Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: mail delivery failed: returning message to sender im gmx account

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.07.2013, 16:18   #1
Hilli82
 
mail delivery failed: returning message to sender im gmx account - Standard

mail delivery failed: returning message to sender im gmx account



Hallo Trojaner-Board Gemeinde,

habe hier schon ein paar Hinweise gelesen....gutes Forum finde ich

Aber zum Anfang, wir waren im Urlaub, als wir gestern wiederkamen, und ich die Nacht kurz meine Emails gecheckt habe, ist mir aufgefalllen, das viele Mails drin waren mit mail delivery failed: returning message to sender. (Glaub an die 100 Stck.)

Jedefalls habe ich mein Pw geändert und mal gegooglt, also wahrscheinlich ist mit PW ändern nicht erledigt deswegen habe ich "OTL" mal durchlaufen lassen.

Code:
ATTFilter
 OTL logfile created on: 11.07.2013 16:31:25 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXXXXXXXXXXX\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 44,22% Memory free
8,00 Gb Paging File | 5,57 Gb Available in Paging File | 69,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141,84 Gb Total Space | 41,85 Gb Free Space | 29,50% Space Free | Partition Type: NTFS
Drive D: | 113,08 Gb Total Space | 16,67 Gb Free Space | 14,74% Space Free | Partition Type: NTFS
Drive E: | 111,75 Gb Total Space | 49,32 Gb Free Space | 44,14% Space Free | Partition Type: FAT32
Drive G: | 5,23 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 156,25 Gb Total Space | 31,16 Gb Free Space | 19,95% Space Free | Partition Type: NTFS
 
Computer Name: XXXXXXX-PC | User Name: XXXXXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hilli\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
PRC - C:\Program Files (x86)\Glary Utilities\memdefrag.exe (Glarysoft Ltd)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SystemStoreService) -- C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
SRV - (mitsijm2013) -- C:\Programme\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe ( )
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=hp&exp=true
IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 8B 6C 91 7F A5 CD 01  [binary data]
IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.5
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: Tubesaver%40istqt.co:1.116
FF - prefs.js..extensions.enabledAddons: 126c9ec1-e913-410f-94df-6262dd70e044%4094392a4b-d7bd-4563-8bcd-ba96cf8055b2.com:0.91.29
FF - prefs.js..extensions.enabledAddons: %7B87eab3b7-a707-4459-99ae-c2fa06cfa36b%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7B15312e9a-4905-48da-aae4-15b24bdc2a24%7D:1.0.5
FF - prefs.js..extensions.enabledAddons: info%40skymeissner.com:1.4
FF - prefs.js..extensions.enabledAddons: gmailnoads%40mywebber.com:3.9.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.14 20:31:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013.06.09 14:34:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\Tubesaver@istqt.co: C:\Program Files (x86)\TubeSaver\116.xpi [2013.07.02 11:14:39 | 000,004,710 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.02.23 20:46:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\Extensions
[2013.02.23 20:46:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\Extensions\{a79fe89b-6662-4ff4-8e88-09950ad4dfde}
[2013.07.04 14:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\Firefox\Profiles\iix0erxk.default\extensions
[2013.07.03 08:49:07 | 000,000,000 | ---D | M] ("Mein Gutscheincode") -- C:\Users\Hilli\AppData\Roaming\mozilla\Firefox\Profiles\iix0erxk.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com
[2013.07.03 08:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\Firefox\Profiles\iix0erxk.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com\chrome\content\extensionCode
[2013.07.04 14:53:30 | 000,021,861 | ---- | M] () (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\firefox\profiles\iix0erxk.default\extensions\gmailnoads@mywebber.com.xpi
[2013.07.04 14:53:30 | 000,009,689 | ---- | M] () (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\firefox\profiles\iix0erxk.default\extensions\info@skymeissner.com.xpi
[2013.07.04 14:53:10 | 000,169,613 | ---- | M] () (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\firefox\profiles\iix0erxk.default\extensions\jid0-AocRXUCRsLTCYvn6bgJERnwfuqw@jetpack.xpi
[2013.07.04 14:53:30 | 000,122,054 | ---- | M] () (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\firefox\profiles\iix0erxk.default\extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi
[2013.07.04 14:53:30 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\firefox\profiles\iix0erxk.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013.07.04 14:53:30 | 000,011,097 | ---- | M] () (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\firefox\profiles\iix0erxk.default\extensions\{87eab3b7-a707-4459-99ae-c2fa06cfa36b}.xpi
[2013.05.16 09:51:58 | 000,117,280 | ---- | M] () (No name found) -- C:\Users\Hilli\AppData\Roaming\mozilla\firefox\profiles\iix0erxk.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012.10.06 11:53:35 | 000,003,915 | ---- | M] () -- C:\Users\Hilli\AppData\Roaming\mozilla\firefox\profiles\iix0erxk.default\searchplugins\sweetim.xml
[2012.10.15 15:36:30 | 000,002,399 | ---- | M] () -- C:\Users\Hilli\AppData\Roaming\mozilla\firefox\profiles\iix0erxk.default\searchplugins\Web Search.xml
[2013.07.03 08:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.07.03 08:52:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.07.02 11:14:39 | 000,004,710 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\TUBESAVER\116.XPI
[2013.06.14 20:31:18 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
O1 HOSTS File: ([2013.02.14 23:17:23 | 000,000,899 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       update.ross-tech.com
O1 - Hosts: 127.0.0.1       update.ross-tech.de
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (Mein Gutscheincode) - {11111111-1111-1111-1111-110211941181} - C:\Program Files (x86)\Mein Gutscheincode\Mein Gutscheincode-bho.dll (Mein Gutscheincode GmbH)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TubeSaver) - {E7673D9C-270D-4805-B619-5556A9977909} - C:\Program Files (x86)\TubeSaver\116.dll (istqt Soft)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4169407878-62748205-3410115502-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4169407878-62748205-3410115502-1000..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SE8C8.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-4169407878-62748205-3410115502-1000..\Run: [EPSON249022 (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S141C.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-4169407878-62748205-3410115502-1000..\Run: [Glary Memory Optimizer] C:\Program Files (x86)\Glary Utilities\memdefrag.exe (Glarysoft Ltd)
O4 - HKU\S-1-5-21-4169407878-62748205-3410115502-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-4169407878-62748205-3410115502-1000..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A09D798D-7B9E-45A7-9AD9-1AFF74F5DABC}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC9F6373-993E-4EF7-849F-F5836E92EBBC}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\brx - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\brx {9C160F90-74D1-11D3-AB60-0060977C1F29} - C:\Program Files (x86)\Bricsys\BricsCAD V13\BrxProtIE.dll (BricsCad)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.03.23 11:39:56 | 000,173,056 | ---- | M] (Autofac Project - hxxp://autofac.org) - E:\Autofac.dll -- [ FAT32 ]
O32 - AutoRun File - [2012.11.07 01:07:00 | 000,046,080 | ---- | M] () - E:\AutoRunCE.exe -- [ FAT32 ]
O32 - AutoRun File - [2011.10.10 15:54:08 | 002,290,144 | R--- | M] () - G:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011.10.09 16:23:34 | 000,000,047 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011.10.09 16:23:34 | 000,224,630 | R--- | M] () - G:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2013.02.23 22:33:57 | 000,000,000 | ---D | M] - K:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{5fe3c75f-e2e4-11e2-aa17-001bb95c54d1}\Shell - "" = AutoRun
O33 - MountPoints2\{5fe3c75f-e2e4-11e2-aa17-001bb95c54d1}\Shell\AutoRun\command - "" = H:\Startme.exe
O33 - MountPoints2\{f0cf54a8-4da8-11e2-8680-001bb95c54d1}\Shell - "" = AutoRun
O33 - MountPoints2\{f0cf54a8-4da8-11e2-8680-001bb95c54d1}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2011.10.10 15:54:08 | 002,290,144 | R--- | M] ()
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.03 08:52:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.07.02 22:18:36 | 000,000,000 | ---D | C] -- C:\Users\Hilli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
[2013.07.02 22:18:20 | 000,000,000 | ---D | C] -- C:\Users\Hilli\AppData\Local\Android
[2013.07.02 12:25:06 | 000,000,000 | ---D | C] -- C:\Users\Hilli\.android
[2013.07.02 12:25:02 | 000,000,000 | ---D | C] -- C:\Users\Hilli\.swt
[2013.07.02 12:24:26 | 000,000,000 | ---D | C] -- C:\Users\Hilli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
[2013.07.02 12:22:17 | 000,000,000 | ---D | C] -- C:\Flashtool
[2013.07.02 11:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.07.02 11:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.07.02 11:35:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.07.02 11:14:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mein Gutscheincode
[2013.07.02 11:14:50 | 000,000,000 | ---D | C] -- C:\Users\Hilli\AppData\Roaming\MyPhoneExplorer
[2013.07.02 11:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2013.07.02 11:14:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TubeSaver
[2013.07.02 11:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPhoneExplorer
[2013.07.02 10:17:24 | 000,000,000 | ---D | C] -- C:\Users\Hilli\Desktop\files
[2013.07.01 02:18:35 | 000,000,000 | ---D | C] -- C:\Users\Hilli\Desktop\Vergiss mich nicht
[2013.06.25 19:12:49 | 000,000,000 | ---D | C] -- C:\Users\Hilli\Podcasts
[2013.06.25 19:12:49 | 000,000,000 | ---D | C] -- C:\Users\Hilli\Documents\Media Go
[2013.06.25 19:12:14 | 000,000,000 | ---D | C] -- C:\Users\Hilli\AppData\Local\Sony
[2013.06.25 19:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2013.06.25 19:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2013.06.25 19:11:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Media Go Install
[2013.06.25 19:11:16 | 000,000,000 | ---D | C] -- C:\Users\Hilli\AppData\Roaming\Sony
[2013.06.25 17:38:16 | 000,000,000 | ---D | C] -- C:\Users\Hilli\Desktop\Stina
[2013.06.24 21:12:49 | 000,000,000 | ---D | C] -- C:\Users\Hilli\Desktop\poiw-data
[2013.06.22 10:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
[2013.06.22 10:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SDA
[2013.06.22 10:56:20 | 000,000,000 | ---D | C] -- C:\Users\Hilli\AppData\Local\Downloaded Installations
[2013.06.17 13:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.17 13:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.06.17 13:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.06.17 13:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.06.17 13:22:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.06.17 13:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013.06.15 01:28:23 | 000,000,000 | ---D | C] -- C:\Users\Hilli\Documents\Dokumentation für Hillis Gerät 2
[2013.06.15 00:24:34 | 000,000,000 | ---D | C] -- C:\Users\Hilli\Desktop\GoPal_5.5
[2013.06.14 22:57:05 | 000,000,000 | ---D | C] -- C:\Users\Hilli\Documents\Dokumentation für Hillis Gerät
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.11 16:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.11 12:01:03 | 001,621,308 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.11 12:01:03 | 000,700,168 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.11 12:01:03 | 000,654,880 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.11 12:01:03 | 000,148,964 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.11 12:01:03 | 000,121,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.11 11:04:13 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\TubeSaver Update.job
[2013.07.11 10:44:14 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.11 10:44:14 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.11 09:00:36 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.07.11 09:00:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.11 09:00:20 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.05 12:17:33 | 000,000,017 | ---- | M] () -- C:\Users\Hilli\AppData\Local\resmon.resmoncfg
[2013.07.03 20:52:55 | 000,458,870 | ---- | M] () -- C:\Users\Hilli\Desktop\1009609_10151522479447921_930858658_o.jpg
[2013.07.02 19:38:45 | 000,308,256 | ---- | M] () -- C:\Users\Hilli\Desktop\Anleitung Handy.jpg
[2013.07.02 12:57:06 | 000,101,173 | ---- | M] () -- C:\Users\Hilli\Desktop\Xperia_Relock_bootloader.ftf
[2013.07.02 11:57:27 | 001,031,879 | ---- | M] () -- C:\Users\Hilli\Documents\Backup Xperia ARC_ 2013-07-02.mpb
[2013.07.02 11:30:58 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013.07.02 11:29:32 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.07.02 11:29:32 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.07.02 11:14:48 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2013.07.01 19:09:00 | 000,001,633 | ---- | M] () -- C:\Users\Hilli\Documents\image007.gif
[2013.06.27 22:21:54 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.06.27 22:21:54 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.06.27 22:21:54 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.06.27 22:21:54 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.06.27 22:21:54 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.06.27 22:21:54 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.06.25 19:12:35 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Media Go.lnk
[2013.06.22 10:57:57 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter.lnk
[2013.06.17 13:23:38 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.14 22:57:04 | 000,000,910 | ---- | M] () -- C:\Users\Hilli\Desktop\Windows Mobile-Gerätecenter.lnk
[2013.06.14 20:31:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.06.12 21:48:04 | 001,598,202 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== Files Created - No Company Name ==========
 
[2013.07.05 12:17:33 | 000,000,017 | ---- | C] () -- C:\Users\Hilli\AppData\Local\resmon.resmoncfg
[2013.07.03 20:52:53 | 000,458,870 | ---- | C] () -- C:\Users\Hilli\Desktop\1009609_10151522479447921_930858658_o.jpg
[2013.07.02 19:35:38 | 000,308,256 | ---- | C] () -- C:\Users\Hilli\Desktop\Anleitung Handy.jpg
[2013.07.02 12:57:04 | 000,101,173 | ---- | C] () -- C:\Users\Hilli\Desktop\Xperia_Relock_bootloader.ftf
[2013.07.02 11:57:27 | 001,031,879 | ---- | C] () -- C:\Users\Hilli\Documents\Backup Xperia ARC_ 2013-07-02.mpb
[2013.07.02 11:29:32 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.07.02 11:29:32 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.07.02 11:14:48 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2013.07.02 11:14:39 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\TubeSaver Update.job
[2013.07.01 19:09:00 | 000,001,633 | ---- | C] () -- C:\Users\Hilli\Documents\image007.gif
[2013.06.27 22:21:54 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.06.26 23:56:25 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.06.26 23:56:24 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.06.25 19:12:35 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Media Go.lnk
[2013.06.24 13:44:51 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013.06.22 10:57:57 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\SDFormatter.lnk
[2013.06.17 13:23:38 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.14 22:57:04 | 000,000,910 | ---- | C] () -- C:\Users\Hilli\Desktop\Windows Mobile-Gerätecenter.lnk
[2013.03.14 16:23:34 | 000,083,186 | ---- | C] () -- C:\Users\Hilli\ESt2011_Tresp_Theresa.elfo
[2013.03.14 14:05:59 | 000,158,492 | ---- | C] () -- C:\Users\Hilli\ESt2012_Just_Theresa_und_Hiller_Mario.elfo
[2013.02.04 23:41:13 | 000,168,482 | ---- | C] () -- C:\Users\Hilli\MarioESt2012.elfo
[2012.10.05 16:36:25 | 001,598,202 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.05 15:47:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.04 07:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.04 07:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.04.18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.08 23:28:24 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\AlcaTech
[2013.05.22 22:47:05 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\Autodesk
[2013.04.14 16:48:13 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\Bricsys
[2013.06.09 14:26:06 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.02.23 20:46:31 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\conkeror.mozdev.org
[2013.05.04 10:35:01 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\DAEMON Tools Lite
[2013.05.03 20:49:23 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\Dropbox
[2013.02.04 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\elsterformular
[2012.10.11 13:40:12 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\EPSON
[2013.06.02 12:04:46 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\Glarysoft
[2013.05.18 19:57:37 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\GoPal Assistant
[2013.07.02 12:07:25 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\MyPhoneExplorer
[2012.11.06 23:26:20 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\OpenCandy
[2013.06.09 14:48:57 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\PDAppFlex
[2013.06.25 19:12:47 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\Sony
[2013.02.22 22:47:01 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\TeamViewer
[2013.04.04 22:02:53 | 000,000,000 | ---D | M] -- C:\Users\Hilli\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A1EDB939

< End of report >
         
und

Code:
ATTFilter
 OTL Extras logfile created on: 11.07.2013 14:05:56 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXXXXXXXX\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 47,80% Memory free
8,00 Gb Paging File | 5,71 Gb Available in Paging File | 71,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141,84 Gb Total Space | 41,85 Gb Free Space | 29,51% Space Free | Partition Type: NTFS
Drive D: | 113,08 Gb Total Space | 16,67 Gb Free Space | 14,74% Space Free | Partition Type: NTFS
Drive E: | 111,75 Gb Total Space | 49,32 Gb Free Space | 44,14% Space Free | Partition Type: FAT32
Drive G: | 5,23 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 156,25 Gb Total Space | 31,16 Gb Free Space | 19,95% Space Free | Partition Type: NTFS
 
Computer Name: XXXXXXXXX-PC | User Name: XXXXXXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024B6468-77EC-455B-A72C-6CFB2EDA457F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{07F66EDA-A287-477F-9483-18DEAB35446F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0B805628-B736-4053-B4EF-1DB4F2DFBC52}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0E94876A-CD6D-4CB3-A653-18D9F8FB5B2D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{146DCA7A-AE2A-4CA9-9B9B-8235D97C992A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2571C3A2-DCE1-4C8B-9ED6-3C6C3FADA75D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{38752127-5C74-4564-9315-F695893FD392}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{39E29446-0B6F-4D91-8ACC-6A053CB3E368}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3C608C28-DD79-429D-BD90-49B18DBCA2E1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{47F39740-E391-4EB7-A7B4-2DB4286EB991}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5D969C65-E88E-44D9-9CDF-A21AE5FCA1C8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{645C8061-646F-435E-9DD1-F4610E766AA3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6BDC0AAA-08AA-4DC0-A9C9-86F0A4F8DE62}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{76618528-05E0-4101-B0C0-9D5079053EF3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{7A5B36E5-CF4A-4870-9ABF-3503D4F3C89F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8A927F1C-644C-4A9B-AF7E-CDEE3ED9C53E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9920D7CD-8B9C-423A-AEBD-6935A2F9D443}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AB661C35-154E-4E97-BA23-594F569F502D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AE26106B-0B62-404B-8B53-777D1217B99C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B1520DEE-FC76-44EC-AACC-1DBE4C99A75D}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service | 
"{D5D36E1E-773D-4D13-A645-A0D74EB3AAFE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D6953002-764F-4ACB-B45B-C509E030B773}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DE38887F-7510-4F32-97AF-B54180C93856}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E0A98CDC-A922-4E0C-AD51-70283A0CE365}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F5A33FD5-CCA0-4226-A806-916B0931AB3E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02DA0A87-018B-4CF3-A338-524970C6BFE8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{1493D1E5-648A-4574-A876-D1A243AAA2A7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{14B48938-4666-4280-B09D-4D9ECF504FC9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{15C3CA97-F04C-459A-A15A-B2EA11124BD2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe | 
"{19EAC54F-661C-41FA-8951-06B2C1FE260E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1EE046CA-5858-4875-A134-12C4BD0D1C06}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{1EEDA08E-60B8-496E-BDBB-CF2EE78496EB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{24B7A174-5B74-4FE7-92F4-52897DC29FC0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{27DE7061-6082-4208-A7E0-0050C8C9122C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{2B87932E-F689-40FF-9500-0114B20CBCED}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{333DC20B-C3C9-4ADB-A0D0-4470AFBC5D8C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{334880F3-745E-4075-BCD3-88E1339F4397}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{33E14E41-8C35-4EFF-ADC0-BF9FB8A6AFD1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{35A25940-26AC-449F-8776-DEAD4915F555}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4A65F3B8-6849-4880-9506-BA449171323A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4F30F5E2-AD35-4127-B5AE-57B3AE45D888}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{540E1D19-1C71-4B93-9705-329329D2484B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5625B3B7-5E3D-49E0-AA1C-C47DDC28D4EF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{594D2040-7B59-49E3-9AF1-3E92CC0A713E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{5A97E8FB-BF70-4BCD-9AC5-F48B00FEEE40}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5C8373DC-61C0-4B43-A744-081D07971BC4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5C9DF7CB-11EA-4730-BC1F-61C11BD73E13}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{5FC24A54-E8A7-44AD-9052-CB5AA289437D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{633F337F-A675-4A3E-850C-AF6D765E09F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6474D661-CF01-4F1B-AFCF-61B815B8905E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6843608D-72F4-4378-82BC-019F9D403BEC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{68D0C8A6-7771-424C-9E2E-8F176EFCBDCE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{68D506C9-A70E-4708-89D0-B41BB77DDBC6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe | 
"{6957EE61-4C73-4CEE-8C57-FDDDC9861BA3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6E443032-0FA6-481E-91BA-2DDEEFF0D12D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{73F747ED-43A5-4F87-88F2-BC4EC4FF50C8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{75C1FEEA-74DB-4C50-B939-C1BA9314CDEE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8160E9D4-C116-433D-913F-6B70238B1627}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{85696775-8506-4179-8E94-968C4B818975}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8C6A27D6-C28D-4330-B0AA-BF5CD70AC3C1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8C7CBC05-CFDF-4DCD-9AD4-5D86F9F88F7C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{8E36E6FD-D44F-4042-AC68-49652303DF80}" = protocol=17 | dir=in | app=c:\users\hilli\appdata\roaming\dropbox\bin\dropbox.exe | 
"{958AED33-F896-408D-812E-2E3DBE4491EB}" = protocol=6 | dir=in | app=c:\users\hilli\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9AF3C1B6-7387-4BC6-8B13-5C4305483BC5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A5BD2DD4-C186-4E85-A8E6-BF92FD80D101}" = protocol=6 | dir=out | app=system | 
"{AA49CE38-4FB6-45C1-B7FF-7DB14791F2D0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{B3B066E9-5A2E-4A9F-A09A-C6A2C69C1650}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B4898B1A-DFC3-4274-843B-1B2361320438}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe | 
"{B6E4D15D-F4FC-4F42-9AA9-41960E4CDE94}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B8E86A59-DF0C-45D3-A08F-77364128B452}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe | 
"{B9D8A05B-DAA6-4A21-A009-DD36A746D771}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BA621AF4-44DD-41B1-83C2-EAF627944904}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BB7DAA1A-41D6-496C-BC7C-04861D40A7C2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BD2C523B-A199-4E6C-A65D-B42B2AEEFB78}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C21D3AA8-3308-4670-8E9B-A9EC95BECB11}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C56E9DF0-B04E-4498-A3F1-495F85F9FFF1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C5F8DF10-2D21-46EA-A94A-EB6B260E8B53}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{CB761DCB-C689-445A-B729-121CD34F5B2D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe | 
"{CBAB10BC-CAED-47A1-8FC3-13B43D2F9E36}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CBC3C8A5-A1A0-4062-AD23-BD114D35D2E3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{D0E1DB85-A90C-4F0B-9269-1480F11334ED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D146F204-F6C6-49B0-A99C-F997AD788143}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D495F957-256D-4F86-8C42-7E51D21E3379}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D4FAB894-7524-4D0F-8DE5-BE2A02CDDC3B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DBC82EC7-46F9-47EB-B6A9-8A9C7C477C72}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DBD39AD2-F887-45D4-947B-0CBB4CDCB0CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DDDCE87C-E2C8-47E4-AD4B-E5EE96288220}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{DDF6568A-01C5-4B68-A48F-C6F395DB8C30}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E37552CB-593A-403E-B04E-F71A57A76521}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E37DD6CE-981B-45F4-8D30-3AC7AAF040B8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E62D2220-BB1F-414F-98D9-5367C5F195E9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EAB48D40-C7B2-42E9-BEB3-EC379E06006D}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{ECB5B053-0812-4CF5-83B5-68D6047F0658}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{ECEEA93B-6784-4900-8ADC-798B0B030FAA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{ED093657-363A-43A3-B281-CDA3509B213A}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe | 
"{ED22DDCA-8B2F-492E-A1BC-6E31D37AC0D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EDE1073D-C2E7-4225-B0AC-48972979CD68}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EF276E81-A9B4-4142-B39C-114E03DDABC2}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{F3A4D7BB-5023-4263-926D-F4EF239C5EB6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F3E59B0D-C580-4D79-B5CD-201A58C9172C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F5F1C1A4-4660-4C62-AD97-B7C6250C5570}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F634A791-476D-4515-B0C5-E01A89D42DFA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F775AFB6-7E51-42E8-B5C6-A722E0DC8E65}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{FE21F285-39F4-4826-8451-EEA109AE404B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{907E7403-CD0F-4B55-B3C6-1D85C9E8F6CF}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{A8DC275A-18AF-4A27-90C7-3E6EEA993ED2}C:\users\hilli\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\hilli\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{AB58217F-34DC-4758-9FC4-932735FDE9CF}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"TCP Query User{B2437E4C-74B5-4D3D-BC77-6165E9FD1BE0}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{D853E05B-F0C9-49A7-AFAD-69E4F5D66228}C:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"UDP Query User{303F587C-C69B-40EB-A4F6-B6CBA9E16875}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{6EA0AFE2-5D99-4CF9-AEDD-4408907A70A9}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{9218C220-3685-4973-9C53-F913CBEDD651}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{ADCAFF3B-83BE-4069-80B4-323015C8B970}C:\users\hilli\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\hilli\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{F8974E75-A9AE-4C0E-935C-92EFE4DC6159}C:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{08BCFE15-8AA1-4A58-B018-4FEF486BA922}" = Autodesk Inventor Fusion for Inventor 2013 Add-in
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1012456A-D118-37E0-E837-34AA28602013}" = AMD Drag and Drop Transcoding
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{266597A9-1764-0000-0100-DCBF2B69166B}" = Autodesk Vault Basic 2013 (Client) German Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)
"{2C5927BD-3F65-4207-8FB5-8EDF638A3511}_is1" = SmartPCFixer 4.2
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F2B8F3E-70FA-AA71-4526-3BFDEDE502EF}" = AMD Fuel
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5783F2D7-B006-0000-0102-0060B0CE6BBA}" = AutoCAD MEP 2013 - Deutsch (German)
"{5783F2D7-B006-0407-1102-0060B0CE6BBA}" = AutoCAD MEP 2013 Language Pack - Deutsch
"{5783F2D7-B006-0407-2102-0060B0CE6BBA}" = AutoCAD MEP 2013 - Deutsch (German)
"{5783F2D7-B028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{68CA3A47-3F7E-0E92-DC0D-5B0C02D9AFAD}" = ccc-utility64
"{6BB150E8-6CBB-5F8F-CAE7-BE21B2C92D31}" = AMD Accelerated Video Transcoding
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{792A9A32-718A-40D1-9867-A903F76AE2F8}" = Eco Materials Adviser for Autodesk Inventor 2013
"{7F4DD591-1764-0001-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2013
"{7F4DD591-1764-0001-1031-7107D70F3DB4}" = Autodesk Inventor Professional 2013 Language Pack - Deutsch (German)
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{914F7627-B645-9895-F723-BAEAAC865E75}" = AMD Catalyst Install Manager
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B46DECD1-1764-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2013 (Desktop Content)
"{CF526A26-1764-0000-0000-02E95019B628}" = Autodesk Vault Basic 2013 (Client)
"{D25FF5C1-1764-469A-9794-69309387C193}" = Schnell-Deinstallations-Tool für Autodesk Inventor 2013
"{DA3372D5-F228-5C71-3FAC-177D4AEE8659}" = AMD Media Foundation Decoders
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"4C8545EEB6143B6AD3858B5D1E0AEE76040B1435" = Windows-Treiberpaket - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24)
"6849F67BACD4DA5A5B9D46803E6850D0BE8B3826" = Windows-Treiberpaket - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24)
"8D0D8EE2347DC7FE9BD534792E76CD8F22681D44" = Windows-Treiberpaket - TERRATEC  Cinergy C/S2 PCI Infrared (05/21/2010 1.00.03.201)
"AutoCAD MEP 2013 - Deutsch (German)" = AutoCAD MEP 2013 - Deutsch (German)
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Professional 2013" = Autodesk Inventor Professional 2013 Deutsch (German)
"CB911E83C421B81249FF40C42D1544261A839B84" = Windows-Treiberpaket - TERRATEC  Cinergy C PCI (11/18/2010 1.01.02.501)
"CCleaner" = CCleaner
"DWG TrueView 2013" = DWG TrueView 2013
"EPSON SX420W Series" = Druckerdeinstallation für EPSON SX420W Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0071820F-09B0-4998-8320-F89629DCBC99}" = Nero BackItUp
"{03D45A4B-D7F5-C03E-1650-885756303D13}" = CCC Help Norwegian
"{04AE3BBC-ABFF-42CC-9F90-5B35D229328A}" = Gtk# for .Net 2.12.10
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}" = SDFormatter
"{1943C3BD-4462-4612-92C3-D36DD917C447}" = Nero Recode
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{284E9E9A-D8BE-3588-D0BA-E9BB61970A1D}" = CCC Help Hungarian
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic
"{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
"{30E18A93-982E-AF1B-D646-E8C5DAECA390}" = CCC Help French
"{362AB21A-E2C4-40CE-81C2-8C4D62B0635A}" = Media Go
"{39D61CBB-81C7-43CF-BB70-6BB620FBD10A}" = BricsCAD 13.1
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4021F8B5-E8BB-D0F9-AF28-4970013FAE3D}" = AMD VISION Engine Control Center
"{470D66DF-B597-124E-EDCE-8B966AA5F230}" = CCC Help Portuguese
"{483924A6-52C5-9169-0280-14272D5FBA70}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54215B8A-6212-8DB8-39B4-98EE2BB98BD1}" = Media Go Video Playback Engine 1.116.104.02020
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{560FC78C-A4B2-461D-9B47-820C1EEF87B8}" = Nero 12
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57AE1BE1-24E8-4169-D52C-ABE31BD91562}" = CCC Help Finnish
"{592ED299-14EF-4C0E-93B4-B687CD5A2EBE}_is1" = posterXXL.de Bestellsoftware 4.80
"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
"{5A775CBD-03A6-4832-820C-20C0DC57E2E5}" = Cinergy C PCI HD Driver Installation (64 Bit)
"{5B5745F7-23EF-9E5E-6689-512C9FA08222}" = CCC Help English
"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{60597b3f-d714-4f4e-8094-be088a31ff25}" = TubeBox
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{625031C9-E249-2A53-C282-C1E9872B211E}" = CCC Help Turkish
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}" = Die Siedler 7
"{655E0B5A-7ADF-A052-587F-64F0E59B58E7}" = CCC Help Dutch
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6B68D0AD-880A-4862-928A-2830037BE50E}" = TubeBox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74437563-D720-0307-90FC-1C351B1041D7}" = Catalyst Control Center Localization All
"{789A4D10-821B-3FA5-52B0-F0FAEEDED9F4}" = CCC Help Czech
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BA14A92-C229-5E00-3ADE-8D22F81B849E}" = CCC Help German
"{80A5B901-C7BD-D300-17BA-9E02F18EAB77}" = CCC Help Danish
"{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience)
"{82F505E6-5879-B30A-12B7-7795969D3BBB}" = CCC Help Polish
"{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}" = Nero Video
"{8476003F-6927-8393-C6F4-FAF47D61D00B}" = CCC Help Korean
"{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express
"{86847081-B387-4F49-AED1-C9B0A090D66C}" = Nero Recode Help (CHM)
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89A2D79E-B3AD-A83A-795F-5645EFF922D3}" = CCC Help Greek
"{89C0F58F-9E5B-2B45-D9DF-7988A54BECA8}" = CCC Help Italian
"{8B91D776-792D-F02B-DE43-BF398549C729}" = CCC Help Spanish
"{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{983BE967-28E9-5C78-8851-638DAC4AF66E}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCB8F6D-33FC-4E79-8616-7BE5DF32A955}" = BPM-Studio 4 Demo
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A6C8CD51-1AE4-474D-BA2D-125CDBEADD03}" = MEDION GoPal Assistant
"{A707240D-18D3-07F4-AE2E-6AE76C220192}" = CCC Help Japanese
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A86DDB5D-FB15-4C7E-8838-849493A45DF8}_is1" = Catan 1.0
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic
"{AEB61F7A-4BBA-4292-A096-7893E09034A4}" = Steuer-Spar-Erklärung 2013
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B128179D-A5E1-43AC-9422-12A109ECD2A0}" = Nero Video Help (CHM)
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent
"{B95AC87D-630B-603F-3F12-AA22B3BBA69C}" = CCC Help Chinese Traditional
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
"{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB1C554C-5343-9A69-1B8C-666AF192CA19}" = CCC Help Russian
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.165
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F32D24DD-D787-10F9-D21E-BC3FAB3064CB}" = Catalyst Control Center Graphics Previews Common
"{F8D90583-7BB5-75A9-B23F-A353AD4674BC}" = CCC Help Thai
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Android SDK Tools" = Android SDK Tools
"Autodesk Content Service" = Autodesk Content Service
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"Autodesk Vault Basic 2013 (Client)" = Autodesk Vault Basic 2013 (Client)
"avast" = avast! Free Antivirus
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVBViewer TERRATEC Edition_is1" = DVBViewer TERRATEC Edition
"ElsterFormular" = ElsterFormular
"EPSON Scanner" = EPSON Scan
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Flashtool" = Flashtool
"Glary Utilities_is1" = Glary Utilities 2.56.0.1822
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mein Gutscheincode" = Mein Gutscheincode
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RocketDock_is1" = RocketDock 1.3.5
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 8" = TeamViewer 8
"Tubesaver@istqt.co" = TubeSaver
"Wubi" = Linux Mint
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4169407878-62748205-3410115502-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.03.2013 08:30:12 | Computer Name = XXXXXXXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 11.03.2013 08:30:13 | Computer Name = XXXXXXXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9812
 
Error - 11.03.2013 08:30:13 | Computer Name = XXXXXXXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9812
 
Error - 11.03.2013 09:45:25 | Computer Name = XXXXXXXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.03.2013 16:05:45 | Computer Name = XXXXXXXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.03.2013 03:39:10 | Computer Name = XXXXXXXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.03.2013 10:26:01 | Computer Name = XXXXXXXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.03.2013 05:04:57 | Computer Name = XXXXXXXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.03.2013 08:26:42 | Computer Name = XXXXXXXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.03.2013 15:19:06 | Computer Name = XXXXXXXX-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 10.07.2013 14:22:11 | Computer Name = XXXXXXXX-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 System Store erreicht.
 
Error - 10.07.2013 14:22:11 | Computer Name = XXXXXXXX-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "System Store" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
Error - 10.07.2013 14:22:40 | Computer Name = XXXXXXXX-PC| Source = DCOM | ID = 10016
Description = 
 
Error - 11.07.2013 03:00:30 | Computer Name = XXXXXXXX-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 11.07.2013 03:00:30 | Computer Name = XXXXXXXX-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 11.07.2013 03:00:33 | Computer Name = XXXXXXXX-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 11.07.2013 03:00:33 | Computer Name = XXXXXXXX-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 11.07.2013 03:01:06 | Computer Name = XXXXXXXX-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 System Store erreicht.
 
Error - 11.07.2013 03:01:06 | Computer Name = XXXXXXXX-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "System Store" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
Error - 11.07.2013 03:01:35 | Computer Name = XXXXXXXX-PC| Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
das komische ist, das was ROT ist, kann gar nicht sein, da wir nicht da waren und der Rechner aus.

Wer kann mir helfen und sagen was bei mir falsch läuft?????

Ich Bedanke mich jetzt schon mal für die Hilfe!!

Alt 11.07.2013, 16:52   #2
schrauber
/// the machine
/// TB-Ausbilder
 

mail delivery failed: returning message to sender im gmx account - Standard

mail delivery failed: returning message to sender im gmx account



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 11.07.2013, 18:17   #3
Hilli82
 
mail delivery failed: returning message to sender im gmx account - Standard

mail delivery failed: returning message to sender im gmx account



Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.11.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Hilli :: XXXXXXXX-PC [limitiert]

11.07.2013 17:21:17
MBAM-log-2013-07-11 (18-54-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 515576
Laufzeit: 1 Stunde(n), 32 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 8
C:\Program Files (x86)\Autodesk\Autodesk Design Review 2013\xf-adsk2013_x64.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Autodesk\Autodesk Design Review 2013\xf-invpro2013_x64.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Microsoft Office\bie_o10install64.exe (Hacktool.Keygen.KMS) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Microsoft Office\Office14\bie_o10install64.exe (Hacktool.Keygen.KMS) -> Keine Aktion durchgeführt.
E:\Bootable.USB.New\Bootable.USB.New\OPTION - 2 for XP and Vista\MULTI_CONTENT\wintools\othertools\ProduKey.exe (PUP.PSWTool.ProductKey) -> Keine Aktion durchgeführt.
K:\Neuer Ordner (2)\Autodesk.Inventor.Pro.2013.WIN64.German-XFORCE\Keygen+Serial\Autodesk 2013 Keygen.rar (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
K:\Neuer Ordner (2)\Autodesk.Inventor.Pro.2013.WIN64.German-XFORCE\Keygen+Serial\xf-invpro2013_x32.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
K:\Neuer Ordner (2)\Autodesk.Inventor.Pro.2013.WIN64.German-XFORCE\Keygen+Serial\xf-invpro2013_x64.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.

(Ende)
         

Farbar Recovery Scan Tool (x64) Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2013
Ran by Hilli at 2013-07-11 18:51:49
Running from C:\Users\Hilli\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
AAVUpdateManager (x32 Version: 18.00.0000)
Adobe Acrobat XI Pro (x32 Version: 11.0.00)
Adobe AIR (x32 Version: 3.7.0.1860)
Adobe Download Assistant (x32 Version: 1.2.6)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
AMD Accelerated Video Transcoding (Version: 12.5.100.20704)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0704.122.388)
AMD Media Foundation Decoders (Version: 1.0.70704.0230)
AMD VISION Engine Control Center (x32 Version: 2012.0704.122.388)
Android SDK Tools (x32 Version: 1.16)
ANNO 2070 (x32 Version: 1.0.0.0)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
AutoCAD MEP 2013 - Deutsch (German) (Version: 7.0.50.0)
AutoCAD MEP 2013 Language Pack - Deutsch (Version: 7.0.50.0)
Autodesk Content Service (x32 Version: 3.0.84.0)
Autodesk Content Service Language Pack (x32 Version: 3.0.84.0)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82)
Autodesk Inventor Content Center Libraries 2013 (Desktop Content) (Version: 17.0.13800.0000)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206)
Autodesk Inventor Fusion for Inventor 2013 Add-in (Version: 1.0.0.111)
Autodesk Inventor Professional 2013 (Version: 17.0.13800.0000)
Autodesk Inventor Professional 2013 Deutsch (German) (Version: 17.0.13800.0000)
Autodesk Inventor Professional 2013 Language Pack - Deutsch (German) (Version: 17.0.13800.0000)
Autodesk Material Library 2013 (x32 Version: 3.0.13)
Autodesk Material Library Base Resolution Image Library 2013 (x32 Version: 3.0.13)
Autodesk Material Library Low Resolution Image Library 2013 (x32 Version: 3.0.13)
Autodesk Sync (Version: 3.5.24.0)
Autodesk Vault Basic 2013 (Client) (Version: 17.0.61.0)
Autodesk Vault Basic 2013 (Client) (x32 Version: 17.0.61.0)
Autodesk Vault Basic 2013 (Client) German Language Pack (Version: 17.0.61.0)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Bonjour (Version: 3.0.0.10)
BPM-Studio 4 Demo (x32 Version: 4.9.91)
BricsCAD 13.1 (x32 Version: 13.1.22)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0704.122.388)
Catalyst Control Center InstallProxy (x32 Version: 2012.0704.122.388)
Catalyst Control Center Localization All (x32 Version: 2012.0704.122.388)
Catan 1.0 (x32 Version: 1.0)
CCC Help Chinese Standard (x32 Version: 2012.0704.0121.388)
CCC Help Chinese Traditional (x32 Version: 2012.0704.0121.388)
CCC Help Czech (x32 Version: 2012.0704.0121.388)
CCC Help Danish (x32 Version: 2012.0704.0121.388)
CCC Help Dutch (x32 Version: 2012.0704.0121.388)
CCC Help English (x32 Version: 2012.0704.0121.388)
CCC Help Finnish (x32 Version: 2012.0704.0121.388)
CCC Help French (x32 Version: 2012.0704.0121.388)
CCC Help German (x32 Version: 2012.0704.0121.388)
CCC Help Greek (x32 Version: 2012.0704.0121.388)
CCC Help Hungarian (x32 Version: 2012.0704.0121.388)
CCC Help Italian (x32 Version: 2012.0704.0121.388)
CCC Help Japanese (x32 Version: 2012.0704.0121.388)
CCC Help Korean (x32 Version: 2012.0704.0121.388)
CCC Help Norwegian (x32 Version: 2012.0704.0121.388)
CCC Help Polish (x32 Version: 2012.0704.0121.388)
CCC Help Portuguese (x32 Version: 2012.0704.0121.388)
CCC Help Russian (x32 Version: 2012.0704.0121.388)
CCC Help Spanish (x32 Version: 2012.0704.0121.388)
CCC Help Swedish (x32 Version: 2012.0704.0121.388)
CCC Help Thai (x32 Version: 2012.0704.0121.388)
CCC Help Turkish (x32 Version: 2012.0704.0121.388)
ccc-utility64 (Version: 2012.0704.122.388)
CCleaner (Version: 4.01)
Cinergy C PCI HD Driver Installation (64 Bit) (x32 Version: 1.01.02.501)
DAEMON Tools Lite (x32 Version: 4.46.1.0327)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Die Siedler 7 (x32 Version: 1.11.1371)
dows-Treiberpaket - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24) (Version: 04/10/2012 2.08.24)
Dropbox (HKCU Version: 1.6.18)
Druckerdeinstallation für EPSON SX420W Series
DVBViewer TERRATEC Edition (x32)
DWG TrueView 2013 (Version: 19.0.55.0)
Eco Materials Adviser for Autodesk Inventor 2013 (Version: 3.9.12.0)
ElsterFormular (x32 Version: 14.1.11318)
Epson Easy Photo Print 2 (x32 Version: 2.3.2.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000)
EPSON Scan (x32)
EpsonNet Print (x32 Version: 2.4j)
EpsonNet Setup 3.3 (x32 Version: 3.3a)
EVEREST Ultimate Edition v5.50 (x32 Version: 5.50)
FARO LS 1.1.406.58 (x32 Version: 4.6.58.2)
Flashtool (x32 Version: 0.9.11.0)
Glary Utilities 2.56.0.1822 (x32 Version: 2.56.0.1822)
Gtk# for .Net 2.12.10 (x32 Version: 2.12.10)
iCloud (Version: 2.1.2.8)
iTunes (Version: 11.0.4.4)
Java 7 Update 15 (64-bit) (Version: 7.0.150)
Java 7 Update 17 (x32 Version: 7.0.170)
Java Auto Updater (x32 Version: 2.1.9.0)
JDownloader 0.9 (x32 Version: 0.9)
Linux Mint (x32 Version: 14-rev266)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Media Go (x32 Version: 2.4.256)
Media Go Video Playback Engine 1.116.104.02020 (x32 Version: 1.116.104.02020)
MEDION GoPal Assistant (x32 Version: 6.2.0.12196)
Mein Gutscheincode (x32 Version: 1.27.153.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyPhoneExplorer (x32 Version: 1.8.4)
Need for Speed™ Carbon (x32)
Nero 12 (x32 Version: 12.0.02000)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0)
Nero BackItUp (x32 Version: 12.0.2001)
Nero BackItUp Help (CHM) (x32 Version: 12.0.3000)
Nero Blu-ray Player (x32 Version: 12.0.14300)
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.4000)
Nero Burning ROM (x32 Version: 12.0.20000)
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000)
Nero ControlCenter (x32 Version: 11.0.15200)
Nero ControlCenter Help (CHM) (x32 Version: 12.0.5000)
Nero Core Components (x32 Version: 11.0.18100)
Nero Disc Menus Basic (x32 Version: 12.0.11500)
Nero Effects Basic (x32 Version: 12.0.11500)
Nero Express (x32 Version: 12.0.20000)
Nero Express Help (CHM) (x32 Version: 12.0.5000)
Nero Kwik Media (x32 Version: 1.18.18200)
Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000)
Nero Kwik Themes Basic (x32 Version: 12.0.11500)
Nero PiP Effects Basic (x32 Version: 12.0.11500)
Nero Recode (x32 Version: 12.0.24000)
Nero Recode Help (CHM) (x32 Version: 12.0.4000)
Nero RescueAgent (x32 Version: 12.0.9000)
Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000)
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0)
Nero Update (x32 Version: 11.0.11800.31.0)
Nero Video (x32 Version: 12.0.3000)
Nero Video Help (CHM) (x32 Version: 12.0.4000)
neroxml (x32 Version: 1.0.0)
PlayStation(R)Store (x32 Version: 4.14.6.15183)
posterXXL.de Bestellsoftware 4.80 (x32)
Prerequisite installer (x32 Version: 12.0.0002)
RocketDock 1.3.5 (x32)
Schnell-Deinstallations-Tool für Autodesk Inventor 2013 (Version: 17.0.13800.0000)
SDFormatter (x32 Version: 3.0.0)
SmartPCFixer 4.2 (Version: 4.2)
Sony PC Companion 2.10.165 (x32 Version: 2.10.165)
SpeedFan (remove only) (x32)
Steuer-Spar-Erklärung 2013 (x32 Version: 18.04)
TeamViewer 8 (x32 Version: 8.0.16642)
TubeBox (x32 Version: 4.1.1.0)
TubeSaver (x32)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2478063) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2478063) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VBA (2627.01) (x32 Version: 6.03.00.9402)
VBA (2701.01) (x32 Version: 6.03.00.9402)
VLC media player 2.0.2 (Version: 2.0.2)
Welcome App (Start-up experience) (x32 Version: 12.0.14000)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Windows Mobile-Gerätecenter: Treiberupdate (Version: 6.1.6965.0)
Windows-Treiberpaket - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24) (Version: 04/10/2012 2.08.24)
Windows-Treiberpaket - TERRATEC  Cinergy C PCI (11/18/2010 1.01.02.501) (Version: 11/18/2010 1.01.02.501)
Windows-Treiberpaket - TERRATEC  Cinergy C/S2 PCI Infrared (05/21/2010 1.00.03.201) (Version: 05/21/2010 1.00.03.201)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
Yontoo 1.10.02 (Version: 1.10.02)

==================== Restore Points  =========================

02-07-2013 08:22:50 Windows Update
02-07-2013 09:26:34 Windows Update
03-07-2013 07:19:32 Windows Update
11-07-2013 07:37:15 Geplanter Prüfpunkt
11-07-2013 16:47:02 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-02-14 23:17 - 00000899 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       update.ross-tech.com
127.0.0.1       update.ross-tech.de


==================== Scheduled Tasks (whitelisted) =============

Task: {0688FE71-772D-4C09-B283-2C91CAB3BAB3} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {3D42A460-205D-497E-BC55-16992D12D8E3} - System32\Tasks\User_Feed_Synchronization-{4603B934-9A9F-464D-BED9-589F07EC3EA8} => C:\Windows\system32\msfeedssync.exe [2013-07-02] (Microsoft Corporation)
Task: {66326839-AC6A-47CF-BFCE-6D66CF32BA05} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {6AAFAD5C-180D-4E0F-8583-95B21F912D31} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {92D9CCB7-91B5-4DDC-B310-8AA909C4D0A4} - System32\Tasks\TubeSaver Update => C:\Program Files (x86)\TubeSaver\tbsUd.exe [2013-07-01] (istqt Soft)
Task: {9B7FDD60-1681-4FFE-82D6-BF5B29B51AE9} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)
Task: {B6D3B5AF-BAE9-47D1-BF34-4A49C3AD306C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DB3A76C3-A234-4376-9A5A-028B19CE0017} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-07-10] ()
Task: {E0BC580A-8C58-4201-A005-86D5ACB78ABD} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-07-10] ()
Task: {E5E95C3B-F1D6-4142-BA30-F27413DE4600} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\TubeSaver Update.job => C:\Program Files (x86)\TubeSaver\tbsUd.exe

==================== Faulty Device Manager Devices =============

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/11/2013 09:02:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2013 08:23:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2013 08:16:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2013 05:06:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8377

Error: (07/06/2013 05:06:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8377

Error: (07/06/2013 05:06:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/06/2013 09:36:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/05/2013 09:03:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/05/2013 11:08:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/05/2013 09:43:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/11/2013 09:01:35 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/11/2013 09:01:06 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "System Store" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/11/2013 09:01:06 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst System Store erreicht.

Error: (07/11/2013 09:00:33 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (07/11/2013 09:00:33 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (07/11/2013 09:00:30 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (07/11/2013 09:00:30 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (07/10/2013 08:22:40 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/10/2013 08:22:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "System Store" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/10/2013 08:22:11 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst System Store erreicht.


Microsoft Office Sessions:
=========================
Error: (07/11/2013 09:02:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2013 08:23:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2013 08:16:45 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2013 05:06:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8377

Error: (07/06/2013 05:06:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8377

Error: (07/06/2013 05:06:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/06/2013 09:36:07 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/05/2013 09:03:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/05/2013 11:08:50 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/05/2013 09:43:12 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 77%
Total physical RAM: 4094.49 MB
Available physical RAM: 906.66 MB
Total Pagefile: 8187.17 MB
Available Pagefile: 4320.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:141.84 GB) (Free:41.37 GB) NTFS (Disk=0 Partition=2)
Drive d: (Daten) (Fixed) (Total:113.08 GB) (Free:16.67 GB) NTFS (Disk=1 Partition=2)
Drive e: (DATEN) (Fixed) (Total:111.75 GB) (Free:49.32 GB) FAT32 (Disk=1 Partition=3)
Drive g: (ANNO2070) (CDROM) (Total:5.23 GB) (Free:0 GB) CDFS
Drive k: (Daten) (Fixed) (Total:156.25 GB) (Free:31.16 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 7B1A5705)
Partition 1: (Active) - (Size=156 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=142 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 45C15BF1)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=113 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=112 GB) - (Type=OF Extended)

==================== End Of Log ============================
         

Farbar Recovery Scan Tool (FRST.txt)


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2013
Ran by Hilli (administrator) on 11-07-2013 18:48:15
Running from C:\Users\Hilli\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
( ) C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities\memdefrag.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\Windows\system32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Windows\system32\DXPServer.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\mpas-d_bd_1.153.1309.0.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] - %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
HKCU\...\Run: [RocketDock] - "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] ()
HKCU\...\Run: [EPSON SX420W Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SE8C8.tmp" /EF "HKCU" [x] <===== ATTENTION
HKCU\...\Run: [EPSON249022 (Epson Stylus SX420W)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S141C.tmp" /EF "HKCU" [x] <===== ATTENTION
HKCU\...\Run: [Sony PC Companion] - "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background [449248 2013-05-29] (Sony)
HKCU\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3673728 2012-11-06] (DT Soft Ltd)
HKCU\...\Run: [Glary Memory Optimizer] - "C:\Program Files (x86)\Glary Utilities\memdefrag.exe" /autostart [109856 2013-05-27] (Glarysoft Ltd)
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
MountPoints2: H - H:\Startme.exe
MountPoints2: {5fe3c75f-e2e4-11e2-aa17-001bb95c54d1} - H:\Startme.exe
MountPoints2: {f0cf54a8-4da8-11e2-8680-001bb95c54d1} - G:\Autorun.exe
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [20992 2012-03-19] ()
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=hp&exp=true
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms}
HKLM-x32 SearchScopes: DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms}
HKCU SearchScopes: DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  No File
BHO-x32: Mein Gutscheincode - {11111111-1111-1111-1111-110211941181} - C:\Program Files (x86)\Mein Gutscheincode\Mein Gutscheincode-bho.dll (Mein Gutscheincode GmbH)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TubeSaver - {E7673D9C-270D-4805-B619-5556A9977909} - C:\Program Files (x86)\TubeSaver\116.dll (istqt Soft)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} -  No File
Handler-x32: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - C:\Program Files (x86)\Bricsys\BricsCAD V13\BrxProtIE.dll (BricsCad)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default
FF user.js: detected! => C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\user.js
FF Keyword.URL: hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\searchplugins\Web Search.xml
FF Extension: No Name - C:\Users\Hilli\AppData\Roaming\Mozilla\Extensions\{a79fe89b-6662-4ff4-8e88-09950ad4dfde}
FF Extension: No Name - C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\Extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com
FF Extension: gmailnoads - C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\Extensions\gmailnoads@mywebber.com.xpi
FF Extension: info - C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\Extensions\info@skymeissner.com.xpi
FF Extension: jid0-AocRXUCRsLTCYvn6bgJERnwfuqw - C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\Extensions\jid0-AocRXUCRsLTCYvn6bgJERnwfuqw@jetpack.xpi
FF Extension: No Name - C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\Extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi
FF Extension: No Name - C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF Extension: No Name - C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\Extensions\{87eab3b7-a707-4459-99ae-c2fa06cfa36b}.xpi
FF Extension: No Name - C:\Users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF HKCU\...\Firefox\Extensions: [Tubesaver@istqt.co] C:\Program Files (x86)\TubeSaver\116.xpi
FF Extension: No Name - C:\Program Files (x86)\TubeSaver\116.xpi

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 mitsijm2013; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-31] ( )
S2 SystemStoreService; C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [296448 2013-04-30] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-12-24] (DT Soft Ltd)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-08-01] (AnchorFree Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-11 18:47 - 2013-07-11 18:47 - 00000000 ____D C:\FRST
2013-07-11 18:45 - 2013-07-11 18:46 - 01778065 ____A (Farbar) C:\Users\Hilli\Downloads\FRST64.exe
2013-07-11 16:40 - 2013-07-11 16:44 - 00099168 ____A C:\Users\Hilli\Documents\OTL1.txt
2013-07-11 16:31 - 2013-07-11 16:31 - 00086988 ____A C:\Users\Hilli\Documents\Extras1.txt
2013-07-11 16:30 - 2013-07-11 16:53 - 00087258 ____A C:\Users\Hilli\Documents\Extras.Txt
2013-07-11 14:04 - 2013-07-11 14:04 - 00602112 ____A (OldTimer Tools) C:\Users\Hilli\Downloads\OTL(1).exe
2013-07-11 11:10 - 2013-07-11 14:19 - 00087118 ____A C:\Users\Hilli\Downloads\Extras.Txt
2013-07-11 11:09 - 2013-07-11 16:38 - 00099144 ____A C:\Users\Hilli\Downloads\OTL.Txt
2013-07-11 10:40 - 2013-07-11 10:41 - 00602112 ____A (OldTimer Tools) C:\Users\Hilli\Downloads\OTL.exe
2013-07-06 10:58 - 2013-07-06 10:58 - 00001817 ____A C:\Users\Hilli\Downloads\gopal_start.rar
2013-07-05 12:17 - 2013-07-05 12:17 - 00000017 ____A C:\Users\Hilli\AppData\Local\resmon.resmoncfg
2013-07-04 13:52 - 2011-08-04 20:02 - 00000000 ____D C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD
2013-07-03 08:52 - 2013-07-03 08:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 22:18 - 2013-07-02 22:18 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2013-07-02 22:18 - 2013-07-02 22:18 - 00000000 ____D C:\Users\Hilli\AppData\Local\Android
2013-07-02 22:16 - 2013-07-02 22:16 - 93479015 ____A (Google Inc.) C:\Users\Hilli\Downloads\installer_r22.0.1-windows.exe
2013-07-02 17:56 - 2013-07-02 17:57 - 18535465 ____A (Igor Pavlov) C:\Users\Hilli\Downloads\autobinaryea.exe.part
2013-07-02 17:56 - 2013-07-02 17:56 - 00000000 ____A C:\Users\Hilli\Downloads\autobinaryea.exe
2013-07-02 13:35 - 2013-07-02 13:35 - 49778232 ____A C:\Users\Hilli\Downloads\Update_Service_Setup-2.13.7.201306141231.exe
2013-07-02 12:57 - 2013-07-02 12:57 - 00101173 ____A C:\Users\Hilli\Desktop\Xperia_Relock_bootloader.ftf
2013-07-02 12:25 - 2013-07-02 23:24 - 00000000 ____D C:\Users\Hilli\.android
2013-07-02 12:25 - 2013-07-02 12:25 - 00000000 ____D C:\Users\Hilli\.swt
2013-07-02 12:24 - 2013-07-02 12:24 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-07-02 12:22 - 2013-07-02 13:36 - 00000000 ____D C:\Flashtool
2013-07-02 12:21 - 2013-07-02 12:22 - 02112921 ____A (Androxyde) C:\Users\Hilli\Downloads\flashtool-0.9.11.0-windows(1).exe.part
2013-07-02 11:57 - 2013-07-02 11:57 - 01031879 ____A C:\Users\Hilli\Documents\Backup Xperia ARC_ 2013-07-02.mpb
2013-07-02 11:48 - 2013-07-03 08:46 - 00023074 ____A C:\Windows\PFRO.log
2013-07-02 11:35 - 2013-07-03 20:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-02 11:35 - 2013-07-03 20:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-02 11:29 - 2013-07-02 11:29 - 19233792 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 15404544 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-02 11:29 - 2013-07-02 11:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-02 11:29 - 2013-07-02 11:29 - 02648064 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 01509376 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-02 11:29 - 2013-07-02 11:29 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-02 11:29 - 2013-07-02 11:29 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-02 11:29 - 2013-07-02 11:29 - 01400416 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-02 11:29 - 2013-07-02 11:29 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 01054720 ____A (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00905728 ____A (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00762368 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00599552 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00452096 ____A (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00441856 ____A (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-02 11:29 - 2013-07-02 11:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-02 11:29 - 2013-07-02 11:29 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00281600 ____A (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00270848 ____A (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00247296 ____A (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00235008 ____A (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00226304 ____A (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00216064 ____A (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00197120 ____A (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00173568 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00167424 ____A (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00149504 ____A (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00144896 ____A (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00136192 ____A (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00135680 ____A (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00102912 ____A (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00097280 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00092160 ____A (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00081408 ____A (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00077312 ____A (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-02 11:29 - 2013-07-02 11:29 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00062976 ____A (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-02 11:29 - 2013-07-02 11:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00053760 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00051200 ____A (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00048640 ____A (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00027648 ____A (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00013824 ____A (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-02 11:27 - 2013-07-02 11:35 - 00009508 ____A C:\Windows\IE10_main.log
2013-07-02 11:27 - 2012-08-23 16:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-07-02 11:27 - 2012-08-23 16:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-07-02 11:27 - 2012-08-23 16:08 - 00030208 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2013-07-02 11:27 - 2012-08-23 16:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-07-02 11:27 - 2012-08-23 15:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-07-02 11:27 - 2012-08-23 15:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-07-02 11:27 - 2012-08-23 15:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-07-02 11:27 - 2012-08-23 15:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-07-02 11:27 - 2012-08-23 15:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-07-02 11:27 - 2012-08-23 15:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-07-02 11:27 - 2012-08-23 15:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-07-02 11:27 - 2012-08-23 15:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-07-02 11:27 - 2012-08-23 15:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-07-02 11:27 - 2012-08-23 14:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-07-02 11:27 - 2012-08-23 13:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-07-02 11:27 - 2012-08-23 13:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-07-02 11:27 - 2012-08-23 13:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-07-02 11:27 - 2012-08-23 13:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-07-02 11:27 - 2012-08-23 12:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-07-02 11:27 - 2012-08-23 12:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-07-02 11:27 - 2012-08-23 12:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-07-02 11:27 - 2012-08-23 12:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-07-02 11:27 - 2012-08-23 11:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-07-02 11:27 - 2012-08-23 10:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-07-02 11:27 - 2012-08-23 10:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-07-02 11:26 - 2012-08-24 20:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-07-02 11:26 - 2012-08-24 20:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-07-02 11:26 - 2012-08-24 20:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-07-02 11:26 - 2012-08-24 20:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-07-02 11:26 - 2012-08-24 18:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-07-02 11:26 - 2012-08-24 18:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-07-02 11:26 - 2012-08-24 18:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-07-02 11:26 - 2012-05-04 13:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-07-02 11:26 - 2012-05-04 11:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-07-02 11:14 - 2013-07-11 11:04 - 00000372 ____A C:\Windows\Tasks\TubeSaver Update.job
2013-07-02 11:14 - 2013-07-02 12:07 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\MyPhoneExplorer
2013-07-02 11:14 - 2013-07-02 11:15 - 00000000 ____D C:\Program Files (x86)\Mein Gutscheincode
2013-07-02 11:14 - 2013-07-02 11:14 - 00003020 ____A C:\Windows\System32\Tasks\TubeSaver Update
2013-07-02 11:14 - 2013-07-02 11:14 - 00002057 ____A C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-07-02 11:14 - 2013-07-02 11:14 - 00000000 ____D C:\Program Files (x86)\TubeSaver
2013-07-02 11:14 - 2013-07-02 11:14 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2013-07-02 11:13 - 2013-07-02 11:13 - 06680720 ____A C:\Users\Hilli\Downloads\MyPhoneExplorer_Setup_1.8.4.exe
2013-07-02 10:54 - 2013-07-02 10:54 - 00000548 ____A C:\Users\Hilli\Downloads\Ortsliste.kml
2013-07-02 10:17 - 2013-07-02 10:18 - 00000000 ____D C:\Users\Hilli\Desktop\files
2013-07-02 10:17 - 2013-07-02 10:17 - 01879931 ____A C:\Users\Hilli\Downloads\DooMLoRD_v4_ROOT-zergRush-busybox-su.zip
2013-07-02 10:17 - 2013-07-02 10:17 - 01879371 ____A C:\Users\Hilli\Downloads\DooMLoRD_v3_ROOT-zergRush-busybox-su.zip
2013-07-02 10:17 - 2011-11-10 13:15 - 00003122 ____A C:\Users\Hilli\Downloads\runme.bat
2013-07-02 10:17 - 2011-11-10 12:54 - 00000000 ____D C:\Users\Hilli\Downloads\files
2013-07-02 10:16 - 2013-07-02 10:16 - 01879163 ____A C:\Users\Hilli\Downloads\DooMLoRD_v2_ROOT-zergRush-busybox-su.zip
2013-07-02 10:16 - 2013-07-02 10:16 - 01854174 ____A C:\Users\Hilli\Downloads\DooMLoRD_v1_ROOT-zergRush-busybox-su.zip
2013-07-01 02:18 - 2013-07-01 02:18 - 00000000 ____D C:\Users\Hilli\Desktop\Vergiss mich nicht
2013-07-01 02:16 - 2013-07-01 02:17 - 49250464 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part11.rar
2013-07-01 01:30 - 2013-07-01 01:33 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part10.rar
2013-07-01 01:06 - 2013-07-01 01:09 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part09.rar
2013-07-01 00:44 - 2013-07-01 00:47 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part08.rar
2013-07-01 00:22 - 2013-07-01 00:25 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part07.rar
2013-06-30 23:41 - 2013-06-30 23:49 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part06.rar
2013-06-30 22:46 - 2013-06-30 22:54 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part05.rar
2013-06-30 22:00 - 2013-06-30 22:08 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part04.rar
2013-06-30 21:14 - 2013-06-30 21:22 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part03.rar
2013-06-30 20:34 - 2013-06-30 20:42 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part02.rar
2013-06-30 19:31 - 2013-06-30 19:39 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part01.rar
2013-06-27 22:21 - 2013-06-27 22:21 - 00000175 ____A C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-06-26 23:56 - 2013-06-27 22:21 - 00000175 ____A C:\Windows\system32\Drivers\aswSP.sys.sum
2013-06-26 23:56 - 2013-06-27 22:21 - 00000175 ____A C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-06-25 19:12 - 2013-07-02 10:44 - 00000000 ____D C:\Users\Hilli\AppData\Local\Sony
2013-06-25 19:12 - 2013-06-25 19:12 - 00001885 ____A C:\Users\Public\Desktop\Media Go.lnk
2013-06-25 19:12 - 2013-06-25 19:12 - 00000000 ____D C:\Users\Hilli\Podcasts
2013-06-25 19:12 - 2013-06-25 19:12 - 00000000 ____D C:\Users\Hilli\Documents\Media Go
2013-06-25 19:12 - 2013-06-25 19:12 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-06-25 19:11 - 2013-06-25 19:12 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\Sony
2013-06-25 19:11 - 2013-06-25 19:11 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2013-06-25 17:38 - 2013-06-25 17:49 - 00000000 ____D C:\Users\Hilli\Desktop\Stina
2013-06-25 12:09 - 2013-06-25 12:32 - 00000000 ____D C:\Users\Hilli\Downloads\25.06.13
2013-06-25 11:10 - 2013-06-25 11:11 - 118250410 ____A (Androxyde) C:\Users\Hilli\Downloads\flashtool-0.9.11.0-windows.exe
2013-06-24 23:25 - 2013-06-24 23:25 - 00610321 ____A C:\Users\Hilli\Downloads\36.rar
2013-06-24 22:19 - 2013-06-24 22:20 - 11288912 ____A C:\Users\Hilli\Downloads\Joe720NSane.part04.rar.part
2013-06-24 22:19 - 2013-06-24 22:20 - 00953872 ____A C:\Users\Hilli\Downloads\Joe720NSane.part01.rar.part
2013-06-24 21:12 - 2013-06-24 21:33 - 00000000 ____D C:\Users\Hilli\Desktop\poiw-data
2013-06-24 13:44 - 2013-07-02 11:31 - 00160082 ____A C:\Windows\DPINST.LOG
2013-06-24 13:44 - 2013-07-02 11:30 - 00002098 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-06-22 10:57 - 2013-06-22 10:57 - 00002086 ____A C:\Users\Public\Desktop\SDFormatter.lnk
2013-06-22 10:57 - 2013-06-22 10:57 - 00000000 ____D C:\Program Files (x86)\SDA
2013-06-22 10:56 - 2013-06-25 19:11 - 00000000 ____D C:\Users\Hilli\AppData\Local\Downloaded Installations
2013-06-17 13:23 - 2013-06-17 13:23 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-17 13:22 - 2013-06-17 13:23 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-17 13:22 - 2013-06-17 13:23 - 00000000 ____D C:\Program Files\iTunes
2013-06-17 13:22 - 2013-06-17 13:23 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-17 13:22 - 2013-06-17 13:22 - 00000000 ____D C:\Program Files\iPod
2013-06-15 01:28 - 2013-06-15 01:28 - 00000000 ____D C:\Users\Hilli\Documents\Dokumentation für Hillis Gerät 2
2013-06-15 00:24 - 2013-06-24 21:10 - 00000000 ____D C:\Users\Hilli\Desktop\GoPal_5.5
2013-06-14 22:57 - 2013-06-14 22:57 - 00000910 ____A C:\Users\Hilli\Desktop\Windows Mobile-Gerätecenter.lnk
2013-06-14 22:57 - 2013-06-14 22:57 - 00000000 ____D C:\Users\Hilli\Documents\Dokumentation für Hillis Gerät
2013-06-12 21:00 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-12 21:00 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 21:00 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 21:00 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 21:00 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 20:59 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 20:59 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 20:59 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 20:59 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 20:59 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 20:59 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 20:59 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 20:59 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 20:59 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 20:59 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 20:59 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 20:59 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 20:59 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-12 20:59 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-11 18:49 - 2012-10-05 15:47 - 01146843 ____A C:\Windows\WindowsUpdate.log
2013-07-11 18:47 - 2013-07-11 18:47 - 00000000 ____D C:\FRST
2013-07-11 18:46 - 2013-07-11 18:45 - 01778065 ____A (Farbar) C:\Users\Hilli\Downloads\FRST64.exe
2013-07-11 18:37 - 2012-10-05 15:54 - 00003930 ____A C:\Windows\System32\Tasks\User_Feed_Synchronization-{4603B934-9A9F-464D-BED9-589F07EC3EA8}
2013-07-11 18:15 - 2013-05-05 00:00 - 00026677 ____A C:\Windows\setupact.log
2013-07-11 18:05 - 2012-12-23 01:00 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-11 16:53 - 2013-07-11 16:30 - 00087258 ____A C:\Users\Hilli\Documents\Extras.Txt
2013-07-11 16:44 - 2013-07-11 16:40 - 00099168 ____A C:\Users\Hilli\Documents\OTL1.txt
2013-07-11 16:38 - 2013-07-11 11:09 - 00099144 ____A C:\Users\Hilli\Downloads\OTL.Txt
2013-07-11 16:31 - 2013-07-11 16:31 - 00086988 ____A C:\Users\Hilli\Documents\Extras1.txt
2013-07-11 14:19 - 2013-07-11 11:10 - 00087118 ____A C:\Users\Hilli\Downloads\Extras.Txt
2013-07-11 14:04 - 2013-07-11 14:04 - 00602112 ____A (OldTimer Tools) C:\Users\Hilli\Downloads\OTL(1).exe
2013-07-11 12:01 - 2011-04-12 09:43 - 00700168 ____A C:\Windows\system32\perfh007.dat
2013-07-11 12:01 - 2011-04-12 09:43 - 00148964 ____A C:\Windows\system32\perfc007.dat
2013-07-11 12:01 - 2009-07-14 07:13 - 01621308 ____A C:\Windows\system32\PerfStringBackup.INI
2013-07-11 11:04 - 2013-07-02 11:14 - 00000372 ____A C:\Windows\Tasks\TubeSaver Update.job
2013-07-11 10:50 - 2012-12-30 15:19 - 00000000 ____D C:\Users\Hilli\Documents\Outlook-Dateien
2013-07-11 10:44 - 2009-07-14 06:45 - 00021680 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-11 10:44 - 2009-07-14 06:45 - 00021680 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-11 10:41 - 2013-07-11 10:40 - 00602112 ____A (OldTimer Tools) C:\Users\Hilli\Downloads\OTL.exe
2013-07-11 09:04 - 2012-12-11 22:15 - 00004082 ____A C:\Windows\System32\Tasks\Software Updater Ui
2013-07-11 09:04 - 2012-12-10 22:14 - 00004130 ____A C:\Windows\System32\Tasks\Software Updater
2013-07-11 09:00 - 2013-06-02 11:56 - 00000326 ____A C:\Windows\Tasks\GlaryInitialize.job
2013-07-11 09:00 - 2012-10-05 22:06 - 00004182 ____A C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-11 09:00 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-06 10:58 - 2013-07-06 10:58 - 00001817 ____A C:\Users\Hilli\Downloads\gopal_start.rar
2013-07-05 12:17 - 2013-07-05 12:17 - 00000017 ____A C:\Users\Hilli\AppData\Local\resmon.resmoncfg
2013-07-04 15:33 - 2012-10-05 16:39 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\Nero
2013-07-04 14:05 - 2012-10-07 16:03 - 00000000 ____D C:\Users\Hilli\Documents\NeroVideo
2013-07-04 13:55 - 2012-10-07 16:03 - 00000000 ____D C:\Users\Hilli\AppData\Local\Nero
2013-07-04 09:16 - 2012-10-05 16:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 20:37 - 2013-07-02 11:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-03 20:37 - 2013-07-02 11:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-03 08:52 - 2013-07-03 08:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 08:46 - 2013-07-02 11:48 - 00023074 ____A C:\Windows\PFRO.log
2013-07-02 23:24 - 2013-07-02 12:25 - 00000000 ____D C:\Users\Hilli\.android
2013-07-02 22:18 - 2013-07-02 22:18 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2013-07-02 22:18 - 2013-07-02 22:18 - 00000000 ____D C:\Users\Hilli\AppData\Local\Android
2013-07-02 22:16 - 2013-07-02 22:16 - 93479015 ____A (Google Inc.) C:\Users\Hilli\Downloads\installer_r22.0.1-windows.exe
2013-07-02 18:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-02 17:57 - 2013-07-02 17:56 - 18535465 ____A (Igor Pavlov) C:\Users\Hilli\Downloads\autobinaryea.exe.part
2013-07-02 17:56 - 2013-07-02 17:56 - 00000000 ____A C:\Users\Hilli\Downloads\autobinaryea.exe
2013-07-02 13:36 - 2013-07-02 12:22 - 00000000 ____D C:\Flashtool
2013-07-02 13:35 - 2013-07-02 13:35 - 49778232 ____A C:\Users\Hilli\Downloads\Update_Service_Setup-2.13.7.201306141231.exe
2013-07-02 12:57 - 2013-07-02 12:57 - 00101173 ____A C:\Users\Hilli\Desktop\Xperia_Relock_bootloader.ftf
2013-07-02 12:25 - 2013-07-02 12:25 - 00000000 ____D C:\Users\Hilli\.swt
2013-07-02 12:25 - 2012-10-05 15:51 - 00000000 ____D C:\Users\Hilli
2013-07-02 12:24 - 2013-07-02 12:24 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2013-07-02 12:22 - 2013-07-02 12:21 - 02112921 ____A (Androxyde) C:\Users\Hilli\Downloads\flashtool-0.9.11.0-windows(1).exe.part
2013-07-02 12:07 - 2013-07-02 11:14 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\MyPhoneExplorer
2013-07-02 11:57 - 2013-07-02 11:57 - 01031879 ____A C:\Users\Hilli\Documents\Backup Xperia ARC_ 2013-07-02.mpb
2013-07-02 11:50 - 2012-10-05 15:51 - 00001409 ____A C:\Users\Hilli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-02 11:49 - 2012-10-05 16:43 - 00000000 ____D C:\Windows\Panther
2013-07-02 11:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-02 11:35 - 2013-07-02 11:27 - 00009508 ____A C:\Windows\IE10_main.log
2013-07-02 11:31 - 2013-06-24 13:44 - 00160082 ____A C:\Windows\DPINST.LOG
2013-07-02 11:30 - 2013-06-24 13:44 - 00002098 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-07-02 11:30 - 2012-10-08 11:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-02 11:29 - 2013-07-02 11:29 - 19233792 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 15404544 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-02 11:29 - 2013-07-02 11:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-02 11:29 - 2013-07-02 11:29 - 02648064 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 01509376 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-02 11:29 - 2013-07-02 11:29 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-02 11:29 - 2013-07-02 11:29 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-02 11:29 - 2013-07-02 11:29 - 01400416 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-02 11:29 - 2013-07-02 11:29 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 01054720 ____A (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00905728 ____A (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00762368 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00599552 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00452096 ____A (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00441856 ____A (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-02 11:29 - 2013-07-02 11:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-02 11:29 - 2013-07-02 11:29 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00281600 ____A (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00270848 ____A (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00247296 ____A (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00235008 ____A (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00226304 ____A (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00216064 ____A (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00197120 ____A (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00173568 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00167424 ____A (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00149504 ____A (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00144896 ____A (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00136192 ____A (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00135680 ____A (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00102912 ____A (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00097280 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00092160 ____A (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00081408 ____A (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00077312 ____A (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-02 11:29 - 2013-07-02 11:29 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00062976 ____A (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-02 11:29 - 2013-07-02 11:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00053760 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00051200 ____A (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00048640 ____A (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00027648 ____A (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-02 11:29 - 2013-07-02 11:29 - 00013824 ____A (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-02 11:29 - 2013-07-02 11:29 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-02 11:15 - 2013-07-02 11:14 - 00000000 ____D C:\Program Files (x86)\Mein Gutscheincode
2013-07-02 11:14 - 2013-07-02 11:14 - 00003020 ____A C:\Windows\System32\Tasks\TubeSaver Update
2013-07-02 11:14 - 2013-07-02 11:14 - 00002057 ____A C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-07-02 11:14 - 2013-07-02 11:14 - 00000000 ____D C:\Program Files (x86)\TubeSaver
2013-07-02 11:14 - 2013-07-02 11:14 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2013-07-02 11:13 - 2013-07-02 11:13 - 06680720 ____A C:\Users\Hilli\Downloads\MyPhoneExplorer_Setup_1.8.4.exe
2013-07-02 10:54 - 2013-07-02 10:54 - 00000548 ____A C:\Users\Hilli\Downloads\Ortsliste.kml
2013-07-02 10:50 - 2012-10-15 16:08 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\vlc
2013-07-02 10:44 - 2013-06-25 19:12 - 00000000 ____D C:\Users\Hilli\AppData\Local\Sony
2013-07-02 10:18 - 2013-07-02 10:17 - 00000000 ____D C:\Users\Hilli\Desktop\files
2013-07-02 10:17 - 2013-07-02 10:17 - 01879931 ____A C:\Users\Hilli\Downloads\DooMLoRD_v4_ROOT-zergRush-busybox-su.zip
2013-07-02 10:17 - 2013-07-02 10:17 - 01879371 ____A C:\Users\Hilli\Downloads\DooMLoRD_v3_ROOT-zergRush-busybox-su.zip
2013-07-02 10:16 - 2013-07-02 10:16 - 01879163 ____A C:\Users\Hilli\Downloads\DooMLoRD_v2_ROOT-zergRush-busybox-su.zip
2013-07-02 10:16 - 2013-07-02 10:16 - 01854174 ____A C:\Users\Hilli\Downloads\DooMLoRD_v1_ROOT-zergRush-busybox-su.zip
2013-07-01 02:18 - 2013-07-01 02:18 - 00000000 ____D C:\Users\Hilli\Desktop\Vergiss mich nicht
2013-07-01 02:17 - 2013-07-01 02:16 - 49250464 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part11.rar
2013-07-01 01:33 - 2013-07-01 01:30 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part10.rar
2013-07-01 01:09 - 2013-07-01 01:06 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part09.rar
2013-07-01 00:47 - 2013-07-01 00:44 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part08.rar
2013-07-01 00:25 - 2013-07-01 00:22 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part07.rar
2013-06-30 23:49 - 2013-06-30 23:41 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part06.rar
2013-06-30 22:54 - 2013-06-30 22:46 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part05.rar
2013-06-30 22:08 - 2013-06-30 22:00 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part04.rar
2013-06-30 21:22 - 2013-06-30 21:14 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part03.rar
2013-06-30 20:42 - 2013-06-30 20:34 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part02.rar
2013-06-30 19:39 - 2013-06-30 19:31 - 99614720 ____A C:\Users\Hilli\Downloads\Nox.to-Vergissmichnicht.German.2010.AC3.DVDRiP.XviD.part01.rar
2013-06-27 22:21 - 2013-06-27 22:21 - 00000175 ____A C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-06-27 22:21 - 2013-06-26 23:56 - 00000175 ____A C:\Windows\system32\Drivers\aswSP.sys.sum
2013-06-27 22:21 - 2013-06-26 23:56 - 00000175 ____A C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-06-27 22:21 - 2013-03-18 14:23 - 00189936 ____A C:\Windows\system32\Drivers\aswVmm.sys
2013-06-27 22:21 - 2012-10-05 22:06 - 01030952 ____A (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-06-27 22:21 - 2012-10-05 22:06 - 00378944 ____A (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-06-25 19:12 - 2013-06-25 19:12 - 00001885 ____A C:\Users\Public\Desktop\Media Go.lnk
2013-06-25 19:12 - 2013-06-25 19:12 - 00000000 ____D C:\Users\Hilli\Podcasts
2013-06-25 19:12 - 2013-06-25 19:12 - 00000000 ____D C:\Users\Hilli\Documents\Media Go
2013-06-25 19:12 - 2013-06-25 19:12 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-06-25 19:12 - 2013-06-25 19:11 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\Sony
2013-06-25 19:12 - 2012-11-06 23:36 - 00000000 ____D C:\Program Files (x86)\Sony
2013-06-25 19:11 - 2013-06-25 19:11 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2013-06-25 19:11 - 2013-06-22 10:56 - 00000000 ____D C:\Users\Hilli\AppData\Local\Downloaded Installations
2013-06-25 17:49 - 2013-06-25 17:38 - 00000000 ____D C:\Users\Hilli\Desktop\Stina
2013-06-25 12:32 - 2013-06-25 12:09 - 00000000 ____D C:\Users\Hilli\Downloads\25.06.13
2013-06-25 11:11 - 2013-06-25 11:10 - 118250410 ____A (Androxyde) C:\Users\Hilli\Downloads\flashtool-0.9.11.0-windows.exe
2013-06-24 23:25 - 2013-06-24 23:25 - 00610321 ____A C:\Users\Hilli\Downloads\36.rar
2013-06-24 22:20 - 2013-06-24 22:19 - 11288912 ____A C:\Users\Hilli\Downloads\Joe720NSane.part04.rar.part
2013-06-24 22:20 - 2013-06-24 22:19 - 00953872 ____A C:\Users\Hilli\Downloads\Joe720NSane.part01.rar.part
2013-06-24 21:33 - 2013-06-24 21:12 - 00000000 ____D C:\Users\Hilli\Desktop\poiw-data
2013-06-24 21:10 - 2013-06-15 00:24 - 00000000 ____D C:\Users\Hilli\Desktop\GoPal_5.5
2013-06-24 15:07 - 2013-03-16 19:39 - 00000000 ____D C:\Users\Hilli\Downloads\Die.Siedler.7.Gold.Edition.MULTi.CloneDVD
2013-06-24 09:42 - 2012-11-22 22:52 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
2013-06-24 09:38 - 2012-11-22 22:52 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-06-23 20:51 - 2012-10-08 14:51 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-06-22 10:57 - 2013-06-22 10:57 - 00002086 ____A C:\Users\Public\Desktop\SDFormatter.lnk
2013-06-22 10:57 - 2013-06-22 10:57 - 00000000 ____D C:\Program Files (x86)\SDA
2013-06-17 20:05 - 2012-10-05 22:03 - 00000000 ____D C:\Users\Hilli\AppData\Roaming\Apple Computer
2013-06-17 13:23 - 2013-06-17 13:23 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-17 13:23 - 2013-06-17 13:22 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-17 13:23 - 2013-06-17 13:22 - 00000000 ____D C:\Program Files\iTunes
2013-06-17 13:23 - 2013-06-17 13:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-17 13:22 - 2013-06-17 13:22 - 00000000 ____D C:\Program Files\iPod
2013-06-17 13:22 - 2012-10-05 22:03 - 00000000 ____D C:\ProgramData\Apple Computer
2013-06-17 13:20 - 2012-10-05 22:02 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-15 01:28 - 2013-06-15 01:28 - 00000000 ____D C:\Users\Hilli\Documents\Dokumentation für Hillis Gerät 2
2013-06-14 22:57 - 2013-06-14 22:57 - 00000910 ____A C:\Users\Hilli\Desktop\Windows Mobile-Gerätecenter.lnk
2013-06-14 22:57 - 2013-06-14 22:57 - 00000000 ____D C:\Users\Hilli\Documents\Dokumentation für Hillis Gerät
2013-06-14 20:31 - 2012-10-05 22:06 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-06-12 21:48 - 2012-10-05 23:21 - 75825640 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-06-12 21:48 - 2012-10-05 16:36 - 01598202 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-11 22:05 - 2012-12-23 01:00 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-06-11 22:05 - 2012-10-05 15:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 22:05 - 2012-10-05 15:59 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 21:57 - 2013-05-21 21:56 - 00000000 ____D C:\Users\Hilli\Desktop\Navi

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-04 22:37

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Kannst du damit was anfangen???

Also ich habe aufjedenfall was drauf....das sehe ich ja bei Maleware.

Was kann ich nun tun??
__________________

Alt 11.07.2013, 19:27   #4
schrauber
/// the machine
/// TB-Ausbilder
 

mail delivery failed: returning message to sender im gmx account - Standard

mail delivery failed: returning message to sender im gmx account



Jop, wir haben Arbeit
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.07.2013, 21:00   #5
Hilli82
 
mail delivery failed: returning message to sender im gmx account - Standard

mail delivery failed: returning message to sender im gmx account



ComboFix

Code:
ATTFilter
ComboFix 13-07-11.03 - Hilli 11.07.2013  21:29:11.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4094.1923 [GMT 2:00]
ausgeführt von:: c:\users\Hilli\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\TubeSaver\120.dll
c:\users\Hilli\4.0
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe
E:\setup.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-11 bis 2013-07-11  ))))))))))))))))))))))))))))))
.
.
2013-07-11 19:39 . 2013-07-11 19:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-11 16:48 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{34CE258F-5430-4BC9-8D90-ACD0F5829482}\mpengine.dll
2013-07-11 16:47 . 2013-07-11 16:47	--------	d-----w-	C:\FRST
2013-07-02 20:18 . 2013-07-02 20:18	--------	d-----w-	c:\users\Hilli\AppData\Local\Android
2013-07-02 10:25 . 2013-07-02 21:24	--------	d-----w-	c:\users\Hilli\.android
2013-07-02 10:25 . 2013-07-02 10:25	--------	d-----w-	c:\users\Hilli\.swt
2013-07-02 10:22 . 2013-07-02 11:36	--------	d-----w-	C:\Flashtool
2013-07-02 09:35 . 2013-07-03 18:37	--------	d-----w-	c:\program files\Microsoft Silverlight
2013-07-02 09:35 . 2013-07-03 18:37	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2013-07-02 09:27 . 2012-08-23 15:09	3584	----a-w-	c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2013-07-02 09:26 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2013-07-02 09:26 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2013-07-02 09:26 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2013-07-02 09:26 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2013-07-02 09:26 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-07-02 09:26 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2013-07-02 09:26 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2013-07-02 09:26 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2013-07-02 09:26 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2013-07-02 09:14 . 2013-07-02 09:15	--------	d-----w-	c:\program files (x86)\Mein Gutscheincode
2013-07-02 09:14 . 2013-07-02 10:07	--------	d-----w-	c:\users\Hilli\AppData\Roaming\MyPhoneExplorer
2013-07-02 09:14 . 2013-07-02 09:14	--------	d-----w-	c:\program files (x86)\MyPhoneExplorer
2013-06-25 17:12 . 2013-06-25 17:12	--------	d-----w-	c:\users\Hilli\Podcasts
2013-06-25 17:12 . 2013-07-02 08:44	--------	d-----w-	c:\users\Hilli\AppData\Local\Sony
2013-06-25 17:12 . 2013-06-25 17:12	--------	d-----w-	c:\program files (x86)\Common Files\Sony Shared
2013-06-25 17:12 . 2013-06-25 17:12	--------	d-----w-	c:\programdata\Sony Corporation
2013-06-25 17:11 . 2013-06-25 17:12	--------	d-----w-	c:\users\Hilli\AppData\Roaming\Sony
2013-06-25 17:11 . 2013-06-25 17:11	--------	d-----w-	c:\program files (x86)\Sony Media Go Install
2013-06-22 08:57 . 2013-06-22 08:57	--------	d-----w-	c:\program files (x86)\SDA
2013-06-22 08:56 . 2013-06-25 17:11	--------	d-----w-	c:\users\Hilli\AppData\Local\Downloaded Installations
2013-06-17 11:22 . 2013-06-17 11:23	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-17 11:22 . 2013-06-17 11:22	--------	d-----w-	c:\program files\iPod
2013-06-17 11:22 . 2013-06-17 11:23	--------	d-----w-	c:\program files\iTunes
2013-06-17 11:22 . 2013-06-17 11:23	--------	d-----w-	c:\program files (x86)\iTunes
2013-06-12 19:00 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-12 19:00 . 2013-04-26 05:51	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-06-12 19:00 . 2013-04-26 04:55	492544	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-06-12 19:00 . 2013-05-10 05:49	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-06-12 19:00 . 2013-05-10 03:20	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 20:21 . 2013-03-18 12:23	189936	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-06-27 20:21 . 2012-10-05 20:06	378944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-06-27 20:21 . 2012-10-05 20:06	1030952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-06-12 19:48 . 2012-10-05 21:21	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-11 20:05 . 2012-10-05 13:59	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 20:05 . 2012-10-05 13:59	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-09 08:59 . 2013-03-18 12:23	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2012-10-05 20:06	72016	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-10-05 20:06	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-10-05 20:06	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-10-05 20:06	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2012-10-05 20:06	41664	----a-w-	c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-10-05 20:06	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-16 04:27	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 04:27	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 04:27	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 04:27	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 04:27	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 04:27	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110211941181}]
2013-07-02 09:15	737928	----a-w-	c:\program files (x86)\Mein Gutscheincode\Mein Gutscheincode-bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-08-10 22:54	194928	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-05-29 449248]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"Glary Memory Optimizer"="c:\program files (x86)\Glary Utilities\memdefrag.exe" [2013-05-27 109856]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-23 3477640]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SystemStoreService;System Store;c:\program files (x86)\SoftwareUpdater\SystemStore.exe  -displayname System Store -servicename SystemStoreService;c:\program files (x86)\SoftwareUpdater\SystemStore.exe  -displayname System Store -servicename SystemStoreService [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 aswKbd;aswKbd; [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 20:05]
.
2013-07-11 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2013-06-02 14:51]
.
2013-07-11 c:\windows\Tasks\TubeSaver Update.job
- c:\program files (x86)\TubeSaver\tbsUd.exe [2013-07-08 17:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Hilli\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Hilli\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Hilli\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Hilli\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=hp&exp=true
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q={searchTerms}
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=f786d24d-82d2-4dce-b51c-501c74fb6ddc&searchtype=ds&q=
FF - ExtSQL: 2013-06-09 14:34; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2013-07-02 11:14; Tubesaver@istqt.co; c:\program files (x86)\TubeSaver\120.xpi
FF - ExtSQL: 2013-07-02 11:14; 126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com; c:\users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com
FF - ExtSQL: 2013-07-04 14:53; jid0-AocRXUCRsLTCYvn6bgJERnwfuqw@jetpack; c:\users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\extensions\jid0-AocRXUCRsLTCYvn6bgJERnwfuqw@jetpack.xpi
FF - ExtSQL: 2013-07-04 14:53; {87eab3b7-a707-4459-99ae-c2fa06cfa36b}; c:\users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\extensions\{87eab3b7-a707-4459-99ae-c2fa06cfa36b}.xpi
FF - ExtSQL: 2013-07-04 14:53; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; c:\users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF - ExtSQL: 2013-07-04 14:53; {15312e9a-4905-48da-aae4-15b24bdc2a24}; c:\users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi
FF - ExtSQL: 2013-07-04 14:53; info@skymeissner.com; c:\users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\extensions\info@skymeissner.com.xpi
FF - ExtSQL: 2013-07-04 14:53; gmailnoads@mywebber.com; c:\users\Hilli\AppData\Roaming\Mozilla\Firefox\Profiles\iix0erxk.default\extensions\gmailnoads@mywebber.com.xpi
FF - user.js: extentions.y2layers.installId - a899a751-351d-4096-b5d5-0c88c22479b0
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{E7673D9C-270D-4805-B619-5556A9977909} - c:\program files (x86)\TubeSaver\120.dll
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-11  21:53:28
ComboFix-quarantined-files.txt  2013-07-11 19:53
.
Vor Suchlauf: 13 Verzeichnis(se), 43.920.363.520 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 44.860.059.648 Bytes frei
.
- - End Of File - - A463A0567C8D15FE5AB257A737BCB3D5
A36C5E4F47E84449FF07ED3517B43A31
         
was bringen die ganzen LOG dateien??? das ist ja nichts anderes, als durchsuchen von der Festplatte. Wäre nett, wenn du mir zeigen könntest was den wirklich böse ist.

Zu welcher Erkenntniss kommst du den nach diesen LOG?


Alt 12.07.2013, 09:45   #6
schrauber
/// the machine
/// TB-Ausbilder
 

mail delivery failed: returning message to sender im gmx account - Standard

mail delivery failed: returning message to sender im gmx account



Combofix hat wie du sehen kannst einiges entfernt, unter anderem auch etliche Dienste und Co gerade gezogen.

JEtzt entfernen wir noch Adware und machen einen Onlinescan nach Überresten.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> mail delivery failed: returning message to sender im gmx account

Antwort

Themen zu mail delivery failed: returning message to sender im gmx account
antivirus, bho, bonjour, browser, error, failed, flash player, format, hacktool.keygen.kms, homepage, iexplore.exe, install.exe, mail delivery, mozilla, msiexec.exe, pup.pswtool.productkey, registry, riskware.tool.ck, rundll, scan, senden, software, svchost.exe, tubesaver, udp, windows, xperia, ändern



Ähnliche Themen: mail delivery failed: returning message to sender im gmx account


  1. bis zu 50 x am Tag: mail delivery failed: Returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 23.11.2015 (25)
  2. mailer-daemon@gmx.de; Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 06.02.2015 (1)
  3. keineantwortadresse@web.de/Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 18.08.2014 (6)
  4. Mail delivery failed: returning message to sender (adressen stimmten)
    Log-Analyse und Auswertung - 17.08.2014 (5)
  5. Mail delivery failed: returning message to sender
    Überwachung, Datenschutz und Spam - 16.07.2014 (3)
  6. mail delivery failed: returning message to sender - web.de account
    Plagegeister aller Art und deren Bekämpfung - 23.03.2014 (9)
  7. Mail delivery failed: returning message to sender
    Log-Analyse und Auswertung - 06.12.2013 (7)
  8. Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 24.11.2013 (11)
  9. Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (8)
  10. mail delivery failed: returning message to sender - web.de account
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (9)
  11. Mail delivery failed returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 14.06.2013 (7)
  12. Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (3)
  13. Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 16.12.2012 (13)
  14. mail delivery failed: returning message to sender bei web.de
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (11)
  15. Mail delivery failed: returning message to sender bei web.de
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (11)
  16. mail delivery failed: returning message to sender im web.de account
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (3)
  17. Mail Delivery Failed: Returning Message to Sender
    Alles rund um Windows - 10.10.2012 (1)

Zum Thema mail delivery failed: returning message to sender im gmx account - Hallo Trojaner-Board Gemeinde, habe hier schon ein paar Hinweise gelesen....gutes Forum finde ich Aber zum Anfang, wir waren im Urlaub, als wir gestern wiederkamen, und ich die Nacht kurz meine - mail delivery failed: returning message to sender im gmx account...
Archiv
Du betrachtest: mail delivery failed: returning message to sender im gmx account auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.