|
Log-Analyse und Auswertung: mail delivery failed: returning message to sender im gmx accountWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.07.2013, 16:18 | #1 |
| mail delivery failed: returning message to sender im gmx account Hallo Trojaner-Board Gemeinde, habe hier schon ein paar Hinweise gelesen....gutes Forum finde ich Aber zum Anfang, wir waren im Urlaub, als wir gestern wiederkamen, und ich die Nacht kurz meine Emails gecheckt habe, ist mir aufgefalllen, das viele Mails drin waren mit mail delivery failed: returning message to sender. (Glaub an die 100 Stck.) Jedefalls habe ich mein Pw geändert und mal gegooglt, also wahrscheinlich ist mit PW ändern nicht erledigt deswegen habe ich "OTL" mal durchlaufen lassen. Code:
ATTFilter OTL logfile created on: 11.07.2013 16:31:25 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XXXXXXXXXXXX\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16618) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 44,22% Memory free 8,00 Gb Paging File | 5,57 Gb Available in Paging File | 69,70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 141,84 Gb Total Space | 41,85 Gb Free Space | 29,50% Space Free | Partition Type: NTFS Drive D: | 113,08 Gb Total Space | 16,67 Gb Free Space | 14,74% Space Free | Partition Type: NTFS Drive E: | 111,75 Gb Total Space | 49,32 Gb Free Space | 44,14% Space Free | Partition Type: FAT32 Drive G: | 5,23 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive K: | 156,25 Gb Total Space | 31,16 Gb Free Space | 19,95% Space Free | Partition Type: NTFS Computer Name: XXXXXXX-PC | User Name: XXXXXXXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hilli\Downloads\OTL(1).exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) PRC - C:\Program Files (x86)\Glary Utilities\memdefrag.exe (Glarysoft Ltd) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe () PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.) PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () MOD - C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll () MOD - C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll () MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe () MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll () MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll () MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll () MOD - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll () MOD - C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll () MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll () MOD - C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll () MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe () MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (SystemStoreService) -- C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe () SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.) SRV - (mitsijm2013) -- C:\Programme\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe ( ) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.) DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=hp&exp=true IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 8B 6C 91 7F A5 CD 01 [binary data] IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.5 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489 FF - prefs.js..extensions.enabledAddons: Tubesaver%40istqt.co:1.116 FF - prefs.js..extensions.enabledAddons: 126c9ec1-e913-410f-94df-6262dd70e044%4094392a4b-d7bd-4563-8bcd-ba96cf8055b2.com:0.91.29 FF - prefs.js..extensions.enabledAddons: %7B87eab3b7-a707-4459-99ae-c2fa06cfa36b%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7 FF - prefs.js..extensions.enabledAddons: %7B15312e9a-4905-48da-aae4-15b24bdc2a24%7D:1.0.5 FF - prefs.js..extensions.enabledAddons: info%40skymeissner.com:1.4 FF - prefs.js..extensions.enabledAddons: gmailnoads%40mywebber.com:3.9.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.14 20:31:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013.06.09 14:34:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\Tubesaver@istqt.co: C:\Program Files (x86)\TubeSaver\116.xpi [2013.07.02 11:14:39 | 000,004,710 | ---- | M] () FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.23 20:46:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\Extensions [2013.02.23 20:46:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\Extensions\{a79fe89b-6662-4ff4-8e88-09950ad4dfde} [2013.07.04 14:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\Firefox\Profiles\iix0erxk.default\extensions [2013.07.03 08:49:07 | 000,000,000 | ---D | M] ("Mein Gutscheincode") -- C:\Users\Hilli\AppData\Roaming\mozilla\Firefox\Profiles\iix0erxk.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com [2013.07.03 08:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\Firefox\Profiles\iix0erxk.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\extensionCode [2013.07.04 14:53:30 | 000,021,861 | ---- | M] () (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\firefox\profiles\iix0erxk.default\extensions\gmailnoads@mywebber.com.xpi [2013.07.04 14:53:30 | 000,009,689 | ---- | M] () (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\firefox\profiles\iix0erxk.default\extensions\info@skymeissner.com.xpi [2013.07.04 14:53:10 | 000,169,613 | ---- | M] () (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\firefox\profiles\iix0erxk.default\extensions\jid0-AocRXUCRsLTCYvn6bgJERnwfuqw@jetpack.xpi [2013.07.04 14:53:30 | 000,122,054 | ---- | M] () (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\firefox\profiles\iix0erxk.default\extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi [2013.07.04 14:53:30 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\firefox\profiles\iix0erxk.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013.07.04 14:53:30 | 000,011,097 | ---- | M] () (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\firefox\profiles\iix0erxk.default\extensions\{87eab3b7-a707-4459-99ae-c2fa06cfa36b}.xpi [2013.05.16 09:51:58 | 000,117,280 | ---- | M] () (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\firefox\profiles\iix0erxk.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2012.10.06 11:53:35 | 000,003,915 | ---- | M] () -- C:\Users\Hilli\AppData\Roaming\mozilla\firefox\profiles\iix0erxk.default\searchplugins\sweetim.xml [2012.10.15 15:36:30 | 000,002,399 | ---- | M] () -- C:\Users\Hilli\AppData\Roaming\mozilla\firefox\profiles\iix0erxk.default\searchplugins\Web Search.xml [2013.07.03 08:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.03 08:52:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.07.02 11:14:39 | 000,004,710 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\TUBESAVER\116.XPI [2013.06.14 20:31:18 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF O1 HOSTS File: ([2013.02.14 23:17:23 | 000,000,899 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 update.ross-tech.com O1 - Hosts: 127.0.0.1 update.ross-tech.de O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found. O2 - BHO: (Mein Gutscheincode) - {11111111-1111-1111-1111-110211941181} - C:\Program Files (x86)\Mein Gutscheincode\Mein Gutscheincode-bho.dll (Mein Gutscheincode GmbH) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (TubeSaver) - {E7673D9C-270D-4805-B619-5556A9977909} - C:\Program Files (x86)\TubeSaver\116.dll (istqt Soft) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4169407878-62748205-3410115502-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-4169407878-62748205-3410115502-1000..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SE8C8.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-21-4169407878-62748205-3410115502-1000..\Run: [EPSON249022 (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S141C.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-21-4169407878-62748205-3410115502-1000..\Run: [Glary Memory Optimizer] C:\Program Files (x86)\Glary Utilities\memdefrag.exe (Glarysoft Ltd) O4 - HKU\S-1-5-21-4169407878-62748205-3410115502-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-4169407878-62748205-3410115502-1000..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A09D798D-7B9E-45A7-9AD9-1AFF74F5DABC}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC9F6373-993E-4EF7-849F-F5836E92EBBC}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\brx - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\brx {9C160F90-74D1-11D3-AB60-0060977C1F29} - C:\Program Files (x86)\Bricsys\BricsCAD V13\BrxProtIE.dll (BricsCad) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.03.23 11:39:56 | 000,173,056 | ---- | M] (Autofac Project - hxxp://autofac.org) - E:\Autofac.dll -- [ FAT32 ] O32 - AutoRun File - [2012.11.07 01:07:00 | 000,046,080 | ---- | M] () - E:\AutoRunCE.exe -- [ FAT32 ] O32 - AutoRun File - [2011.10.10 15:54:08 | 002,290,144 | R--- | M] () - G:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2011.10.09 16:23:34 | 000,000,047 | R--- | M] () - G:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2011.10.09 16:23:34 | 000,224,630 | R--- | M] () - G:\autorun.ico -- [ CDFS ] O32 - AutoRun File - [2013.02.23 22:33:57 | 000,000,000 | ---D | M] - K:\Autodesk -- [ NTFS ] O33 - MountPoints2\{5fe3c75f-e2e4-11e2-aa17-001bb95c54d1}\Shell - "" = AutoRun O33 - MountPoints2\{5fe3c75f-e2e4-11e2-aa17-001bb95c54d1}\Shell\AutoRun\command - "" = H:\Startme.exe O33 - MountPoints2\{f0cf54a8-4da8-11e2-8680-001bb95c54d1}\Shell - "" = AutoRun O33 - MountPoints2\{f0cf54a8-4da8-11e2-8680-001bb95c54d1}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2011.10.10 15:54:08 | 002,290,144 | R--- | M] () O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.03 08:52:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.07.02 22:18:36 | 000,000,000 | ---D | C] -- C:\Users\Hilli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools [2013.07.02 22:18:20 | 000,000,000 | ---D | C] -- C:\Users\Hilli\AppData\Local\Android [2013.07.02 12:25:06 | 000,000,000 | ---D | C] -- C:\Users\Hilli\.android [2013.07.02 12:25:02 | 000,000,000 | ---D | C] -- C:\Users\Hilli\.swt [2013.07.02 12:24:26 | 000,000,000 | ---D | C] -- C:\Users\Hilli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool [2013.07.02 12:22:17 | 000,000,000 | ---D | C] -- C:\Flashtool [2013.07.02 11:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.07.02 11:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.07.02 11:35:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.07.02 11:14:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mein Gutscheincode [2013.07.02 11:14:50 | 000,000,000 | ---D | C] -- C:\Users\Hilli\AppData\Roaming\MyPhoneExplorer [2013.07.02 11:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer [2013.07.02 11:14:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TubeSaver [2013.07.02 11:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPhoneExplorer [2013.07.02 10:17:24 | 000,000,000 | ---D | C] -- C:\Users\Hilli\Desktop\files [2013.07.01 02:18:35 | 000,000,000 | ---D | C] -- C:\Users\Hilli\Desktop\Vergiss mich nicht [2013.06.25 19:12:49 | 000,000,000 | ---D | C] -- C:\Users\Hilli\Podcasts [2013.06.25 19:12:49 | 000,000,000 | ---D | C] -- C:\Users\Hilli\Documents\Media Go [2013.06.25 19:12:14 | 000,000,000 | ---D | C] -- C:\Users\Hilli\AppData\Local\Sony [2013.06.25 19:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared [2013.06.25 19:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2013.06.25 19:11:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Media Go Install [2013.06.25 19:11:16 | 000,000,000 | ---D | C] -- C:\Users\Hilli\AppData\Roaming\Sony [2013.06.25 17:38:16 | 000,000,000 | ---D | C] -- C:\Users\Hilli\Desktop\Stina [2013.06.24 21:12:49 | 000,000,000 | ---D | C] -- C:\Users\Hilli\Desktop\poiw-data [2013.06.22 10:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter [2013.06.22 10:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SDA [2013.06.22 10:56:20 | 000,000,000 | ---D | C] -- C:\Users\Hilli\AppData\Local\Downloaded Installations [2013.06.17 13:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.06.17 13:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.17 13:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.06.17 13:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.06.17 13:22:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.06.17 13:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2013.06.15 01:28:23 | 000,000,000 | ---D | C] -- C:\Users\Hilli\Documents\Dokumentation für Hillis Gerät 2 [2013.06.15 00:24:34 | 000,000,000 | ---D | C] -- C:\Users\Hilli\Desktop\GoPal_5.5 [2013.06.14 22:57:05 | 000,000,000 | ---D | C] -- C:\Users\Hilli\Documents\Dokumentation für Hillis Gerät ========== Files - Modified Within 30 Days ========== [2013.07.11 16:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.11 12:01:03 | 001,621,308 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.11 12:01:03 | 000,700,168 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.11 12:01:03 | 000,654,880 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.11 12:01:03 | 000,148,964 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.11 12:01:03 | 000,121,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.11 11:04:13 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\TubeSaver Update.job [2013.07.11 10:44:14 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.11 10:44:14 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.11 09:00:36 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013.07.11 09:00:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.11 09:00:20 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2013.07.05 12:17:33 | 000,000,017 | ---- | M] () -- C:\Users\Hilli\AppData\Local\resmon.resmoncfg [2013.07.03 20:52:55 | 000,458,870 | ---- | M] () -- C:\Users\Hilli\Desktop\1009609_10151522479447921_930858658_o.jpg [2013.07.02 19:38:45 | 000,308,256 | ---- | M] () -- C:\Users\Hilli\Desktop\Anleitung Handy.jpg [2013.07.02 12:57:06 | 000,101,173 | ---- | M] () -- C:\Users\Hilli\Desktop\Xperia_Relock_bootloader.ftf [2013.07.02 11:57:27 | 001,031,879 | ---- | M] () -- C:\Users\Hilli\Documents\Backup Xperia ARC_ 2013-07-02.mpb [2013.07.02 11:30:58 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013.07.02 11:29:32 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.07.02 11:29:32 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.07.02 11:14:48 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2013.07.01 19:09:00 | 000,001,633 | ---- | M] () -- C:\Users\Hilli\Documents\image007.gif [2013.06.27 22:21:54 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.06.27 22:21:54 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.06.27 22:21:54 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.06.27 22:21:54 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum [2013.06.27 22:21:54 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum [2013.06.27 22:21:54 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum [2013.06.25 19:12:35 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Media Go.lnk [2013.06.22 10:57:57 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter.lnk [2013.06.17 13:23:38 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.06.14 22:57:04 | 000,000,910 | ---- | M] () -- C:\Users\Hilli\Desktop\Windows Mobile-Gerätecenter.lnk [2013.06.14 20:31:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.06.12 21:48:04 | 001,598,202 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2013.07.05 12:17:33 | 000,000,017 | ---- | C] () -- C:\Users\Hilli\AppData\Local\resmon.resmoncfg [2013.07.03 20:52:53 | 000,458,870 | ---- | C] () -- C:\Users\Hilli\Desktop\1009609_10151522479447921_930858658_o.jpg [2013.07.02 19:35:38 | 000,308,256 | ---- | C] () -- C:\Users\Hilli\Desktop\Anleitung Handy.jpg [2013.07.02 12:57:04 | 000,101,173 | ---- | C] () -- C:\Users\Hilli\Desktop\Xperia_Relock_bootloader.ftf [2013.07.02 11:57:27 | 001,031,879 | ---- | C] () -- C:\Users\Hilli\Documents\Backup Xperia ARC_ 2013-07-02.mpb [2013.07.02 11:29:32 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.07.02 11:29:32 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.07.02 11:14:48 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2013.07.02 11:14:39 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\TubeSaver Update.job [2013.07.01 19:09:00 | 000,001,633 | ---- | C] () -- C:\Users\Hilli\Documents\image007.gif [2013.06.27 22:21:54 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum [2013.06.26 23:56:25 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum [2013.06.26 23:56:24 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum [2013.06.25 19:12:35 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Media Go.lnk [2013.06.24 13:44:51 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013.06.22 10:57:57 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\SDFormatter.lnk [2013.06.17 13:23:38 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.06.14 22:57:04 | 000,000,910 | ---- | C] () -- C:\Users\Hilli\Desktop\Windows Mobile-Gerätecenter.lnk [2013.03.14 16:23:34 | 000,083,186 | ---- | C] () -- C:\Users\Hilli\ESt2011_Tresp_Theresa.elfo [2013.03.14 14:05:59 | 000,158,492 | ---- | C] () -- C:\Users\Hilli\ESt2012_Just_Theresa_und_Hiller_Mario.elfo [2013.02.04 23:41:13 | 000,168,482 | ---- | C] () -- C:\Users\Hilli\MarioESt2012.elfo [2012.10.05 16:36:25 | 001,598,202 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.10.05 15:47:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.04 07:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.04 07:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.04.18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.08 23:28:24 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\AlcaTech [2013.05.22 22:47:05 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\Autodesk [2013.04.14 16:48:13 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\Bricsys [2013.06.09 14:26:06 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.02.23 20:46:31 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\conkeror.mozdev.org [2013.05.04 10:35:01 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\DAEMON Tools Lite [2013.05.03 20:49:23 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\Dropbox [2013.02.04 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\elsterformular [2012.10.11 13:40:12 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\EPSON [2013.06.02 12:04:46 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\Glarysoft [2013.05.18 19:57:37 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\GoPal Assistant [2013.07.02 12:07:25 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\MyPhoneExplorer [2012.11.06 23:26:20 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\OpenCandy [2013.06.09 14:48:57 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\PDAppFlex [2013.06.25 19:12:47 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\Sony [2013.02.22 22:47:01 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\TeamViewer [2013.04.04 22:02:53 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\Ubisoft ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A1EDB939 < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.07.2013 14:05:56 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XXXXXXXXX\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16618) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 47,80% Memory free 8,00 Gb Paging File | 5,71 Gb Available in Paging File | 71,39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 141,84 Gb Total Space | 41,85 Gb Free Space | 29,51% Space Free | Partition Type: NTFS Drive D: | 113,08 Gb Total Space | 16,67 Gb Free Space | 14,74% Space Free | Partition Type: NTFS Drive E: | 111,75 Gb Total Space | 49,32 Gb Free Space | 44,14% Space Free | Partition Type: FAT32 Drive G: | 5,23 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive K: | 156,25 Gb Total Space | 31,16 Gb Free Space | 19,95% Space Free | Partition Type: NTFS Computer Name: XXXXXXXXX-PC | User Name: XXXXXXXXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{024B6468-77EC-455B-A72C-6CFB2EDA457F}" = lport=445 | protocol=6 | dir=in | app=system | "{07F66EDA-A287-477F-9483-18DEAB35446F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0B805628-B736-4053-B4EF-1DB4F2DFBC52}" = lport=137 | protocol=17 | dir=in | app=system | "{0E94876A-CD6D-4CB3-A653-18D9F8FB5B2D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{146DCA7A-AE2A-4CA9-9B9B-8235D97C992A}" = rport=139 | protocol=6 | dir=out | app=system | "{2571C3A2-DCE1-4C8B-9ED6-3C6C3FADA75D}" = rport=137 | protocol=17 | dir=out | app=system | "{38752127-5C74-4564-9315-F695893FD392}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{39E29446-0B6F-4D91-8ACC-6A053CB3E368}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3C608C28-DD79-429D-BD90-49B18DBCA2E1}" = lport=139 | protocol=6 | dir=in | app=system | "{47F39740-E391-4EB7-A7B4-2DB4286EB991}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5D969C65-E88E-44D9-9CDF-A21AE5FCA1C8}" = rport=138 | protocol=17 | dir=out | app=system | "{645C8061-646F-435E-9DD1-F4610E766AA3}" = lport=10243 | protocol=6 | dir=in | app=system | "{6BDC0AAA-08AA-4DC0-A9C9-86F0A4F8DE62}" = rport=10243 | protocol=6 | dir=out | app=system | "{76618528-05E0-4101-B0C0-9D5079053EF3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{7A5B36E5-CF4A-4870-9ABF-3503D4F3C89F}" = lport=2869 | protocol=6 | dir=in | app=system | "{8A927F1C-644C-4A9B-AF7E-CDEE3ED9C53E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9920D7CD-8B9C-423A-AEBD-6935A2F9D443}" = rport=445 | protocol=6 | dir=out | app=system | "{AB661C35-154E-4E97-BA23-594F569F502D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AE26106B-0B62-404B-8B53-777D1217B99C}" = lport=138 | protocol=17 | dir=in | app=system | "{B1520DEE-FC76-44EC-AACC-1DBE4C99A75D}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service | "{D5D36E1E-773D-4D13-A645-A0D74EB3AAFE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D6953002-764F-4ACB-B45B-C509E030B773}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DE38887F-7510-4F32-97AF-B54180C93856}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E0A98CDC-A922-4E0C-AD51-70283A0CE365}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F5A33FD5-CCA0-4226-A806-916B0931AB3E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02DA0A87-018B-4CF3-A338-524970C6BFE8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "{1493D1E5-648A-4574-A876-D1A243AAA2A7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{14B48938-4666-4280-B09D-4D9ECF504FC9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{15C3CA97-F04C-459A-A15A-B2EA11124BD2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe | "{19EAC54F-661C-41FA-8951-06B2C1FE260E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1EE046CA-5858-4875-A134-12C4BD0D1C06}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{1EEDA08E-60B8-496E-BDBB-CF2EE78496EB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{24B7A174-5B74-4FE7-92F4-52897DC29FC0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{27DE7061-6082-4208-A7E0-0050C8C9122C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{2B87932E-F689-40FF-9500-0114B20CBCED}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{333DC20B-C3C9-4ADB-A0D0-4470AFBC5D8C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{334880F3-745E-4075-BCD3-88E1339F4397}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{33E14E41-8C35-4EFF-ADC0-BF9FB8A6AFD1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{35A25940-26AC-449F-8776-DEAD4915F555}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4A65F3B8-6849-4880-9506-BA449171323A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4F30F5E2-AD35-4127-B5AE-57B3AE45D888}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{540E1D19-1C71-4B93-9705-329329D2484B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5625B3B7-5E3D-49E0-AA1C-C47DDC28D4EF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{594D2040-7B59-49E3-9AF1-3E92CC0A713E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{5A97E8FB-BF70-4BCD-9AC5-F48B00FEEE40}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5C8373DC-61C0-4B43-A744-081D07971BC4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5C9DF7CB-11EA-4730-BC1F-61C11BD73E13}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{5FC24A54-E8A7-44AD-9052-CB5AA289437D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{633F337F-A675-4A3E-850C-AF6D765E09F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6474D661-CF01-4F1B-AFCF-61B815B8905E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6843608D-72F4-4378-82BC-019F9D403BEC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{68D0C8A6-7771-424C-9E2E-8F176EFCBDCE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{68D506C9-A70E-4708-89D0-B41BB77DDBC6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe | "{6957EE61-4C73-4CEE-8C57-FDDDC9861BA3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{6E443032-0FA6-481E-91BA-2DDEEFF0D12D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{73F747ED-43A5-4F87-88F2-BC4EC4FF50C8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{75C1FEEA-74DB-4C50-B939-C1BA9314CDEE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{8160E9D4-C116-433D-913F-6B70238B1627}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{85696775-8506-4179-8E94-968C4B818975}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8C6A27D6-C28D-4330-B0AA-BF5CD70AC3C1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8C7CBC05-CFDF-4DCD-9AD4-5D86F9F88F7C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{8E36E6FD-D44F-4042-AC68-49652303DF80}" = protocol=17 | dir=in | app=c:\users\hilli\appdata\roaming\dropbox\bin\dropbox.exe | "{958AED33-F896-408D-812E-2E3DBE4491EB}" = protocol=6 | dir=in | app=c:\users\hilli\appdata\roaming\dropbox\bin\dropbox.exe | "{9AF3C1B6-7387-4BC6-8B13-5C4305483BC5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A5BD2DD4-C186-4E85-A8E6-BF92FD80D101}" = protocol=6 | dir=out | app=system | "{AA49CE38-4FB6-45C1-B7FF-7DB14791F2D0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{B3B066E9-5A2E-4A9F-A09A-C6A2C69C1650}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B4898B1A-DFC3-4274-843B-1B2361320438}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe | "{B6E4D15D-F4FC-4F42-9AA9-41960E4CDE94}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B8E86A59-DF0C-45D3-A08F-77364128B452}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe | "{B9D8A05B-DAA6-4A21-A009-DD36A746D771}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BA621AF4-44DD-41B1-83C2-EAF627944904}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BB7DAA1A-41D6-496C-BC7C-04861D40A7C2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BD2C523B-A199-4E6C-A65D-B42B2AEEFB78}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C21D3AA8-3308-4670-8E9B-A9EC95BECB11}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C56E9DF0-B04E-4498-A3F1-495F85F9FFF1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C5F8DF10-2D21-46EA-A94A-EB6B260E8B53}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{CB761DCB-C689-445A-B729-121CD34F5B2D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe | "{CBAB10BC-CAED-47A1-8FC3-13B43D2F9E36}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CBC3C8A5-A1A0-4062-AD23-BD114D35D2E3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{D0E1DB85-A90C-4F0B-9269-1480F11334ED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D146F204-F6C6-49B0-A99C-F997AD788143}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D495F957-256D-4F86-8C42-7E51D21E3379}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D4FAB894-7524-4D0F-8DE5-BE2A02CDDC3B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DBC82EC7-46F9-47EB-B6A9-8A9C7C477C72}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{DBD39AD2-F887-45D4-947B-0CBB4CDCB0CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DDDCE87C-E2C8-47E4-AD4B-E5EE96288220}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "{DDF6568A-01C5-4B68-A48F-C6F395DB8C30}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E37552CB-593A-403E-B04E-F71A57A76521}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E37DD6CE-981B-45F4-8D30-3AC7AAF040B8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E62D2220-BB1F-414F-98D9-5367C5F195E9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EAB48D40-C7B2-42E9-BEB3-EC379E06006D}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{ECB5B053-0812-4CF5-83B5-68D6047F0658}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{ECEEA93B-6784-4900-8ADC-798B0B030FAA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{ED093657-363A-43A3-B281-CDA3509B213A}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe | "{ED22DDCA-8B2F-492E-A1BC-6E31D37AC0D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EDE1073D-C2E7-4225-B0AC-48972979CD68}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EF276E81-A9B4-4142-B39C-114E03DDABC2}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | "{F3A4D7BB-5023-4263-926D-F4EF239C5EB6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F3E59B0D-C580-4D79-B5CD-201A58C9172C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F5F1C1A4-4660-4C62-AD97-B7C6250C5570}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F634A791-476D-4515-B0C5-E01A89D42DFA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F775AFB6-7E51-42E8-B5C6-A722E0DC8E65}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | "{FE21F285-39F4-4826-8451-EEA109AE404B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "TCP Query User{907E7403-CD0F-4B55-B3C6-1D85C9E8F6CF}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{A8DC275A-18AF-4A27-90C7-3E6EEA993ED2}C:\users\hilli\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\hilli\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{AB58217F-34DC-4758-9FC4-932735FDE9CF}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | "TCP Query User{B2437E4C-74B5-4D3D-BC77-6165E9FD1BE0}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{D853E05B-F0C9-49A7-AFAD-69E4F5D66228}C:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "UDP Query User{303F587C-C69B-40EB-A4F6-B6CBA9E16875}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{6EA0AFE2-5D99-4CF9-AEDD-4408907A70A9}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{9218C220-3685-4973-9C53-F913CBEDD651}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | "UDP Query User{ADCAFF3B-83BE-4069-80B4-323015C8B970}C:\users\hilli\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\hilli\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{F8974E75-A9AE-4C0E-935C-92EFE4DC6159}C:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{08BCFE15-8AA1-4A58-B018-4FEF486BA922}" = Autodesk Inventor Fusion for Inventor 2013 Add-in "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1012456A-D118-37E0-E837-34AA28602013}" = AMD Drag and Drop Transcoding "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{266597A9-1764-0000-0100-DCBF2B69166B}" = Autodesk Vault Basic 2013 (Client) German Language Pack "{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit) "{2C5927BD-3F65-4207-8FB5-8EDF638A3511}_is1" = SmartPCFixer 4.2 "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4F2B8F3E-70FA-AA71-4526-3BFDEDE502EF}" = AMD Fuel "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5783F2D7-B006-0000-0102-0060B0CE6BBA}" = AutoCAD MEP 2013 - Deutsch (German) "{5783F2D7-B006-0407-1102-0060B0CE6BBA}" = AutoCAD MEP 2013 Language Pack - Deutsch "{5783F2D7-B006-0407-2102-0060B0CE6BBA}" = AutoCAD MEP 2013 - Deutsch (German) "{5783F2D7-B028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2013 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{68CA3A47-3F7E-0E92-DC0D-5B0C02D9AFAD}" = ccc-utility64 "{6BB150E8-6CBB-5F8F-CAE7-BE21B2C92D31}" = AMD Accelerated Video Transcoding "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud "{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes "{792A9A32-718A-40D1-9867-A903F76AE2F8}" = Eco Materials Adviser for Autodesk Inventor 2013 "{7F4DD591-1764-0001-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2013 "{7F4DD591-1764-0001-1031-7107D70F3DB4}" = Autodesk Inventor Professional 2013 Language Pack - Deutsch (German) "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{914F7627-B645-9895-F723-BAEAAC865E75}" = AMD Catalyst Install Manager "{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B46DECD1-1764-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2013 (Desktop Content) "{CF526A26-1764-0000-0000-02E95019B628}" = Autodesk Vault Basic 2013 (Client) "{D25FF5C1-1764-469A-9794-69309387C193}" = Schnell-Deinstallations-Tool für Autodesk Inventor 2013 "{DA3372D5-F228-5C71-3FAC-177D4AEE8659}" = AMD Media Foundation Decoders "{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013 "4C8545EEB6143B6AD3858B5D1E0AEE76040B1435" = Windows-Treiberpaket - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24) "6849F67BACD4DA5A5B9D46803E6850D0BE8B3826" = Windows-Treiberpaket - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24) "8D0D8EE2347DC7FE9BD534792E76CD8F22681D44" = Windows-Treiberpaket - TERRATEC Cinergy C/S2 PCI Infrared (05/21/2010 1.00.03.201) "AutoCAD MEP 2013 - Deutsch (German)" = AutoCAD MEP 2013 - Deutsch (German) "Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013 "Autodesk Inventor Professional 2013" = Autodesk Inventor Professional 2013 Deutsch (German) "CB911E83C421B81249FF40C42D1544261A839B84" = Windows-Treiberpaket - TERRATEC Cinergy C PCI (11/18/2010 1.01.02.501) "CCleaner" = CCleaner "DWG TrueView 2013" = DWG TrueView 2013 "EPSON SX420W Series" = Druckerdeinstallation für EPSON SX420W Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "VLC media player" = VLC media player 2.0.2 "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0071820F-09B0-4998-8320-F89629DCBC99}" = Nero BackItUp "{03D45A4B-D7F5-C03E-1650-885756303D13}" = CCC Help Norwegian "{04AE3BBC-ABFF-42CC-9F90-5B35D229328A}" = Gtk# for .Net 2.12.10 "{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media "{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM) "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM) "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013 "{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013 "{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}" = SDFormatter "{1943C3BD-4462-4612-92C3-D36DD917C447}" = Nero Recode "{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic "{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM) "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs "{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013 "{284E9E9A-D8BE-3588-D0BA-E9BB61970A1D}" = CCC Help Hungarian "{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM) "{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic "{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2 "{30E18A93-982E-AF1B-D646-E8C5DAECA390}" = CCC Help French "{362AB21A-E2C4-40CE-81C2-8C4D62B0635A}" = Media Go "{39D61CBB-81C7-43CF-BB70-6BB620FBD10A}" = BricsCAD 13.1 "{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{4021F8B5-E8BB-D0F9-AF28-4970013FAE3D}" = AMD VISION Engine Control Center "{470D66DF-B597-124E-EDCE-8B966AA5F230}" = CCC Help Portuguese "{483924A6-52C5-9169-0280-14272D5FBA70}" = CCC Help Chinese Standard "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{54215B8A-6212-8DB8-39B4-98EE2BB98BD1}" = Media Go Video Playback Engine 1.116.104.02020 "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01) "{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01) "{560FC78C-A4B2-461D-9B47-820C1EEF87B8}" = Nero 12 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57AE1BE1-24E8-4169-D52C-ABE31BD91562}" = CCC Help Finnish "{592ED299-14EF-4C0E-93B4-B687CD5A2EBE}_is1" = posterXXL.de Bestellsoftware 4.80 "{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM "{5A775CBD-03A6-4832-820C-20C0DC57E2E5}" = Cinergy C PCI HD Driver Installation (64 Bit) "{5B5745F7-23EF-9E5E-6689-512C9FA08222}" = CCC Help English "{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM) "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{60597b3f-d714-4f4e-8094-be088a31ff25}" = TubeBox "{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013 "{625031C9-E249-2A53-C282-C1E9872B211E}" = CCC Help Turkish "{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service "{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack "{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}" = Die Siedler 7 "{655E0B5A-7ADF-A052-587F-64F0E59B58E7}" = CCC Help Dutch "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{6B68D0AD-880A-4862-928A-2830037BE50E}" = TubeBox "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74437563-D720-0307-90FC-1C351B1041D7}" = Catalyst Control Center Localization All "{789A4D10-821B-3FA5-52B0-F0FAEEDED9F4}" = CCC Help Czech "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BA14A92-C229-5E00-3ADE-8D22F81B849E}" = CCC Help German "{80A5B901-C7BD-D300-17BA-9E02F18EAB77}" = CCC Help Danish "{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience) "{82F505E6-5879-B30A-12B7-7795969D3BBB}" = CCC Help Polish "{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}" = Nero Video "{8476003F-6927-8393-C6F4-FAF47D61D00B}" = CCC Help Korean "{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express "{86847081-B387-4F49-AED1-C9B0A090D66C}" = Nero Recode Help (CHM) "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89A2D79E-B3AD-A83A-795F-5645EFF922D3}" = CCC Help Greek "{89C0F58F-9E5B-2B45-D9DF-7988A54BECA8}" = CCC Help Italian "{8B91D776-792D-F02B-DE43-BF398549C729}" = CCC Help Spanish "{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58 "{983BE967-28E9-5C78-8851-638DAC4AF66E}" = CCC Help Swedish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CCB8F6D-33FC-4E79-8616-7BE5DF32A955}" = BPM-Studio 4 Demo "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR "{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player "{A6C8CD51-1AE4-474D-BA2D-125CDBEADD03}" = MEDION GoPal Assistant "{A707240D-18D3-07F4-AE2E-6AE76C220192}" = CCC Help Japanese "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{A86DDB5D-FB15-4C7E-8838-849493A45DF8}_is1" = Catan 1.0 "{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter "{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch "{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic "{AEB61F7A-4BBA-4292-A096-7893E09034A4}" = Steuer-Spar-Erklärung 2013 "{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager "{B128179D-A5E1-43AC-9422-12A109ECD2A0}" = Nero Video Help (CHM) "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070 "{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent "{B95AC87D-630B-603F-3F12-AA22B3BBA69C}" = CCC Help Chinese Traditional "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components "{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM) "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3 "{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant "{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{EB1C554C-5343-9A69-1B8C-666AF192CA19}" = CCC Help Russian "{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM) "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.165 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F32D24DD-D787-10F9-D21E-BC3FAB3064CB}" = Catalyst Control Center Graphics Previews Common "{F8D90583-7BB5-75A9-B23F-A353AD4674BC}" = CCC Help Thai "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "5513-1208-7298-9440" = JDownloader 0.9 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Android SDK Tools" = Android SDK Tools "Autodesk Content Service" = Autodesk Content Service "Autodesk Design Review 2013" = Autodesk Design Review 2013 "Autodesk Vault Basic 2013 (Client)" = Autodesk Vault Basic 2013 (Client) "avast" = avast! Free Antivirus "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "DAEMON Tools Lite" = DAEMON Tools Lite "DVBViewer TERRATEC Edition_is1" = DVBViewer TERRATEC Edition "ElsterFormular" = ElsterFormular "EPSON Scanner" = EPSON Scan "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50 "Flashtool" = Flashtool "Glary Utilities_is1" = Glary Utilities 2.56.0.1822 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Mein Gutscheincode" = Mein Gutscheincode "Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MPE" = MyPhoneExplorer "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "RocketDock_is1" = RocketDock 1.3.5 "SpeedFan" = SpeedFan (remove only) "TeamViewer 8" = TeamViewer 8 "Tubesaver@istqt.co" = TubeSaver "Wubi" = Linux Mint ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11.03.2013 08:30:12 | Computer Name = XXXXXXXX-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11.03.2013 08:30:13 | Computer Name = XXXXXXXX-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9812 Error - 11.03.2013 08:30:13 | Computer Name = XXXXXXXX-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9812 Error - 11.03.2013 09:45:25 | Computer Name = XXXXXXXX-PC | Source = WinMgmt | ID = 10 Description = Error - 11.03.2013 16:05:45 | Computer Name = XXXXXXXX-PC | Source = WinMgmt | ID = 10 Description = Error - 12.03.2013 03:39:10 | Computer Name = XXXXXXXX-PC | Source = WinMgmt | ID = 10 Description = Error - 12.03.2013 10:26:01 | Computer Name = XXXXXXXX-PC | Source = WinMgmt | ID = 10 Description = Error - 13.03.2013 05:04:57 | Computer Name = XXXXXXXX-PC | Source = WinMgmt | ID = 10 Description = Error - 13.03.2013 08:26:42 | Computer Name = XXXXXXXX-PC | Source = WinMgmt | ID = 10 Description = Error - 13.03.2013 15:19:06 | Computer Name = XXXXXXXX-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 10.07.2013 14:22:11 | Computer Name = XXXXXXXX-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst System Store erreicht. Error - 10.07.2013 14:22:11 | Computer Name = XXXXXXXX-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "System Store" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 10.07.2013 14:22:40 | Computer Name = XXXXXXXX-PC| Source = DCOM | ID = 10016 Description = Error - 11.07.2013 03:00:30 | Computer Name = XXXXXXXX-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 11.07.2013 03:00:30 | Computer Name = XXXXXXXX-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 11.07.2013 03:00:33 | Computer Name = XXXXXXXX-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 11.07.2013 03:00:33 | Computer Name = XXXXXXXX-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 11.07.2013 03:01:06 | Computer Name = XXXXXXXX-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst System Store erreicht. Error - 11.07.2013 03:01:06 | Computer Name = XXXXXXXX-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "System Store" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 11.07.2013 03:01:35 | Computer Name = XXXXXXXX-PC| Source = DCOM | ID = 10016 Description = < End of report > Wer kann mir helfen und sagen was bei mir falsch läuft????? Ich Bedanke mich jetzt schon mal für die Hilfe!! |
11.07.2013, 16:52 | #2 |
/// the machine /// TB-Ausbilder | mail delivery failed: returning message to sender im gmx account hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
11.07.2013, 18:17 | #3 |
| mail delivery failed: returning message to sender im gmx account Malwarebytes:
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.11.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Hilli :: XXXXXXXX-PC [limitiert] 11.07.2013 17:21:17 MBAM-log-2013-07-11 (18-54-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|K:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 515576 Laufzeit: 1 Stunde(n), 32 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 8 C:\Program Files (x86)\Autodesk\Autodesk Design Review 2013\xf-adsk2013_x64.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Autodesk\Autodesk Design Review 2013\xf-invpro2013_x64.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Microsoft Office\bie_o10install64.exe (Hacktool.Keygen.KMS) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Microsoft Office\Office14\bie_o10install64.exe (Hacktool.Keygen.KMS) -> Keine Aktion durchgeführt. E:\Bootable.USB.New\Bootable.USB.New\OPTION - 2 for XP and Vista\MULTI_CONTENT\wintools\othertools\ProduKey.exe (PUP.PSWTool.ProductKey) -> Keine Aktion durchgeführt. K:\Neuer Ordner (2)\Autodesk.Inventor.Pro.2013.WIN64.German-XFORCE\Keygen+Serial\Autodesk 2013 Keygen.rar (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. K:\Neuer Ordner (2)\Autodesk.Inventor.Pro.2013.WIN64.German-XFORCE\Keygen+Serial\xf-invpro2013_x32.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. K:\Neuer Ordner (2)\Autodesk.Inventor.Pro.2013.WIN64.German-XFORCE\Keygen+Serial\xf-invpro2013_x64.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. (Ende) Farbar Recovery Scan Tool (x64) Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2013 Ran by Hilli at 2013-07-11 18:51:49 Running from C:\Users\Hilli\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= AAVUpdateManager (x32 Version: 18.00.0000) Adobe Acrobat XI Pro (x32 Version: 11.0.00) Adobe AIR (x32 Version: 3.7.0.1860) Adobe Download Assistant (x32 Version: 1.2.6) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) AMD Accelerated Video Transcoding (Version: 12.5.100.20704) AMD APP SDK Runtime (Version: 10.0.937.2) AMD Catalyst Install Manager (Version: 8.0.877.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Fuel (Version: 2012.0704.122.388) AMD Media Foundation Decoders (Version: 1.0.70704.0230) AMD VISION Engine Control Center (x32 Version: 2012.0704.122.388) Android SDK Tools (x32 Version: 1.16) ANNO 2070 (x32 Version: 1.0.0.0) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) AutoCAD MEP 2013 - Deutsch (German) (Version: 7.0.50.0) AutoCAD MEP 2013 Language Pack - Deutsch (Version: 7.0.50.0) Autodesk Content Service (x32 Version: 3.0.84.0) Autodesk Content Service Language Pack (x32 Version: 3.0.84.0) Autodesk Design Review 2013 (x32 Version: 13.0.0.82) Autodesk Inventor Content Center Libraries 2013 (Desktop Content) (Version: 17.0.13800.0000) Autodesk Inventor Fusion 2013 (Version: 2.0.0.206) Autodesk Inventor Fusion for Inventor 2013 Add-in (Version: 1.0.0.111) Autodesk Inventor Professional 2013 (Version: 17.0.13800.0000) Autodesk Inventor Professional 2013 Deutsch (German) (Version: 17.0.13800.0000) Autodesk Inventor Professional 2013 Language Pack - Deutsch (German) (Version: 17.0.13800.0000) Autodesk Material Library 2013 (x32 Version: 3.0.13) Autodesk Material Library Base Resolution Image Library 2013 (x32 Version: 3.0.13) Autodesk Material Library Low Resolution Image Library 2013 (x32 Version: 3.0.13) Autodesk Sync (Version: 3.5.24.0) Autodesk Vault Basic 2013 (Client) (Version: 17.0.61.0) Autodesk Vault Basic 2013 (Client) (x32 Version: 17.0.61.0) Autodesk Vault Basic 2013 (Client) German Language Pack (Version: 17.0.61.0) avast! Free Antivirus (x32 Version: 8.0.1489.0) Bonjour (Version: 3.0.0.10) BPM-Studio 4 Demo (x32 Version: 4.9.91) BricsCAD 13.1 (x32 Version: 13.1.22) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0704.122.388) Catalyst Control Center InstallProxy (x32 Version: 2012.0704.122.388) Catalyst Control Center Localization All (x32 Version: 2012.0704.122.388) Catan 1.0 (x32 Version: 1.0) CCC Help Chinese Standard (x32 Version: 2012.0704.0121.388) CCC Help Chinese Traditional (x32 Version: 2012.0704.0121.388) CCC Help Czech (x32 Version: 2012.0704.0121.388) CCC Help Danish (x32 Version: 2012.0704.0121.388) CCC Help Dutch (x32 Version: 2012.0704.0121.388) CCC Help English (x32 Version: 2012.0704.0121.388) CCC Help Finnish (x32 Version: 2012.0704.0121.388) CCC Help French (x32 Version: 2012.0704.0121.388) CCC Help German (x32 Version: 2012.0704.0121.388) CCC Help Greek (x32 Version: 2012.0704.0121.388) CCC Help Hungarian (x32 Version: 2012.0704.0121.388) CCC Help Italian (x32 Version: 2012.0704.0121.388) CCC Help Japanese (x32 Version: 2012.0704.0121.388) CCC Help Korean (x32 Version: 2012.0704.0121.388) CCC Help Norwegian (x32 Version: 2012.0704.0121.388) CCC Help Polish (x32 Version: 2012.0704.0121.388) CCC Help Portuguese (x32 Version: 2012.0704.0121.388) CCC Help Russian (x32 Version: 2012.0704.0121.388) CCC Help Spanish (x32 Version: 2012.0704.0121.388) CCC Help Swedish (x32 Version: 2012.0704.0121.388) CCC Help Thai (x32 Version: 2012.0704.0121.388) CCC Help Turkish (x32 Version: 2012.0704.0121.388) ccc-utility64 (Version: 2012.0704.122.388) CCleaner (Version: 4.01) Cinergy C PCI HD Driver Installation (64 Bit) (x32 Version: 1.01.02.501) DAEMON Tools Lite (x32 Version: 4.46.1.0327) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Die Siedler 7 (x32 Version: 1.11.1371) dows-Treiberpaket - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24) (Version: 04/10/2012 2.08.24) Dropbox (HKCU Version: 1.6.18) Druckerdeinstallation für EPSON SX420W Series DVBViewer TERRATEC Edition (x32) DWG TrueView 2013 (Version: 19.0.55.0) Eco Materials Adviser for Autodesk Inventor 2013 (Version: 3.9.12.0) ElsterFormular (x32 Version: 14.1.11318) Epson Easy Photo Print 2 (x32 Version: 2.3.2.0) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000) EPSON Scan (x32) EpsonNet Print (x32 Version: 2.4j) EpsonNet Setup 3.3 (x32 Version: 3.3a) EVEREST Ultimate Edition v5.50 (x32 Version: 5.50) FARO LS 1.1.406.58 (x32 Version: 4.6.58.2) Flashtool (x32 Version: 0.9.11.0) Glary Utilities 2.56.0.1822 (x32 Version: 2.56.0.1822) Gtk# for .Net 2.12.10 (x32 Version: 2.12.10) iCloud (Version: 2.1.2.8) iTunes (Version: 11.0.4.4) Java 7 Update 15 (64-bit) (Version: 7.0.150) Java 7 Update 17 (x32 Version: 7.0.170) Java Auto Updater (x32 Version: 2.1.9.0) JDownloader 0.9 (x32 Version: 0.9) Linux Mint (x32 Version: 14-rev266) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Media Go (x32 Version: 2.4.256) Media Go Video Playback Engine 1.116.104.02020 (x32 Version: 1.116.104.02020) MEDION GoPal Assistant (x32 Version: 6.2.0.12196) Mein Gutscheincode (x32 Version: 1.27.153.0) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MyPhoneExplorer (x32 Version: 1.8.4) Need for Speed™ Carbon (x32) Nero 12 (x32 Version: 12.0.02000) Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0) Nero BackItUp (x32 Version: 12.0.2001) Nero BackItUp Help (CHM) (x32 Version: 12.0.3000) Nero Blu-ray Player (x32 Version: 12.0.14300) Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.4000) Nero Burning ROM (x32 Version: 12.0.20000) Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000) Nero ControlCenter (x32 Version: 11.0.15200) Nero ControlCenter Help (CHM) (x32 Version: 12.0.5000) Nero Core Components (x32 Version: 11.0.18100) Nero Disc Menus Basic (x32 Version: 12.0.11500) Nero Effects Basic (x32 Version: 12.0.11500) Nero Express (x32 Version: 12.0.20000) Nero Express Help (CHM) (x32 Version: 12.0.5000) Nero Kwik Media (x32 Version: 1.18.18200) Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000) Nero Kwik Themes Basic (x32 Version: 12.0.11500) Nero PiP Effects Basic (x32 Version: 12.0.11500) Nero Recode (x32 Version: 12.0.24000) Nero Recode Help (CHM) (x32 Version: 12.0.4000) Nero RescueAgent (x32 Version: 12.0.9000) Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000) Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0) Nero Update (x32 Version: 11.0.11800.31.0) Nero Video (x32 Version: 12.0.3000) Nero Video Help (CHM) (x32 Version: 12.0.4000) neroxml (x32 Version: 1.0.0) PlayStation(R)Store (x32 Version: 4.14.6.15183) posterXXL.de Bestellsoftware 4.80 (x32) Prerequisite installer (x32 Version: 12.0.0002) RocketDock 1.3.5 (x32) Schnell-Deinstallations-Tool für Autodesk Inventor 2013 (Version: 17.0.13800.0000) SDFormatter (x32 Version: 3.0.0) SmartPCFixer 4.2 (Version: 4.2) Sony PC Companion 2.10.165 (x32 Version: 2.10.165) SpeedFan (remove only) (x32) Steuer-Spar-Erklärung 2013 (x32 Version: 18.04) TeamViewer 8 (x32 Version: 8.0.16642) TubeBox (x32 Version: 4.1.1.0) TubeSaver (x32) Ubisoft Game Launcher (x32 Version: 1.0.0.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2478063) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2478063) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553092) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) VBA (2627.01) (x32 Version: 6.03.00.9402) VBA (2701.01) (x32 Version: 6.03.00.9402) VLC media player 2.0.2 (Version: 2.0.2) Welcome App (Start-up experience) (x32 Version: 12.0.14000) Windows Mobile-Gerätecenter (Version: 6.1.6965.0) Windows Mobile-Gerätecenter: Treiberupdate (Version: 6.1.6965.0) Windows-Treiberpaket - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24) (Version: 04/10/2012 2.08.24) Windows-Treiberpaket - TERRATEC Cinergy C PCI (11/18/2010 1.01.02.501) (Version: 11/18/2010 1.01.02.501) Windows-Treiberpaket - TERRATEC Cinergy C/S2 PCI Infrared (05/21/2010 1.00.03.201) (Version: 05/21/2010 1.00.03.201) WinRAR 4.20 (64-Bit) (Version: 4.20.0) Yontoo 1.10.02 (Version: 1.10.02) ==================== Restore Points ========================= 02-07-2013 08:22:50 Windows Update 02-07-2013 09:26:34 Windows Update 03-07-2013 07:19:32 Windows Update 11-07-2013 07:37:15 Geplanter Prüfpunkt 11-07-2013 16:47:02 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-02-14 23:17 - 00000899 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 update.ross-tech.com 127.0.0.1 update.ross-tech.de ==================== Scheduled Tasks (whitelisted) ============= Task: {0688FE71-772D-4C09-B283-2C91CAB3BAB3} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {3D42A460-205D-497E-BC55-16992D12D8E3} - System32\Tasks\User_Feed_Synchronization-{4603B934-9A9F-464D-BED9-589F07EC3EA8} => C:\Windows\system32\msfeedssync.exe [2013-07-02] (Microsoft Corporation) Task: {66326839-AC6A-47CF-BFCE-6D66CF32BA05} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {6AAFAD5C-180D-4E0F-8583-95B21F912D31} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd) Task: {92D9CCB7-91B5-4DDC-B310-8AA909C4D0A4} - System32\Tasks\TubeSaver Update => C:\Program Files (x86)\TubeSaver\tbsUd.exe [2013-07-01] (istqt Soft) Task: {9B7FDD60-1681-4FFE-82D6-BF5B29B51AE9} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd) Task: {B6D3B5AF-BAE9-47D1-BF34-4A49C3AD306C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {DB3A76C3-A234-4376-9A5A-028B19CE0017} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-07-10] () Task: {E0BC580A-8C58-4201-A005-86D5ACB78ABD} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-07-10] () Task: {E5E95C3B-F1D6-4142-BA30-F27413DE4600} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe Task: C:\Windows\Tasks\TubeSaver Update.job => C:\Program Files (x86)\TubeSaver\tbsUd.exe ==================== Faulty Device Manager Devices ============= Name: avast! Firewall NDIS Filter Miniport Description: avast! Firewall NDIS Filter Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ALWIL Software Service: aswNdis Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/11/2013 09:02:13 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/10/2013 08:23:17 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2013 08:16:45 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/06/2013 05:06:23 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8377 Error: (07/06/2013 05:06:23 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8377 Error: (07/06/2013 05:06:23 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/06/2013 09:36:07 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/05/2013 09:03:47 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/05/2013 11:08:50 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/05/2013 09:43:12 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/11/2013 09:01:35 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/11/2013 09:01:06 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "System Store" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/11/2013 09:01:06 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst System Store erreicht. Error: (07/11/2013 09:00:33 AM) (Source: atikmdag) (User: ) Description: Display is not active Error: (07/11/2013 09:00:33 AM) (Source: atikmdag) (User: ) Description: CPLIB :: General - Invalid Parameter Error: (07/11/2013 09:00:30 AM) (Source: atikmdag) (User: ) Description: Display is not active Error: (07/11/2013 09:00:30 AM) (Source: atikmdag) (User: ) Description: CPLIB :: General - Invalid Parameter Error: (07/10/2013 08:22:40 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/10/2013 08:22:11 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "System Store" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/10/2013 08:22:11 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst System Store erreicht. Microsoft Office Sessions: ========================= Error: (07/11/2013 09:02:13 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/10/2013 08:23:17 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2013 08:16:45 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/06/2013 05:06:23 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8377 Error: (07/06/2013 05:06:23 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8377 Error: (07/06/2013 05:06:23 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/06/2013 09:36:07 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/05/2013 09:03:47 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/05/2013 11:08:50 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/05/2013 09:43:12 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 77% Total physical RAM: 4094.49 MB Available physical RAM: 906.66 MB Total Pagefile: 8187.17 MB Available Pagefile: 4320.23 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:141.84 GB) (Free:41.37 GB) NTFS (Disk=0 Partition=2) Drive d: (Daten) (Fixed) (Total:113.08 GB) (Free:16.67 GB) NTFS (Disk=1 Partition=2) Drive e: (DATEN) (Fixed) (Total:111.75 GB) (Free:49.32 GB) FAT32 (Disk=1 Partition=3) Drive g: (ANNO2070) (CDROM) (Total:5.23 GB) (Free:0 GB) CDFS Drive k: (Daten) (Fixed) (Total:156.25 GB) (Free:31.16 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 7B1A5705) Partition 1: (Active) - (Size=156 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=142 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 45C15BF1) Partition 1: (Not Active) - (Size=8 GB) - (Type=27) Partition 2: (Active) - (Size=113 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=112 GB) - (Type=OF Extended) ==================== End Of Log ============================ Farbar Recovery Scan Tool (FRST.txt) FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2013 Ran by Hilli (administrator) on 11-07-2013 18:48:15 Running from C:\Users\Hilli\Downloads Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe ( ) C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities\memdefrag.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Microsoft Corporation) C:\Windows\system32\DeviceDisplayObjectProvider.exe (Microsoft Corporation) C:\Windows\system32\DXPServer.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\mpas-d_bd_1.153.1309.0.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.) HKLM\...\Run: [Windows Mobile Device Center] - %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] - "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated) HKCU\...\Run: [RocketDock] - "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] () HKCU\...\Run: [EPSON SX420W Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SE8C8.tmp" /EF "HKCU" [x] <===== ATTENTION HKCU\...\Run: [EPSON249022 (Epson Stylus SX420W)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S141C.tmp" /EF "HKCU" [x] <===== ATTENTION HKCU\...\Run: [Sony PC Companion] - "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background [449248 2013-05-29] (Sony) HKCU\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3673728 2012-11-06] (DT Soft Ltd) HKCU\...\Run: [Glary Memory Optimizer] - "C:\Program Files (x86)\Glary Utilities\memdefrag.exe" /autostart [109856 2013-05-27] (Glarysoft Ltd) HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation) MountPoints2: H - H:\Startme.exe MountPoints2: {5fe3c75f-e2e4-11e2-aa17-001bb95c54d1} - H:\Startme.exe MountPoints2: {f0cf54a8-4da8-11e2-8680-001bb95c54d1} - G:\Autorun.exe HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-07-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [20992 2012-03-19] () HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [3477640 2012-09-23] (Adobe Systems Inc.) HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.) HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=hp&exp=true HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms} HKLM-x32 SearchScopes: DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms} SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms} HKCU SearchScopes: DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms} BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File BHO-x32: Mein Gutscheincode - {11111111-1111-1111-1111-110211941181} - C:\Program Files (x86)\Mein Gutscheincode\Mein Gutscheincode-bho.dll (Mein Gutscheincode GmbH) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: TubeSaver - {E7673D9C-270D-4805-B619-5556A9977909} - C:\Program Files (x86)\TubeSaver\116.dll (istqt Soft) BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - No File Handler-x32: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - C:\Program Files (x86)\Bricsys\BricsCAD V13\BrxProtIE.dll (BricsCad) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default FF user.js: detected! => C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\user.js FF Keyword.URL: hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF SearchPlugin: C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\searchplugins\sweetim.xml FF SearchPlugin: C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\searchplugins\Web Search.xml FF Extension: No Name - C:\Users\Hilli\AppData\Roaming\Mozilla\Extensions\{a79fe89b-6662-4ff4-8e88-09950ad4dfde} FF Extension: No Name - C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\Extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com FF Extension: gmailnoads - C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\Extensions\gmailnoads@mywebber.com.xpi FF Extension: info - C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\Extensions\info@skymeissner.com.xpi FF Extension: jid0-AocRXUCRsLTCYvn6bgJERnwfuqw - C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\Extensions\jid0-AocRXUCRsLTCYvn6bgJERnwfuqw@jetpack.xpi FF Extension: No Name - C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\Extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi FF Extension: No Name - C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi FF Extension: No Name - C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\Extensions\{87eab3b7-a707-4459-99ae-c2fa06cfa36b}.xpi FF Extension: No Name - C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF HKCU\...\Firefox\Extensions: [Tubesaver@istqt.co] C:\Program Files (x86)\TubeSaver\116.xpi FF Extension: No Name - C:\Program Files (x86)\TubeSaver\116.xpi ==================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 mitsijm2013; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-31] ( ) S2 SystemStoreService; C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [296448 2013-04-30] () ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-07] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-12-24] (DT Soft Ltd) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-08-01] (AnchorFree Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-11 18:47 - 2013-07-11 18:47 - 00000000 ____D C:\FRST 2013-07-11 18:45 - 2013-07-11 18:46 - 01778065 ____A (Farbar) C:\Users\Hilli\Downloads\FRST64.exe 2013-07-11 16:40 - 2013-07-11 16:44 - 00099168 ____A C:\Users\Hilli\Documents\OTL1.txt 2013-07-11 16:31 - 2013-07-11 16:31 - 00086988 ____A C:\Users\Hilli\Documents\Extras1.txt 2013-07-11 16:30 - 2013-07-11 16:53 - 00087258 ____A C:\Users\Hilli\Documents\Extras.Txt 2013-07-11 14:04 - 2013-07-11 14:04 - 00602112 ____A (OldTimer Tools) C:\Users\Hilli\Downloads\OTL(1).exe 2013-07-11 11:10 - 2013-07-11 14:19 - 00087118 ____A C:\Users\Hilli\Downloads\Extras.Txt 2013-07-11 11:09 - 2013-07-11 16:38 - 00099144 ____A C:\Users\Hilli\Downloads\OTL.Txt 2013-07-11 10:40 - 2013-07-11 10:41 - 00602112 ____A (OldTimer Tools) C:\Users\Hilli\Downloads\OTL.exe 2013-07-06 10:58 - 2013-07-06 10:58 - 00001817 ____A C:\Users\Hilli\Downloads\gopal_start.rar 2013-07-05 12:17 - 2013-07-05 12:17 - 00000017 ____A C:\Users\Hilli\AppData\Local\resmon.resmoncfg 2013-07-04 13:52 - 2011-08-04 20:02 - 00000000 ____D C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD 2013-07-03 08:52 - 2013-07-03 08:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-02 22:18 - 2013-07-02 22:18 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools 2013-07-02 22:18 - 2013-07-02 22:18 - 00000000 ____D C:\Users\Hilli\AppData\Local\Android 2013-07-02 22:16 - 2013-07-02 22:16 - 93479015 ____A (Google Inc.) C:\Users\Hilli\Downloads\installer_r22.0.1-windows.exe 2013-07-02 17:56 - 2013-07-02 17:57 - 18535465 ____A (Igor Pavlov) C:\Users\Hilli\Downloads\autobinaryea.exe.part 2013-07-02 17:56 - 2013-07-02 17:56 - 00000000 ____A C:\Users\Hilli\Downloads\autobinaryea.exe 2013-07-02 13:35 - 2013-07-02 13:35 - 49778232 ____A C:\Users\Hilli\Downloads\Update_Service_Setup-2.13.7.201306141231.exe 2013-07-02 12:57 - 2013-07-02 12:57 - 00101173 ____A C:\Users\Hilli\Desktop\Xperia_Relock_bootloader.ftf 2013-07-02 12:25 - 2013-07-02 23:24 - 00000000 ____D C:\Users\Hilli\.android 2013-07-02 12:25 - 2013-07-02 12:25 - 00000000 ____D C:\Users\Hilli\.swt 2013-07-02 12:24 - 2013-07-02 12:24 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool 2013-07-02 12:22 - 2013-07-02 13:36 - 00000000 ____D C:\Flashtool 2013-07-02 12:21 - 2013-07-02 12:22 - 02112921 ____A (Androxyde) C:\Users\Hilli\Downloads\flashtool-0.9.11.0-windows(1).exe.part 2013-07-02 11:57 - 2013-07-02 11:57 - 01031879 ____A C:\Users\Hilli\Documents\Backup Xperia ARC_ 2013-07-02.mpb 2013-07-02 11:48 - 2013-07-03 08:46 - 00023074 ____A C:\Windows\PFRO.log 2013-07-02 11:35 - 2013-07-03 20:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-02 11:35 - 2013-07-03 20:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-02 11:29 - 2013-07-02 11:29 - 19233792 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 15404544 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-02 11:29 - 2013-07-02 11:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-02 11:29 - 2013-07-02 11:29 - 02648064 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 01509376 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-07-02 11:29 - 2013-07-02 11:29 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-07-02 11:29 - 2013-07-02 11:29 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-07-02 11:29 - 2013-07-02 11:29 - 01400416 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-07-02 11:29 - 2013-07-02 11:29 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 01054720 ____A (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00905728 ____A (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00762368 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00599552 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00452096 ____A (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00441856 ____A (Microsoft Corporation) C:\Windows\system32\html.iec 2013-07-02 11:29 - 2013-07-02 11:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-07-02 11:29 - 2013-07-02 11:29 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00281600 ____A (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00270848 ____A (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00247296 ____A (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00235008 ____A (Microsoft Corporation) C:\Windows\system32\url.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00226304 ____A (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00216064 ____A (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00197120 ____A (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00173568 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00167424 ____A (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00149504 ____A (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00144896 ____A (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00136192 ____A (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00135680 ____A (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00102912 ____A (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00097280 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00092160 ____A (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00081408 ____A (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00077312 ____A (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-07-02 11:29 - 2013-07-02 11:29 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00062976 ____A (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-07-02 11:29 - 2013-07-02 11:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00053760 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00051200 ____A (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00048640 ____A (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00027648 ____A (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00013824 ____A (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-07-02 11:27 - 2013-07-02 11:35 - 00009508 ____A C:\Windows\IE10_main.log 2013-07-02 11:27 - 2012-08-23 16:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2013-07-02 11:27 - 2012-08-23 16:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2013-07-02 11:27 - 2012-08-23 16:08 - 00030208 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys 2013-07-02 11:27 - 2012-08-23 16:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2013-07-02 11:27 - 2012-08-23 15:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2013-07-02 11:27 - 2012-08-23 15:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2013-07-02 11:27 - 2012-08-23 15:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2013-07-02 11:27 - 2012-08-23 15:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2013-07-02 11:27 - 2012-08-23 15:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2013-07-02 11:27 - 2012-08-23 15:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2013-07-02 11:27 - 2012-08-23 15:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2013-07-02 11:27 - 2012-08-23 15:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2013-07-02 11:27 - 2012-08-23 15:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2013-07-02 11:27 - 2012-08-23 14:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2013-07-02 11:27 - 2012-08-23 13:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2013-07-02 11:27 - 2012-08-23 13:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2013-07-02 11:27 - 2012-08-23 13:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2013-07-02 11:27 - 2012-08-23 13:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll 2013-07-02 11:27 - 2012-08-23 12:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2013-07-02 11:27 - 2012-08-23 12:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll 2013-07-02 11:27 - 2012-08-23 12:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2013-07-02 11:27 - 2012-08-23 12:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2013-07-02 11:27 - 2012-08-23 11:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2013-07-02 11:27 - 2012-08-23 10:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2013-07-02 11:27 - 2012-08-23 10:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2013-07-02 11:26 - 2012-08-24 20:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-07-02 11:26 - 2012-08-24 20:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2013-07-02 11:26 - 2012-08-24 20:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-07-02 11:26 - 2012-08-24 20:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-07-02 11:26 - 2012-08-24 18:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-07-02 11:26 - 2012-08-24 18:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-07-02 11:26 - 2012-08-24 18:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-07-02 11:26 - 2012-05-04 13:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2013-07-02 11:26 - 2012-05-04 11:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2013-07-02 11:14 - 2013-07-11 11:04 - 00000372 ____A C:\Windows\Tasks\TubeSaver Update.job 2013-07-02 11:14 - 2013-07-02 12:07 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\MyPhoneExplorer 2013-07-02 11:14 - 2013-07-02 11:15 - 00000000 ____D C:\Program Files (x86)\Mein Gutscheincode 2013-07-02 11:14 - 2013-07-02 11:14 - 00003020 ____A C:\Windows\System32\Tasks\TubeSaver Update 2013-07-02 11:14 - 2013-07-02 11:14 - 00002057 ____A C:\Users\Public\Desktop\MyPhoneExplorer.lnk 2013-07-02 11:14 - 2013-07-02 11:14 - 00000000 ____D C:\Program Files (x86)\TubeSaver 2013-07-02 11:14 - 2013-07-02 11:14 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer 2013-07-02 11:13 - 2013-07-02 11:13 - 06680720 ____A C:\Users\Hilli\Downloads\MyPhoneExplorer_Setup_1.8.4.exe 2013-07-02 10:54 - 2013-07-02 10:54 - 00000548 ____A C:\Users\Hilli\Downloads\Ortsliste.kml 2013-07-02 10:17 - 2013-07-02 10:18 - 00000000 ____D C:\Users\Hilli\Desktop\files 2013-07-02 10:17 - 2013-07-02 10:17 - 01879931 ____A C:\Users\Hilli\Downloads\DooMLoRD_v4_ROOT-zergRush-busybox-su.zip 2013-07-02 10:17 - 2013-07-02 10:17 - 01879371 ____A C:\Users\Hilli\Downloads\DooMLoRD_v3_ROOT-zergRush-busybox-su.zip 2013-07-02 10:17 - 2011-11-10 13:15 - 00003122 ____A C:\Users\Hilli\Downloads\runme.bat 2013-07-02 10:17 - 2011-11-10 12:54 - 00000000 ____D C:\Users\Hilli\Downloads\files 2013-07-02 10:16 - 2013-07-02 10:16 - 01879163 ____A C:\Users\Hilli\Downloads\DooMLoRD_v2_ROOT-zergRush-busybox-su.zip 2013-07-02 10:16 - 2013-07-02 10:16 - 01854174 ____A C:\Users\Hilli\Downloads\DooMLoRD_v1_ROOT-zergRush-busybox-su.zip 2013-07-01 02:18 - 2013-07-01 02:18 - 00000000 ____D C:\Users\Hilli\Desktop\Vergiss mich nicht 2013-07-01 02:16 - 2013-07-01 02:17 - 49250464 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part11.rar 2013-07-01 01:30 - 2013-07-01 01:33 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part10.rar 2013-07-01 01:06 - 2013-07-01 01:09 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part09.rar 2013-07-01 00:44 - 2013-07-01 00:47 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part08.rar 2013-07-01 00:22 - 2013-07-01 00:25 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part07.rar 2013-06-30 23:41 - 2013-06-30 23:49 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part06.rar 2013-06-30 22:46 - 2013-06-30 22:54 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part05.rar 2013-06-30 22:00 - 2013-06-30 22:08 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part04.rar 2013-06-30 21:14 - 2013-06-30 21:22 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part03.rar 2013-06-30 20:34 - 2013-06-30 20:42 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part02.rar 2013-06-30 19:31 - 2013-06-30 19:39 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part01.rar 2013-06-27 22:21 - 2013-06-27 22:21 - 00000175 ____A C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-06-26 23:56 - 2013-06-27 22:21 - 00000175 ____A C:\Windows\system32\Drivers\aswSP.sys.sum 2013-06-26 23:56 - 2013-06-27 22:21 - 00000175 ____A C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-06-25 19:12 - 2013-07-02 10:44 - 00000000 ____D C:\Users\Hilli\AppData\Local\Sony 2013-06-25 19:12 - 2013-06-25 19:12 - 00001885 ____A C:\Users\Public\Desktop\Media Go.lnk 2013-06-25 19:12 - 2013-06-25 19:12 - 00000000 ____D C:\Users\Hilli\Podcasts 2013-06-25 19:12 - 2013-06-25 19:12 - 00000000 ____D C:\Users\Hilli\Documents\Media Go 2013-06-25 19:12 - 2013-06-25 19:12 - 00000000 ____D C:\ProgramData\Sony Corporation 2013-06-25 19:11 - 2013-06-25 19:12 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\Sony 2013-06-25 19:11 - 2013-06-25 19:11 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install 2013-06-25 17:38 - 2013-06-25 17:49 - 00000000 ____D C:\Users\Hilli\Desktop\Stina 2013-06-25 12:09 - 2013-06-25 12:32 - 00000000 ____D C:\Users\Hilli\Downloads\25.06.13 2013-06-25 11:10 - 2013-06-25 11:11 - 118250410 ____A (Androxyde) C:\Users\Hilli\Downloads\flashtool-0.9.11.0-windows.exe 2013-06-24 23:25 - 2013-06-24 23:25 - 00610321 ____A C:\Users\Hilli\Downloads\36.rar 2013-06-24 22:19 - 2013-06-24 22:20 - 11288912 ____A C:\Users\Hilli\Downloads\Joe720NSane.part04.rar.part 2013-06-24 22:19 - 2013-06-24 22:20 - 00953872 ____A C:\Users\Hilli\Downloads\Joe720NSane.part01.rar.part 2013-06-24 21:12 - 2013-06-24 21:33 - 00000000 ____D C:\Users\Hilli\Desktop\poiw-data 2013-06-24 13:44 - 2013-07-02 11:31 - 00160082 ____A C:\Windows\DPINST.LOG 2013-06-24 13:44 - 2013-07-02 11:30 - 00002098 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2013-06-22 10:57 - 2013-06-22 10:57 - 00002086 ____A C:\Users\Public\Desktop\SDFormatter.lnk 2013-06-22 10:57 - 2013-06-22 10:57 - 00000000 ____D C:\Program Files (x86)\SDA 2013-06-22 10:56 - 2013-06-25 19:11 - 00000000 ____D C:\Users\Hilli\AppData\Local\Downloaded Installations 2013-06-17 13:23 - 2013-06-17 13:23 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-06-17 13:22 - 2013-06-17 13:23 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-17 13:22 - 2013-06-17 13:23 - 00000000 ____D C:\Program Files\iTunes 2013-06-17 13:22 - 2013-06-17 13:23 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-17 13:22 - 2013-06-17 13:22 - 00000000 ____D C:\Program Files\iPod 2013-06-15 01:28 - 2013-06-15 01:28 - 00000000 ____D C:\Users\Hilli\Documents\Dokumentation für Hillis Gerät 2 2013-06-15 00:24 - 2013-06-24 21:10 - 00000000 ____D C:\Users\Hilli\Desktop\GoPal_5.5 2013-06-14 22:57 - 2013-06-14 22:57 - 00000910 ____A C:\Users\Hilli\Desktop\Windows Mobile-Gerätecenter.lnk 2013-06-14 22:57 - 2013-06-14 22:57 - 00000000 ____D C:\Users\Hilli\Documents\Dokumentation für Hillis Gerät 2013-06-12 21:00 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2013-06-12 21:00 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 21:00 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-06-12 21:00 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2013-06-12 21:00 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 20:59 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-06-12 20:59 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-06-12 20:59 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-06-12 20:59 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll 2013-06-12 20:59 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 20:59 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 20:59 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 20:59 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe 2013-06-12 20:59 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 20:59 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 20:59 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-12 20:59 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-12 20:59 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2013-06-12 20:59 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll ==================== One Month Modified Files and Folders ======= 2013-07-11 18:49 - 2012-10-05 15:47 - 01146843 ____A C:\Windows\WindowsUpdate.log 2013-07-11 18:47 - 2013-07-11 18:47 - 00000000 ____D C:\FRST 2013-07-11 18:46 - 2013-07-11 18:45 - 01778065 ____A (Farbar) C:\Users\Hilli\Downloads\FRST64.exe 2013-07-11 18:37 - 2012-10-05 15:54 - 00003930 ____A C:\Windows\System32\Tasks\User_Feed_Synchronization-{4603B934-9A9F-464D-BED9-589F07EC3EA8} 2013-07-11 18:15 - 2013-05-05 00:00 - 00026677 ____A C:\Windows\setupact.log 2013-07-11 18:05 - 2012-12-23 01:00 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-11 16:53 - 2013-07-11 16:30 - 00087258 ____A C:\Users\Hilli\Documents\Extras.Txt 2013-07-11 16:44 - 2013-07-11 16:40 - 00099168 ____A C:\Users\Hilli\Documents\OTL1.txt 2013-07-11 16:38 - 2013-07-11 11:09 - 00099144 ____A C:\Users\Hilli\Downloads\OTL.Txt 2013-07-11 16:31 - 2013-07-11 16:31 - 00086988 ____A C:\Users\Hilli\Documents\Extras1.txt 2013-07-11 14:19 - 2013-07-11 11:10 - 00087118 ____A C:\Users\Hilli\Downloads\Extras.Txt 2013-07-11 14:04 - 2013-07-11 14:04 - 00602112 ____A (OldTimer Tools) C:\Users\Hilli\Downloads\OTL(1).exe 2013-07-11 12:01 - 2011-04-12 09:43 - 00700168 ____A C:\Windows\system32\perfh007.dat 2013-07-11 12:01 - 2011-04-12 09:43 - 00148964 ____A C:\Windows\system32\perfc007.dat 2013-07-11 12:01 - 2009-07-14 07:13 - 01621308 ____A C:\Windows\system32\PerfStringBackup.INI 2013-07-11 11:04 - 2013-07-02 11:14 - 00000372 ____A C:\Windows\Tasks\TubeSaver Update.job 2013-07-11 10:50 - 2012-12-30 15:19 - 00000000 ____D C:\Users\Hilli\Documents\Outlook-Dateien 2013-07-11 10:44 - 2009-07-14 06:45 - 00021680 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-11 10:44 - 2009-07-14 06:45 - 00021680 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-11 10:41 - 2013-07-11 10:40 - 00602112 ____A (OldTimer Tools) C:\Users\Hilli\Downloads\OTL.exe 2013-07-11 09:04 - 2012-12-11 22:15 - 00004082 ____A C:\Windows\System32\Tasks\Software Updater Ui 2013-07-11 09:04 - 2012-12-10 22:14 - 00004130 ____A C:\Windows\System32\Tasks\Software Updater 2013-07-11 09:00 - 2013-06-02 11:56 - 00000326 ____A C:\Windows\Tasks\GlaryInitialize.job 2013-07-11 09:00 - 2012-10-05 22:06 - 00004182 ____A C:\Windows\System32\Tasks\avast! Emergency Update 2013-07-11 09:00 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-06 10:58 - 2013-07-06 10:58 - 00001817 ____A C:\Users\Hilli\Downloads\gopal_start.rar 2013-07-05 12:17 - 2013-07-05 12:17 - 00000017 ____A C:\Users\Hilli\AppData\Local\resmon.resmoncfg 2013-07-04 15:33 - 2012-10-05 16:39 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\Nero 2013-07-04 14:05 - 2012-10-07 16:03 - 00000000 ____D C:\Users\Hilli\Documents\NeroVideo 2013-07-04 13:55 - 2012-10-07 16:03 - 00000000 ____D C:\Users\Hilli\AppData\Local\Nero 2013-07-04 09:16 - 2012-10-05 16:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-03 20:37 - 2013-07-02 11:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-03 20:37 - 2013-07-02 11:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-03 08:52 - 2013-07-03 08:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-03 08:46 - 2013-07-02 11:48 - 00023074 ____A C:\Windows\PFRO.log 2013-07-02 23:24 - 2013-07-02 12:25 - 00000000 ____D C:\Users\Hilli\.android 2013-07-02 22:18 - 2013-07-02 22:18 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools 2013-07-02 22:18 - 2013-07-02 22:18 - 00000000 ____D C:\Users\Hilli\AppData\Local\Android 2013-07-02 22:16 - 2013-07-02 22:16 - 93479015 ____A (Google Inc.) C:\Users\Hilli\Downloads\installer_r22.0.1-windows.exe 2013-07-02 18:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-07-02 17:57 - 2013-07-02 17:56 - 18535465 ____A (Igor Pavlov) C:\Users\Hilli\Downloads\autobinaryea.exe.part 2013-07-02 17:56 - 2013-07-02 17:56 - 00000000 ____A C:\Users\Hilli\Downloads\autobinaryea.exe 2013-07-02 13:36 - 2013-07-02 12:22 - 00000000 ____D C:\Flashtool 2013-07-02 13:35 - 2013-07-02 13:35 - 49778232 ____A C:\Users\Hilli\Downloads\Update_Service_Setup-2.13.7.201306141231.exe 2013-07-02 12:57 - 2013-07-02 12:57 - 00101173 ____A C:\Users\Hilli\Desktop\Xperia_Relock_bootloader.ftf 2013-07-02 12:25 - 2013-07-02 12:25 - 00000000 ____D C:\Users\Hilli\.swt 2013-07-02 12:25 - 2012-10-05 15:51 - 00000000 ____D C:\Users\Hilli 2013-07-02 12:24 - 2013-07-02 12:24 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool 2013-07-02 12:22 - 2013-07-02 12:21 - 02112921 ____A (Androxyde) C:\Users\Hilli\Downloads\flashtool-0.9.11.0-windows(1).exe.part 2013-07-02 12:07 - 2013-07-02 11:14 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\MyPhoneExplorer 2013-07-02 11:57 - 2013-07-02 11:57 - 01031879 ____A C:\Users\Hilli\Documents\Backup Xperia ARC_ 2013-07-02.mpb 2013-07-02 11:50 - 2012-10-05 15:51 - 00001409 ____A C:\Users\Hilli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-07-02 11:49 - 2012-10-05 16:43 - 00000000 ____D C:\Windows\Panther 2013-07-02 11:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-07-02 11:35 - 2013-07-02 11:27 - 00009508 ____A C:\Windows\IE10_main.log 2013-07-02 11:31 - 2013-06-24 13:44 - 00160082 ____A C:\Windows\DPINST.LOG 2013-07-02 11:30 - 2013-06-24 13:44 - 00002098 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2013-07-02 11:30 - 2012-10-08 11:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-07-02 11:29 - 2013-07-02 11:29 - 19233792 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 15404544 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-02 11:29 - 2013-07-02 11:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-02 11:29 - 2013-07-02 11:29 - 02648064 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 01509376 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-07-02 11:29 - 2013-07-02 11:29 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-07-02 11:29 - 2013-07-02 11:29 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-07-02 11:29 - 2013-07-02 11:29 - 01400416 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-07-02 11:29 - 2013-07-02 11:29 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 01054720 ____A (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00905728 ____A (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00762368 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00599552 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00452096 ____A (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00441856 ____A (Microsoft Corporation) C:\Windows\system32\html.iec 2013-07-02 11:29 - 2013-07-02 11:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-07-02 11:29 - 2013-07-02 11:29 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00281600 ____A (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00270848 ____A (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00247296 ____A (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00235008 ____A (Microsoft Corporation) C:\Windows\system32\url.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00226304 ____A (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00216064 ____A (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00197120 ____A (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00173568 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00167424 ____A (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00149504 ____A (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00144896 ____A (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00136192 ____A (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00135680 ____A (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00102912 ____A (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00097280 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00092160 ____A (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00081408 ____A (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00077312 ____A (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-07-02 11:29 - 2013-07-02 11:29 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00062976 ____A (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-07-02 11:29 - 2013-07-02 11:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00053760 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00051200 ____A (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00048640 ____A (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00027648 ____A (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-07-02 11:29 - 2013-07-02 11:29 - 00013824 ____A (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-07-02 11:29 - 2013-07-02 11:29 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-07-02 11:15 - 2013-07-02 11:14 - 00000000 ____D C:\Program Files (x86)\Mein Gutscheincode 2013-07-02 11:14 - 2013-07-02 11:14 - 00003020 ____A C:\Windows\System32\Tasks\TubeSaver Update 2013-07-02 11:14 - 2013-07-02 11:14 - 00002057 ____A C:\Users\Public\Desktop\MyPhoneExplorer.lnk 2013-07-02 11:14 - 2013-07-02 11:14 - 00000000 ____D C:\Program Files (x86)\TubeSaver 2013-07-02 11:14 - 2013-07-02 11:14 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer 2013-07-02 11:13 - 2013-07-02 11:13 - 06680720 ____A C:\Users\Hilli\Downloads\MyPhoneExplorer_Setup_1.8.4.exe 2013-07-02 10:54 - 2013-07-02 10:54 - 00000548 ____A C:\Users\Hilli\Downloads\Ortsliste.kml 2013-07-02 10:50 - 2012-10-15 16:08 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\vlc 2013-07-02 10:44 - 2013-06-25 19:12 - 00000000 ____D C:\Users\Hilli\AppData\Local\Sony 2013-07-02 10:18 - 2013-07-02 10:17 - 00000000 ____D C:\Users\Hilli\Desktop\files 2013-07-02 10:17 - 2013-07-02 10:17 - 01879931 ____A C:\Users\Hilli\Downloads\DooMLoRD_v4_ROOT-zergRush-busybox-su.zip 2013-07-02 10:17 - 2013-07-02 10:17 - 01879371 ____A C:\Users\Hilli\Downloads\DooMLoRD_v3_ROOT-zergRush-busybox-su.zip 2013-07-02 10:16 - 2013-07-02 10:16 - 01879163 ____A C:\Users\Hilli\Downloads\DooMLoRD_v2_ROOT-zergRush-busybox-su.zip 2013-07-02 10:16 - 2013-07-02 10:16 - 01854174 ____A C:\Users\Hilli\Downloads\DooMLoRD_v1_ROOT-zergRush-busybox-su.zip 2013-07-01 02:18 - 2013-07-01 02:18 - 00000000 ____D C:\Users\Hilli\Desktop\Vergiss mich nicht 2013-07-01 02:17 - 2013-07-01 02:16 - 49250464 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part11.rar 2013-07-01 01:33 - 2013-07-01 01:30 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part10.rar 2013-07-01 01:09 - 2013-07-01 01:06 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part09.rar 2013-07-01 00:47 - 2013-07-01 00:44 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part08.rar 2013-07-01 00:25 - 2013-07-01 00:22 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part07.rar 2013-06-30 23:49 - 2013-06-30 23:41 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part06.rar 2013-06-30 22:54 - 2013-06-30 22:46 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part05.rar 2013-06-30 22:08 - 2013-06-30 22:00 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part04.rar 2013-06-30 21:22 - 2013-06-30 21:14 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part03.rar 2013-06-30 20:42 - 2013-06-30 20:34 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part02.rar 2013-06-30 19:39 - 2013-06-30 19:31 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part01.rar 2013-06-27 22:21 - 2013-06-27 22:21 - 00000175 ____A C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-06-27 22:21 - 2013-06-26 23:56 - 00000175 ____A C:\Windows\system32\Drivers\aswSP.sys.sum 2013-06-27 22:21 - 2013-06-26 23:56 - 00000175 ____A C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-06-27 22:21 - 2013-03-18 14:23 - 00189936 ____A C:\Windows\system32\Drivers\aswVmm.sys 2013-06-27 22:21 - 2012-10-05 22:06 - 01030952 ____A (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-06-27 22:21 - 2012-10-05 22:06 - 00378944 ____A (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-06-25 19:12 - 2013-06-25 19:12 - 00001885 ____A C:\Users\Public\Desktop\Media Go.lnk 2013-06-25 19:12 - 2013-06-25 19:12 - 00000000 ____D C:\Users\Hilli\Podcasts 2013-06-25 19:12 - 2013-06-25 19:12 - 00000000 ____D C:\Users\Hilli\Documents\Media Go 2013-06-25 19:12 - 2013-06-25 19:12 - 00000000 ____D C:\ProgramData\Sony Corporation 2013-06-25 19:12 - 2013-06-25 19:11 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\Sony 2013-06-25 19:12 - 2012-11-06 23:36 - 00000000 ____D C:\Program Files (x86)\Sony 2013-06-25 19:11 - 2013-06-25 19:11 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install 2013-06-25 19:11 - 2013-06-22 10:56 - 00000000 ____D C:\Users\Hilli\AppData\Local\Downloaded Installations 2013-06-25 17:49 - 2013-06-25 17:38 - 00000000 ____D C:\Users\Hilli\Desktop\Stina 2013-06-25 12:32 - 2013-06-25 12:09 - 00000000 ____D C:\Users\Hilli\Downloads\25.06.13 2013-06-25 11:11 - 2013-06-25 11:10 - 118250410 ____A (Androxyde) C:\Users\Hilli\Downloads\flashtool-0.9.11.0-windows.exe 2013-06-24 23:25 - 2013-06-24 23:25 - 00610321 ____A C:\Users\Hilli\Downloads\36.rar 2013-06-24 22:20 - 2013-06-24 22:19 - 11288912 ____A C:\Users\Hilli\Downloads\Joe720NSane.part04.rar.part 2013-06-24 22:20 - 2013-06-24 22:19 - 00953872 ____A C:\Users\Hilli\Downloads\Joe720NSane.part01.rar.part 2013-06-24 21:33 - 2013-06-24 21:12 - 00000000 ____D C:\Users\Hilli\Desktop\poiw-data 2013-06-24 21:10 - 2013-06-15 00:24 - 00000000 ____D C:\Users\Hilli\Desktop\GoPal_5.5 2013-06-24 15:07 - 2013-03-16 19:39 - 00000000 ____D C:\Users\Hilli\Downloads\Die.Siedler.7.Gold.Edition.MULTi.CloneDVD 2013-06-24 09:42 - 2012-11-22 22:52 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson 2013-06-24 09:38 - 2012-11-22 22:52 - 00000000 ____D C:\ProgramData\Sony Ericsson 2013-06-23 20:51 - 2012-10-08 14:51 - 00000000 ____D C:\Program Files (x86)\JDownloader 2013-06-22 10:57 - 2013-06-22 10:57 - 00002086 ____A C:\Users\Public\Desktop\SDFormatter.lnk 2013-06-22 10:57 - 2013-06-22 10:57 - 00000000 ____D C:\Program Files (x86)\SDA 2013-06-17 20:05 - 2012-10-05 22:03 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\Apple Computer 2013-06-17 13:23 - 2013-06-17 13:23 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-06-17 13:23 - 2013-06-17 13:22 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-17 13:23 - 2013-06-17 13:22 - 00000000 ____D C:\Program Files\iTunes 2013-06-17 13:23 - 2013-06-17 13:22 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-17 13:22 - 2013-06-17 13:22 - 00000000 ____D C:\Program Files\iPod 2013-06-17 13:22 - 2012-10-05 22:03 - 00000000 ____D C:\ProgramData\Apple Computer 2013-06-17 13:20 - 2012-10-05 22:02 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-06-15 01:28 - 2013-06-15 01:28 - 00000000 ____D C:\Users\Hilli\Documents\Dokumentation für Hillis Gerät 2 2013-06-14 22:57 - 2013-06-14 22:57 - 00000910 ____A C:\Users\Hilli\Desktop\Windows Mobile-Gerätecenter.lnk 2013-06-14 22:57 - 2013-06-14 22:57 - 00000000 ____D C:\Users\Hilli\Documents\Dokumentation für Hillis Gerät 2013-06-14 20:31 - 2012-10-05 22:06 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2013-06-12 21:48 - 2012-10-05 23:21 - 75825640 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-06-12 21:48 - 2012-10-05 16:36 - 01598202 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2013-06-11 22:05 - 2012-12-23 01:00 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-06-11 22:05 - 2012-10-05 15:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-11 22:05 - 2012-10-05 15:59 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-11 21:57 - 2013-05-21 21:56 - 00000000 ____D C:\Users\Hilli\Desktop\Navi ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-04 22:37 ==================== End Of Log ============================ --- --- --- Kannst du damit was anfangen??? Also ich habe aufjedenfall was drauf....das sehe ich ja bei Maleware. Was kann ich nun tun?? |
11.07.2013, 19:27 | #4 | |
/// the machine /// TB-Ausbilder | mail delivery failed: returning message to sender im gmx account Jop, wir haben Arbeit Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
11.07.2013, 21:00 | #5 |
| mail delivery failed: returning message to sender im gmx account ComboFix Code:
ATTFilter ComboFix 13-07-11.03 - Hilli 11.07.2013 21:29:11.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4094.1923 [GMT 2:00] ausgeführt von:: c:\users\Hilli\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\TubeSaver\120.dll c:\users\Hilli\4.0 c:\windows\Downloaded Program Files\IDropPTB.dll c:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe E:\setup.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-06-11 bis 2013-07-11 )))))))))))))))))))))))))))))) . . 2013-07-11 19:39 . 2013-07-11 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-11 16:48 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34CE258F-5430-4BC9-8D90-ACD0F5829482}\mpengine.dll 2013-07-11 16:47 . 2013-07-11 16:47 -------- d-----w- C:\FRST 2013-07-02 20:18 . 2013-07-02 20:18 -------- d-----w- c:\users\Hilli\AppData\Local\Android 2013-07-02 10:25 . 2013-07-02 21:24 -------- d-----w- c:\users\Hilli\.android 2013-07-02 10:25 . 2013-07-02 10:25 -------- d-----w- c:\users\Hilli\.swt 2013-07-02 10:22 . 2013-07-02 11:36 -------- d-----w- C:\Flashtool 2013-07-02 09:35 . 2013-07-03 18:37 -------- d-----w- c:\program files\Microsoft Silverlight 2013-07-02 09:35 . 2013-07-03 18:37 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2013-07-02 09:27 . 2012-08-23 15:09 3584 ----a-w- c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui 2013-07-02 09:26 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2013-07-02 09:26 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2013-07-02 09:26 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll 2013-07-02 09:26 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2013-07-02 09:26 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-07-02 09:26 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2013-07-02 09:26 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll 2013-07-02 09:26 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2013-07-02 09:26 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2013-07-02 09:14 . 2013-07-02 09:15 -------- d-----w- c:\program files (x86)\Mein Gutscheincode 2013-07-02 09:14 . 2013-07-02 10:07 -------- d-----w- c:\users\Hilli\AppData\Roaming\MyPhoneExplorer 2013-07-02 09:14 . 2013-07-02 09:14 -------- d-----w- c:\program files (x86)\MyPhoneExplorer 2013-06-25 17:12 . 2013-06-25 17:12 -------- d-----w- c:\users\Hilli\Podcasts 2013-06-25 17:12 . 2013-07-02 08:44 -------- d-----w- c:\users\Hilli\AppData\Local\Sony 2013-06-25 17:12 . 2013-06-25 17:12 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared 2013-06-25 17:12 . 2013-06-25 17:12 -------- d-----w- c:\programdata\Sony Corporation 2013-06-25 17:11 . 2013-06-25 17:12 -------- d-----w- c:\users\Hilli\AppData\Roaming\Sony 2013-06-25 17:11 . 2013-06-25 17:11 -------- d-----w- c:\program files (x86)\Sony Media Go Install 2013-06-22 08:57 . 2013-06-22 08:57 -------- d-----w- c:\program files (x86)\SDA 2013-06-22 08:56 . 2013-06-25 17:11 -------- d-----w- c:\users\Hilli\AppData\Local\Downloaded Installations 2013-06-17 11:22 . 2013-06-17 11:23 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-17 11:22 . 2013-06-17 11:22 -------- d-----w- c:\program files\iPod 2013-06-17 11:22 . 2013-06-17 11:23 -------- d-----w- c:\program files\iTunes 2013-06-17 11:22 . 2013-06-17 11:23 -------- d-----w- c:\program files (x86)\iTunes 2013-06-12 19:00 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-12 19:00 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-06-12 19:00 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-06-12 19:00 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-06-12 19:00 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-27 20:21 . 2013-03-18 12:23 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-06-27 20:21 . 2012-10-05 20:06 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-06-27 20:21 . 2012-10-05 20:06 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-06-12 19:48 . 2012-10-05 21:21 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-06-11 20:05 . 2012-10-05 13:59 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-11 20:05 . 2012-10-05 13:59 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-09 08:59 . 2013-03-18 12:23 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-05-09 08:59 . 2012-10-05 20:06 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-05-09 08:59 . 2012-10-05 20:06 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-05-09 08:59 . 2012-10-05 20:06 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-05-09 08:59 . 2012-10-05 20:06 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-05-09 08:58 . 2012-10-05 20:06 41664 ----a-w- c:\windows\avastSS.scr 2013-05-09 08:58 . 2012-10-05 20:06 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 05:49 . 2013-05-16 04:27 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-16 04:27 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-16 04:27 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-16 04:27 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-16 04:27 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-16 04:27 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110211941181}] 2013-07-02 09:15 737928 ----a-w- c:\program files (x86)\Mein Gutscheincode\Mein Gutscheincode-bho.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2012-08-10 22:54 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616] "Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-05-29 449248] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728] "Glary Memory Optimizer"="c:\program files (x86)\Glary Utilities\memdefrag.exe" [2013-05-27 109856] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-23 3477640] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SystemStoreService;System Store;c:\program files (x86)\SoftwareUpdater\SystemStore.exe -displayname System Store -servicename SystemStoreService;c:\program files (x86)\SoftwareUpdater\SystemStore.exe -displayname System Store -servicename SystemStoreService [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] S0 aswKbd;aswKbd; [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x] S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x] S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2013-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 20:05] . 2013-07-11 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2013-06-02 14:51] . 2013-07-11 c:\windows\Tasks\TubeSaver Update.job - c:\program files (x86)\TubeSaver\tbsUd.exe [2013-07-08 17:03] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Hilli\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Hilli\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Hilli\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Hilli\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=hp&exp=true mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms} IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 FF - ProfilePath - c:\users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\ FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q= FF - ExtSQL: 2013-06-09 14:34; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF - ExtSQL: 2013-07-02 11:14; Tubesaver@istqt.co; c:\program files (x86)\TubeSaver\120.xpi FF - ExtSQL: 2013-07-02 11:14; 126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com; c:\users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com FF - ExtSQL: 2013-07-04 14:53; jid0-AocRXUCRsLTCYvn6bgJERnwfuqw@jetpack; c:\users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\extensions\jid0-AocRXUCRsLTCYvn6bgJERnwfuqw@jetpack.xpi FF - ExtSQL: 2013-07-04 14:53; {87eab3b7-a707-4459-99ae-c2fa06cfa36b}; c:\users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\extensions\{87eab3b7-a707-4459-99ae-c2fa06cfa36b}.xpi FF - ExtSQL: 2013-07-04 14:53; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; c:\users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi FF - ExtSQL: 2013-07-04 14:53; {15312e9a-4905-48da-aae4-15b24bdc2a24}; c:\users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi FF - ExtSQL: 2013-07-04 14:53; info@skymeissner.com; c:\users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\extensions\info@skymeissner.com.xpi FF - ExtSQL: 2013-07-04 14:53; gmailnoads@mywebber.com; c:\users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\extensions\gmailnoads@mywebber.com.xpi FF - user.js: extentions.y2layers.installId - a899a751-351d-4096-b5d5-0c88c22479b0 FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,buzzdock,YontooNewOffers FF - user.js: extensions.autoDisableScopes - 0 FF - user.js: extensions.shownSelectionUI - true . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{E7673D9C-270D-4805-B619-5556A9977909} - c:\program files (x86)\TubeSaver\120.dll ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file) . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-07-11 21:53:28 ComboFix-quarantined-files.txt 2013-07-11 19:53 . Vor Suchlauf: 13 Verzeichnis(se), 43.920.363.520 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 44.860.059.648 Bytes frei . - - End Of File - - A463A0567C8D15FE5AB257A737BCB3D5 A36C5E4F47E84449FF07ED3517B43A31 Zu welcher Erkenntniss kommst du den nach diesen LOG? |
12.07.2013, 09:45 | #6 |
/// the machine /// TB-Ausbilder | mail delivery failed: returning message to sender im gmx account Combofix hat wie du sehen kannst einiges entfernt, unter anderem auch etliche Dienste und Co gerade gezogen. JEtzt entfernen wir noch Adware und machen einen Onlinescan nach Überresten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> mail delivery failed: returning message to sender im gmx account |
Themen zu mail delivery failed: returning message to sender im gmx account |
antivirus, bho, bonjour, browser, error, failed, flash player, format, hacktool.keygen.kms, homepage, iexplore.exe, install.exe, mail delivery, mozilla, msiexec.exe, plug-in, pup.pswtool.productkey, registry, riskware.tool.ck, rundll, scan, senden, software, svchost.exe, tubesaver, udp, windows, xperia, ändern |