06-15 15:10 - 2013-06-15 15:05 - 524288000 ____A C:\Users\Holger\Downloads\StTr_X.part2.rar
2013-06-15 15:10 - 2013-06-15 15:05 - 524288000 ____A C:\Users\Holger\Downloads\StTr_X.part1.rar
2013-06-15 15:09 - 2013-06-15 15:05 - 328970500 ____A C:\Users\Holger\Downloads\StTr_X.part4.rar
2013-06-15 10:17 - 2012-11-14 09:52 - 00000000 ____D C:\Users\Holger\Documents\Nicole
2013-06-15 09:57 - 2013-06-15 15:38 - 00000000 ____D C:\Users\Holger\Downloads\GLTAS124iDL
2013-06-13 18:20 - 2013-06-13 18:19 - 199229440 ____A C:\Users\Holger\Downloads\f15530bd2c753adabc6d4ddd166dd623.part08.rar
2013-06-13 18:19 - 2013-06-13 18:19 - 22745130 ____A C:\Users\Holger\Downloads\f15530bd2c753adabc6d4ddd166dd623.part09.rar
2013-06-13 18:19 - 2013-06-13 18:16 - 199229440 ____A C:\Users\Holger\Downloads\f15530bd2c753adabc6d4ddd166dd623.part07.rar
2013-06-13 18:18 - 2013-06-13 18:15 - 199229440 ____A C:\Users\Holger\Downloads\f15530bd2c753adabc6d4ddd166dd623.part06.rar
2013-06-13 18:18 - 2013-06-13 18:15 - 199229440 ____A C:\Users\Holger\Downloads\f15530bd2c753adabc6d4ddd166dd623.part05.rar
2013-06-13 18:18 - 2013-06-13 18:14 - 199229440 ____A C:\Users\Holger\Downloads\f15530bd2c753adabc6d4ddd166dd623.part04.rar
2013-06-13 18:18 - 2013-06-13 18:14 - 199229440 ____A C:\Users\Holger\Downloads\f15530bd2c753adabc6d4ddd166dd623.part03.rar
2013-06-13 18:18 - 2013-06-13 18:14 - 199229440 ____A C:\Users\Holger\Downloads\f15530bd2c753adabc6d4ddd166dd623.part02.rar
2013-06-13 18:18 - 2013-06-13 18:14 - 199229440 ____A C:\Users\Holger\Downloads\f15530bd2c753adabc6d4ddd166dd623.part01.rar
2013-06-13 18:18 - 2013-04-26 13:44 - 00000000 ____D C:\Users\Holger\Downloads\German Top 100 Single Charts 29.04.2013
2013-06-13 18:16 - 2013-06-13 18:14 - 106857600 ____A C:\Users\Holger\Downloads\SW814.part2.rar
2013-06-13 18:14 - 2013-06-13 18:14 - 18610500 ____A C:\Users\Holger\Downloads\SW814.part5.rar
2013-06-13 18:14 - 2013-06-13 18:13 - 106857600 ____A C:\Users\Holger\Downloads\SW814.part1.rar
2013-06-13 18:14 - 2013-06-13 18:12 - 106857600 ____A C:\Users\Holger\Downloads\SW815.part4.rar
2013-06-13 18:14 - 2013-06-13 18:12 - 106857600 ____A C:\Users\Holger\Downloads\SW815.part3.rar
2013-06-13 18:14 - 2013-06-13 18:12 - 106857600 ____A C:\Users\Holger\Downloads\SW815.part2.rar
2013-06-13 18:14 - 2013-06-13 18:12 - 106857600 ____A C:\Users\Holger\Downloads\SW815.part1.rar
2013-06-13 18:14 - 2013-06-13 18:12 - 106857600 ____A C:\Users\Holger\Downloads\SW814.part4.rar
2013-06-13 18:14 - 2013-06-13 18:12 - 106857600 ____A C:\Users\Holger\Downloads\SW814.part3.rar
2013-06-13 18:13 - 2013-06-13 18:13 - 00002840 ____A C:\Users\Holger\Downloads\q25s5ur3g42bj2j.dlc
2013-06-13 18:13 - 2013-06-13 18:12 - 17730716 ____A C:\Users\Holger\Downloads\SW815.part5.rar
2013-06-13 04:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-13 03:22 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 03:02 - 2012-02-25 11:48 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 17:47 - 2013-06-12 17:43 - 240712992 ____A C:\Users\Holger\Downloads\Jus361.rar
2013-06-12 17:46 - 2013-06-12 17:43 - 241701924 ____A C:\Users\Holger\Downloads\Jus358.rar
2013-06-12 17:46 - 2013-06-12 17:43 - 241517831 ____A C:\Users\Holger\Downloads\Jus362.rar
2013-06-12 17:46 - 2013-06-12 17:43 - 241014957 ____A C:\Users\Holger\Downloads\Jus360.rar
2013-06-12 17:46 - 2013-06-12 17:43 - 240555113 ____A C:\Users\Holger\Downloads\Jus359.rar
2013-06-12 17:27 - 2012-04-26 06:14 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 17:27 - 2012-02-10 15:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-12 16:34 - 2013-06-12 16:31 - 241926875 ____A C:\Users\Holger\Downloads\Jus357.rar
2013-06-12 16:33 - 2013-06-12 16:31 - 241284989 ____A C:\Users\Holger\Downloads\Jus355.rar
2013-06-12 16:33 - 2013-06-12 16:31 - 240632548 ____A C:\Users\Holger\Downloads\Jus356.rar
2013-06-11 00:49 - 2013-06-13 18:20 - 1616578560 ____A C:\Users\Holger\Downloads\ind-12runden2-xvid.avi
2013-06-11 00:09 - 2013-06-13 18:20 - 00000672 ____A C:\Users\Holger\Downloads\abusefile
2013-06-11 00:05 - 2013-06-13 18:20 - 00000335 ____A C:\Users\Holger\Downloads\ind-12runden2-nfo.nfo
2013-06-10 19:08 - 2013-06-10 19:06 - 241357894 ____A C:\Users\Holger\Downloads\Jus354.rar
2013-06-10 19:07 - 2013-06-10 19:07 - 00000000 ____D C:\Users\Holger\Downloads\Jus353
2013-06-10 19:06 - 2013-06-10 19:05 - 241087282 ____A C:\Users\Holger\Downloads\Jus353.rar
2013-06-08 18:42 - 2013-06-08 18:42 - 00000000 ____D C:\Users\Holger\Downloads\3NarniaiNCEPTiON
2013-06-08 13:42 - 2013-06-13 03:05 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-13 03:05 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-13 03:05 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-13 03:05 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-13 03:05 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-13 03:05 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 06:32 - 2013-03-15 15:43 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-06-07 22:39 - 2013-06-07 22:39 - 00000000 ____D C:\Users\Holger\Downloads\2NarniaiNCEPTiON
2013-06-07 15:37 - 2013-06-16 08:13 - 00000000 ____D C:\Users\Holger\Downloads\Stirb.Langsam.Ein.guter.Tag.zu.Sterben.BDRiP.GERMAN.AC3.XViD-PSH
2013-06-05 08:28 - 2013-06-06 17:01 - 00000000 ____D C:\Users\Holger\Downloads\Sons.of.Anarchy.S03E13.NS.German.Dubbed.BDRip.XviD-ITG
2013-06-05 08:28 - 2013-06-06 16:59 - 00000000 ____D C:\Users\Holger\Downloads\Sons.of.Anarchy.S03E12.Bis.dass.der.Tod.German.Dubbed.HDTV.XviD-ITG
2013-06-04 20:13 - 2013-05-12 18:25 - 00000000 ____D C:\Program Files\LyricsTube
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-24 07:01
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-07-2013 Ran by Holger at 2013-07-04 16:22:20 Running from C:\Users\Holger\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 32 Bit HP CIO Components Installer (Version: 6.1.1) 7-Zip 9.20 Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.4) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader X (10.1.2) - Deutsch (Version: 10.1.2) AMD Catalyst Install Manager (Version: 3.0.859.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) Anno 1701 (Version: 1.00) ATI AVIVO Codecs (Version: 11.6.0.10126) Avira Free Antivirus (Version: 12.1.9.1236) calibre (Version: 0.8.48) Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (Version: 2011.0126.1749.31909) Catalyst Control Center Localization All (Version: 2011.0126.1749.31909) CCC Help Chinese Standard (Version: 2011.0126.1748.31909) CCC Help Chinese Traditional (Version: 2011.0126.1748.31909) CCC Help Czech (Version: 2011.0126.1748.31909) CCC Help Danish (Version: 2011.0126.1748.31909) CCC Help Dutch (Version: 2011.0126.1748.31909) CCC Help English (Version: 2011.0126.1748.31909) CCC Help Finnish (Version: 2011.0126.1748.31909) CCC Help French (Version: 2011.0126.1748.31909) CCC Help German (Version: 2011.0126.1748.31909) CCC Help Greek (Version: 2011.0126.1748.31909) CCC Help Hungarian (Version: 2011.0126.1748.31909) CCC Help Italian (Version: 2011.0126.1748.31909) CCC Help Japanese (Version: 2011.0126.1748.31909) CCC Help Korean (Version: 2011.0126.1748.31909) CCC Help Norwegian (Version: 2011.0126.1748.31909) CCC Help Polish (Version: 2011.0126.1748.31909) CCC Help Portuguese (Version: 2011.0126.1748.31909) CCC Help Russian (Version: 2011.0126.1748.31909) CCC Help Spanish (Version: 2011.0126.1748.31909) CCC Help Swedish (Version: 2011.0126.1748.31909) CCC Help Thai (Version: 2011.0126.1748.31909) CCC Help Turkish (Version: 2011.0126.1748.31909) ccc-core-static (Version: 2011.0126.1749.31909) ccc-utility (Version: 2011.0126.1749.31909) CDisplay 1.8 ConvertXtoDVD 4.1.19.365 (Version: 4.1.19.365) CoView (Version: 1.0.0) CyberLink PhotoNow (Version: 1.1.5615) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DeLorme Send To GPS 1.4 (Version: 1.4) Denken und Rechnen 1 eComic (Version: 1.0.01) ElsterFormular (Version: 14.0.0.10960) ESET Online Scanner v3 FastestTube (Version: 2.1.9) FastestTube-1.3.7.0 FileConverter 1.3 Toolbar (Version: 6.9.0.16) G DATA Logox4 Speechengine Garmin Communicator Plugin (Version: 4.0.1) Garmin USB Drivers (Version: 2.3.0.0) Garmin WebUpdater (Version: 2.5.5) Google Chrome (Version: 27.0.1453.116) Google Update Helper (Version: 1.3.21.149) Hardcopy (Version: 2012.08.01) HydraVision (Version: 4.2.220.0) Java 2 Runtime Environment, SE v1.4.2_19 (Version: 1.4.2_19) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) JDownloader 0.9 (Version: 0.9) Lernwerkstatt 7 (Version: 7.00.0000) LyricsContainer LyricsTube Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) McAfee Security Scan Plus (Version: 3.0.318.3) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Age of Empires II Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Minecraft (Version: 1.5.2) Mozilla Firefox 5.0 (x86 de) (Version: 5.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Napoleon: Total War Nero Burning ROM 11 (Version: 11.0.10400) Nero Burning ROM 11 (Version: 11.0.12200.23.100) Nero Burning ROM 11 Help (CHM) (Version: 11.0.10300) Nero ControlCenter 11 (Version: 11.0.12300.0.23) Nero ControlCenter 11 Help (CHM) (Version: 11.0.10300) Nero Core Components 11 (Version: 11.0.14700.1.9) Nero RescueAgent 11 (Version: 4.0.10600.10.100) Nero RescueAgent 11 Help (CHM) (Version: 11.0.10400) Nero Update (Version: 11.0.10623.22.0) nero.prerequisites.msi (Version: 11.0.20007) PrintKey2000 Ravensburger tiptoi SD Formatter (Version: 2.9.5) SES Driver (Version: 1.0.0) Steam (Version: 1.0.0.0) Unity Web Player (HKCU Version: ) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition USB Audio/Video Driver (Version: 1.00.0000) ViewSonic Windows 7 Signed Files VLC media player 1.1.11 (Version: 1.1.11) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0) WinRAR 4.01 (32-Bit) (Version: 4.01.0) WMV9/VC-1 Video Playback (Version: 1.0.60126.1801) ==================== Restore Points ========================= 20-06-2013 12:50:10 Installed Minecraft 20-06-2013 14:03:46 Installed Minecraft 20-06-2013 14:32:14 Installed Java 7 Update 25 25-06-2013 17:33:11 Windows Update 01-07-2013 15:59:47 Installed SpyHunter 02-07-2013 14:41:36 Windows Update 02-07-2013 15:03:01 Removed SpyHunter ==================== Hosts content: ========================== 2009-07-14 04:04 - 2012-02-27 17:53 - 00001086 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 feedproxy.google.com 127.0.0.1 plusone.google.com 127.0.0.1 www.addthis.com 127.0.0.1 vendor1.fitschigogerl.com 127.0.0.1 www.d03x2011.com 127.0.0.1 deliver.carrier.bz 127.0.0.1 popads.ero-advertising.com 127.0.0.1 is.gd 127.0.0.1 eads.to ==================== Scheduled Tasks (whitelisted) ============= Task: {16D8988B-A5AB-4310-8A59-38F8C42CE543} - System32\Tasks\Updater => C:\ProgramData\WombatUpdater\WombatUpdater.exe [2010-12-30] () Task: {2409B9DD-E501-492E-8F51-6676D9F22E1D} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {2D2DFFEA-CB9B-4D3D-9002-A628F7E0E337} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated) Task: {408EE394-335F-462A-9C59-D78FD238B96F} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation) Task: {4BA324F6-D363-4963-8619-7D97AE7D0F9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-29] (Google Inc.) Task: {58235C7F-BFBE-4E95-803F-4F0B426D2F46} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-29] (Google Inc.) Task: {59E296F7-1D13-455A-BF8B-7C7C7666824B} - \DealPlyUpdate No Task File Task: {5BAE6CF6-79EB-474E-B0FF-D29C13F42207} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {5C82B86F-E5B8-4C38-A88E-7445AD94DF30} - System32\Tasks\LyricsContainer Update => C:\Program Files\LyricsContainer\LrcsCtrUpdr.exe [2013-06-22] (RYD Software) Task: {7F1D96D6-770F-4583-9887-F46C9B74B63E} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated) Task: {8A753A7C-A977-4538-B774-14AE9EDD5F63} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation) Task: {900E4387-81D1-43A6-B49C-443E8280507E} - System32\Tasks\EPUpdater => C:\Users\Holger\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File Task: {EE3C635F-1210-48E9-958C-9A3E3A8B2723} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated) Task: {F503511B-33AB-4E9F-AF6D-9B37BF37E596} - System32\Tasks\hcdll2_ex_Win32 => C:\Program Files\Hardcopy\hcdll2_ex_Win32.exe [2012-07-05] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\LyricsContainer Update.job => C:\Program Files\LyricsContainer\LrcsCtrUpdr.exe Task: C:\Windows\Tasks\Updater.job => C:\ProgramData\WombatUpdater\WombatUpdater.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/04/2013 04:19:13 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: FRST.exe, Version: 0.0.0.0, Zeitstempel: 0x4f25baec Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00064f96 ID des fehlerhaften Prozesses: 0xf88 Startzeit der fehlerhaften Anwendung: 0xFRST.exe0 Pfad der fehlerhaften Anwendung: FRST.exe1 Pfad des fehlerhaften Moduls: FRST.exe2 Berichtskennung: FRST.exe3 Error: (07/03/2013 10:27:06 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b ID des fehlerhaften Prozesses: 0xd3c Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1 Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2 Berichtskennung: FlashPlayerUpdateService.exe3 Error: (07/03/2013 10:07:30 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b ID des fehlerhaften Prozesses: 0x29c Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1 Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2 Berichtskennung: FlashPlayerUpdateService.exe3 Error: (07/03/2013 06:58:18 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (07/03/2013 06:58:18 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (07/03/2013 06:58:18 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (07/03/2013 06:51:11 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (07/03/2013 06:51:11 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (07/03/2013 06:51:11 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (07/03/2013 06:44:04 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b ID des fehlerhaften Prozesses: 0x9f0 Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1 Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2 Berichtskennung: FlashPlayerUpdateService.exe3 System errors: ============= Error: (07/04/2013 04:17:39 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/04/2013 04:17:39 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht. Error: (07/04/2013 04:15:37 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (07/04/2013 04:15:37 PM) (Source: Application Popup) (User: ) Description: Treiber atksgt.sys konnte nicht geladen werden. Error: (07/04/2013 04:14:41 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT) Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (07/04/2013 04:15:28 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am ?03.?07.?2013 um 22:36:44 unerwartet heruntergefahren. Error: (07/03/2013 06:44:01 PM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (07/03/2013 04:44:06 PM) (Source: Service Control Manager) (User: ) Description: Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (07/04/2013 04:19:13 PM) (Source: Application Error)(User: ) Description: FRST.exe0.0.0.04f25baecntdll.dll6.1.7601.177254ec49b60c000000500064f96f8801ce78c173cc17d9C:\Users\Holger\Desktop\FRST.exeC:\Windows\SYSTEM32\ntdll.dllb2f1573f-e4b4-11e2-90c9-00138ff9b6fa Error: (07/03/2013 10:27:06 PM) (Source: Application Error)(User: ) Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b60c00000050003419bd3c01ce782bac990b2aC:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SYSTEM32\ntdll.dllecf69e9e-e41e-11e2-b368-00138ff9b6fa Error: (07/03/2013 10:07:30 PM) (Source: Application Error)(User: ) Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b60c00000050003419b29c01ce7828ee97acd9C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SYSTEM32\ntdll.dll300d3e77-e41c-11e2-b368-00138ff9b6fa Error: (07/03/2013 06:58:18 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/03/2013 06:58:18 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (07/03/2013 06:58:18 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (07/03/2013 06:51:11 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/03/2013 06:51:11 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (07/03/2013 06:51:11 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (07/03/2013 06:44:04 PM) (Source: Application Error)(User: ) Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b60c00000050003419b9f001ce780c869ecef8C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SYSTEM32\ntdll.dllc5395389-e3ff-11e2-b368-00138ff9b6fa ==================== Memory info =========================== Percentage of memory in use: 43% Total physical RAM: 3327.3 MB Available physical RAM: 1889.93 MB Total Pagefile: 6650.84 MB Available Pagefile: 4980.69 MB Total Virtual: 2047.88 MB Available Virtual: 1897.28 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.51 GB) (Free:368.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive f: (FINN) (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C612A36E) Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 975 MB) (Disk ID: 00000000) Partition 1: (Active) - (Size=975 MB) - (Type=0B) ==================== End Of Log ======================= Irgendwie kann ich nicht ausserhalb vom Editor schreiben. Ich habe mir wohl etwas eingefangen. Die Seite bizcoaching .info öffnet sich immer. Ich habe mein System mit FRST gescannt. Geändert von rudi9999 (04.07.2013 um 15:40 Uhr) |
|
04.07.2013, 15:51
| #2 |
| /// Malware-holic   | bizcoaching.info Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
04.07.2013, 17:48
| #3 |
| | bizcoaching.info OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 04.07.2013 18:05:03 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holger\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 70,26% Memory free 6,49 Gb Paging File | 5,37 Gb Available in Paging File | 82,69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,51 Gb Total Space | 381,52 Gb Free Space | 40,96% Space Free | Partition Type: NTFS Drive F: | 970,99 Mb Total Space | 970,40 Mb Free Space | 99,94% Space Free | Partition Type: FAT32 Computer Name: HOLGER-PC | User Name: Holger | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.04 18:03:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Holger\Desktop\OTL.exe PRC - [2013.05.28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.08.09 08:21:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.31 14:01:00 | 003,551,296 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Programme\Hardcopy\hardcopy.exe PRC - [2012.07.27 22:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2012.07.27 14:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.05 15:56:39 | 000,037,440 | ---- | M] () -- C:\Programme\Hardcopy\hcdll2_ex_Win32.exe PRC - [2012.05.08 19:25:14 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 19:25:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 19:25:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.27 00:55:54 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011.01.27 00:55:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe PRC - [1999.09.30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Programme\PrintKey2000\Printkey2000.exe ========== Modules (No Company Name) ========== MOD - [2012.07.31 13:36:20 | 002,909,184 | ---- | M] () -- C:\Programme\Hardcopy\HcDllS.dll MOD - [2012.07.30 10:27:59 | 000,116,800 | ---- | M] () -- C:\Programme\Hardcopy\HcDLL2_38_Win32.dll MOD - [2012.07.27 22:51:54 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU MOD - [2012.07.05 15:56:39 | 000,037,440 | ---- | M] () -- C:\Programme\Hardcopy\hcdll2_ex_Win32.exe MOD - [2012.07.05 15:56:24 | 000,052,800 | ---- | M] () -- C:\Programme\Hardcopy\hardcopy_05.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Services (SafeList) ========== SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.05.28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.07.27 14:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.08 19:25:14 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 19:25:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.01.27 00:55:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - [2013.07.03 22:14:19 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.08 19:25:14 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 19:25:14 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.02.28 20:56:58 | 000,271,360 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2012.02.28 20:56:43 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.01.27 01:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2011.01.27 01:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011.01.27 00:13:10 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.17 14:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 00:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS) DRV - [2009.02.13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=18de14e0-3ad0-4800-b96f-92ec9372c9db&searchtype=ds&q={searchTerms}&installDate=28/06/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=18de14e0-3ad0-4800-b96f-92ec9372c9db&searchtype=ds&q={searchTerms}&installDate=28/06/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F 9C 12 8B F9 E7 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=18de14e0-3ad0-4800-b96f-92ec9372c9db&searchtype=ds&q={searchTerms}&installDate=28/06/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=18de14e0-3ad0-4800-b96f-92ec9372c9db&searchtype=ds&q={searchTerms}&installDate=28/06/2013 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..extensions.enabledAddons: {18de14e0-3ad0-4800-b96f-92ec9372c9db}:1.0 FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.6.20120119024823 FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.7.0.3 FF - prefs.js..extensions.enabledAddons: web2pdfextension@web2pdf.adobedotcom:1.2 FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.startup.homepage: FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@delorme.com/SendToGPS: C:\Program Files\DeLorme\SendToGPS\nppnplugin.dll (DeLorme) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Holger\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.11.04 11:26:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.12 06:58:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\LrcsTb@hansenapps.com: C:\Program Files\LyricsTube\FF\ [2013.06.04 20:13:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\Lyrics@LyricsContainer.co: C:\Program Files\LyricsContainer\116.xpi [2013.06.28 18:08:36 | 000,005,593 | ---- | M] () [2012.04.12 07:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holger\AppData\Roaming\mozilla\Extensions [2013.07.03 16:30:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holger\AppData\Roaming\mozilla\Firefox\Profiles\g82eolbz.default\extensions [2013.06.28 18:08:47 | 000,000,000 | ---D | M] (Wajam) -- C:\Users\Holger\AppData\Roaming\mozilla\Firefox\Profiles\g82eolbz.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} [2013.03.11 14:05:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Holger\AppData\Roaming\mozilla\Firefox\Profiles\g82eolbz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.06.28 18:08:27 | 000,000,000 | ---D | M] (LyricsContainer) -- C:\Users\Holger\AppData\Roaming\mozilla\Firefox\Profiles\g82eolbz.default\extensions\116 [2012.04.12 06:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.12 06:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2012.04.12 06:58:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - Extension: LyricsContainer = C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh\1.116_0\ CHR - Extension: LyricsTube = C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebdghdpchfhbbmfeddkijldlpnkbjkk\1.114_0\ O1 HOSTS File: ([2012.02.27 17:53:50 | 000,001,086 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 feedproxy.google.com O1 - Hosts: 127.0.0.1 plusone.google.com O1 - Hosts: 127.0.0.1 www.addthis.com O1 - Hosts: 127.0.0.1 vendor1.fitschigogerl.com O1 - Hosts: 127.0.0.1 www.d03x2011.com O1 - Hosts: 127.0.0.1 deliver.carrier.bz O1 - Hosts: 127.0.0.1 popads.ero-advertising.com O1 - Hosts: 127.0.0.1 is.gd O1 - Hosts: 127.0.0.1 eads.to O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (FastestTube) - {3E532CE8-C6D9-4A10-8ACE-4348C96E8B6A} - C:\Programme\FastestTube\2.1.9\WombatBHO.dll (Kwizzu) O2 - BHO: (LyricsContainer) - {463B0ED4-8AFA-404B-90E7-4063A0708050} - C:\Programme\LyricsContainer\116.dll (RYD Software) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - No CLSID value found. O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (LyricsTube) - {B399EDE8-1525-458C-8DD9-31EADF632D06} - C:\Programme\LyricsTube\lrcstube.dll (Hansen & Destar Apps) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (DeLorme Send To GPS) - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Programme\DeLorme\SendToGPS\PNPluginForIE.dll (DeLorme) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_19) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDBB58CA-1CC8-4375-A4F0-1B9D75533237}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - State: "bootini" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.07.04 18:03:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Holger\Desktop\OTL.exe [2013.07.04 18:02:01 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\Neuer Ordner [2013.07.04 16:20:45 | 000,000,000 | ---D | C] -- C:\FRST [2013.07.04 16:19:42 | 001,373,373 | ---- | C] (Farbar) -- C:\Users\Holger\Desktop\FRST.exe [2013.07.03 22:14:19 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.07.03 17:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.07.03 17:07:06 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Holger\Desktop\esetsmartinstaller_enu.exe [2013.07.03 16:42:35 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Holger\Desktop\TFC.exe [2013.07.03 16:37:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.07.03 16:37:25 | 000,000,000 | ---D | C] -- C:\JRT [2013.07.03 16:35:48 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Holger\Desktop\JRT494.exe [2013.07.02 17:11:10 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\Malwarebytes [2013.07.02 17:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.07.02 17:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.02 17:10:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.07.02 17:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.07.02 17:10:09 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Local\Programs [2013.07.01 18:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.07.01 17:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013.06.30 08:58:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Skins [2013.06.29 17:32:49 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\vlc [2013.06.29 15:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.06.29 15:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2013.06.29 15:32:55 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Local\Google [2013.06.28 18:16:19 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\anim [2013.06.28 18:16:13 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\COPY TO 'lang' FOLDER IN 'minecraft.jar' [2013.06.28 18:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsContainer [2013.06.28 18:08:33 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Local\Downloaded Installations [2013.06.27 15:51:24 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\world [2013.06.21 16:32:07 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\title [2013.06.21 14:43:51 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\mob [2013.06.21 14:43:51 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\misc [2013.06.21 14:43:44 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\gui [2013.06.21 14:43:44 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\font [2013.06.21 14:43:43 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\environment [2013.06.21 14:43:39 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\ctm [2013.06.21 14:43:39 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\art [2013.06.21 14:43:38 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\armor [2013.06.21 14:43:38 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\achievement [2013.06.21 14:43:12 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\WinRAR [2013.06.20 16:58:52 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\Avira [2013.06.20 16:56:37 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\.minecraft [2013.06.20 16:55:20 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\Macromedia [2013.06.20 16:53:39 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\ATI [2013.06.20 16:53:28 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\Adobe [2013.06.20 16:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.06.20 16:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft ========== Files - Modified Within 30 Days ========== [2013.07.04 18:03:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Holger\Desktop\OTL.exe [2013.07.04 18:01:15 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\LyricsContainer Update.job [2013.07.04 18:01:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.04 17:40:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.04 17:40:00 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\Updater.job [2013.07.04 17:27:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.04 16:53:08 | 000,018,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.04 16:53:08 | 000,018,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.04 16:45:31 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.04 16:45:19 | 2616,696,832 | -HS- | M] () -- C:\hiberfil.sys [2013.07.04 16:19:45 | 001,373,373 | ---- | M] (Farbar) -- C:\Users\Holger\Desktop\FRST.exe [2013.07.03 22:14:19 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.07.03 18:58:21 | 001,287,240 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.07.03 18:58:21 | 000,837,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.07.03 18:58:21 | 000,333,486 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.07.03 18:58:21 | 000,286,802 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.07.03 17:07:06 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Holger\Desktop\esetsmartinstaller_enu.exe [2013.07.03 17:03:02 | 000,139,264 | ---- | M] () -- C:\Users\Holger\Desktop\SystemLook.exe [2013.07.03 16:59:39 | 000,165,376 | ---- | M] () -- C:\Users\Holger\Desktop\SystemLook_x64.exe [2013.07.03 16:42:35 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Holger\Desktop\TFC.exe [2013.07.03 16:35:48 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Holger\Desktop\JRT494.exe [2013.07.03 16:27:42 | 000,648,201 | ---- | M] () -- C:\Users\Holger\Desktop\adwcleaner2303.exe [2013.07.02 17:10:23 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.01 17:31:48 | 000,429,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.06.30 15:45:19 | 001,492,528 | ---- | M] () -- C:\Users\Holger\Desktop\Foto Holger1.jpg [2013.06.30 15:45:19 | 001,492,528 | ---- | M] () -- C:\Users\Holger\Desktop\Foto Holger.jpg [2013.06.29 15:37:37 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.06.28 18:17:17 | 011,906,468 | ---- | M] () -- C:\Users\Holger\Documents\Minecraft t.zip [2013.06.20 17:51:56 | 000,263,186 | ---- | M] () -- C:\Users\Holger\Desktop\Minecraft.exe [2013.06.20 16:04:50 | 000,002,229 | ---- | M] () -- C:\Users\Public\Desktop\MINECRAFTinstall.net.lnk ========== Files Created - No Company Name ========== [2013.07.03 17:03:01 | 000,139,264 | ---- | C] () -- C:\Users\Holger\Desktop\SystemLook.exe [2013.07.03 16:59:39 | 000,165,376 | ---- | C] () -- C:\Users\Holger\Desktop\SystemLook_x64.exe [2013.07.03 16:27:42 | 000,648,201 | ---- | C] () -- C:\Users\Holger\Desktop\adwcleaner2303.exe [2013.07.02 17:10:23 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.30 15:45:29 | 001,492,528 | ---- | C] () -- C:\Users\Holger\Desktop\Foto Holger1.jpg [2013.06.30 15:42:24 | 001,492,528 | ---- | C] () -- C:\Users\Holger\Desktop\Foto Holger.jpg [2013.06.29 15:37:37 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.06.29 15:35:24 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.29 15:35:22 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.28 18:15:18 | 011,906,468 | ---- | C] () -- C:\Users\Holger\Documents\Minecraft t.zip [2013.06.28 18:08:25 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\LyricsContainer Update.job [2013.06.21 14:43:57 | 000,055,364 | ---- | C] () -- C:\Users\Holger\Desktop\pack.png [2013.06.20 17:53:03 | 000,263,186 | ---- | C] () -- C:\Users\Holger\Desktop\Minecraft.exe [2013.06.20 16:04:50 | 000,002,229 | ---- | C] () -- C:\Users\Public\Desktop\MINECRAFTinstall.net.lnk [2012.02.28 20:56:58 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2012.02.28 20:56:43 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2012.02.16 18:50:18 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2012.02.10 15:32:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.06.30 15:32:15 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\.minecraft ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.07.01 22:19:16 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.02.25 11:48:59 | 000,000,000 | ---D | M] -- C:\5e9fbc9e8faa7bc0e58997b3ec1b15 [2013.05.13 05:33:51 | 000,000,000 | ---D | M] -- C:\a30bb379609d6a563da9dd01 [2012.02.16 18:24:32 | 000,000,000 | ---D | M] -- C:\AMD [2012.02.25 12:13:24 | 000,000,000 | -HSD | M] -- C:\Boot [2013.07.02 17:33:58 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2013.04.02 15:50:39 | 000,000,000 | ---D | M] -- C:\CoView [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.02.10 15:37:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.07.04 16:20:45 | 000,000,000 | ---D | M] -- C:\FRST [2012.04.20 11:23:21 | 000,000,000 | ---D | M] -- C:\Garmin [2013.07.03 16:37:26 | 000,000,000 | ---D | M] -- C:\JRT [2012.04.20 11:44:48 | 000,000,000 | ---D | M] -- C:\MapSource6.16.2 [2013.03.21 17:08:27 | 000,000,000 | ---D | M] -- C:\ModMii2012 [2013.03.21 17:52:39 | 000,000,000 | ---D | M] -- C:\ModMii2013 [2012.03.07 20:00:38 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.10.15 19:47:53 | 000,000,000 | ---D | M] -- C:\Neuer Ordner [2012.10.15 19:47:56 | 000,000,000 | ---D | M] -- C:\Neuer Ordner (2) [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.07.03 17:07:46 | 000,000,000 | R--D | M] -- C:\Program Files [2013.07.03 16:30:52 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.02.10 15:37:57 | 000,000,000 | -HSD | M] -- C:\Programme [2012.02.10 15:37:57 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.07.04 18:09:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.02.10 15:38:08 | 000,000,000 | R--D | M] -- C:\Users [2013.07.04 16:20:52 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2012.02.29 11:40:47 | 000,000,298 | ---- | C] () -- C:\Windows\Tasks\Updater.job [2012.04.26 06:14:37 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013.06.28 18:08:25 | 000,000,386 | ---- | C] () -- C:\Windows\Tasks\LyricsContainer Update.job [2013.06.29 15:35:22 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2013.06.29 15:35:24 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.07.04 18:27:31 | 007,340,032 | -HS- | M] () -- C:\Users\Holger\NTUSER.DAT [2013.07.04 18:27:31 | 000,262,144 | -HS- | M] () -- C:\Users\Holger\ntuser.dat.LOG1 [2012.11.07 17:56:17 | 000,262,144 | -HS- | M] () -- C:\Users\Holger\ntuser.dat.LOG2 [2012.02.10 15:39:03 | 000,065,536 | -HS- | M] () -- C:\Users\Holger\NTUSER.DAT{cad24155-a394-11de-b32f-005056c00008}.TM.blf [2012.02.10 15:39:03 | 000,524,288 | -HS- | M] () -- C:\Users\Holger\NTUSER.DAT{cad24155-a394-11de-b32f-005056c00008}.TMContainer00000000000000000001.regtrans-ms [2012.02.10 15:39:03 | 000,524,288 | -HS- | M] () -- C:\Users\Holger\NTUSER.DAT{cad24155-a394-11de-b32f-005056c00008}.TMContainer00000000000000000002.regtrans-ms [2012.02.10 15:38:11 | 000,000,020 | -HS- | M] () -- C:\Users\Holger\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:373E1720 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.07.2013 18:05:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holger\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 70,26% Memory free
6,49 Gb Paging File | 5,37 Gb Available in Paging File | 82,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 381,52 Gb Free Space | 40,96% Space Free | Partition Type: NTFS
Drive F: | 970,99 Mb Total Space | 970,40 Mb Free Space | 99,94% Space Free | Partition Type: FAT32
Computer Name: HOLGER-PC | User Name: Holger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Holger\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0331DA4D-2307-4C7E-BE46-9CB82873E428}" = lport=138 | protocol=17 | dir=in | app=system |
"{03D85375-3A3A-48FE-9AEE-4617DEC7D22B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0669FF02-2BD7-428B-AA52-B67DB2947347}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{16AAF9F3-2FB3-41FF-ADC1-3B7F16206420}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21A92C1E-0978-4677-AF20-E19C27383FF8}" = rport=138 | protocol=17 | dir=out | app=system |
"{22A12A28-7C6E-49A7-9FAB-858DDAB1BFE5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{30FB4437-C066-4383-8AC4-53FED6F47797}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3CC53869-47B6-4E1E-90DC-15C503D9AAF0}" = lport=139 | protocol=6 | dir=in | app=system |
"{4EEB4295-0EA4-4B64-89F6-9897E3F5ACE0}" = rport=139 | protocol=6 | dir=out | app=system |
"{53C4D485-1E50-463D-B508-5822D746CD87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5515C630-8357-405F-A382-D79036E23286}" = lport=137 | protocol=17 | dir=in | app=system |
"{59DD4CFE-DB04-4DCF-BD7F-2DE3E2406076}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5AFB4514-CB2D-4796-8F8C-73241C92E0E6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5CFE42AB-EB50-4CC4-B3EC-1C3460BFC498}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{732A891C-9CCF-4599-ADDE-759CE25C9810}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{7DA5C0DB-6C74-49FB-92F7-6A32D29B2569}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81267526-8AB5-4114-AF24-0E11CB68B534}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{85591CB7-A919-4C45-A7E7-CACB0E4B9388}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DF854DE-5042-407B-AFE5-345D3C33995E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{8F3F2388-5344-4186-8DB6-8D76DE37F9EB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9CE20871-660E-4A8C-881E-49E4D36F7636}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9E17FF8C-4952-4E39-AF78-6DF1FEA21ED9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A1336387-ECF9-4A46-A741-2CE0E41204F3}" = lport=445 | protocol=6 | dir=in | app=system |
"{A15DBE7D-726D-4D4C-AFE6-6E9ED61EA4D8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A5E904E3-1119-44F9-A8CE-6B0A2AEEC5F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AE1CCFCA-5BDE-482E-83CB-ED2067E2D21E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AE668B0D-FB70-47B9-BFE9-B7FA9001B322}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BAA06476-489B-4A15-B32D-91D8FA641F41}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1271583-A6E7-47CF-9FFB-AB75C78465BB}" = rport=137 | protocol=17 | dir=out | app=system |
"{D145D87B-4ED4-45D0-ADC9-FA5E4FBDE81B}" = rport=445 | protocol=6 | dir=out | app=system |
"{E739C108-AE95-4524-A8FA-CF35C3A7CB03}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E8819F79-3C5C-4FA7-9284-B18BC232B464}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F992BE4B-95D9-47A5-A9AA-21BDF7C02D29}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08144B55-69CB-4998-91C8-C7D6EB0FB5F8}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{1534E421-3C9E-427F-A68B-D9AEEB5627B6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{17CA971E-3C24-43FA-98A6-DD3F2A78A0EE}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{1AD05EF1-2F10-4D29-A417-E07A04FB7BF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2BB799D8-8D57-4552-93C1-14013439BC9A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3171555D-7C7B-450F-9163-0243D8198F36}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{457B581D-56CB-4577-B1A8-D51C32EB0D80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E57EFA1-1DB8-41E3-9DD7-E8F4B072AC41}" = protocol=6 | dir=out | app=system |
"{4F75F2B8-AE57-4595-8D75-AACFE44207F6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5076A597-F231-4E92-9E05-04DAADAD4C1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{56021AA7-0E96-47AA-8991-221658F785AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D2ADD46-6113-48B3-A784-885A3E42A972}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6DA6C287-8AB1-496A-9F55-A91647628432}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe |
"{70AA4508-3A9E-4925-9963-D43A2451BE71}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{7976D2F2-1FCD-4784-90E6-93D85D0B6F35}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8B7A7FD4-A0FC-44B2-8A01-2DFB6E58EEB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{918B0116-F04C-447B-8D44-4EE66D68B5A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0A3BDFD-4F80-438D-BCD0-D7019D198FEB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C31551ED-296A-4880-9BAB-026F9F906960}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{CE49C996-0FA2-4BBA-9F0F-AFAB0B727AD4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe |
"{D28AB5A9-D7AF-4D74-B2D5-225EEFBCF781}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DBD98D11-6EE5-4363-9CEB-01C2DBC53BDA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DBF407B3-C4FA-4463-95C2-C59A1CFBAE17}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F08D3732-FCDC-480C-8721-7AB4D6DBBD6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F3C5C700-E8D3-4E31-8884-17F5487EBD17}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{F3D9C719-8726-4E6F-8320-41D7C6C434BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F471D408-5E23-4738-A0F0-E204B1B34D58}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"TCP Query User{207269DF-184A-4ABB-A906-1FDC73763F40}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{44B3835B-FC63-4B2D-8DC3-AF80C05FF60C}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"TCP Query User{82A8E81C-8F1B-4235-85A1-CB1863340628}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe |
"TCP Query User{8B856512-C5FB-47C0-A0F6-935E422A3061}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{A2E1E85E-F032-4F05-8545-4850AC155049}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{B8A7771F-AAD7-49F3-AABE-FD96E71524A2}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{E119E88E-5622-45F8-810B-B79991F1FD82}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{F07806B1-DC41-4A5F-9EA7-FB6F1075FA20}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe |
"TCP Query User{F469D50C-FCFF-4D6A-B6CB-04F3B958782D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{F8F72074-71A6-46ED-BAAE-5D2E4C27CCF4}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"UDP Query User{1C7E064B-FB83-44DA-8D4F-D447C9361D32}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"UDP Query User{3F09B813-4A83-450E-A74C-64B030E52DA6}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe |
"UDP Query User{50ABE301-DCBA-4C9A-B68B-ED8BE8B3C664}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"UDP Query User{5E97B175-D71A-42DD-B2E2-E6A1F3A1634D}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"UDP Query User{5F7DDD8F-BF48-4217-81D0-FE9F0DE23FAE}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{75E7D6A2-5631-4CF2-ADD6-4B78E866EC03}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe |
"UDP Query User{8194F4F0-9B0E-4647-907E-867B8B7EE6FA}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{82F1AFEF-09B5-4564-B6E4-8320C5E9E5E6}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"UDP Query User{D87A1B09-31DE-4D7A-9710-D476B9918E3E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{EAB4C42F-A7EF-4411-AE01-7AD139076159}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0053CC02-9A68-C88E-6890-0A749DF9BD7B}" = CCC Help Thai
"{015C057F-D7B9-4D82-B266-FBCF0178F382}" = USB Audio/Video Driver
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0805B720-5CD0-143C-E569-149D546A92FA}" = CCC Help Chinese Traditional
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F60FD8E-3E58-4F8E-BF2C-DFA4C9987AE2}_is1" = DeLorme Send To GPS 1.4
"{11B79EBE-12F0-7F67-028C-28763D04522C}" = CCC Help Polish
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
"{19901F0F-3857-5E46-FF17-9B5653860B75}" = CCC Help Turkish
"{1A1F62AB-B8D6-1769-923D-365F963D51F9}" = WMV9/VC-1 Video Playback
"{1E6A4185-C2E8-1AB7-6C05-806C015FFE7E}" = CCC Help Czech
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2747BEA4-A2E1-6513-7524-4DBBC7823E4A}" = CCC Help Chinese Standard
"{2E443D29-FB41-07FB-21E9-852D477570BE}" = CCC Help English
"{307A2BE0-FC2A-5CFB-C948-058D62F4B39D}" = ccc-utility
"{3524297F-158C-F964-F1AD-B0BC4314DE44}" = HydraVision
"{3776754C-4283-DF7D-F28A-0221CD5F07AE}" = CCC Help Russian
"{37E7D5C3-AF57-4103-851F-076E8AAFC03E}" = Minecraft
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F9FB449-93DB-4C47-BB5B-7334C4D1736E}" = SD Formatter
"{451D691A-D425-01D3-B1C7-0A3161878ECE}" = CCC Help Hungarian
"{459F8ABE-28DB-4F9E-9F96-3149C332FA83}" = Lernwerkstatt 7
"{47FDE7DF-E065-EBF3-5CA1-44BB75F05F6A}" = CCC Help Japanese
"{49E54A90-948C-D78B-CECE-9A7B380491F0}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A93AD88-E424-F6A3-5620-697FA89AAD14}" = CCC Help Korean
"{4C6B0067-4399-7F36-4C34-18D861D7662E}" = CCC Help French
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55DE01D1-9E39-292C-8DF8-9F753992D548}" = CCC Help Swedish
"{5A4B0298-6C1A-E615-BE09-D65A63AAB2ED}" = Catalyst Control Center Graphics Previews Common
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6641AAF6-1979-48AF-A372-376AEBA3AD45}" = eComic
"{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}" = Garmin WebUpdater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A497FCE-53D2-8D70-C497-CD5585953F62}" = CCC Help Spanish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE7A656-A244-47C6-BB05-D412820FDA3C}" = calibre
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A440AC73-43D1-D096-B7B8-051E4282F330}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A982D950-FAB9-744E-41BE-285082FF86C2}" = CCC Help Italian
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B33D8DA3-28E5-2EA8-CC16-8D8A9CED91C4}" = AMD Catalyst Install Manager
"{B39A18D0-296E-2B41-4CCC-58AF0B772F8E}" = CCC Help Greek
"{B9C2CE12-9597-7EEF-1EA1-48D8B6B0DA15}" = AMD Drag and Drop Transcoding
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C6526EF6-214D-20CC-E8B8-2E79BFC0D11E}" = CCC Help Dutch
"{CA212D9E-EDFB-B0D8-B1D5-05ED5838F6B7}" = ccc-core-static
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{DEDE10BE-6C0D-6941-95EA-0822D8DE1C90}" = CCC Help Portuguese
"{E1D8FD24-8CC4-9038-0B15-ADBB922DA352}" = CCC Help Danish
"{E656D89A-8CBB-497F-918F-8361A4071C26}" = Nero Burning ROM 11
"{E6FE96CE-99C3-42DE-AD9B-E0A63BD7805D}_is1" = FastestTube-1.3.7.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7725A3F-32F6-85C9-1EFA-92C482B35363}" = ATI AVIVO Codecs
"{FA5E8C25-6204-76B9-AB27-866D6A2131C5}" = Catalyst Control Center Localization All
"{FB45F14F-E6F9-796D-86A3-C096B5BEF842}" = CCC Help German
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows 7 Signed Files
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Avira AntiVir Desktop" = Avira Free Antivirus
"CDisplay_is1" = CDisplay 1.8
"CoView_is1" = CoView
"Denken und Rechnen 1" = Denken und Rechnen 1
"ElsterFormular" = ElsterFormular
"ESET Online Scanner" = ESET Online Scanner v3
"FastestTube" = FastestTube
"FileConverter_1.3 Toolbar" = FileConverter 1.3 Toolbar
"Google Chrome" = Google Chrome
"Hardcopy" = Hardcopy
"InstallShield_{015C057F-D7B9-4D82-B266-FBCF0178F382}" = USB Audio/Video Driver
"InstallShield_{459F8ABE-28DB-4F9E-9F96-3149C332FA83}" = Lernwerkstatt 7
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"lrcsTube@hansanddeta.com" = LyricsTube
"Lyrics@LyricsContainer.co" = LyricsContainer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PrintKey2000" = PrintKey2000
"Ravensburger tiptoi" = Ravensburger tiptoi
"Steam App 34030" = Napoleon: Total War
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.07.2013 12:58:18 | Computer Name = Holger-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 03.07.2013 12:58:18 | Computer Name = Holger-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 03.07.2013 12:58:18 | Computer Name = Holger-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 03.07.2013 16:07:30 | Computer Name = Holger-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version:
11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b
ID
des fehlerhaften Prozesses: 0x29c Startzeit der fehlerhaften Anwendung: 0x01ce7828ee97acd9
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 300d3e77-e41c-11e2-b368-00138ff9b6fa
Error - 03.07.2013 16:27:06 | Computer Name = Holger-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version:
11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b
ID
des fehlerhaften Prozesses: 0xd3c Startzeit der fehlerhaften Anwendung: 0x01ce782bac990b2a
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: ecf69e9e-e41e-11e2-b368-00138ff9b6fa
Error - 04.07.2013 10:19:13 | Computer Name = Holger-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FRST.exe, Version: 0.0.0.0, Zeitstempel:
0x4f25baec Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00064f96 ID des fehlerhaften Prozesses:
0xf88 Startzeit der fehlerhaften Anwendung: 0x01ce78c173cc17d9 Pfad der fehlerhaften
Anwendung: C:\Users\Holger\Desktop\FRST.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung:
b2f1573f-e4b4-11e2-90c9-00138ff9b6fa
Error - 04.07.2013 10:27:01 | Computer Name = Holger-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version:
11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b
ID
des fehlerhaften Prozesses: 0xc4c Startzeit der fehlerhaften Anwendung: 0x01ce78c28ba277fb
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: ca23351f-e4b5-11e2-90c9-00138ff9b6fa
Error - 04.07.2013 11:21:14 | Computer Name = Holger-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\anno
1701\Tools\Tages\DrvSetup_x64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.07.2013 11:27:03 | Computer Name = Holger-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version:
11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b
ID
des fehlerhaften Prozesses: 0xc78 Startzeit der fehlerhaften Anwendung: 0x01ce78caeda064b6
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 2ccf2d84-e4be-11e2-a81f-00138ff9b6fa
Error - 04.07.2013 12:27:02 | Computer Name = Holger-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version:
11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b
ID
des fehlerhaften Prozesses: 0x7dc Startzeit der fehlerhaften Anwendung: 0x01ce78d34f3864eb
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 8e3ea5bf-e4c6-11e2-a81f-00138ff9b6fa
[ System Events ]
Error - 04.07.2013 10:15:28 | Computer Name = Holger-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?07.?2013 um 22:36:44 unerwartet heruntergefahren.
Error - 04.07.2013 10:14:41 | Computer Name = Holger-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 04.07.2013 10:15:37 | Computer Name = Holger-PC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
Error - 04.07.2013 10:15:37 | Computer Name = Holger-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 04.07.2013 10:17:39 | Computer Name = Holger-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.
Error - 04.07.2013 10:17:39 | Computer Name = Holger-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
wurde aufgrund folgenden Fehlers nicht gestartet: %%1053
Error - 04.07.2013 10:45:18 | Computer Name = Holger-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 04.07.2013 10:45:31 | Computer Name = Holger-PC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
Error - 04.07.2013 10:45:31 | Computer Name = Holger-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 04.07.2013 11:32:42 | Computer Name = Holger-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report >
|
|
04.07.2013, 18:09
| #4 |
| /// Malware-holic | bizcoaching.info Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.07.2013, 21:25
| #5 |
| | bizcoaching.infoHTML-Code: 22:24:41.0646 3520 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:24:41.0920 3520 ============================================================
22:24:41.0920 3520 Current date / time: 2013/07/04 22:24:41.0920
22:24:41.0920 3520 SystemInfo:
22:24:41.0920 3520
22:24:41.0920 3520 OS Version: 6.1.7601 ServicePack: 1.0
22:24:41.0920 3520 Product type: Workstation
22:24:41.0920 3520 ComputerName: HOLGER-PC
22:24:41.0920 3520 UserName: Holger
22:24:41.0920 3520 Windows directory: C:\Windows
22:24:41.0920 3520 System windows directory: C:\Windows
22:24:41.0920 3520 Processor architecture: Intel x86
22:24:41.0920 3520 Number of processors: 2
22:24:41.0920 3520 Page size: 0x1000
22:24:41.0920 3520 Boot type: Normal boot
22:24:41.0920 3520 ============================================================
22:24:43.0028 3520 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:24:43.0040 3520 Drive \Device\Harddisk1\DR1 - Size: 0x3CEFFE00 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:24:43.0041 3520 ============================================================
22:24:43.0041 3520 \Device\Harddisk0\DR0:
22:24:43.0042 3520 MBR partitions:
22:24:43.0042 3520 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
22:24:43.0042 3520 \Device\Harddisk1\DR1:
22:24:43.0042 3520 MBR partitions:
22:24:43.0042 3520 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x10, BlocksNum 0x1E77EF
22:24:43.0043 3520 ============================================================
22:24:43.0070 3520 C: <-> \Device\Harddisk0\DR0\Partition1
22:24:43.0070 3520 ============================================================
22:24:43.0070 3520 Initialize success
22:24:43.0070 3520 ============================================================ |
|
05.07.2013, 13:13
| #6 |
| /// Malware-holic | bizcoaching.info hi, Scan mit Combofix
__________________ --> bizcoaching.info |
|
05.07.2013, 13:39
| #7 |
| | bizcoaching.info Danke Combofix Logfile: Code:
ATTFilter ComboFix 13-07-04.01 - Holger 05.07.2013 14:26:15.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3327.2298 [GMT 2:00]
ausgeführt von:: c:\users\Holger\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LyricsTube\lrCStube.dll
c:\windows\system32\drivers\etc\hosts.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-05 bis 2013-07-05 ))))))))))))))))))))))))))))))
.
.
2013-07-05 12:35 . 2013-07-05 12:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-05 12:31 . 2013-07-05 12:31 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85AB790D-7498-4F08-B953-DF8A35566157}\offreg.dll
2013-07-05 10:45 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85AB790D-7498-4F08-B953-DF8A35566157}\mpengine.dll
2013-07-04 14:20 . 2013-07-04 14:20 -------- d-----w- C:\FRST
2013-07-03 15:07 . 2013-07-03 15:07 -------- d-----w- c:\program files\ESET
2013-07-03 14:37 . 2013-07-03 14:37 -------- d-----w- c:\windows\ERUNT
2013-07-03 14:37 . 2013-07-03 14:37 -------- d-----w- C:\JRT
2013-07-02 15:11 . 2013-07-02 15:11 -------- d-----w- c:\users\Holger\AppData\Roaming\Malwarebytes
2013-07-02 15:10 . 2013-07-02 15:10 -------- d-----w- c:\programdata\Malwarebytes
2013-07-02 15:10 . 2013-07-02 15:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-02 15:10 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-02 15:10 . 2013-07-02 15:10 -------- d-----w- c:\users\Holger\AppData\Local\Programs
2013-07-01 16:00 . 2013-07-01 16:00 -------- d-----w- c:\program files\Enigma Software Group
2013-07-01 15:59 . 2013-07-01 15:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-06-29 15:32 . 2013-06-30 05:45 -------- d-----w- c:\users\Holger\AppData\Roaming\vlc
2013-06-29 13:34 . 2013-06-29 13:37 -------- d-----w- c:\program files\Google
2013-06-29 13:32 . 2013-06-29 13:38 -------- d-----w- c:\users\Holger\AppData\Local\Google
2013-06-28 16:08 . 2013-06-28 16:08 -------- d-----w- c:\program files\LyricsContainer
2013-06-28 16:08 . 2013-06-28 16:08 -------- d-----w- c:\users\Holger\AppData\Local\Downloaded Installations
2013-06-20 14:58 . 2013-06-20 14:58 -------- d-----w- c:\users\Holger\AppData\Roaming\Avira
2013-06-20 14:56 . 2013-06-30 13:32 -------- d-----w- c:\users\Holger\AppData\Roaming\.minecraft
2013-06-20 14:53 . 2013-06-20 14:53 -------- d-----w- c:\users\Holger\AppData\Roaming\ATI
2013-06-20 14:33 . 2013-06-20 14:32 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-20 14:33 . 2013-06-20 14:32 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-20 14:33 . 2013-06-20 14:32 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-16 18:13 . 2013-05-28 13:05 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe
2013-06-13 01:05 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-13 01:05 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-12 14:37 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 14:37 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 14:36 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 14:36 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 14:36 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 14:36 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 14:36 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 14:36 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 14:35 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 14:35 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 14:35 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 14:35 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 15:27 . 2012-04-26 04:14 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 15:27 . 2012-02-10 13:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2012-02-10 13:58 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-15 13:50 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 13:50 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 17:49 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-15 13:50 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-15 13:50 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-15 13:50 2347520 ----a-w- c:\windows\system32\win32k.sys
2011-06-16 04:32 . 2012-04-12 04:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{463B0ED4-8AFA-404B-90E7-4063A0708050}]
2013-06-22 21:35 185856 ----a-w- c:\program files\LyricsContainer\116.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NewShortcut1.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NewShortcut1.lnk
backup=c:\windows\pss\NewShortcut1.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Printkey2000.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Printkey2000.lnk
backup=c:\windows\pss\Printkey2000.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Holger^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Hardcopy.LNK]
path=c:\users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
backup=c:\windows\pss\Hardcopy.LNK.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-07-27 20:51 823224 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-07-27 20:51 36800 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-06-06 22:06 1641896 ----a-w- c:\program files\Steam\Steam.exe
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-09-23 641832]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-29 13:37 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 13:05]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-29 13:34]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-29 13:34]
.
2013-07-05 c:\windows\Tasks\LyricsContainer Update.job
- c:\program files\LyricsContainer\LrcsCtrUpdr.exe [2013-06-22 21:35]
.
2013-07-05 c:\windows\Tasks\Updater.job
- c:\programdata\WombatUpdater\WombatUpdater.exe [2010-12-30 09:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=18de14e0-3ad0-4800-b96f-92ec9372c9db&searchtype=ds&q={searchTerms}&installDate=28/06/2013
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\g82eolbz.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{78e516ef-11de-47a1-8364-a99b917ec5ee} - (no file)
WebBrowser-{78E516EF-11DE-47A1-8364-A99B917EC5EE} - (no file)
AddRemove-FileConverter_1.3 Toolbar - c:\program files\FileConverter_1.3\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-05 14:37:55
ComboFix-quarantined-files.txt 2013-07-05 12:37
.
Vor Suchlauf: 17 Verzeichnis(se), 408.580.763.648 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 408.710.062.080 Bytes frei
.
- - End Of File - - F5434C75A906F5BBF105F4425617A658
A36C5E4F47E84449FF07ED3517B43A31 [/HTML] Gerade hat sich wieder die Seite bizcoaching.info aufgemacht |
|
05.07.2013, 13:48
| #8 |
| /// Malware-holic | bizcoaching.info Hi, poste bitte alle bisher erstellten Malwarebytes Logs mit Funden. http://www.trojaner-board.de/125889-...en-posten.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.07.2013, 13:55
| #9 |
| | bizcoaching.infoHTML-Code: Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.02.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16618 Holger :: HOLGER-PC [Administrator] Schutz: Aktiviert 02.07.2013 17:14:05 mbam-log-2013-07-02 (17-14-05).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213461 Laufzeit: 18 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 11 HKCR\CLSID\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Keine Aktion durchgeführt. HKCR\ironsource.searchyaHlpr.1 (PUP.SearchYa) -> Keine Aktion durchgeführt. HKCR\ironsource.searchyaHlpr (PUP.SearchYa) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Keine Aktion durchgeführt. HKCR\CLSID\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Keine Aktion durchgeführt. HKCR\ironsource.searchyadskBnd.1 (PUP.SearchYa) -> Keine Aktion durchgeführt. HKCR\ironsource.searchyadskBnd (PUP.SearchYa) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Daten: SearchYa Toolbar -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Daten: -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 7 C:\Program Files\Ironsource\searchya\1.5.13.0\bh\searchya.dll (PUP.SearchYa) -> Keine Aktion durchgeführt. C:\Program Files\Ironsource\searchya\1.5.13.0\searchyaTlbr.dll (PUP.SearchYa) -> Keine Aktion durchgeführt. C:\Users\Holger\Downloads\Kevin_-_Allein_zu_Haus.exe (PUP.Adware.Agent) -> Keine Aktion durchgeführt. C:\Users\Holger\AppData\Local\Temp\2829718.Uninstall\Uninstall.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Holger\AppData\Local\Temp\DIQM\FlashPlayer_151\DomaIQ.exe (Adware.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Holger\AppData\Local\Temp\DIQM\FlashPlayer_151\DomaIQ10.exe (Adware.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Holger\AppData\Local\Temp\DIQM\FlashPlayer_151\exes.zip (Adware.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
05.07.2013, 13:59
| #10 |
| /// Malware-holic | bizcoaching.info Bitte mal Malwarebytes updaten, vollständiger Scan, Funde löschen, Log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.07.2013, 11:03
| #11 |
| /// the machine /// TB-Ausbilder  | bizcoaching.info Wo genau gehts jetzt weiter? http://www.trojaner-board.de/137670-...e-scanner.html
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.07.2013, 11:08
| #12 |
| | bizcoaching.info Hallo Schrauber! Ich denke beim anderen Thread. Der war ja eigentlich erledigt. Jetzt ist der Fehler ja wieder aufgetreten. Ich kann nur Danke für die Hilfe sagen. Ich habe ja jetzt 2 Probleme Danke |
|
06.07.2013, 11:14
| #13 |
| /// the machine /// TB-Ausbilder | bizcoaching.info Sag einfach nur an wo weiter gemacht wird, damit der entpsrechend andere Helfer nicht Zeit aufbringt und wir doppelt arbeiten 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.07.2013, 12:10
| #14 |
| | bizcoaching.info Hallo Markus! Danke für deine Hilfe. Da ein anderes Problem wieder aufgetreten ist, machen wir in dem anderen Thema weiter. Da ist schrauber aktiv. Danke für deine Hilfe  |
|
| Themen zu bizcoaching.info |
| adware.agent, adware.domaiq, antivir, bizcoaching.info, branding, browser, farbar, farbar recovery scan tool, flash player, helper, installation, lyricscontainer, newtab, ntdll.dll, opera, pixel, plug-in, pup.adware.agent, pup.searchya, registry, services.exe, software, spyhunter, spyhunter entfernen, svchost.exe, system, usb, windows, winlogon.exe |
WARNUNG an die MITLESER: 
Linear-Darstellung
