Hallo und guten Morgen,

bei meiner Frau am Notebook hat sich mal wieder ein Trojaner eingeschlichen. Snapdo wurde bereits über die Systemsteuerung entfernt und mithilfe von CCleaner wurde versucht den Rest zu entfernen - bisher ohne Erfolg. Trotz der Vollversion von Avast und einem regelmäßigem Suchen konnte sich meine Frau nicht schützen. Mozilla startet automatisch auf Snapdo und das nervt.

Könnt ihr uns helfen?
hi,
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: ![]() (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
![]() | #3 |
![]() ![]() | ![]() Snapdo entfernen FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 (ATTENTION: ====> FRST version is 27 days old and could be outdated) Ran by mel (administrator) on MEL-PC on 09-04-2014 08:50:31 Running from C:\Users\mel\Downloads Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe () C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe (Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (Prolific Technology Inc.) C:\Windows\system32\IoctlSvc.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe (Packard Bell BV) C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-08-04] (Realtek Semiconductor) HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1833504 2008-08-04] (Realtek Semiconductor Corp.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-25] (AVAST Software) HKLM\...\Run: [AgentMonitor] - C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] () HKU\S-1-5-21-3388527527-2323720586-789991275-1000\...\Run: [SmpcSys] - C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe [1038136 2008-07-07] (Packard Bell BV) HKU\S-1-5-21-3388527527-2323720586-789991275-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC0A615FC727ECB01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect URLSearchHook: HKCU - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKCU - {08215E9A-ED98-497B-8FB9-C7F2A0C9FACD} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] FireFox: ======== FF ProfilePath: C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\ob5vl5bk.default FF Homepage: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0vsTgwWcD3sttaWNI5RBkK_z706MA7_Ngv-2pTDP_G-crdRdUVWc3Af7-7SAafralkVMqVaFt2ERp1gv00EQiIZSSXIrPmQMY7CGntZC1yuxcQtIWmDoyZjbsT4Dwz1g,, FF SelectedSearchEngine: Web Search FF Keyword.URL: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0vsTgwWcD3sttaWNI5RBkK_z706MA7_Ngv-2pTDP_G-crdRdUVWc3Af7-7SAafralob2TvMupeBOrYDlPmQpGsiW7aFFy3zNw3QonXqxM-z4mQAc69gUCAj4OBDHeGeQ,,&q= FF NewTab: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0vsTgwWcD3sttaWNI5RBkK_z706MA7_Ngv-2pTDP_G-crdRdUVWc3Af7-7SAafraliwdAEhQCHjAkA40XU2Rx5T7dnKo31NGNPT9UMV5t6Ei81TMHjkL-vqrNaQkK1gQ,, FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.1 - C:\Users\mel\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( ) FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\mel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\ob5vl5bk.default\searchplugins\Web Search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2013-12-11] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-11] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2013-12-11] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-11] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-29] Chrome: ======= CHR Extension: (Google Docs) - C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-24] CHR Extension: (Google Drive) - C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-24] CHR Extension: (YouTube) - C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-24] CHR Extension: (Google-Suche) - C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-24] CHR Extension: (avast! Online Security) - C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-09] CHR Extension: (Skype Click to Call) - C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-24] CHR Extension: (Google Wallet) - C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-24] CHR Extension: (Google Mail) - C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-24] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-25] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-25] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-03-25] (AVAST Software) R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation) R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG) R2 ETService; C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [24576 2008-07-16] () R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG) S2 LPTSystemUpdater; C:\Program Files\LPT\srpts.exe [37920 2014-04-08] () R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.) ==================== Drivers (Whitelisted) ==================== R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-03-25] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-03-25] (AVAST Software) R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2012-07-13] (ALWIL Software) R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [252208 2014-03-25] (AVAST Software) R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-03-25] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-03-25] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-03-25] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-03-25] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-03-25] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180760 2014-03-25] () R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\Users\max\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 RimUsb; System32\Drivers\RimUsb.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-09 08:50 - 2014-04-09 08:50 - 00016729 _____ () C:\Users\mel\Downloads\FRST.txt 2014-04-09 08:50 - 2014-04-09 08:50 - 00000000 ____D () C:\FRST 2014-04-09 08:49 - 2014-04-09 08:49 - 01145856 _____ (Farbar) C:\Users\mel\Downloads\FRST.exe 2014-04-09 08:48 - 2014-04-09 08:48 - 01431792 _____ (iMesh Inc) C:\Users\mel\Downloads\iMeshSetup-r1487-w-bf.exe 2014-04-09 08:48 - 2014-04-09 08:48 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-09 08:48 - 2014-04-09 08:48 - 00000000 _____ () C:\Windows\setupact.log 2014-04-09 07:08 - 2014-04-09 07:08 - 00000000 ____D () C:\Users\mel\.android 2014-04-08 23:51 - 2014-04-08 23:51 - 00000000 ____D () C:\Users\max\Downloads\Impactor_0.9.14 2014-04-08 23:49 - 2014-04-08 23:49 - 00000000 ____D () C:\Users\max\Downloads\adb 2014-04-08 23:44 - 2014-04-08 23:44 - 11937023 _____ () C:\Users\max\Downloads\Impactor_0.9.14.zip 2014-04-08 23:36 - 2014-04-08 23:36 - 00000000 ____D () C:\Users\max\Documents\Optimizer Pro 2014-04-08 23:33 - 2014-04-08 23:33 - 00000477 _____ () C:\Windows\wininit.ini 2014-04-08 23:30 - 2014-04-08 23:37 - 00000000 ____D () C:\Program Files\Optimizer Pro 2014-04-08 23:30 - 2014-04-08 23:30 - 00000000 ____D () C:\Program Files\LPT 2014-04-08 23:28 - 2014-04-08 23:28 - 00166632 _____ () C:\Users\max\Downloads\UnlockPhone_downloader_by_UnlockPhone.exe 2014-04-08 23:25 - 2014-04-08 23:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf 2014-04-08 20:39 - 2014-04-08 20:40 - 00000000 ____D () C:\Users\max\Downloads\revoltunairie 2014-04-08 20:36 - 2014-04-08 23:15 - 00000000 ____D () C:\Users\max\AppData\Roaming\HTC 2014-04-08 20:27 - 2014-04-08 21:45 - 00000000 ____D () C:\Users\max\AppData\Local\HTC MediaHub 2014-04-08 20:27 - 2014-04-08 20:34 - 00000000 ____D () C:\Users\max\Documents\HTC 2014-04-08 20:27 - 2014-04-08 20:27 - 00000000 ____D () C:\Users\max\.android 2014-04-08 20:27 - 2014-04-08 20:27 - 00000000 ____D () C:\ProgramData\HTC 2014-04-08 20:26 - 2014-04-08 20:26 - 00001910 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk 2014-04-08 20:07 - 2014-04-08 20:07 - 00000000 ____D () C:\Users\max\{a9506e87-a470-4bea-ae57-af1766891f12} 2014-04-08 20:06 - 2014-04-08 20:06 - 00000000 ___HD () C:\Users\max\Downloads\.ptmp866423 2014-04-08 20:04 - 2014-04-08 20:04 - 00000000 ____D () C:\Users\max\{0417b888-8b19-4ba0-a161-88089450ca9b} 2014-04-08 20:03 - 2014-04-08 20:26 - 00000000 ____D () C:\Program Files\HTC 2014-04-08 20:03 - 2014-04-08 20:03 - 00000000 ____D () C:\Program Files\Spirent Communications 2014-04-08 20:02 - 2014-04-08 20:02 - 00000000 ____D () C:\Users\max\AppData\Local\Downloaded Installations 2014-04-08 20:01 - 2014-04-08 20:01 - 136012136 _____ (HTC) C:\Users\max\Downloads\setup_3.0.52.0_htc.exe 2014-04-08 19:57 - 2014-04-08 19:57 - 01619991 _____ () C:\Users\max\Downloads\revolutionary-0.4pre4.zip 2014-03-25 23:55 - 2014-03-25 23:55 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-03-23 20:31 - 2014-03-23 23:12 - 00001000 _____ () C:\Users\max\Desktop\MailShield.der 2014-03-23 20:10 - 2014-03-23 18:54 - 00000823 _____ () C:\Users\max\Documents\indexfile.txt 2014-03-23 20:09 - 2014-03-23 20:09 - 00000826 _____ () C:\Users\Public\Desktop\MozBackup.lnk 2014-03-23 20:09 - 2014-03-23 20:09 - 00000000 ____D () C:\Program Files\MozBackup 2014-03-23 20:08 - 2014-03-23 20:08 - 01035926 _____ () C:\Users\max\Downloads\MozBackup-1.5.1-EN.exe 2014-03-23 17:58 - 2014-03-23 17:58 - 00000000 ____D () C:\Users\max\AppData\Roaming\Thunderbird 2014-03-23 17:58 - 2014-03-23 17:58 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-03-20 15:27 - 2014-03-20 15:27 - 00000000 ____D () C:\Users\mel\AppData\Local\Microsoft Help 2014-03-13 04:07 - 2014-02-23 07:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 04:07 - 2014-02-23 07:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 04:07 - 2014-02-23 07:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 04:07 - 2014-02-23 07:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 04:07 - 2014-02-23 07:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 04:07 - 2014-02-23 07:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-13 04:07 - 2014-02-23 07:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-03-13 04:07 - 2014-02-23 07:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-13 04:07 - 2014-02-23 07:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 04:07 - 2014-02-23 07:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 04:07 - 2014-02-23 07:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-13 04:07 - 2014-02-23 07:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 04:07 - 2014-02-23 07:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-03-13 04:07 - 2014-02-23 07:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 04:07 - 2014-02-23 07:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-03-13 04:07 - 2014-02-23 07:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-12 05:08 - 2014-02-07 12:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-12 05:08 - 2014-02-03 12:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-12 05:08 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-12 05:08 - 2013-11-13 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll ==================== One Month Modified Files and Folders ======= 2014-04-09 08:50 - 2014-04-09 08:50 - 00016729 _____ () C:\Users\mel\Downloads\FRST.txt 2014-04-09 08:50 - 2014-04-09 08:50 - 00000000 ____D () C:\FRST 2014-04-09 08:49 - 2014-04-09 08:49 - 01145856 _____ (Farbar) C:\Users\mel\Downloads\FRST.exe 2014-04-09 08:49 - 2009-03-03 13:15 - 01623149 _____ () C:\Windows\WindowsUpdate.log 2014-04-09 08:48 - 2014-04-09 08:48 - 01431792 _____ (iMesh Inc) C:\Users\mel\Downloads\iMeshSetup-r1487-w-bf.exe 2014-04-09 08:48 - 2014-04-09 08:48 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-09 08:48 - 2014-04-09 08:48 - 00000000 _____ () C:\Windows\setupact.log 2014-04-09 08:48 - 2010-12-11 18:58 - 00107384 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT 2014-04-09 08:48 - 2006-11-02 14:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-09 08:48 - 2006-11-02 14:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-09 08:45 - 2010-02-07 11:02 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-09 08:35 - 2012-04-23 06:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-09 07:56 - 2010-02-07 11:02 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-09 07:15 - 2008-01-21 09:16 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-09 07:08 - 2014-04-09 07:08 - 00000000 ____D () C:\Users\mel\.android 2014-04-09 07:08 - 2014-01-03 15:09 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4 2014-04-09 07:08 - 2009-07-11 15:39 - 00000000 ____D () C:\Users\mel 2014-04-09 07:07 - 2009-03-03 13:22 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml 2014-04-09 07:07 - 2006-11-02 14:47 - 00392776 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-09 07:06 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-09 00:17 - 2006-11-02 15:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-09 00:01 - 2009-03-03 13:29 - 00000000 ____D () C:\Program Files\Nero 2014-04-09 00:01 - 2009-03-03 13:29 - 00000000 ____D () C:\Program Files\Common Files\Nero 2014-04-08 23:51 - 2014-04-08 23:51 - 00000000 ____D () C:\Users\max\Downloads\Impactor_0.9.14 2014-04-08 23:49 - 2014-04-08 23:49 - 00000000 ____D () C:\Users\max\Downloads\adb 2014-04-08 23:44 - 2014-04-08 23:44 - 11937023 _____ () C:\Users\max\Downloads\Impactor_0.9.14.zip 2014-04-08 23:37 - 2014-04-08 23:30 - 00000000 ____D () C:\Program Files\Optimizer Pro 2014-04-08 23:36 - 2014-04-08 23:36 - 00000000 ____D () C:\Users\max\Documents\Optimizer Pro 2014-04-08 23:33 - 2014-04-08 23:33 - 00000477 _____ () C:\Windows\wininit.ini 2014-04-08 23:31 - 2009-07-11 23:07 - 00107384 _____ () C:\Users\max\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-08 23:30 - 2014-04-08 23:30 - 00000000 ____D () C:\Program Files\LPT 2014-04-08 23:28 - 2014-04-08 23:28 - 00166632 _____ () C:\Users\max\Downloads\UnlockPhone_downloader_by_UnlockPhone.exe 2014-04-08 23:25 - 2014-04-08 23:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf 2014-04-08 23:15 - 2014-04-08 20:36 - 00000000 ____D () C:\Users\max\AppData\Roaming\HTC 2014-04-08 21:45 - 2014-04-08 20:27 - 00000000 ____D () C:\Users\max\AppData\Local\HTC MediaHub 2014-04-08 20:40 - 2014-04-08 20:39 - 00000000 ____D () C:\Users\max\Downloads\revoltunairie 2014-04-08 20:34 - 2014-04-08 20:27 - 00000000 ____D () C:\Users\max\Documents\HTC 2014-04-08 20:27 - 2014-04-08 20:27 - 00000000 ____D () C:\Users\max\.android 2014-04-08 20:27 - 2014-04-08 20:27 - 00000000 ____D () C:\ProgramData\HTC 2014-04-08 20:27 - 2009-11-14 18:33 - 00000000 ____D () C:\Users\max\AppData\Roaming\Apple Computer 2014-04-08 20:27 - 2009-11-14 18:33 - 00000000 ____D () C:\Users\max\AppData\Local\Apple Computer 2014-04-08 20:27 - 2009-07-11 23:06 - 00000000 ____D () C:\Users\max 2014-04-08 20:26 - 2014-04-08 20:26 - 00001910 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk 2014-04-08 20:26 - 2014-04-08 20:03 - 00000000 ____D () C:\Program Files\HTC 2014-04-08 20:08 - 2013-12-11 00:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-08 20:08 - 2013-01-20 21:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-04-08 20:07 - 2014-04-08 20:07 - 00000000 ____D () C:\Users\max\{a9506e87-a470-4bea-ae57-af1766891f12} 2014-04-08 20:06 - 2014-04-08 20:06 - 00000000 ___HD () C:\Users\max\Downloads\.ptmp866423 2014-04-08 20:04 - 2014-04-08 20:04 - 00000000 ____D () C:\Users\max\{0417b888-8b19-4ba0-a161-88089450ca9b} 2014-04-08 20:03 - 2014-04-08 20:03 - 00000000 ____D () C:\Program Files\Spirent Communications 2014-04-08 20:02 - 2014-04-08 20:02 - 00000000 ____D () C:\Users\max\AppData\Local\Downloaded Installations 2014-04-08 20:01 - 2014-04-08 20:01 - 136012136 _____ (HTC) C:\Users\max\Downloads\setup_3.0.52.0_htc.exe 2014-04-08 19:57 - 2014-04-08 19:57 - 01619991 _____ () C:\Users\max\Downloads\revolutionary-0.4pre4.zip 2014-04-07 10:21 - 2009-01-08 18:34 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-25 23:56 - 2012-12-30 13:41 - 00001881 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk 2014-03-25 23:55 - 2014-03-25 23:55 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-03-25 23:55 - 2013-03-02 09:06 - 00180760 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-03-25 23:55 - 2013-03-02 09:06 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-03-25 23:55 - 2012-11-29 23:41 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-03-25 23:55 - 2012-11-29 23:41 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-03-25 23:55 - 2012-11-29 23:41 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-03-25 23:55 - 2012-11-29 23:41 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-03-25 23:55 - 2012-11-29 23:41 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-03-25 23:55 - 2012-11-29 23:41 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-03-25 23:54 - 2012-12-30 13:40 - 00252208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndis2.sys 2014-03-25 23:54 - 2012-12-30 13:40 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-03-23 23:12 - 2014-03-23 20:31 - 00001000 _____ () C:\Users\max\Desktop\MailShield.der 2014-03-23 20:09 - 2014-03-23 20:09 - 00000826 _____ () C:\Users\Public\Desktop\MozBackup.lnk 2014-03-23 20:09 - 2014-03-23 20:09 - 00000000 ____D () C:\Program Files\MozBackup 2014-03-23 20:08 - 2014-03-23 20:08 - 01035926 _____ () C:\Users\max\Downloads\MozBackup-1.5.1-EN.exe 2014-03-23 18:54 - 2014-03-23 20:10 - 00000823 _____ () C:\Users\max\Documents\indexfile.txt 2014-03-23 17:58 - 2014-03-23 17:58 - 00000000 ____D () C:\Users\max\AppData\Roaming\Thunderbird 2014-03-23 17:58 - 2014-03-23 17:58 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-03-20 15:27 - 2014-03-20 15:27 - 00000000 ____D () C:\Users\mel\AppData\Local\Microsoft Help 2014-03-19 04:04 - 2013-08-16 03:15 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-19 04:01 - 2006-11-02 12:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-03-15 23:20 - 2009-07-11 23:07 - 00000000 ____D () C:\Users\max\AppData\Local\Google 2014-03-15 23:20 - 2009-01-08 18:41 - 00000000 ____D () C:\Program Files\Google 2014-03-13 04:48 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache 2014-03-13 04:30 - 2009-11-17 23:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-13 04:03 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-03-12 02:35 - 2012-04-23 06:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-12 02:35 - 2011-05-19 18:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\max\AppData\Local\temp\appshat_generic.exe C:\Users\max\AppData\Local\temp\Installer.exe C:\Users\max\AppData\Local\temp\LiveSupport_setup.exe C:\Users\max\AppData\Local\temp\OptimizerPro.exe C:\Users\max\AppData\Local\temp\UpdateCheckerSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-09 07:19 ==================== End Of Log ============================ --- --- --- --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by mel at 2014-04-09 08:51:08 Running from C:\Users\mel\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== Adobe AIR (HKLM\...\Adobe AIR) (Version: - Adobe Systems Incorporated) Adobe AIR (Version: - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: - Adobe Systems Incorporated) Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) avast! Internet Security (HKLM\...\avast) (Version: 9.0.2016 - Avast Software) Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform) Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft) devolo dLAN Cockpit (HKLM\...\dlancockpit) (Version: - devolo AG) dLAN Cockpit (HKLM\...\Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1) (Version: 3 (23.12.2010) - devolo AG) dLAN Cockpit (Version: 3.23.12 - devolo AG) Hidden Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version: - Facebook, Inc.) Garmin Training Center (HKLM\...\{F57DADA5-BF42-4AA8-9992-2F6B63F4F3AB}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: - Garmin Ltd or its subsidiaries) Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: - Google) Google Update Helper (Version: - Google Inc.) Hidden HDRegDE (HKLM\...\{D359B12F-9B1A-46FD-B70C-F507B5B11590}) (Version: 2.0.0 - Acxiom) HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: - Hewlett-Packard) HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{87B2E9C6-8AC1-43EF-9072-DB2EF0A49680}) (Version: 25.0.619.0 - Hewlett-Packard Co.) HP Officejet 6700 Hilfe (HKLM\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: - Hewlett Packard) HP Photo Creations (HKLM\...\HP Photo Creations) (Version: - HP) HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: - Hewlett-Packard) HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: - HTC Corporation) HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: - HTC) I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: - HP) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: - Sun Microsystems, Inc.) Hidden Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden LPT System Updater Service (HKLM\...\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}) (Version: - LPT) <==== ATTENTION Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (Version: - Microsoft Corporation) Hidden Microsoft Office 2000 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation) Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (Version: 9.7.0621 - Microsoft Corporation) Hidden MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) Mozilla Thunderbird 24.4.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 8 Essentials (HKLM\...\{3559CDE0-11FC-4D7B-A65C-D646035B1031}) (Version: 8.3.389 - Nero AG) neroxml (Version: 1.0.0 - Nero AG) Hidden Packard Bell ImageWriter (HKLM\...\{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}) (Version: 1.00.0000 - ) Packard Bell Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3004 - Acer Incorporated) Packard Bell Updator (HKLM\...\{CA786CFF-1D31-4804-B436-F3405B14357F}) (Version: 3.00.0000 - ) PeaZip 2.9 (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani) PHOTOfunSTUDIO 5.1 HD Edition (HKLM\...\{959282E3-55A9-49D8-B885-D27CF8A2FD82}) (Version: 5.01.130 - Panasonic Corporation) Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden Setup My PC (HKLM\...\{28518520-F25C-48C3-A224-861F331602F4}) (Version: 3.00.0000 - ) Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.) Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Studie zur Verbesserung von HP Officejet 6700 Produkten (HKLM\...\{D0CA4233-2BAF-4947-8895-155AABE10721}) (Version: 25.0.619.0 - Hewlett-Packard Co.) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft) VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN) VTech Download Agent Library (Version: 1.00.0000 - VTech) Hidden VTech Download Manager (HKLM\...\VTechDownloadManager) (Version: - VTech) Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) (HKLM\...\24DA573F901348FFDFF7717497830D45BE0C362E) (Version: 07/07/2009 1.12.2 - Dynastream Innovations) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 - Garmin) Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8098.930 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) ==================== Restore Points ========================= 08-04-2014 18:24:39 Installed HTC Sync Manager. 08-04-2014 21:37:25 Removed Snap.Do 08-04-2014 21:41:17 Removed Nero MediaHome 4 Essentials ==================== Hosts content: ========================== 2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {1F577747-6E85-46F6-A899-8D0BD7EE9D21} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd) Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {7133A487-A40E-4808-9E60-A8F7CA3610A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07] (Google Inc.) Task: {76D205F7-58FB-4F86-B1EA-834C05E7078E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-25] (AVAST Software) Task: {8D9826D2-AB5C-4022-9346-53DF0496D585} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {8D9B98D5-84E6-43BC-BF3F-17C0BEDD39C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07] (Google Inc.) Task: {9AEC67AC-85F1-47B1-93FB-ADB451F41A14} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - mel => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: {B158D38E-1AF1-41D6-AB34-AAE4982CF96D} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.) Task: {E26E4C36-FB38-44A1-8851-C2D934057DCB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-04-08 23:14 - 2014-04-08 23:14 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040802\algo.dll 2009-03-03 13:22 - 2008-07-16 15:00 - 00024576 _____ () C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe 2009-03-03 13:22 - 2009-03-03 13:22 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3010.0__14bcaafdb44b5951\Framework.Model.Controller.dll 2009-03-03 13:22 - 2009-03-03 13:22 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3010.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll 2009-03-03 13:22 - 2009-03-03 13:22 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3010.0__3036420f80dd6947\Framework.Library.dll 2009-03-03 13:22 - 2009-03-03 13:22 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3010.0__672b450de5a7e94a\Framework.Host.dll 2009-03-03 13:22 - 2009-03-03 13:22 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3010.0__9ecdf03bb2054f94\Framework.PluginInterface.dll 2009-03-03 13:22 - 2009-03-03 13:22 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3010.0__4df5dcab8860d239\Framework.Utility.dll 2014-03-24 11:31 - 2014-03-24 11:31 - 00031080 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll 2014-03-24 11:32 - 2014-03-24 11:32 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll 2014-03-24 11:32 - 2014-03-24 11:32 - 00059752 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll 2014-03-24 11:32 - 2014-03-24 11:32 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll 2014-03-24 11:32 - 2014-03-24 11:32 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll 2014-03-24 11:34 - 2014-03-24 11:34 - 00129376 _____ () C:\Program Files\HTC\HTC Sync Manager\zlib1.dll 2014-03-24 11:36 - 2014-03-24 11:36 - 00223592 _____ () C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll 2012-12-07 17:26 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2013-10-24 00:52 - 2013-10-24 00:52 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-06-24 10:54 - 2013-06-20 09:58 - 00391040 _____ () C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe 2013-06-24 10:54 - 2010-06-24 03:16 - 02150400 _____ () C:\Program Files\VTech\DownloadManager\System\QtCore4.dll 2013-06-24 10:54 - 2010-07-13 15:07 - 07826432 _____ () C:\Program Files\VTech\DownloadManager\System\QtGui4.dll 2013-06-24 10:54 - 2010-06-02 04:29 - 00934912 _____ () C:\Program Files\VTech\DownloadManager\System\QtNetwork4.dll 2013-06-24 10:54 - 2010-06-02 04:28 - 00335360 _____ () C:\Program Files\VTech\DownloadManager\System\QtXml4.dll 2013-06-24 10:54 - 2012-08-06 11:54 - 09843640 _____ () C:\Program Files\VTech\DownloadManager\System\QtWebKit4.dll 2013-06-24 10:54 - 2010-06-02 04:56 - 00232960 _____ () C:\Program Files\VTech\DownloadManager\System\phonon4.dll 2013-06-24 10:54 - 2010-06-02 04:54 - 02530816 _____ () C:\Program Files\VTech\DownloadManager\System\QtXmlPatterns4.dll 2013-06-24 10:54 - 2010-07-05 11:19 - 00116736 _____ () C:\Program Files\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll 2013-06-24 10:54 - 2010-11-11 11:24 - 00028160 _____ () C:\Program Files\VTech\DownloadManager\System\DACommCenter.dll 2013-06-24 10:54 - 2010-06-02 07:05 - 00025600 _____ () C:\Program Files\VTech\DownloadManager\System\imageformats\qgif4.dll 2013-06-24 10:54 - 2010-06-02 07:05 - 00119808 _____ () C:\Program Files\VTech\DownloadManager\System\imageformats\qjpeg4.dll 2013-12-11 00:00 - 2014-03-29 15:55 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/09/2014 07:54:05 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/09/2014 07:54:05 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/09/2014 07:08:46 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/09/2014 00:01:30 AM) (Source: Microsoft-Windows-RestartManager) (User: Mel-PC) Description: 0NMMediaServerService.exeNero MediaHome 4 Service03026217825040 Error: (04/08/2014 11:59:54 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung Impactor.exe, Version, Zeitstempel 0x52745555, fehlerhaftes Modul Impactor.exe, Version, Zeitstempel 0x52745555, Ausnahmecode 0x40000015, Fehleroffset 0x0045dc28, Prozess-ID 0x240c, Anwendungsstartzeit Impactor.exe0. Error: (04/08/2014 11:45:22 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung Impactor.exe, Version, Zeitstempel 0x52745555, fehlerhaftes Modul AdbWinApi.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d, Prozess-ID 0x1d58, Anwendungsstartzeit Impactor.exe0. Error: (04/08/2014 11:41:17 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005. Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {cf6cae1d-abf9-41cc-8e87-57a2641b0235} Error: (04/08/2014 11:36:00 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung update_checker.exe, Version, Zeitstempel 0x525d9c67, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000005, Fehleroffset 0x00067450, Prozess-ID 0x1144, Anwendungsstartzeit update_checker.exe0. Error: (04/08/2014 08:38:30 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung revolutionary.exe, Version, Zeitstempel 0x4e4aeefd, fehlerhaftes Modul AdbWinApi.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d, Prozess-ID 0xbac, Anwendungsstartzeit revolutionary.exe0. Error: (04/08/2014 08:33:14 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (04/09/2014 07:09:28 AM) (Source: DCOM) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (04/09/2014 07:08:50 AM) (Source: Service Control Manager) (User: ) Description: LPT System Updater Service%%1053 Error: (04/09/2014 07:08:50 AM) (Source: Service Control Manager) (User: ) Description: 30000LPT System Updater Service Error: (04/09/2014 07:08:50 AM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (04/09/2014 07:06:45 AM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueue0.0.0.0:4482 Error: (04/08/2014 08:39:22 PM) (Source: Service Control Manager) (User: ) Description: Windows Update Error: (04/08/2014 08:34:43 PM) (Source: Service Control Manager) (User: ) Description: 30000avast! Antivirus Error: (04/08/2014 08:33:16 PM) (Source: Service Control Manager) (User: ) Description: Nero MediaHome 4 Service%%1053 Error: (04/08/2014 08:33:16 PM) (Source: Service Control Manager) (User: ) Description: 30000Nero MediaHome 4 Service Error: (04/08/2014 08:33:16 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Microsoft Office Sessions: ========================= Error: (04/09/2014 07:54:05 AM) (Source: SideBySide)(User: ) Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe Error: (04/09/2014 07:54:05 AM) (Source: SideBySide)(User: ) Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe Error: (04/09/2014 07:08:46 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/09/2014 00:01:30 AM) (Source: Microsoft-Windows-RestartManager)(User: Mel-PC) Description: 0NMMediaServerService.exeNero MediaHome 4 Service03026217825040 Error: (04/08/2014 11:59:54 PM) (Source: Application Error)(User: ) Description: Impactor.exe0.0.0.052745555Impactor.exe0.0.0.052745555400000150045dc28240c01cf5375b2ecb4d0 Error: (04/08/2014 11:45:22 PM) (Source: Application Error)(User: ) Description: Impactor.exe0.0.0.052745555AdbWinApi.dll6.0.6002.1888151da3e27c000013500009f5d1d5801cf5373d6a0f190 Error: (04/08/2014 11:41:17 PM) (Source: VSS)(User: ) Description: 0x80070005 Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {cf6cae1d-abf9-41cc-8e87-57a2641b0235} Error: (04/08/2014 11:36:00 PM) (Source: Application Error)(User: ) Description: update_checker.exe4.3.0.0525d9c67ntdll.dll6.0.6002.1888151da3e27c000000500067450114401cf53719fbdf530 Error: (04/08/2014 08:38:30 PM) (Source: Application Error)(User: ) Description: revolutionary.exe0.0.0.04e4aeefdAdbWinApi.dll6.0.6002.1888151da3e27c000013500009f5dbac01cf5359b9196144 Error: (04/08/2014 08:33:14 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-06-23 12:55:21.796 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-23 12:55:21.219 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-23 12:55:20.704 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-23 12:55:20.143 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-23 12:55:19.581 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-23 12:55:19.020 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-23 12:55:18.489 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-23 12:55:17.959 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-23 12:55:17.413 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-06-23 12:55:16.898 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 45% Total physical RAM: 2999.98 MB Available physical RAM: 1620.01 MB Total Pagefile: 6222.22 MB Available Pagefile: 4904.95 MB Total Virtual: 2047.88 MB Available Virtual: 1904.46 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:285.09 GB) (Free:155.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 240F65D6) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=285 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Könnt Ihr mir bitte weiterhelfen? AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 10/04/2014 um 13:12:05 # Aktualisiert 01/04/2014 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzername : mel - MEL-PC # Gestartet von : C:\Users\mel\Downloads\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : LPTSystemUpdater ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Program Files\LPT Ordner Gelöscht : C:\Program Files\Optimizer Pro Ordner Gelöscht : C:\Users\max\Documents\Optimizer Pro Datei Gelöscht : C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\ob5vl5bk.default\searchplugins\Web Search.xml ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\ilivid Schlüssel Gelöscht : HKCU\Software\SearchCore for Browsers Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\mediabarim Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iMesh 1 MediaBar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchCore for Browsers ***** [ Browser ] ***** -\\ Internet Explorer v9.0.8112.16540 -\\ Mozilla Firefox v28.0 (de) [ Datei : C:\Users\mel\AppData\Roaming\Mozilla\Firefox\Profiles\ob5vl5bk.default\prefs.js ] Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0vsTgwWcD3sttaWNI5RBkK_z706MA7_Ngv-2pTDP_G-crdRdUVWc3Af7-7SAafralkVMqVaFt2ERp[...] Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search"); Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0vsTgwWcD3sttaWNI5RBkK_z706MA7_Ngv-2pTDP_G-crdRdUVWc3Af7-7SAafralob2TvMupeBOrYDlPmQpGsiW7a[...] Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlO-xkuKtzfsTQg0vsTgwWcD3sttaWNI5RBkK_z706MA7_Ngv-2pTDP_G-crdRdUVWc3Af7-7SAafraliwdAEhQCHjAkA40XU2[...] [ Datei : C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\ba8te3p0.default\prefs.js ] Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false); Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false); Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); Zeile gelöscht : user_pref("extensions.helperbar.Visibility", true); Zeile gelöscht : user_pref("extensions.helperbar.backPageCapacity", 3); Zeile gelöscht : user_pref("extensions.helperbar.backPageCounter", 0); Zeile gelöscht : user_pref("extensions.helperbar.backPageDay", 8); Zeile gelöscht : user_pref("extensions.helperbar.backPageLastEvent", "1396819847906"); Zeile gelöscht : user_pref("extensions.helperbar.backPageMinInterval", 15); Zeile gelöscht : user_pref("extensions.helperbar.barcodeid", "126634"); Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de"); Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "somotoch"); Zeile gelöscht : user_pref("extensions.helperbar.fromautoupdate", "false"); Zeile gelöscht : user_pref("extensions.helperbar.installationid", "429958a2-1cf9-2e8e-a2f8-fac15a79be18"); Zeile gelöscht : user_pref("extensions.helperbar.installdate", "08/04/2014"); Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1396992640"); Zeile gelöscht : user_pref("extensions.helperbar.publisher", "somoto"); -\\ Google Chrome v [ Datei : C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4953 octets] - [10/04/2014 13:10:03] AdwCleaner[S0].txt - [4884 octets] - [10/04/2014 13:12:05] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4944 octets] ########## |
![]() ![]() | ![]() Snapdo entfernen OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.04.2014 13:32:41 - Run 1 OTL by OldTimer - Version Folder = C:\Users\mel\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 60,03% Memory free 6,08 Gb Paging File | 4,96 Gb Available in Paging File | 81,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285,09 Gb Total Space | 148,87 Gb Free Space | 52,22% Space Free | Partition Type: NTFS Computer Name: MEL-PC | User Name: mel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\mel\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software) PRC - C:\Programme\HTC\HTC Sync Manager\HTC Sync\adb.exe () PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG) PRC - C:\Programme\VTech\DownloadManager\System\AgentMonitor.exe () PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\devolo\dlan\devolonetsvc.exe (devolo AG) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe () PRC - C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\HTC\HTC Sync Manager\HTC Sync\adb.exe () MOD - C:\Programme\AVAST Software\Avast\libcef.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Programme\VTech\DownloadManager\System\AgentMonitor.exe () MOD - C:\Programme\VTech\DownloadManager\System\QtWebKit4.dll () MOD - C:\Programme\VTech\DownloadManager\System\DACommCenter.dll () MOD - C:\Programme\VTech\DownloadManager\System\QtGui4.dll () MOD - C:\Programme\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll () MOD - C:\Programme\VTech\DownloadManager\System\QtCore4.dll () MOD - C:\Programme\VTech\DownloadManager\System\imageformats\qgif4.dll () MOD - C:\Programme\VTech\DownloadManager\System\imageformats\qjpeg4.dll () MOD - C:\Programme\VTech\DownloadManager\System\phonon4.dll () MOD - C:\Programme\VTech\DownloadManager\System\QtXmlPatterns4.dll () MOD - C:\Programme\VTech\DownloadManager\System\QtNetwork4.dll () MOD - C:\Programme\VTech\DownloadManager\System\QtXml4.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (avast! Firewall) -- C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (HTCMonitorService) -- C:\Programme\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (DevoloNetworkService) -- C:\Programme\devolo\dlan\devolonetsvc.exe (devolo AG) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (ETService) -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe () SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation) ========== Driver Services (SafeList) ========== DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\max\AppData\Local\Temp\catchme.sys File not found DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswsp.sys (AVAST Software) DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys () DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys () DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software) DRV - (aswNdis2) -- C:\Windows\System32\drivers\aswndis2.sys (AVAST Software) DRV - (aswNdis) -- C:\Windows\System32\drivers\aswNdis.sys (ALWIL Software) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (NPF_devolo) -- C:\Windows\System32\drivers\npf_devolo.sys (CACE Technologies) DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3388527527-2323720586-789991275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKU\S-1-5-21-3388527527-2323720586-789991275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3388527527-2323720586-789991275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-3388527527-2323720586-789991275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKU\S-1-5-21-3388527527-2323720586-789991275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3388527527-2323720586-789991275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 A6 15 FC 72 7E CB 01 [binary data] IE - HKU\S-1-5-21-3388527527-2323720586-789991275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3388527527-2323720586-789991275-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3388527527-2323720586-789991275-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox IE - HKU\S-1-5-21-3388527527-2323720586-789991275-1000\..\SearchScopes\{07CC685C-EC51-4366-A5A0-5CAF55286480}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_deFR335 IE - HKU\S-1-5-21-3388527527-2323720586-789991275-1000\..\SearchScopes\{08215E9A-ED98-497B-8FB9-C7F2A0C9FACD}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-3388527527-2323720586-789991275-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKU\S-1-5-21-3388527527-2323720586-789991275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\mel\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( ) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\mel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014.03.25 23:55:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.12.11 00:00:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.01.16 17:19:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.12.11 00:00:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.01.16 17:19:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.06.22 09:09:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mel\AppData\Roaming\mozilla\Extensions [2010.08.31 15:06:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mel\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2014.04.10 10:51:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mel\AppData\Roaming\mozilla\Firefox\Profiles\ob5vl5bk.default\extensions [2013.12.14 09:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.12.11 00:00:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.12.11 00:00:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2013.12.11 00:00:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.12.11 00:00:55 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2013.12.11 00:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2014.03.29 15:55:13 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - plugin: Error reading preferences file CHR - Extension: Google Docs = C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\ CHR - Extension: avast! Online Security = C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_1\ CHR - Extension: Skype Click to Call = C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_0\ CHR - Extension: Google Wallet = C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\\ CHR - Extension: Google Mail = C:\Users\mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-3388527527-2323720586-789991275-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3388527527-2323720586-789991275-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [AgentMonitor] C:\Programme\VTech\DownloadManager\System\AgentMonitor.exe () O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3388527527-2323720586-789991275-1000..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.51.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B4659BE-38CE-43A8-A295-283BB841CC6C}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2387299-5ECE-470C-9281-BBB0DEF893C7}: DhcpNameServer = O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2014.04.10 13:27:46 | 000,000,000 | ---D | C] -- C:\Users\mel\AppData\Local\Apple Computer [2014.04.10 13:27:45 | 000,000,000 | ---D | C] -- C:\Users\mel\AppData\Roaming\Apple Computer [2014.04.10 13:27:44 | 000,000,000 | ---D | C] -- C:\Users\mel\AppData\Local\HTC MediaHub [2014.04.10 13:27:44 | 000,000,000 | ---D | C] -- C:\Users\mel\Documents\HTC [2014.04.10 13:10:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014.04.09 08:50:22 | 000,000,000 | ---D | C] -- C:\FRST [2014.04.09 07:08:02 | 000,000,000 | ---D | C] -- C:\Users\mel\.android [2014.04.08 23:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2014.04.08 20:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC [2014.04.08 20:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC [2014.04.08 20:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spirent Communications [2014.04.08 20:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\HTC [2014.03.25 23:55:14 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2014.03.23 20:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup [2014.03.23 20:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup [2014.03.23 17:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2014.03.20 15:27:30 | 000,000,000 | ---D | C] -- C:\Users\mel\AppData\Local\Microsoft Help [2014.03.13 04:07:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2014.03.13 04:07:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2014.03.13 04:07:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2014.03.13 04:07:26 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2014.03.13 04:07:25 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2014.03.13 04:07:24 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2014.03.13 04:07:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2014.03.13 04:07:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2014.03.12 05:08:10 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2014.03.12 05:08:08 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2014.03.12 05:08:06 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll [2014.03.12 05:08:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll ========== Files - Modified Within 30 Days ========== [2014.04.10 13:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.04.10 13:27:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014.04.10 13:22:54 | 000,673,574 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2014.04.10 13:22:54 | 000,633,784 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014.04.10 13:22:54 | 000,145,554 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2014.04.10 13:22:54 | 000,119,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014.04.10 13:15:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2014.04.10 13:14:32 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2014.04.10 13:14:32 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2014.04.10 13:14:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.04.10 12:46:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014.04.09 07:07:26 | 000,392,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2014.04.08 23:33:16 | 000,000,477 | ---- | M] () -- C:\Windows\wininit.ini [2014.04.08 23:25:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf [2014.04.08 20:26:33 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync Manager.lnk [2014.03.25 23:56:13 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2014.03.25 23:55:15 | 000,776,976 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2014.03.25 23:55:15 | 000,411,552 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys [2014.03.25 23:55:15 | 000,180,760 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys [2014.03.25 23:55:15 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2014.03.25 23:55:15 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2014.03.25 23:55:15 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2014.03.25 23:55:15 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys [2014.03.25 23:55:14 | 000,271,264 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2014.03.25 23:55:14 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2014.03.25 23:54:56 | 000,026,136 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys [2014.03.25 23:54:49 | 000,252,208 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswndis2.sys [2014.03.23 20:09:39 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk [2014.03.12 02:35:46 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014.03.12 02:35:46 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2014.04.08 23:33:16 | 000,000,477 | ---- | C] () -- C:\Windows\wininit.ini [2014.04.08 23:25:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf [2014.04.08 20:26:33 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync Manager.lnk [2014.03.23 20:09:39 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk [2013.12.25 11:09:51 | 000,000,789 | ---- | C] () -- C:\Users\mel\AppData\Local\cookies.ini [2013.03.02 09:06:15 | 000,180,760 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.03.02 09:06:14 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2012.09.25 22:16:33 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2009.12.18 16:17:33 | 000,000,680 | ---- | C] () -- C:\Users\mel\AppData\Local\d3d9caps.dat [2009.07.23 18:06:54 | 000,035,328 | ---- | C] () -- C:\Users\mel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.04.2014 13:32:41 - Run 1 OTL by OldTimer - Version Folder = C:\Users\mel\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 60,03% Memory free 6,08 Gb Paging File | 4,96 Gb Available in Paging File | 81,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285,09 Gb Total Space | 148,87 Gb Free Space | 52,22% Space Free | Partition Type: NTFS Computer Name: MEL-PC | User Name: mel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3388527527-2323720586-789991275-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [+ Add to separate archive(s)] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2archive" "%1" (Giorgio Tani) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0109A02B-F0CD-4942-93B6-23ADF51A9C08}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{0133AB35-5583-4312-A842-454BFFDF0AE5}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{1EBE5F27-2D1A-4082-A6BC-008FE99C4E95}" = lport=19375 | protocol=17 | dir=in | app=c:\program files\devolo\dlan\devolonetsvc.exe | "{3345614C-2B6A-4EA8-AD00-A85E9898182D}" = rport=137 | protocol=17 | dir=out | app=system | "{3788E45F-AF4B-4BFD-8FDC-CC0B9DB79443}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{38871025-016B-4615-9728-857CD651B156}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3AEBFA10-64D2-4EC4-AE25-45B9884FADE5}" = lport=138 | protocol=17 | dir=in | app=system | "{43232BAD-B300-4238-9C7A-5108E9BBE1F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{4E369134-3205-4E5A-A6E3-424E430EE65F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{7296FF64-8F63-4C07-85F1-4AEC718FC473}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{780A30CB-9EF6-47C7-B4BD-084D2205B442}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{7C171875-2ABF-40B0-BEBB-7747BEA3D1F2}" = lport=2869 | protocol=6 | dir=in | app=system | "{81237401-DDA9-4C14-9F79-EFF77D939C26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{837ED2C9-F8F2-454E-AC1B-BA7473369B8B}" = lport=19376 | protocol=6 | dir=in | app=c:\program files\devolo\dlan\devolonetsvc.exe | "{8A2EB253-904D-452A-8A1A-DC8DF0503840}" = rport=445 | protocol=6 | dir=out | app=system | "{9580F6F3-A1FD-49A7-9397-3BB0346D69E5}" = rport=138 | protocol=17 | dir=out | app=system | "{A2AE11E8-4FC2-4EB0-BE0B-3F30838A4A5F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AA384D2A-8BE3-458D-BE18-ED70C19BC196}" = lport=139 | protocol=6 | dir=in | app=system | "{ADCA13A5-AA9D-4BFA-9B17-842E08DB8650}" = rport=139 | protocol=6 | dir=out | app=system | "{B107DCA5-1CA7-4F24-B770-3DC6E9EE8AE1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{BED49A88-5E18-4346-BC65-6AC9FCE3A759}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{BF61A447-164B-412E-82B6-AE18149887F7}" = lport=445 | protocol=6 | dir=in | app=system | "{C99951BF-2673-4C41-9A2C-000686EF7CA6}" = lport=137 | protocol=17 | dir=in | app=system | "{D74E0116-72F5-4BA8-B15D-EDE1D433F0A1}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{E4C9A481-7241-4263-B6C8-29F44B7E9556}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E78EEE55-541B-4731-91E8-9FF77D45D477}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F4739EE8-063F-4CC1-8A7A-506D33815D4E}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{063F7D4E-A636-4D35-AF26-32A911E8683C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0A0DC493-141B-41A3-8097-F431BA586738}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{123C7692-8562-4A38-A4C4-D382F346E314}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{22A8B182-140C-4EA0-A68D-34C7058FE01C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{2481F521-CAA5-4419-B479-735AC5E0256F}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe | "{26C24B4B-5F76-4EF9-ACA0-ECA214CA359B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{45DB80AE-1FEC-4315-9B77-6F0942E7D88B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{4F05424D-D5CC-40FA-98E4-AAEDD852532F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{630EF2B2-9122-46EB-A462-7B88ACFC5E9C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{758EF5B6-216D-4C1F-B9D3-B3041FB656CF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{7A5ED657-15E2-4124-8192-FE1C1A2CED91}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{86F032A7-0880-43D0-8C10-77CFDFAA18B4}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\devicesetup.exe | "{8EAE9A5C-95E4-436E-A3E0-0CF7DEED9DBD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{90D5A159-B5B6-4318-8FEA-79394A86898E}" = dir=in | app=c:\program files\htc\htc sync manager\htcsyncmanager.exe | "{96FDAB92-1409-442E-B19B-E6C711CC4694}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{A7DE2DAF-9F2E-45BC-BFA7-51BC45A10A85}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{B3D73E24-5368-4992-AAB3-CD6B64B40400}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C09CAF8B-DADF-4144-8AD3-958786B9A1D4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C62118A3-3060-4CAC-88C3-7104C25A3BCD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E00CF71F-6701-4A36-BECA-AFBE448182E8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{EAC46B3A-140A-4570-B01E-8C0F3876D5DD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "TCP Query User{0537244F-DDE7-4774-BC6D-1270C07D75E5}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{79DA53C2-242A-41AB-BB53-719DDC85C47F}C:\users\max\downloads\support_freeedition_ws79946756_de.exe" = protocol=6 | dir=in | app=c:\users\max\downloads\support_freeedition_ws79946756_de.exe | "TCP Query User{A5EA2D01-9C86-46A2-AB35-1E29498AB8E9}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{D3502D8B-2C7A-4AC7-83CD-4F81224BC47D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{F7EFC44B-5536-484B-9919-7AAAD4E57598}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{29B61E4F-91DD-42F7-B4A6-33E96FCF6E55}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{6577A4B6-EEDE-46FC-8247-2FB2CB3570FF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{751A73A2-EA17-4AEA-BFAD-7E9FF14D0E9A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{8A3D47E7-AAC4-4F5C-8A7E-4936CAD39BC6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{BDF7407C-FD03-4611-A79E-1669E7ADCC7D}C:\users\max\downloads\support_freeedition_ws79946756_de.exe" = protocol=17 | dir=in | app=c:\users\max\downloads\support_freeedition_ws79946756_de.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{231D0C79-98A6-4693-A366-36DE7D7346EC}" = HTC Sync Manager "{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 51 "{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library "{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2 "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in "{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11 "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack "{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}" = HP Officejet 6700 Hilfe "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 2.9 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{846E4C72-DF45-43ED-1680-EDF5F87F279E}" = dLAN Cockpit "{87B2E9C6-8AC1-43EF-9072-DB2EF0A49680}" = HP Officejet 6700 - Grundlegende Software für das Gerät "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch) "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.1 HD Edition "{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E871D09-064D-3BC9-963B-3AB8ABE1273D}" = Microsoft .NET Framework 4.5.1 (DEU) "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.9) - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR "{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}" = LPT System Updater Service "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0CA4233-2BAF-4947-8895-155AABE10721}" = Studie zur Verbesserung von HP Officejet 6700 Produkten "{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter "{F57DADA5-BF42-4AA8-9992-2F6B63F4F3AB}" = Garmin Training Center "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin "avast" = avast! Internet Security "CCleaner" = CCleaner "Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1" = dLAN Cockpit "dlancockpit" = devolo dLAN Cockpit "HDMI" = Intel(R) Graphics Media Accelerator Driver "HP Photo Creations" = HP Photo Creations "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MozBackup" = MozBackup 1.5.1 "Mozilla Firefox 28.0 (x86 de)" = Mozilla Firefox 28.0 (x86 de) "Mozilla Thunderbird 24.4.0 (x86 de)" = Mozilla Thunderbird 24.4.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "VLC media player" = VLC media player 2.1.0 "VTechDownloadManager" = VTech Download Manager "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3388527527-2323720586-789991275-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08.04.2014 17:41:17 | Computer Name = Mel-PC | Source = VSS | ID = 8194 Description = Error - 08.04.2014 17:45:22 | Computer Name = Mel-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Impactor.exe, Version, Zeitstempel 0x52745555, fehlerhaftes Modul AdbWinApi.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d, Prozess-ID 0x1d58, Anwendungsstartzeit 01cf5373d6a0f190. Error - 08.04.2014 17:59:54 | Computer Name = Mel-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Impactor.exe, Version, Zeitstempel 0x52745555, fehlerhaftes Modul Impactor.exe, Version, Zeitstempel 0x52745555, Ausnahmecode 0x40000015, Fehleroffset 0x0045dc28, Prozess-ID 0x240c, Anwendungsstartzeit 01cf5375b2ecb4d0. Error - 08.04.2014 18:01:30 | Computer Name = Mel-PC | Source = Microsoft-Windows-RestartManager | ID = 10007 Description = Error - 09.04.2014 01:08:46 | Computer Name = Mel-PC | Source = WinMgmt | ID = 10 Description = Error - 09.04.2014 01:54:05 | Computer Name = Mel-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 09.04.2014 01:54:05 | Computer Name = Mel-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 10.04.2014 03:01:12 | Computer Name = Mel-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung firefox.exe, Version, Zeitstempel 0x53240e37, fehlerhaftes Modul xul.dll, Version, Zeitstempel 0x53240e04, Ausnahmecode 0xc0000005, Fehleroffset 0x00184729, Prozess-ID 0xca4, Anwendungsstartzeit 01cf548a0b4e61e0. Error - 10.04.2014 03:01:36 | Computer Name = Mel-PC | Source = EventSystem | ID = 4621 Description = Error - 10.04.2014 07:15:25 | Computer Name = Mel-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 08.04.2014 14:34:43 | Computer Name = Mel-PC | Source = Service Control Manager | ID = 7011 Description = Error - 08.04.2014 14:39:22 | Computer Name = Mel-PC | Source = Service Control Manager | ID = 7022 Description = Error - 09.04.2014 01:06:45 | Computer Name = Mel-PC | Source = HTTP | ID = 15021 Description = Error - 09.04.2014 01:08:50 | Computer Name = Mel-PC | Source = Service Control Manager | ID = 7000 Description = Error - 09.04.2014 01:08:50 | Computer Name = Mel-PC | Source = Service Control Manager | ID = 7009 Description = Error - 09.04.2014 01:08:50 | Computer Name = Mel-PC | Source = Service Control Manager | ID = 7000 Description = Error - 09.04.2014 01:09:28 | Computer Name = Mel-PC | Source = DCOM | ID = 10010 Description = Error - 09.04.2014 06:07:18 | Computer Name = Mel-PC | Source = DCOM | ID = 10010 Description = Error - 10.04.2014 07:14:32 | Computer Name = Mel-PC | Source = HTTP | ID = 15021 Description = Error - 10.04.2014 07:15:26 | Computer Name = Mel-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > |
Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Downloade Dir bitte
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
![]() ![]() | ![]() Snapdo entfernen Malwarebytes Anti-Malware Malwarebytes | Free Anti-Malware & Internet Security Software Suchlauf Datum: 15.04.2014 Suchlauf-Zeit: 10:22:36 Logdatei: mbam-log-text20140414.txt Administrator: Ja Version: Malware Datenbank: v2014.04.15.03 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: max Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 319420 Verstrichene Zeit: 2 Std, 46 Min, 2 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 6 PUP.Optional.Somoto.A, C:\Users\max\AppData\Local\temp\appshat_generic.exe, In Quarantäne, [c23e41bfed1301ffca5262c0fa061be5], PUP.Optional.Somoto, C:\Users\max\AppData\Local\temp\UpdateCheckerSetup.exe, In Quarantäne, [0bf5e41cf010ef115994dd49966a2ad6], PUP.Optional.Tarma, C:\Users\max\Downloads\Scarlet.Young.Sexy.Lady.Gangbang.Style.German.XXX.DVDRiP.x264-TattooLovers.exe, In Quarantäne, [b947f10f49b718e83f79c784e71afc04], PUP.Optional.Somoto.A, C:\Users\max\Downloads\UnlockPhone_downloader_by_UnlockPhone.exe, In Quarantäne, [b848b94717e9dc2496710533e818738d], PUP.Optional.Bandoo.A, C:\Users\mel\Downloads\iMeshSetup-r1487-w-bf.exe, In Quarantäne, [dc2404fc000020e004d343e4c9386f91], Backdoor.ProRat, C:\Windows\temp\peydjoti.tmp, In Quarantäne, [6997cf3144bc21df2cbcf1e230d22bd5], Physische Sektoren: 0 (No malicious items detected) (end)JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows Vista (TM) Home Premium x86 Ran by max on 15.04.2014 at 15:39:40,80 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\drivergenius" ~~~ FireFox Successfully deleted the following from C:\Users\max\AppData\Roaming\mozilla\firefox\profiles\ba8te3p0.default\prefs.js user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\" user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o Emptied folder: C:\Users\max\AppData\Roaming\mozilla\firefox\profiles\ba8te3p0.default\minidumps [14 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 15.04.2014 at 15:46:54,48 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2014 Ran by max (administrator) on MEL-PC on 15-04-2014 15:59:08 Running from C:\Users\max\Downloads Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe () C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe (Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (Prolific Technology Inc.) C:\Windows\system32\IoctlSvc.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe (Packard Bell BV) C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Packard Bell BV) C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Windows\system32\LogonUI.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-04] (Realtek Semiconductor) HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [150040 2008-08-12] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [170520 2008-08-12] (Intel Corporation) HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [145944 2008-08-12] (Intel Corporation) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-08-04] (Realtek Semiconductor Corp.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-25] (AVAST Software) HKLM\...\Run: [AgentMonitor] => C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] () HKU\S-1-5-21-3388527527-2323720586-789991275-1000\...\Run: [SmpcSys] => C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe [1038136 2008-07-07] (Packard Bell BV) HKU\S-1-5-21-3388527527-2323720586-789991275-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3388527527-2323720586-789991275-1001\...\Run: [SmpcSys] => C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe [1038136 2008-07-07] (Packard Bell BV) HKU\S-1-5-21-3388527527-2323720586-789991275-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3388527527-2323720586-789991275-1001\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation) HKU\S-1-5-21-3388527527-2323720586-789991275-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.) HKU\S-1-5-21-3388527527-2323720586-789991275-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKU\S-1-5-21-3388527527-2323720586-789991275-1001\...\Run: [Nero MediaHome 4] => "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN HKU\S-1-5-21-3388527527-2323720586-789991275-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Microsoft Corporation HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x10F92A9F7E8CCA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] FireFox: ======== FF ProfilePath: C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\ba8te3p0.default FF SelectedSearchEngine: Google FF Homepage: about:home FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2013-12-11] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-11] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2013-12-11] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-11] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-29] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-25] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-03-25] (AVAST Software) R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation) R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG) R2 ETService; C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [24576 2008-07-16] () R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.) ==================== Drivers (Whitelisted) ==================== R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-03-25] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-03-25] (AVAST Software) R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2012-07-13] (ALWIL Software) R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [252208 2014-03-25] (AVAST Software) R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-03-25] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-03-25] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-03-25] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-03-25] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-03-25] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180760 2014-03-25] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation) U4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-15] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation) R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\Users\max\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 RimUsb; System32\Drivers\RimUsb.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-15 15:59 - 2014-04-15 15:59 - 00017529 _____ () C:\Users\max\Downloads\FRST.txt 2014-04-15 15:58 - 2014-04-15 15:58 - 01042944 _____ (Farbar) C:\Users\max\Downloads\FRST.exe 2014-04-15 15:46 - 2014-04-15 15:46 - 00001910 _____ () C:\Users\max\Desktop\JRT.txt 2014-04-15 10:33 - 2014-04-15 10:33 - 01016261 _____ (Thisisu) C:\Users\max\Downloads\JRT.exe 2014-04-15 10:24 - 2014-04-15 10:24 - 00001650 _____ () C:\Windows\PFRO.log 2014-04-15 07:34 - 2014-04-15 12:57 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-15 07:33 - 2014-04-15 07:33 - 00000901 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-15 07:33 - 2014-04-15 07:33 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-04-15 07:33 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-15 07:33 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-15 07:33 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-15 07:32 - 2014-04-15 07:32 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\max\Downloads\mbam-setup- 2014-04-15 07:24 - 2014-04-15 07:24 - 00001059 _____ () C:\Users\max\Desktop\Revo Uninstaller.lnk 2014-04-15 07:24 - 2014-04-15 07:24 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-04-15 07:23 - 2014-04-15 07:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\max\Downloads\revosetup95.exe 2014-04-10 14:16 - 2014-03-08 01:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-10 14:16 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-10 14:16 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-10 14:16 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-10 14:16 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-10 14:16 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-10 14:16 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-04-10 14:16 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-10 14:16 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-10 14:16 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-10 14:16 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-10 14:16 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-10 14:16 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-10 14:16 - 2014-03-08 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-10 14:16 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-04-10 14:16 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-10 14:10 - 2014-04-10 14:10 - 04892480 _____ (WinZip International LLC ) C:\Users\mel\Downloads\wzmp_8.exe 2014-04-10 13:42 - 2014-04-10 13:42 - 00051698 _____ () C:\Users\mel\Downloads\Extras.Txt 2014-04-10 13:41 - 2014-04-10 13:41 - 00066866 _____ () C:\Users\mel\Downloads\OTL.Txt 2014-04-10 13:30 - 2014-04-10 13:30 - 00602112 _____ (OldTimer Tools) C:\Users\mel\Downloads\OTL.exe 2014-04-10 13:27 - 2014-04-10 18:19 - 00000000 ____D () C:\Users\mel\AppData\Local\HTC MediaHub 2014-04-10 13:27 - 2014-04-10 13:27 - 00000000 ____D () C:\Users\mel\Documents\HTC 2014-04-10 13:27 - 2014-04-10 13:27 - 00000000 ____D () C:\Users\mel\AppData\Roaming\Apple Computer 2014-04-10 13:27 - 2014-04-10 13:27 - 00000000 ____D () C:\Users\mel\AppData\Local\Apple Computer 2014-04-10 13:10 - 2014-04-10 13:12 - 00000000 ____D () C:\AdwCleaner 2014-04-10 13:09 - 2014-04-10 13:09 - 01426178 _____ () C:\Users\mel\Downloads\adwcleaner(1).exe 2014-04-10 13:08 - 2014-04-10 13:08 - 01426178 _____ () C:\Users\mel\Downloads\adwcleaner.exe 2014-04-10 11:52 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 08:51 - 2014-04-09 08:51 - 00035927 _____ () C:\Users\mel\Downloads\Addition.txt 2014-04-09 08:50 - 2014-04-15 15:59 - 00000000 ____D () C:\FRST 2014-04-09 08:50 - 2014-04-09 08:51 - 00031751 _____ () C:\Users\mel\Downloads\FRST.txt 2014-04-09 08:49 - 2014-04-09 08:49 - 01145856 _____ (Farbar) C:\Users\mel\Downloads\FRST.exe 2014-04-09 08:48 - 2014-04-09 08:48 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-09 08:48 - 2014-04-09 08:48 - 00000000 _____ () C:\Windows\setupact.log 2014-04-09 07:08 - 2014-04-09 07:08 - 00000000 ____D () C:\Users\mel\.android 2014-04-08 23:51 - 2014-04-08 23:51 - 00000000 ____D () C:\Users\max\Downloads\Impactor_0.9.14 2014-04-08 23:49 - 2014-04-08 23:49 - 00000000 ____D () C:\Users\max\Downloads\adb 2014-04-08 23:44 - 2014-04-08 23:44 - 11937023 _____ () C:\Users\max\Downloads\Impactor_0.9.14.zip 2014-04-08 23:33 - 2014-04-08 23:33 - 00000477 _____ () C:\Windows\wininit.ini 2014-04-08 23:25 - 2014-04-08 23:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf 2014-04-08 20:39 - 2014-04-08 20:40 - 00000000 ____D () C:\Users\max\Downloads\revoltunairie 2014-04-08 20:36 - 2014-04-08 23:15 - 00000000 ____D () C:\Users\max\AppData\Roaming\HTC 2014-04-08 20:27 - 2014-04-15 11:36 - 00000000 ____D () C:\Users\max\AppData\Local\HTC MediaHub 2014-04-08 20:27 - 2014-04-08 20:34 - 00000000 ____D () C:\Users\max\Documents\HTC 2014-04-08 20:27 - 2014-04-08 20:27 - 00000000 ____D () C:\Users\max\.android 2014-04-08 20:27 - 2014-04-08 20:27 - 00000000 ____D () C:\ProgramData\HTC 2014-04-08 20:26 - 2014-04-08 20:26 - 00001910 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk 2014-04-08 20:07 - 2014-04-08 20:07 - 00000000 ____D () C:\Users\max\{a9506e87-a470-4bea-ae57-af1766891f12} 2014-04-08 20:06 - 2014-04-08 20:06 - 00000000 ___HD () C:\Users\max\Downloads\.ptmp866423 2014-04-08 20:04 - 2014-04-08 20:04 - 00000000 ____D () C:\Users\max\{0417b888-8b19-4ba0-a161-88089450ca9b} 2014-04-08 20:03 - 2014-04-08 20:26 - 00000000 ____D () C:\Program Files\HTC 2014-04-08 20:03 - 2014-04-08 20:03 - 00000000 ____D () C:\Program Files\Spirent Communications 2014-04-08 20:02 - 2014-04-08 20:02 - 00000000 ____D () C:\Users\max\AppData\Local\Downloaded Installations 2014-04-08 20:01 - 2014-04-08 20:01 - 136012136 _____ (HTC) C:\Users\max\Downloads\setup_3.0.52.0_htc.exe 2014-04-08 19:57 - 2014-04-08 19:57 - 01619991 _____ () C:\Users\max\Downloads\revolutionary-0.4pre4.zip 2014-03-25 23:55 - 2014-03-25 23:55 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-03-23 20:31 - 2014-03-23 23:12 - 00001000 _____ () C:\Users\max\Desktop\MailShield.der 2014-03-23 20:10 - 2014-03-23 18:54 - 00000823 _____ () C:\Users\max\Documents\indexfile.txt 2014-03-23 20:09 - 2014-03-23 20:09 - 00000826 _____ () C:\Users\Public\Desktop\MozBackup.lnk 2014-03-23 20:09 - 2014-03-23 20:09 - 00000000 ____D () C:\Program Files\MozBackup 2014-03-23 20:08 - 2014-03-23 20:08 - 01035926 _____ () C:\Users\max\Downloads\MozBackup-1.5.1-EN.exe 2014-03-23 17:58 - 2014-03-23 17:58 - 00000000 ____D () C:\Users\max\AppData\Roaming\Thunderbird 2014-03-23 17:58 - 2014-03-23 17:58 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-03-20 15:27 - 2014-03-20 15:27 - 00000000 ____D () C:\Users\mel\AppData\Local\Microsoft Help ==================== One Month Modified Files and Folders ======= 2014-04-15 15:59 - 2014-04-15 15:59 - 00017529 _____ () C:\Users\max\Downloads\FRST.txt 2014-04-15 15:59 - 2014-04-09 08:50 - 00000000 ____D () C:\FRST 2014-04-15 15:58 - 2014-04-15 15:58 - 01042944 _____ (Farbar) C:\Users\max\Downloads\FRST.exe 2014-04-15 15:46 - 2014-04-15 15:46 - 00001910 _____ () C:\Users\max\Desktop\JRT.txt 2014-04-15 15:45 - 2010-02-07 11:02 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-15 15:35 - 2012-04-23 06:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-15 14:51 - 2006-11-02 14:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-15 14:51 - 2006-11-02 14:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-15 12:57 - 2014-04-15 07:34 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-15 12:32 - 2010-02-07 11:02 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-15 11:36 - 2014-04-08 20:27 - 00000000 ____D () C:\Users\max\AppData\Local\HTC MediaHub 2014-04-15 11:29 - 2009-03-03 13:15 - 02001890 _____ () C:\Windows\WindowsUpdate.log 2014-04-15 10:52 - 2009-03-03 13:22 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml 2014-04-15 10:51 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-15 10:50 - 2006-11-02 15:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-15 10:37 - 2008-01-21 09:16 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-15 10:33 - 2014-04-15 10:33 - 01016261 _____ (Thisisu) C:\Users\max\Downloads\JRT.exe 2014-04-15 10:24 - 2014-04-15 10:24 - 00001650 _____ () C:\Windows\PFRO.log 2014-04-15 10:22 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Resources 2014-04-15 07:33 - 2014-04-15 07:33 - 00000901 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-15 07:33 - 2014-04-15 07:33 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-04-15 07:33 - 2012-11-30 01:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-15 07:32 - 2014-04-15 07:32 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\max\Downloads\mbam-setup- 2014-04-15 07:24 - 2014-04-15 07:24 - 00001059 _____ () C:\Users\max\Desktop\Revo Uninstaller.lnk 2014-04-15 07:24 - 2014-04-15 07:24 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-04-15 07:23 - 2014-04-15 07:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\max\Downloads\revosetup95.exe 2014-04-11 23:06 - 2012-04-23 06:33 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-04-11 23:06 - 2011-05-19 18:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-04-10 18:19 - 2014-04-10 13:27 - 00000000 ____D () C:\Users\mel\AppData\Local\HTC MediaHub 2014-04-10 14:19 - 2009-01-08 18:34 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-10 14:14 - 2013-08-16 03:15 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-10 14:14 - 2006-11-02 12:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-04-10 14:10 - 2014-04-10 14:10 - 04892480 _____ (WinZip International LLC ) C:\Users\mel\Downloads\wzmp_8.exe 2014-04-10 13:42 - 2014-04-10 13:42 - 00051698 _____ () C:\Users\mel\Downloads\Extras.Txt 2014-04-10 13:41 - 2014-04-10 13:41 - 00066866 _____ () C:\Users\mel\Downloads\OTL.Txt 2014-04-10 13:30 - 2014-04-10 13:30 - 00602112 _____ (OldTimer Tools) C:\Users\mel\Downloads\OTL.exe 2014-04-10 13:27 - 2014-04-10 13:27 - 00000000 ____D () C:\Users\mel\Documents\HTC 2014-04-10 13:27 - 2014-04-10 13:27 - 00000000 ____D () C:\Users\mel\AppData\Roaming\Apple Computer 2014-04-10 13:27 - 2014-04-10 13:27 - 00000000 ____D () C:\Users\mel\AppData\Local\Apple Computer 2014-04-10 13:12 - 2014-04-10 13:10 - 00000000 ____D () C:\AdwCleaner 2014-04-10 13:09 - 2014-04-10 13:09 - 01426178 _____ () C:\Users\mel\Downloads\adwcleaner(1).exe 2014-04-10 13:08 - 2014-04-10 13:08 - 01426178 _____ () C:\Users\mel\Downloads\adwcleaner.exe 2014-04-09 08:51 - 2014-04-09 08:51 - 00035927 _____ () C:\Users\mel\Downloads\Addition.txt 2014-04-09 08:51 - 2014-04-09 08:50 - 00031751 _____ () C:\Users\mel\Downloads\FRST.txt 2014-04-09 08:49 - 2014-04-09 08:49 - 01145856 _____ (Farbar) C:\Users\mel\Downloads\FRST.exe 2014-04-09 08:48 - 2014-04-09 08:48 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-09 08:48 - 2014-04-09 08:48 - 00000000 _____ () C:\Windows\setupact.log 2014-04-09 08:48 - 2010-12-11 18:58 - 00107384 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT 2014-04-09 07:08 - 2014-04-09 07:08 - 00000000 ____D () C:\Users\mel\.android 2014-04-09 07:08 - 2014-01-03 15:09 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4 2014-04-09 07:08 - 2009-07-11 15:39 - 00000000 ____D () C:\Users\mel 2014-04-09 07:07 - 2006-11-02 14:47 - 00392776 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-09 00:01 - 2009-03-03 13:29 - 00000000 ____D () C:\Program Files\Nero 2014-04-09 00:01 - 2009-03-03 13:29 - 00000000 ____D () C:\Program Files\Common Files\Nero 2014-04-08 23:51 - 2014-04-08 23:51 - 00000000 ____D () C:\Users\max\Downloads\Impactor_0.9.14 2014-04-08 23:49 - 2014-04-08 23:49 - 00000000 ____D () C:\Users\max\Downloads\adb 2014-04-08 23:44 - 2014-04-08 23:44 - 11937023 _____ () C:\Users\max\Downloads\Impactor_0.9.14.zip 2014-04-08 23:33 - 2014-04-08 23:33 - 00000477 _____ () C:\Windows\wininit.ini 2014-04-08 23:31 - 2009-07-11 23:07 - 00107384 _____ () C:\Users\max\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-08 23:25 - 2014-04-08 23:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf 2014-04-08 23:15 - 2014-04-08 20:36 - 00000000 ____D () C:\Users\max\AppData\Roaming\HTC 2014-04-08 20:40 - 2014-04-08 20:39 - 00000000 ____D () C:\Users\max\Downloads\revoltunairie 2014-04-08 20:34 - 2014-04-08 20:27 - 00000000 ____D () C:\Users\max\Documents\HTC 2014-04-08 20:27 - 2014-04-08 20:27 - 00000000 ____D () C:\Users\max\.android 2014-04-08 20:27 - 2014-04-08 20:27 - 00000000 ____D () C:\ProgramData\HTC 2014-04-08 20:27 - 2009-11-14 18:33 - 00000000 ____D () C:\Users\max\AppData\Roaming\Apple Computer 2014-04-08 20:27 - 2009-11-14 18:33 - 00000000 ____D () C:\Users\max\AppData\Local\Apple Computer 2014-04-08 20:27 - 2009-07-11 23:06 - 00000000 ____D () C:\Users\max 2014-04-08 20:26 - 2014-04-08 20:26 - 00001910 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk 2014-04-08 20:26 - 2014-04-08 20:03 - 00000000 ____D () C:\Program Files\HTC 2014-04-08 20:08 - 2013-12-11 00:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-08 20:08 - 2013-01-20 21:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-04-08 20:07 - 2014-04-08 20:07 - 00000000 ____D () C:\Users\max\{a9506e87-a470-4bea-ae57-af1766891f12} 2014-04-08 20:06 - 2014-04-08 20:06 - 00000000 ___HD () C:\Users\max\Downloads\.ptmp866423 2014-04-08 20:04 - 2014-04-08 20:04 - 00000000 ____D () C:\Users\max\{0417b888-8b19-4ba0-a161-88089450ca9b} 2014-04-08 20:03 - 2014-04-08 20:03 - 00000000 ____D () C:\Program Files\Spirent Communications 2014-04-08 20:02 - 2014-04-08 20:02 - 00000000 ____D () C:\Users\max\AppData\Local\Downloaded Installations 2014-04-08 20:01 - 2014-04-08 20:01 - 136012136 _____ (HTC) C:\Users\max\Downloads\setup_3.0.52.0_htc.exe 2014-04-08 19:57 - 2014-04-08 19:57 - 01619991 _____ () C:\Users\max\Downloads\revolutionary-0.4pre4.zip 2014-04-03 09:51 - 2014-04-15 07:33 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-15 07:33 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-15 07:33 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-25 23:56 - 2012-12-30 13:41 - 00001881 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk 2014-03-25 23:55 - 2014-03-25 23:55 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-03-25 23:55 - 2013-03-02 09:06 - 00180760 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-03-25 23:55 - 2013-03-02 09:06 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-03-25 23:55 - 2012-11-29 23:41 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-03-25 23:55 - 2012-11-29 23:41 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-03-25 23:55 - 2012-11-29 23:41 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-03-25 23:55 - 2012-11-29 23:41 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-03-25 23:55 - 2012-11-29 23:41 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-03-25 23:55 - 2012-11-29 23:41 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-03-25 23:54 - 2012-12-30 13:40 - 00252208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndis2.sys 2014-03-25 23:54 - 2012-12-30 13:40 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-03-23 23:12 - 2014-03-23 20:31 - 00001000 _____ () C:\Users\max\Desktop\MailShield.der 2014-03-23 20:09 - 2014-03-23 20:09 - 00000826 _____ () C:\Users\Public\Desktop\MozBackup.lnk 2014-03-23 20:09 - 2014-03-23 20:09 - 00000000 ____D () C:\Program Files\MozBackup 2014-03-23 20:08 - 2014-03-23 20:08 - 01035926 _____ () C:\Users\max\Downloads\MozBackup-1.5.1-EN.exe 2014-03-23 18:54 - 2014-03-23 20:10 - 00000823 _____ () C:\Users\max\Documents\indexfile.txt 2014-03-23 17:58 - 2014-03-23 17:58 - 00000000 ____D () C:\Users\max\AppData\Roaming\Thunderbird 2014-03-23 17:58 - 2014-03-23 17:58 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-03-20 15:27 - 2014-03-20 15:27 - 00000000 ____D () C:\Users\mel\AppData\Local\Microsoft Help Some content of TEMP: ==================== C:\Users\max\AppData\Local\temp\Installer.exe C:\Users\max\AppData\Local\temp\LiveSupport_setup.exe C:\Users\max\AppData\Local\temp\OptimizerPro.exe C:\Users\mel\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-15 11:08 ==================== End Of Log ============================ --- --- --- |
![]() | #7 |
ESET Online Scanner
Downloade Dir bitte
und ein frisches FRST log bitte. Noch Probleme?
![]() ![]() | ![]() Snapdo entfernen ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe= # OnlineScanner.ocx= # api_version=3.0.2 # EOSSerial=a35fad4900b35b4db137edd3949b4a26 # engine=17919 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-17 07:55:18 # local_time=2014-04-17 09:55:18 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=772 16777213 83 82 1940251 55541216 0 0 # compatibility_mode=1282 16774142 0 63 110205162 135976762 0 0 # compatibility_mode=5892 16776574 100 100 171093 235254046 0 0 # scanned=185688 # found=2 # cleaned=0 # scan_time=5655 sh=2254251B50CFF746256CA77BEFC342F3DAC888FF ft=1 fh=ebd261af6f63890d vn="Win32/SpeedingUpMyPC.I application" ac=I fn="C:\Users\max\AppData\Local\temp\OptimizerPro.exe" sh=7C8B36D36CA0D38C4883B850F43613381A9410B9 ft=1 fh=80db3572c576075a vn="multiple threats" ac=I fn="C:\Users\max\AppData\Local\temp\{7857F986-3672-4CD0-BEEB-C6DA3655B706}\setup.exe" Results of screen317's Security Check version 0.99.81 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 7 Update 51 Adobe Flash Player Adobe Reader 9 Adobe Reader out of Date! Adobe Reader 10.1.9 Adobe Reader out of Date! Mozilla Firefox (28.0) Mozilla Thunderbird (24.4.0) ````````Process Check: objlist.exe by Laurent```````` system32 AvastSvc.exe -?- AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-04-2014 Ran by max (administrator) on MEL-PC on 17-04-2014 11:35:21 Running from C:\Users\max\Downloads Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (Prolific Technology Inc.) C:\Windows\system32\IoctlSvc.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe (Packard Bell BV) C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-04] (Realtek Semiconductor) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-08-04] (Realtek Semiconductor Corp.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-25] (AVAST Software) HKLM\...\Run: [AgentMonitor] => C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] () HKU\S-1-5-21-3388527527-2323720586-789991275-1001\...\Run: [SmpcSys] => C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe [1038136 2008-07-07] (Packard Bell BV) HKU\S-1-5-21-3388527527-2323720586-789991275-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3388527527-2323720586-789991275-1001\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation) HKU\S-1-5-21-3388527527-2323720586-789991275-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.) HKU\S-1-5-21-3388527527-2323720586-789991275-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKU\S-1-5-21-3388527527-2323720586-789991275-1001\...\Run: [Nero MediaHome 4] => "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN HKU\S-1-5-21-3388527527-2323720586-789991275-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Microsoft Corporation HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x10F92A9F7E8CCA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] FireFox: ======== FF ProfilePath: C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\ba8te3p0.default FF SelectedSearchEngine: Google FF Homepage: about:home FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2013-12-11] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-11] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2013-12-11] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-11] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-29] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-25] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-03-25] (AVAST Software) R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation) R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG) S2 ETService; C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [24576 2008-07-16] () R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.) ==================== Drivers (Whitelisted) ==================== R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-03-25] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-03-25] (AVAST Software) R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2012-07-13] (ALWIL Software) R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [252208 2014-03-25] (AVAST Software) R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-03-25] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-03-25] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-03-25] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-03-25] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-03-25] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180760 2014-03-25] () S4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-17] (Malwarebytes Corporation) R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\Users\max\AppData\Local\Temp\catchme.sys [X] S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 RimUsb; System32\Drivers\RimUsb.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-17 11:35 - 2014-04-17 11:35 - 00000000 ____D () C:\Users\max\Downloads\FRST-OlderVersion 2014-04-17 10:36 - 2014-04-17 10:36 - 00987448 _____ () C:\Users\max\Desktop\SecurityCheck.exe 2014-04-17 08:19 - 2014-04-17 08:19 - 00000000 ____D () C:\Program Files\ESET 2014-04-17 08:15 - 2014-04-17 08:15 - 02347384 _____ (ESET) C:\Users\max\Downloads\esetsmartinstaller_enu.exe 2014-04-16 11:45 - 2014-04-16 11:45 - 01070840 _____ (Solid State Networks) C:\Users\max\Downloads\install_flashplayer13x32au_mssd_aaa_aih.exe 2014-04-16 07:20 - 2014-04-16 07:20 - 00000005 _____ () C:\Windows\system32\lMMLDeleteUserData42107612FX.tmp 2014-04-16 07:04 - 2014-04-16 07:05 - 00013542 _____ () C:\Windows\DPINST.LOG 2014-04-15 15:59 - 2014-04-17 11:35 - 00015070 _____ () C:\Users\max\Downloads\FRST.txt 2014-04-15 15:58 - 2014-04-17 11:35 - 01146880 _____ (Farbar) C:\Users\max\Downloads\FRST.exe 2014-04-15 15:46 - 2014-04-15 15:46 - 00001910 _____ () C:\Users\max\Desktop\JRT.txt 2014-04-15 10:33 - 2014-04-15 10:33 - 01016261 _____ (Thisisu) C:\Users\max\Downloads\JRT.exe 2014-04-15 10:24 - 2014-04-15 10:24 - 00001650 _____ () C:\Windows\PFRO.log 2014-04-15 07:34 - 2014-04-17 08:11 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-15 07:32 - 2014-04-15 07:32 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\max\Downloads\mbam-setup- 2014-04-15 07:24 - 2014-04-15 07:24 - 00001059 _____ () C:\Users\max\Desktop\Revo Uninstaller.lnk 2014-04-15 07:24 - 2014-04-15 07:24 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-04-15 07:23 - 2014-04-15 07:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\max\Downloads\revosetup95.exe 2014-04-10 14:16 - 2014-03-08 01:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-10 14:16 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-10 14:16 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-10 14:16 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-10 14:16 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-10 14:16 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-10 14:16 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-04-10 14:16 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-10 14:16 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-10 14:16 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-10 14:16 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-10 14:16 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-10 14:16 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-10 14:16 - 2014-03-08 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-10 14:16 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-04-10 14:16 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-10 14:10 - 2014-04-10 14:10 - 04892480 _____ (WinZip International LLC ) C:\Users\mel\Downloads\wzmp_8.exe 2014-04-10 13:42 - 2014-04-10 13:42 - 00051698 _____ () C:\Users\mel\Downloads\Extras.Txt 2014-04-10 13:41 - 2014-04-10 13:41 - 00066866 _____ () C:\Users\mel\Downloads\OTL.Txt 2014-04-10 13:30 - 2014-04-10 13:30 - 00602112 _____ (OldTimer Tools) C:\Users\mel\Downloads\OTL.exe 2014-04-10 13:27 - 2014-04-15 18:22 - 00000000 ____D () C:\Users\mel\AppData\Local\HTC MediaHub 2014-04-10 13:27 - 2014-04-10 13:27 - 00000000 ____D () C:\Users\mel\Documents\HTC 2014-04-10 13:27 - 2014-04-10 13:27 - 00000000 ____D () C:\Users\mel\AppData\Roaming\Apple Computer 2014-04-10 13:27 - 2014-04-10 13:27 - 00000000 ____D () C:\Users\mel\AppData\Local\Apple Computer 2014-04-10 13:10 - 2014-04-10 13:12 - 00000000 ____D () C:\AdwCleaner 2014-04-10 13:09 - 2014-04-10 13:09 - 01426178 _____ () C:\Users\mel\Downloads\adwcleaner(1).exe 2014-04-10 13:08 - 2014-04-10 13:08 - 01426178 _____ () C:\Users\mel\Downloads\adwcleaner.exe 2014-04-10 11:52 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 08:51 - 2014-04-09 08:51 - 00035927 _____ () C:\Users\mel\Downloads\Addition.txt 2014-04-09 08:50 - 2014-04-17 11:35 - 00000000 ____D () C:\FRST 2014-04-09 08:50 - 2014-04-09 08:51 - 00031751 _____ () C:\Users\mel\Downloads\FRST.txt 2014-04-09 08:49 - 2014-04-09 08:49 - 01145856 _____ (Farbar) C:\Users\mel\Downloads\FRST.exe 2014-04-09 08:48 - 2014-04-09 08:48 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-09 08:48 - 2014-04-09 08:48 - 00000000 _____ () C:\Windows\setupact.log 2014-04-09 07:08 - 2014-04-09 07:08 - 00000000 ____D () C:\Users\mel\.android 2014-04-08 23:51 - 2014-04-08 23:51 - 00000000 ____D () C:\Users\max\Downloads\Impactor_0.9.14 2014-04-08 23:49 - 2014-04-08 23:49 - 00000000 ____D () C:\Users\max\Downloads\adb 2014-04-08 23:44 - 2014-04-08 23:44 - 11937023 _____ () C:\Users\max\Downloads\Impactor_0.9.14.zip 2014-04-08 23:33 - 2014-04-08 23:33 - 00000477 _____ () C:\Windows\wininit.ini 2014-04-08 23:25 - 2014-04-08 23:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf 2014-04-08 20:39 - 2014-04-08 20:40 - 00000000 ____D () C:\Users\max\Downloads\revoltunairie 2014-04-08 20:36 - 2014-04-16 07:23 - 00000000 ____D () C:\Users\max\AppData\Roaming\HTC 2014-04-08 20:27 - 2014-04-16 07:23 - 00000000 ____D () C:\ProgramData\HTC 2014-04-08 20:27 - 2014-04-08 20:34 - 00000000 ____D () C:\Users\max\Documents\HTC 2014-04-08 20:27 - 2014-04-08 20:27 - 00000000 ____D () C:\Users\max\.android 2014-04-08 20:07 - 2014-04-08 20:07 - 00000000 ____D () C:\Users\max\{a9506e87-a470-4bea-ae57-af1766891f12} 2014-04-08 20:06 - 2014-04-08 20:06 - 00000000 ___HD () C:\Users\max\Downloads\.ptmp866423 2014-04-08 20:04 - 2014-04-08 20:04 - 00000000 ____D () C:\Users\max\{0417b888-8b19-4ba0-a161-88089450ca9b} 2014-04-08 20:03 - 2014-04-16 07:05 - 00000000 ____D () C:\Program Files\HTC 2014-04-08 20:02 - 2014-04-08 20:02 - 00000000 ____D () C:\Users\max\AppData\Local\Downloaded Installations 2014-04-08 20:01 - 2014-04-08 20:01 - 136012136 _____ (HTC) C:\Users\max\Downloads\setup_3.0.52.0_htc.exe 2014-04-08 19:57 - 2014-04-08 19:57 - 01619991 _____ () C:\Users\max\Downloads\revolutionary-0.4pre4.zip 2014-03-25 23:55 - 2014-03-25 23:55 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-03-23 20:31 - 2014-03-23 23:12 - 00001000 _____ () C:\Users\max\Desktop\MailShield.der 2014-03-23 20:10 - 2014-03-23 18:54 - 00000823 _____ () C:\Users\max\Documents\indexfile.txt 2014-03-23 20:09 - 2014-03-23 20:09 - 00000826 _____ () C:\Users\Public\Desktop\MozBackup.lnk 2014-03-23 20:09 - 2014-03-23 20:09 - 00000000 ____D () C:\Program Files\MozBackup 2014-03-23 20:08 - 2014-03-23 20:08 - 01035926 _____ () C:\Users\max\Downloads\MozBackup-1.5.1-EN.exe 2014-03-23 17:58 - 2014-03-23 17:58 - 00000000 ____D () C:\Users\max\AppData\Roaming\Thunderbird 2014-03-23 17:58 - 2014-03-23 17:58 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-03-20 15:27 - 2014-03-20 15:27 - 00000000 ____D () C:\Users\mel\AppData\Local\Microsoft Help ==================== One Month Modified Files and Folders ======= 2014-04-17 11:35 - 2014-04-17 11:35 - 00000000 ____D () C:\Users\max\Downloads\FRST-OlderVersion 2014-04-17 11:35 - 2014-04-15 15:59 - 00015070 _____ () C:\Users\max\Downloads\FRST.txt 2014-04-17 11:35 - 2014-04-15 15:58 - 01146880 _____ (Farbar) C:\Users\max\Downloads\FRST.exe 2014-04-17 11:35 - 2014-04-09 08:50 - 00000000 ____D () C:\FRST 2014-04-17 11:35 - 2012-04-23 06:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-17 11:08 - 2006-11-02 14:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-17 11:08 - 2006-11-02 14:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-17 10:45 - 2010-02-07 11:02 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-17 10:36 - 2014-04-17 10:36 - 00987448 _____ () C:\Users\max\Desktop\SecurityCheck.exe 2014-04-17 08:19 - 2014-04-17 08:19 - 00000000 ____D () C:\Program Files\ESET 2014-04-17 08:15 - 2014-04-17 08:15 - 02347384 _____ (ESET) C:\Users\max\Downloads\esetsmartinstaller_enu.exe 2014-04-17 08:11 - 2014-04-15 07:34 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-17 07:21 - 2009-03-03 13:15 - 02037435 _____ () C:\Windows\WindowsUpdate.log 2014-04-16 19:45 - 2010-02-07 11:02 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-16 11:45 - 2014-04-16 11:45 - 01070840 _____ (Solid State Networks) C:\Users\max\Downloads\install_flashplayer13x32au_mssd_aaa_aih.exe 2014-04-16 07:23 - 2014-04-08 20:36 - 00000000 ____D () C:\Users\max\AppData\Roaming\HTC 2014-04-16 07:23 - 2014-04-08 20:27 - 00000000 ____D () C:\ProgramData\HTC 2014-04-16 07:22 - 2009-03-03 13:29 - 00000000 ____D () C:\Program Files\Common Files\Nero 2014-04-16 07:20 - 2014-04-16 07:20 - 00000005 _____ () C:\Windows\system32\lMMLDeleteUserData42107612FX.tmp 2014-04-16 07:05 - 2014-04-16 07:04 - 00013542 _____ () C:\Windows\DPINST.LOG 2014-04-16 07:05 - 2014-04-08 20:03 - 00000000 ____D () C:\Program Files\HTC 2014-04-15 18:22 - 2014-04-10 13:27 - 00000000 ____D () C:\Users\mel\AppData\Local\HTC MediaHub 2014-04-15 18:19 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-15 17:36 - 2009-03-03 13:22 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml 2014-04-15 17:34 - 2006-11-02 15:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-15 15:46 - 2014-04-15 15:46 - 00001910 _____ () C:\Users\max\Desktop\JRT.txt 2014-04-15 10:37 - 2008-01-21 09:16 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-15 10:33 - 2014-04-15 10:33 - 01016261 _____ (Thisisu) C:\Users\max\Downloads\JRT.exe 2014-04-15 10:24 - 2014-04-15 10:24 - 00001650 _____ () C:\Windows\PFRO.log 2014-04-15 10:22 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Resources 2014-04-15 07:33 - 2012-11-30 01:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-15 07:32 - 2014-04-15 07:32 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\max\Downloads\mbam-setup- 2014-04-15 07:24 - 2014-04-15 07:24 - 00001059 _____ () C:\Users\max\Desktop\Revo Uninstaller.lnk 2014-04-15 07:24 - 2014-04-15 07:24 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-04-15 07:23 - 2014-04-15 07:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\max\Downloads\revosetup95.exe 2014-04-11 23:06 - 2012-04-23 06:33 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-04-11 23:06 - 2011-05-19 18:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-04-10 14:19 - 2009-01-08 18:34 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-10 14:16 - 2013-08-16 03:15 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-10 14:14 - 2006-11-02 12:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-04-10 14:10 - 2014-04-10 14:10 - 04892480 _____ (WinZip International LLC ) C:\Users\mel\Downloads\wzmp_8.exe 2014-04-10 13:42 - 2014-04-10 13:42 - 00051698 _____ () C:\Users\mel\Downloads\Extras.Txt 2014-04-10 13:41 - 2014-04-10 13:41 - 00066866 _____ () C:\Users\mel\Downloads\OTL.Txt 2014-04-10 13:30 - 2014-04-10 13:30 - 00602112 _____ (OldTimer Tools) C:\Users\mel\Downloads\OTL.exe 2014-04-10 13:27 - 2014-04-10 13:27 - 00000000 ____D () C:\Users\mel\Documents\HTC 2014-04-10 13:27 - 2014-04-10 13:27 - 00000000 ____D () C:\Users\mel\AppData\Roaming\Apple Computer 2014-04-10 13:27 - 2014-04-10 13:27 - 00000000 ____D () C:\Users\mel\AppData\Local\Apple Computer 2014-04-10 13:12 - 2014-04-10 13:10 - 00000000 ____D () C:\AdwCleaner 2014-04-10 13:09 - 2014-04-10 13:09 - 01426178 _____ () C:\Users\mel\Downloads\adwcleaner(1).exe 2014-04-10 13:08 - 2014-04-10 13:08 - 01426178 _____ () C:\Users\mel\Downloads\adwcleaner.exe 2014-04-09 08:51 - 2014-04-09 08:51 - 00035927 _____ () C:\Users\mel\Downloads\Addition.txt 2014-04-09 08:51 - 2014-04-09 08:50 - 00031751 _____ () C:\Users\mel\Downloads\FRST.txt 2014-04-09 08:49 - 2014-04-09 08:49 - 01145856 _____ (Farbar) C:\Users\mel\Downloads\FRST.exe 2014-04-09 08:48 - 2014-04-09 08:48 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-09 08:48 - 2014-04-09 08:48 - 00000000 _____ () C:\Windows\setupact.log 2014-04-09 08:48 - 2010-12-11 18:58 - 00107384 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT 2014-04-09 07:08 - 2014-04-09 07:08 - 00000000 ____D () C:\Users\mel\.android 2014-04-09 07:08 - 2014-01-03 15:09 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4 2014-04-09 07:08 - 2009-07-11 15:39 - 00000000 ____D () C:\Users\mel 2014-04-09 07:07 - 2006-11-02 14:47 - 00392776 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-09 00:01 - 2009-03-03 13:29 - 00000000 ____D () C:\Program Files\Nero 2014-04-08 23:51 - 2014-04-08 23:51 - 00000000 ____D () C:\Users\max\Downloads\Impactor_0.9.14 2014-04-08 23:49 - 2014-04-08 23:49 - 00000000 ____D () C:\Users\max\Downloads\adb 2014-04-08 23:44 - 2014-04-08 23:44 - 11937023 _____ () C:\Users\max\Downloads\Impactor_0.9.14.zip 2014-04-08 23:33 - 2014-04-08 23:33 - 00000477 _____ () C:\Windows\wininit.ini 2014-04-08 23:31 - 2009-07-11 23:07 - 00107384 _____ () C:\Users\max\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-08 23:25 - 2014-04-08 23:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf 2014-04-08 20:40 - 2014-04-08 20:39 - 00000000 ____D () C:\Users\max\Downloads\revoltunairie 2014-04-08 20:34 - 2014-04-08 20:27 - 00000000 ____D () C:\Users\max\Documents\HTC 2014-04-08 20:27 - 2014-04-08 20:27 - 00000000 ____D () C:\Users\max\.android 2014-04-08 20:27 - 2009-11-14 18:33 - 00000000 ____D () C:\Users\max\AppData\Roaming\Apple Computer 2014-04-08 20:27 - 2009-11-14 18:33 - 00000000 ____D () C:\Users\max\AppData\Local\Apple Computer 2014-04-08 20:27 - 2009-07-11 23:06 - 00000000 ____D () C:\Users\max 2014-04-08 20:08 - 2013-12-11 00:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-08 20:08 - 2013-01-20 21:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-04-08 20:07 - 2014-04-08 20:07 - 00000000 ____D () C:\Users\max\{a9506e87-a470-4bea-ae57-af1766891f12} 2014-04-08 20:06 - 2014-04-08 20:06 - 00000000 ___HD () C:\Users\max\Downloads\.ptmp866423 2014-04-08 20:04 - 2014-04-08 20:04 - 00000000 ____D () C:\Users\max\{0417b888-8b19-4ba0-a161-88089450ca9b} 2014-04-08 20:02 - 2014-04-08 20:02 - 00000000 ____D () C:\Users\max\AppData\Local\Downloaded Installations 2014-04-08 20:01 - 2014-04-08 20:01 - 136012136 _____ (HTC) C:\Users\max\Downloads\setup_3.0.52.0_htc.exe 2014-04-08 19:57 - 2014-04-08 19:57 - 01619991 _____ () C:\Users\max\Downloads\revolutionary-0.4pre4.zip 2014-03-25 23:56 - 2012-12-30 13:41 - 00001881 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk 2014-03-25 23:55 - 2014-03-25 23:55 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-03-25 23:55 - 2013-03-02 09:06 - 00180760 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-03-25 23:55 - 2013-03-02 09:06 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-03-25 23:55 - 2012-11-29 23:41 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-03-25 23:55 - 2012-11-29 23:41 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-03-25 23:55 - 2012-11-29 23:41 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-03-25 23:55 - 2012-11-29 23:41 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-03-25 23:55 - 2012-11-29 23:41 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-03-25 23:55 - 2012-11-29 23:41 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-03-25 23:54 - 2012-12-30 13:40 - 00252208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndis2.sys 2014-03-25 23:54 - 2012-12-30 13:40 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-03-23 23:12 - 2014-03-23 20:31 - 00001000 _____ () C:\Users\max\Desktop\MailShield.der 2014-03-23 20:09 - 2014-03-23 20:09 - 00000826 _____ () C:\Users\Public\Desktop\MozBackup.lnk 2014-03-23 20:09 - 2014-03-23 20:09 - 00000000 ____D () C:\Program Files\MozBackup 2014-03-23 20:08 - 2014-03-23 20:08 - 01035926 _____ () C:\Users\max\Downloads\MozBackup-1.5.1-EN.exe 2014-03-23 18:54 - 2014-03-23 20:10 - 00000823 _____ () C:\Users\max\Documents\indexfile.txt 2014-03-23 17:58 - 2014-03-23 17:58 - 00000000 ____D () C:\Users\max\AppData\Roaming\Thunderbird 2014-03-23 17:58 - 2014-03-23 17:58 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-03-20 15:27 - 2014-03-20 15:27 - 00000000 ____D () C:\Users\mel\AppData\Local\Microsoft Help Some content of TEMP: ==================== C:\Users\max\AppData\Local\temp\Installer.exe C:\Users\max\AppData\Local\temp\LiveSupport_setup.exe C:\Users\max\AppData\Local\temp\OptimizerPro.exe C:\Users\mel\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-15 18:26 ==================== End Of Log ============================ --- --- --- |
![]() | #9 |
Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!
![]() |
Themen zu Snapdo entfernen |
automatisch, backdoor.prorat, bereits, ccleaner, entfern, entferne, entfernt, guten, morgen, notebook, pup.optional.bandoo.a, pup.optional.somoto, pup.optional.somoto.a, pup.optional.tarma, schütze, snapdo, starte, suche, systems, systemsteuerung, troja, trojaner, versuch, versucht, win32/speedingupmypc.i