DirtyDecrypt über den BKA Trojaner eingefangen ransomware

lagunadream · 18.08.2013, 16:41

Leider bin ich auch betroffen von dem Trojaner. Bilder und pdf's und txt-dateien sind nicht mehr zu öffnen.

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2013
Ran by Acer (administrator) on 18-08-2013 16:16:33
Running from C:\Users\Acer\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(The Creative Engine) C:\Program Files (x86)\Intel iPOS v5\TCEidletimer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(PC Tools) C:\Program Files (x86)\ThreatFire\TFTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
( ) C:\Windows\system32\lxctcoms.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files (x86)\Intel iPOS v5\cadservice.exe
(PC Tools) C:\Program Files (x86)\ThreatFire\TFService.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(Adobe Systems, Inc.) C:\Program Files (x86)\Intel iPOS v5\TCEPlayer.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Dropbox, Inc.) C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [LXCTCATS] - C:\Windows\system32\spool\DRIVERS\x64\3\LXCTtime.dll [31744 2006-06-07] (Lexmark International Inc.)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKCU\...\Run: [] -  [x]
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ThreatFire] - C:\Program Files (x86)\ThreatFire\TFTray.exe [378128 2010-01-15] (PC Tools)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Autostart Intel iPOS v5.lnk
ShortcutTarget: Autostart Intel iPOS v5.lnk -> C:\Program Files (x86)\Intel iPOS v5\TCEidletimer.exe (The Creative Engine)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intel iPOS v5.lnk
ShortcutTarget: Intel iPOS v5.lnk -> C:\Program Files (x86)\Intel iPOS v5\TCEPlayer.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273610108015l0414z1h5v47522898
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=36a870f90000000000004c0f6e8a23f2
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=36a870f90000000000004c0f6e8a23f2
SearchScopes: HKCU - {5251C588-FB0C-4B59-A677-F85A83601B24} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-W1&o=100000080&src=crm&q={searchTerms}&locale=&apn_ptnrs=JM&apn_dtid=YYYYYYYYDE&apn_uid=ca619883-703a-4491-8c61-e5f4e63a5214&apn_sauid=5ABCA223-C9A4-48CC-9301-40F2D59F3D3D
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search/web?q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\e00c6g5s.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\e00c6g5s.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: No Name - C:\Users\Acer\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\e00c6g5s.default\Extensions\{71bfcce7-421d-4042-95d4-a585a821cbca}.xpi
FF Extension: No Name - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\e00c6g5s.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\staged
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [fe_9.0@nokia.com] C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF HKLM-x32\...\Thunderbird\Extensions: [te_9.0@nokia.com] C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-11] (Avira Operations GmbH & Co. KG)
S3 FirebirdServerMAGIXInstance; C:\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 lxct_device; C:\Windows\system32\lxctcoms.exe [546304 2006-07-13] ( )
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
R2 TCE CAD Service; C:\Program Files (x86)\Intel iPOS v5\cadservice.exe [25600 2010-09-02] ()
R2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe [70928 2010-01-15] (PC Tools)
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-05-03] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [541512 2012-05-03] (PacketVideo)
R2 TwonkyWebDav; C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [271176 2012-05-03] ()

==================== Drivers (Whitelisted) ====================

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-03-07] ()
S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178624 2013-03-07] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-02-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-19] (Avira Operations GmbH & Co. KG)
S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [236160 2011-10-25] (Conexant Systems, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-02-02] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-12-19] ()
R0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [65072 2010-01-15] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2010-01-15] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2010-01-15] (PC Tools)
R0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [59880 2010-01-15] (PC Tools)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
U3 ancr110a; C:\Windows\System32\Drivers\ancr110a.sys [0 ] (Microsoft Corporation)
S3 cpuz132; \??\C:\Users\Acer\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
S3 cpuz134; \??\C:\Users\Acer\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-18 15:56 - 2013-08-18 15:58 - 01575580 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe
2013-08-18 15:12 - 2013-08-18 15:12 - 00000000 ____D C:\Users\Acer\AppData\Local\DriverTuner
2013-08-18 15:09 - 2013-08-18 15:11 - 02816072 _____ (LionSea SoftWare                                            ) C:\Users\Acer\Downloads\setup.exe
2013-08-17 17:20 - 2013-08-18 14:14 - 00000538 _____ C:\Windows\setupact.log
2013-08-17 17:20 - 2013-08-17 17:20 - 00000000 _____ C:\Windows\setuperr.log
2013-08-15 20:40 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 20:40 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 20:40 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 20:40 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 20:40 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 20:40 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 20:40 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 20:40 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 20:40 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 20:40 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 20:40 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 20:40 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 20:40 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 20:40 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 19:51 - 2013-08-18 14:15 - 00000000 ___RD C:\Users\Acer\Dropbox
2013-08-15 19:51 - 2013-08-15 19:51 - 00001041 _____ C:\Users\Acer\Desktop\Dropbox.lnk
2013-08-15 19:31 - 2013-08-15 19:34 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-15 19:17 - 2013-08-15 19:29 - 33641960 _____ (Dropbox, Inc.) C:\Users\Acer\Downloads\Dropbox_2.2.13.exe
2013-08-15 18:09 - 2013-08-17 17:41 - 00000000 ____D C:\Users\Acer\Desktop\Thailand2013T
2013-08-15 18:08 - 2013-08-15 18:08 - 00000000 ____D C:\Users\Acer\Desktop\Teneriffa2012T
2013-08-15 18:07 - 2013-08-15 18:07 - 00000000 ____D C:\Users\Acer\Desktop\Hochzeitsbilder2
2013-08-15 18:07 - 2013-08-15 18:07 - 00000000 ____D C:\Users\Acer\Desktop\Hochzeitsbilder1
2013-08-15 13:11 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 13:11 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 13:11 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 13:11 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 13:11 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 13:11 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 13:11 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 13:11 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 13:11 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 13:11 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 13:11 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 13:11 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 13:11 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 13:11 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 13:11 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 13:11 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 13:11 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 13:11 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 13:11 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 13:11 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 13:10 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 13:10 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 13:10 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 13:10 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 13:10 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 13:10 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 13:05 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-15 11:36 - 2013-08-15 11:36 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvbbt
2013-08-15 11:36 - 2013-08-15 11:36 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkv
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvbb
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvb
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifk
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuif
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftui
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftu
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbft
2013-08-15 11:02 - 2013-08-15 11:02 - 00000000 ____D C:\Users\Acer\AppData\Local\TfeTxCRk
2013-08-15 10:59 - 2013-08-15 12:36 - 00000000 ____D C:\Users\Acer\AppData\Local\Dirty
2013-08-15 10:59 - 2013-08-15 12:23 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Dirty
2013-08-15 10:59 - 2013-08-15 10:59 - 00000000 ____D C:\Users\Acer\AppData\Local\LYhNPXtf
2013-08-14 20:31 - 2013-08-15 20:35 - 00000000 ____D C:\Windows\system32\MRT
2013-08-10 16:42 - 2013-08-10 16:44 - 04429440 _____ (Piriform Ltd) C:\Users\Acer\Downloads\ccsetup404.exe
2013-07-31 14:45 - 2013-07-31 14:45 - 00000000 ____D C:\Users\Acer\Desktop\Klassenliste 4d

==================== One Month Modified Files and Folders =======

2013-08-18 16:16 - 2013-08-18 16:16 - 00000000 ____D C:\FRST
2013-08-18 15:59 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-18 15:59 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-18 15:58 - 2013-08-18 15:56 - 01575580 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe
2013-08-18 15:18 - 2011-03-19 20:53 - 00000000 ____D C:\Users\Acer\Documents\Mein Steuer-Sparbuch Heute
2013-08-18 15:12 - 2013-08-18 15:12 - 00000000 ____D C:\Users\Acer\AppData\Local\DriverTuner
2013-08-18 15:11 - 2013-08-18 15:09 - 02816072 _____ (LionSea SoftWare                                            ) C:\Users\Acer\Downloads\setup.exe
2013-08-18 14:29 - 2011-09-13 20:13 - 00000000 ____D C:\Program Files (x86)\ThreatFire
2013-08-18 14:19 - 2012-06-14 21:24 - 00000000 ____D C:\ProgramData\TwonkyServer
2013-08-18 14:17 - 2010-12-29 04:39 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8601232D-346E-4210-9E27-41844A6A0A23}
2013-08-18 14:15 - 2013-08-15 19:51 - 00000000 ___RD C:\Users\Acer\Dropbox
2013-08-18 14:14 - 2013-08-17 17:20 - 00000538 _____ C:\Windows\setupact.log
2013-08-18 14:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-18 08:31 - 2011-09-11 13:51 - 01561742 _____ C:\Windows\WindowsUpdate.log
2013-08-18 08:28 - 2011-04-25 16:28 - 00000000 ____D C:\Program Files\Lx_cats
2013-08-17 22:33 - 2010-12-19 15:56 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-08-17 17:41 - 2013-08-15 18:09 - 00000000 ____D C:\Users\Acer\Desktop\Thailand2013T
2013-08-17 17:20 - 2013-08-17 17:20 - 00000000 _____ C:\Windows\setuperr.log
2013-08-17 00:17 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-08-15 20:37 - 2010-09-14 15:47 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-08-15 20:37 - 2010-09-14 15:47 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-08-15 20:37 - 2009-07-14 07:13 - 01520734 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-15 20:35 - 2013-08-14 20:31 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 20:30 - 2010-12-29 15:19 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 19:51 - 2013-08-15 19:51 - 00001041 _____ C:\Users\Acer\Desktop\Dropbox.lnk
2013-08-15 19:51 - 2010-10-30 18:12 - 00000000 ____D C:\Users\Acer
2013-08-15 19:34 - 2013-08-15 19:31 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-15 19:34 - 2012-12-31 14:45 - 00001027 _____ C:\Windows\wininit.ini
2013-08-15 19:34 - 2010-10-30 18:15 - 00000000 ___RD C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-15 19:29 - 2013-08-15 19:17 - 33641960 _____ (Dropbox, Inc.) C:\Users\Acer\Downloads\Dropbox_2.2.13.exe
2013-08-15 18:08 - 2013-08-15 18:08 - 00000000 ____D C:\Users\Acer\Desktop\Teneriffa2012T
2013-08-15 18:07 - 2013-08-15 18:07 - 00000000 ____D C:\Users\Acer\Desktop\Hochzeitsbilder2
2013-08-15 18:07 - 2013-08-15 18:07 - 00000000 ____D C:\Users\Acer\Desktop\Hochzeitsbilder1
2013-08-15 12:36 - 2013-08-15 10:59 - 00000000 ____D C:\Users\Acer\AppData\Local\Dirty
2013-08-15 12:36 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-15 12:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-08-15 12:23 - 2013-08-15 10:59 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Dirty
2013-08-15 11:36 - 2013-08-15 11:36 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvbbt
2013-08-15 11:36 - 2013-08-15 11:36 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkv
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvbb
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifkvb
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuifk
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftuif
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftui
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbftu
2013-08-15 11:35 - 2013-08-15 11:35 - 00000000 ____D C:\Users\Acer\AppData\Local\PQuqgbft
2013-08-15 11:35 - 2010-10-30 18:15 - 00000000 ____D C:\Users\Acer\AppData\Local\EgisTec IPS
2013-08-15 11:02 - 2013-08-15 11:02 - 00000000 ____D C:\Users\Acer\AppData\Local\TfeTxCRk
2013-08-15 10:59 - 2013-08-15 10:59 - 00000000 ____D C:\Users\Acer\AppData\Local\LYhNPXtf
2013-08-10 16:57 - 2011-07-14 18:43 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-10 16:57 - 2010-12-26 13:48 - 00000000 ____D C:\Program Files\CCleaner
2013-08-10 16:44 - 2013-08-10 16:42 - 04429440 _____ (Piriform Ltd) C:\Users\Acer\Downloads\ccsetup404.exe
2013-08-10 16:31 - 2010-12-06 01:34 - 00000000 ____D C:\Users\Acer\Desktop\Programme
2013-07-31 14:45 - 2013-07-31 14:45 - 00000000 ____D C:\Users\Acer\Desktop\Klassenliste 4d
2013-07-26 07:13 - 2013-08-15 20:40 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 20:40 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-15 20:40 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-15 20:40 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-15 20:40 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-15 20:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 20:40 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 20:40 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 20:40 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 20:40 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-15 20:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-15 20:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-15 20:40 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-15 20:40 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-15 13:10 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-15 13:10 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-19 03:58 - 2013-08-15 13:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-19 03:41 - 2013-08-15 13:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

Files to move or delete:
====================
C:\ProgramData\ldsw_0paos.pad

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-14 16:44

==================== End Of Log ============================

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2013
Ran by Acer at 2013-08-18 16:17:49
Running from C:\Users\Acer\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1735.41615)
Acer Backup Manager (x32 Version: 2.0.0.68)
Acer Crystal Eye webcam (x32 Version: 1.0.4.0)
Acer ePower Management (x32 Version: 5.00.3005)
Acer eRecovery Management (x32 Version: 4.05.3013)
Acer GameZone Console (x32 Version: 6.1.0.9)
Acer Registration (x32 Version: 1.03.3003)
Acer ScreenSaver (x32 Version: 1.1.0707.2010)
Acer Updater (x32 Version: 1.02.3001)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 3.6.0.6090)
Adobe Flash Player 11 ActiveX (x32 Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Airport Mania First Flight (x32)
Amazon Kindle (HKCU)
Amazonia (x32)
Anno 1404 (x32 Version: 1.00.0000)
ANNO 1404 (x32 Version: 1.03.0000)
ATI Catalyst Install Manager (Version: 3.0.778.0)
AutoUpdate (x32 Version: 1.1)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Babylon toolbar on IE (x32)
Backup Manager Basic (x32 Version: 2.0.0.68)
Becker Content Manager (x32 Version: 1.5.1807.0)
Broadcom Gigabit NetLink Controller (Version: 14.0.2.3)
Cake Mania (x32)
calibre (x32 Version: 0.9.6)
Camera Window DS (x32 Version: 5.1)
Camera Window DVC (x32 Version: 5.1)
Camera Window MC (x32 Version: 5.1)
Canon Camera Support Core Library (x32 Version: 7.2.0.4)
Canon Camera WIA Driver (x32 Version: 5.6)
Canon Camera Window DS for ZoomBrowser EX (x32 Version: 5.1)
Canon Camera Window DVC for ZoomBrowser EX (x32 Version: 5.1)
Canon Camera Window for ZoomBrowser EX (x32 Version: 5.1)
Canon EOS Kiss_N REBEL_XT 350D WIA-Treiber (x32 Version: 5.6)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.3.4)
Canon PhotoRecord (x32 Version: 02.02.01000)
Canon RAW Image Task for ZoomBrowser EX (x32 Version: 2.0)
Canon RemoteCapture Task for ZoomBrowser EX (x32 Version: 1.1)
Canon Utilities Digital Photo Professional 1.6.1 (x32 Version: 1.6.1)
Canon Utilities EOS Capture 1.3 (x32 Version: 1.3)
Canon Utilities PhotoStitch 3.1 (x32 Version: 3.1.14)
Canon ZoomBrowser EX (x32 Version: 5.00.0000)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0527.1242.20909)
Catalyst Control Center InstallProxy (x32 Version: 2010.0527.1242.20909)
Catalyst Control Center Localization All (x32 Version: 2010.0527.1242.20909)
CCC Help Chinese Standard (x32 Version: 2010.0527.1241.20909)
CCC Help Chinese Traditional (x32 Version: 2010.0527.1241.20909)
CCC Help Czech (x32 Version: 2010.0527.1241.20909)
CCC Help Danish (x32 Version: 2010.0527.1241.20909)
CCC Help Dutch (x32 Version: 2010.0527.1241.20909)
CCC Help English (x32 Version: 2010.0527.1241.20909)
CCC Help Finnish (x32 Version: 2010.0527.1241.20909)
CCC Help French (x32 Version: 2010.0527.1241.20909)
CCC Help German (x32 Version: 2010.0527.1241.20909)
CCC Help Greek (x32 Version: 2010.0527.1241.20909)
CCC Help Hungarian (x32 Version: 2010.0527.1241.20909)
CCC Help Italian (x32 Version: 2010.0527.1241.20909)
CCC Help Japanese (x32 Version: 2010.0527.1241.20909)
CCC Help Korean (x32 Version: 2010.0527.1241.20909)
CCC Help Norwegian (x32 Version: 2010.0527.1241.20909)
CCC Help Polish (x32 Version: 2010.0527.1241.20909)
CCC Help Portuguese (x32 Version: 2010.0527.1241.20909)
CCC Help Russian (x32 Version: 2010.0527.1241.20909)
CCC Help Spanish (x32 Version: 2010.0527.1241.20909)
CCC Help Swedish (x32 Version: 2010.0527.1241.20909)
CCC Help Thai (x32 Version: 2010.0527.1241.20909)
CCC Help Turkish (x32 Version: 2010.0527.1241.20909)
ccc-core-static (x32 Version: 2010.0527.1242.20909)
ccc-utility64 (Version: 2010.0527.1242.20909)
CDBurnerXP (Version: 4.3.8.2568)
CDBurnerXP (x32 Version: 4.4.2.3442)
Content Manager 2 (x32 Version: 2.2.1.9986)
CyberLink Power2Go (x32 Version: 7.0.0.1906)
CyberLink PowerDirector (x32 Version: 8.0.3224a)
CyberLink PowerDVD 9 (x32 Version: 9.0.2829.50)
CyberLink PowerProducer (x32 Version: 5.0.2.4230)
DAEMON Tools Toolbar (x32 Version: 1.1.2.0185)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Die Vorsorgemappe (x32)
DivX Codec (x32 Version: 6.8.2)
DivX Player (x32 Version: 6.7.0)
Drakensang - Am Fluss der Zeit (x32)
Dream Day First Home (x32)
Dropbox (HKCU Version: 2.2.13)
DVD Shrink 3.2 deutsch (DeCSS-frei) (x32)
EA Installer (x32 Version: 2.3.0.74)
eaner (Version: 4.04)
eSobi v2 (x32 Version: 2.0.4.000274)
ETDWare PS/2-x64 7.0.6.5_WHQL (Version: 7.0.6.5)
Falk Navi-Manager (x32 Version: 1.3.0.221)
Falk Navi-Manager (x32 Version: 2.8.0)
Farm Frenzy 2 (x32)
FaxRedist (x32 Version: 1.0.0)
Firebird SQL Server - MAGIX Edition (D) (x32 Version: 2.0.0.1)
FoxTab PDF Creator (HKCU)
Free YouTube to MP3 Converter version 3.10.14.1206 (x32)
FUSSBALL MANAGER 11 (x32)
Galapago (x32)
Google Earth (x32 Version: 6.2.0.5905)
Haufe Formular-Manager (x32 Version: 2.4.1.0)
Heroes of Hellas (x32)
Identity Card (x32 Version: 1.00.3003)
Intel iPOS v5 (x32 Version: 5.0.48)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.2.1001)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.02.00.1002)
Internet Library (x32 Version: 1.3.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 37 (x32 Version: 6.0.370)
Launch Manager (x32 Version: 4.0.12)
Lexmark 5400 Series
Lexmark Symbolleiste (x32)
MAGIX Screenshare (x32 Version: 4.3.6.1987)
MD86364 Driver Install  x64 (x32 Version: 6.11.615.0)
MediaManager (x32 Version: 3.0.49)
Merriam Websters Spell Jam (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XML Parser (x32 Version: 8.0.7820.0)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCMergeModules (x32 Version: 1.0.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyWinLocker (x32 Version: 3.1.212.0)
MyWinLocker Suite (x32 Version: 3.1.212.0)
Naviextras Toolbox Prerequesities (x32 Version: 1.0.0)
Nokia Connectivity Cable Driver (x32 Version: 7.1.69.0)
Nokia Software Updater (x32 Version: 02.06.006.44298)
Nokia Suite (x32 Version: 3.3.89.0)
NTI Media Maker 9 (x32 Version: 9.0.2.8928)
PC Connectivity Solution (x32 Version: 11.5.29.0)
PhotoStitch (x32 Version: 3.1.14)
Poker Pop (x32)
PX Profile Update (x32 Version: 1.00.1.)
RAW Image Task 2.0 (x32 Version: 2.0)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6034)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6141)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30122)
RemoteCapture Task 1.1 (x32 Version: 1.1)
Shredder (Version: 2.0.8.3)
Shredder (x32 Version: 2.0.8.3)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 5.10 (x32 Version: 5.10.116)
Spin & Win (x32)
Text-To-Speech-Runtime (x32 Version: 1.0.0.0)
ThreatFire (x32)
Twonky Windows Components (x32 Version: 3.0.2)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VirtualCloneDrive (x32)
Welcome Center (x32 Version: 1.02.3002)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WISO Steuer-Sparbuch 2011 (x32 Version: 18.00.6928)
WISO Steuer-Sparbuch 2012 (x32 Version: 19.00.7303)
WISO Steuer-Sparbuch 2013 (HKCU Version: 20.00.8137)

==================== Restore Points  =========================

12-07-2013 19:01:07 Windows Update
14-08-2013 14:51:51 Geplanter Prüfpunkt
14-08-2013 18:30:00 Windows Update
15-08-2013 10:23:04 Avira Free Antivirus - 15.08.2013 12:23
15-08-2013 10:29:20 Wiederherstellungsvorgang
15-08-2013 18:29:17 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {22839EE6-9392-48C2-A543-BFAD399D2753} - System32\Tasks\{516FEFF2-E394-4C12-A022-FE3C80E6D34D} => c:\program files (x86)\mozilla firefox\firefox.exe [2013-07-16] (Mozilla Corporation)
Task: {467935B5-FB44-407E-B06C-48A98B992813} - \DealPlyUpdate No Task File
Task: {71306498-1065-46BA-B594-9717EF85ABBF} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {B37CF629-5B6D-4BA8-9BC6-510654AA8D03} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-13] (Adobe Systems Incorporated)
Task: {C4F7F514-BA1E-4DD1-95BC-C54F79F43613} - System32\Tasks\{50272101-21B3-4941-9A8F-4D81AFA6C497} => c:\program files (x86)\mozilla firefox\firefox.exe [2013-07-16] (Mozilla Corporation)
Task: {C9BB258B-AF27-4AF7-B374-CA2768AAEC84} - System32\Tasks\User_Feed_Synchronization-{8601232D-346E-4210-9E27-41844A6A0A23} => C:\Windows\system32\msfeedssync.exe [2013-03-13] (Microsoft Corporation)
Task: {D753C6A6-1499-40FE-9AFE-D298D5F8F02B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {DAE6CDA8-4A0E-4EA4-AFB9-C4A9B2F8EF27} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {E08A370E-729E-45C8-8EDF-9A1AC89205CA} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {F7F64405-00DB-468E-9FE6-2328FB7C6D43} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2013 11:25:38 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/17/2013 11:18:33 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/17/2013 11:18:33 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/17/2013 11:18:33 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/17/2013 11:18:33 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (08/17/2013 11:18:31 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/17/2013 11:18:30 AM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (08/17/2013 11:18:30 AM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/17/2013 11:18:30 AM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/17/2013 11:18:30 AM) (Source: Windows Search Service) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))


System errors:
=============
Error: (08/18/2013 02:16:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (08/18/2013 02:16:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (08/18/2013 02:16:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (08/18/2013 08:32:06 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst TCE CAD Service konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (08/18/2013 08:31:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (08/18/2013 08:20:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (08/18/2013 08:20:21 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (08/18/2013 08:20:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (08/17/2013 10:34:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst TCE CAD Service konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (08/17/2013 09:53:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst TCE CAD Service konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.


Microsoft Office Sessions:
=========================
Error: (08/17/2013 11:25:38 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/17/2013 11:18:33 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/17/2013 11:18:33 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/17/2013 11:18:33 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/17/2013 11:18:33 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (08/17/2013 11:18:31 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (08/17/2013 11:18:30 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (08/17/2013 11:18:30 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (08/17/2013 11:18:30 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (08/17/2013 11:18:30 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))


==================== Memory info =========================== 

Percentage of memory in use: 40%
Total physical RAM: 3958.71 MB
Available physical RAM: 2345.71 MB
Total Pagefile: 7915.61 MB
Available Pagefile: 5997.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:452.66 GB) (Free:292.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 71BEEB98)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)

==================== End Of Log ============================

So, hoffe soweit schonmal vorgearbeitet zu haben.

DirtyDecrypt über den BKA Trojaner eingefangen ransomware

Log-Analyse und Auswertung: DirtyDecrypt über den BKA Trojaner eingefangen ransomware

DirtyDecrypt über den BKA Trojaner eingefangen ransomware

Ähnliche Themen: DirtyDecrypt über den BKA Trojaner eingefangen ransomware