| |
| |||||||
Log-Analyse und Auswertung: Trojaner verschlüsselt Dateien ( Locked )Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.01.2014, 12:50
| #1 |
| |  Trojaner verschlüsselt Dateien ( Locked ) Hallo, Mein Vater hat sich ein Trojaner gefangen der Ihm seine Dateien verschlüsselt hat. Einige konnte er durch ein Backup mit der Schattendatei wieder herstellen, allerdings hatte er diese nicht für alle Partitionen aktiviert. Habe hier schon diverse Tools geladen und versucht diese zu Decrypten, allerdings ohne erfolg. hier einige Informationen zu dem Problem. Hier das was Malwarebytes gefunden hat:  Die Dateien haben alle ein TXT File im Folder liegen was folgendes enthält.  die Webseite auf die man gehen sollte um die Dateien wieder freizubekommen sieht dann so aus  Hier kann man sich jeweils eine Original und eine locked Datei laden. Die ist eine PDF Original : hxxp://www.moba87.de/Troja/Remote%20Controll%20Panel%20-%20White%20Paper.PDF Locked: hxxp://www.moba87.de/Troja/Remote%20Control%20Panel%20White%20Paper_engl.pdf[1].LOCKED Hier gibt es noch ein ZIP Folder original: hxxp://www.moba87.de/Troja/Facts%20Testdrucke[1].zip Locked: hxxp://www.moba87.de/Troja/Facts%20Testdrucke.zip[1].LOCKED versucht habe ich es schon mit folgenden Tools:  Hat jemand noch eine Idee wie ich an die Dateien noch rankommen könnte ? Vielen dank im voraus. Jörg |
|
02.01.2014, 16:35
| #2 |
| /// the machine /// TB-Ausbilder    | Trojaner verschlüsselt Dateien ( Locked ) hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
04.01.2014, 00:41
| #3 |
| | Trojaner verschlüsselt Dateien ( Locked ) FRST Datei:
__________________FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-01-2014 01
Ran by Y6KMF6GJ (administrator) on 50547R1 on 03-01-2014 14:48:36
Running from C:\Antivirus
Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Check Point Software Tech Ltd) C:\Windows\System32\Prot_srv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Eupr\xrxacm_euprsvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Eracent Corporation) C:\Eracent\EDA\EracentEDAService.exe
(Eracent Corporation) C:\Eracent\EPA\EracentEPAService.exe
(Eracent Corporation) C:\Eracent\EPM\EracentEPMService.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Avaya) C:\Program Files\Xerox Extranet Access Network\NvcSvcMgr.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Check Point Software Tech Ltd) C:\Windows\System32\pstartSr.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Ericsson AB) C:\Program Files\Dell\Dell WWAN\WMCore\mini_WMCore.exe
(Microsoft Corporation) C:\Windows\System32\CCM\CcmExec.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
() C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Check Point Software Technologies LTD) C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe
(Check Point Software Tech Ltd) C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Xerox Corporation) C:\Xerox\XPWS\Controls\XPWSSet.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(Ericsson AB) C:\Program Files\Dell\Dell Mobile Broadband Manager\WirelessManager.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Xerox) C:\Xerox\XPWS\Controls\BusStation.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(WinZip Computing, Inc.) C:\Program Files\WinZip\WZQKPICK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Xerox Corporation) C:\Xerox\XPWS\Controls\BusWorker.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Eracent Corporation) C:\Eracent\EPM\epm.exe
(Eracent Corporation) C:\Eracent\EPM\epm.exe
(Avaya) C:\Program Files\Xerox Extranet Access Network\Nvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files\Pointsec\Pointsec for PC\fde_da_ew.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Communicator] - C:\Program Files\Microsoft Office Communicator\communicator.exe [5733136 2010-04-28] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
HKLM\...\Run: [ShStatEXE] - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe [215656 2012-08-14] (McAfee, Inc.)
HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM\...\Run: [Desktop Disc Tool] - C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [536668 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [505720 2012-02-06] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM\...\Run: [NVC] - C:\Program Files\Xerox Extranet Access Network\Nvc.exe [1717576 2011-01-12] (Avaya)
HKLM\...\Run: [Check Point Endpoint Tray Application] - C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe [70144 2010-06-02] (Check Point Software Technologies LTD)
HKLM\...\Run: [Pointsec Tray] - C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe [858792 2010-08-05] (Check Point Software Tech Ltd)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
HKLM\...\Run: [XrxNgEdocIE5Upd] - C:\Xerox\NgEdocIE5Upd\NgEdocIE5Upd.exe [65536 2012-07-25] (Xerox Corporation)
HKLM\...\Run: [XrxRegHH] - C:\Windows\system32\RegSvr32.exe /s c:\Xerox\XPWS\Controls\XPWSHH.dll
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask)
HKLM\...\Run: [McAfeeUpdaterUI] - C:\Program Files\McAfee\Common Framework\UdaterUI.exe [333376 2011-11-15] (McAfee, Inc.)
HKCU\...\Run: [WirelessManager] - C:\Program Files\Dell\Dell Mobile Broadband Manager\WirelessManager.exe [20480 2011-02-11] (Ericsson AB)
HKCU\...\Run: [EracentScheduler] - C:\Xerox\Eracent\EracentScheduler.exe [53248 2013-08-01] (Xerox Corporation)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [718720 2011-07-22] (Microsoft Corporation)
HKCU\...\Policies\Explorer: [NoWindowsUpdate] 1
HKCU\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
HKU\Default\...\RunOnce: [ZZZZZ] - C:\ProgramData\Microsoft\WPD\PCSM.VBS [ 2012-04-11] ()
HKU\Default User\...\RunOnce: [ZZZZZ] - C:\ProgramData\Microsoft\WPD\PCSM.VBS [ 2012-04-11] ()
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\README TO UNLOCK.txt ()
Startup: C:\Users\Y6KMF6GJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bginfo.lnk
ShortcutTarget: Bginfo.lnk -> C:\Utils\BgInfo\Bginfo.exe (Bryce Cogswell)
Startup: C:\Users\Y6KMF6GJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
ProxyServer: proxy.eur.xerox.com:8000
HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:PWS
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKCU - {E8381D49-D02F-4AE0-9269-8F6AFF5DAAC6} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3B621519-3201-40EC-8979-94DC451ED6E2&apn_sauid=34D07A61-12BA-483F-B783-12B43A3E92D3
BHO: HelperProxy Class - {00033313-E2DF-11D3-A281-00E09801CFF2} - C:\Xerox\XPWS\Controls\XPWSHH.dll (Xerox Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20131016171448.dll (McAfee, Inc.)
BHO: URLTrack Class - {9086E17B-D230-11D2-9E7E-0000C0D98DCF} - C:\Xerox\XPWS\Controls\XPWSHelp.dll (Xerox Corporation)
BHO: NoteHelper Class - {A27C203D-8C60-11D3-AA4E-0000C0D98DCF} - C:\Xerox\XPWS\Controls\XPWSNote.dll (Xerox Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: pws - {13EEB81C-4728-11D2-B71C-00A024B4C294} - C:\Xerox\XPWS\Controls\xrxpwspp.dll (Xerox Corporation)
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
Handler: xpro - {B7FE76D2-E7BD-46D6-91E8-F79FBF65AA5B} - C:\Xerox\XPWS\Controls\XPROPP.dll (Xerox Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.115.254
Tcpip\..\Interfaces\{5AAD44D1-4B1A-4607-B2E5-B667F77FEF67}: [NameServer]13.167.129.15,13.223.7.85
Tcpip\..\Interfaces\{BC0BD317-5C73-4A03-875D-D4226C39BACE}: [NameServer]139.7.30.125,139.7.30.126
FireFox:
========
FF ProfilePath: C:\Users\Y6KMF6GJ\AppData\Roaming\Mozilla\Firefox\Profiles\7w9q2f4h.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=3B621519-3201-40EC-8979-94DC451ED6E2&apn_ptnrs=&apn_sauid=34D07A61-12BA-483F-B783-12B43A3E92D3&apn_dtid=OSJ000&&q=
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files\Common Files\McAfee\SystemCore
========================== Services (Whitelisted) =================
R2 CcmExec; C:\Windows\system32\CCM\CcmExec.exe [764768 2009-09-18] (Microsoft Corporation)
R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [390000 2011-07-28] (Dell Inc.)
R2 EracentEDAService; c:\Eracent\EDA\EracentEDAService.exe [2252800 2013-08-06] (Eracent Corporation)
R2 EracentEPAService; c:\Eracent\EPA\EracentEPAService.exe [3244032 2013-08-06] (Eracent Corporation)
R2 EracentEPMService; c:\Eracent\EPM\EracentEPMService.exe [2383872 2013-08-06] (Eracent Corporation)
R2 Euprsvc; C:\Program Files\Eupr\xrxacm_euprsvc.exe [126976 2011-02-21] ()
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [132672 2011-11-15] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [167344 2012-06-28] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [209760 2011-09-15] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [159640 2012-06-28] (McAfee, Inc.)
R2 NvcSvcMgr; C:\Program Files\Xerox Extranet Access Network\NvcSvcMgr.exe [623960 2011-01-12] (Avaya)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2010-02-10] (O2Micro International)
R2 Pointsec; C:\Windows\system32\Prot_srv.exe [653992 2010-08-05] (Check Point Software Tech Ltd)
R2 Pointsec_start; C:\Windows\system32\pstartSr.exe [232104 2010-08-05] (Check Point Software Tech Ltd)
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions)
S3 smstsmgr; C:\Windows\system32\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-01-25] (IDT, Inc.)
R2 WMCoreService; C:\Program Files\Dell\Dell WWAN\WMCore\mini_WMCore.exe [586280 2011-02-23] (Ericsson AB)
==================== Drivers (Whitelisted) ====================
S3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [44144 2011-07-22] (ST Microelectronics)
S3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [300584 2012-04-11] (Broadcom Corporation.)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2011-02-22] (Broadcom Corporation)
R3 d554gps; C:\Windows\System32\DRIVERS\d554gps.sys [87592 2010-12-01] (Ericsson AB)
R3 d554scard; C:\Windows\System32\DRIVERS\d554scard.sys [53800 2010-11-19] (Ericsson AB)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [282792 2012-01-11] (Intel Corporation)
R3 ecnssndis; C:\Windows\System32\Drivers\wwanuss.sys [23592 2010-02-23] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwanussf.sys [26152 2010-02-23] (Ericsson AB)
R3 EPMProcMon; C:\Windows\System32\DRIVERS\epmprocmon.sys [12752 2013-08-06] (Eracent Corporation)
S3 EPMTcpAn; C:\Windows\System32\DRIVERS\epmtcpan.sys [21200 2013-08-06] (Eracent Corporation)
R3 EracentARPC; C:\Windows\System32\DRIVERS\arpcollector.sys [24272 2013-08-06] (Eracent Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [361032 2010-10-31] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [396872 2010-10-31] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [14920 2010-10-31] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [413768 2010-10-31] (MCCI Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2012-06-28] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [215024 2012-06-28] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59616 2012-06-28] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [477808 2012-06-28] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87816 2012-06-28] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [180720 2012-06-28] (McAfee, Inc.)
R3 NT_NvcA; C:\Windows\System32\DRIVERS\ntnvca.sys [40000 2011-01-11] (Nortel Networks)
R2 nvcwfpco; C:\Windows\System32\DRIVERS\nvcwfpco.sys [70720 2011-01-11] (Nortel Networks Corporation)
R3 O2MDFRDR; C:\Windows\System32\DRIVERS\O2MDFw7.sys [60904 2011-01-04] (O2Micro )
S3 O2MDRRDR; C:\Windows\system32\drivers\O2MDRw7.sys [62440 2011-01-04] (O2Micro )
R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [63976 2011-03-23] (O2Micro )
S3 prepdrvr; C:\Windows\system32\CCM\prepdrv.sys [20848 2009-09-18] (Microsoft Corporation)
R0 prot_2k; C:\Windows\System32\Drivers\prot_2k.sys [222504 2010-08-05] (Check Point Software Tech Ltd)
S3 risdpcie; C:\Windows\system32\drivers\risdpe86.sys [59904 2010-07-21] (REDC)
S3 rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [38912 2010-07-21] (REDC)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp.sys [238632 2011-02-08] (Ericsson AB)
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [x]
U3 mfeavfk01; No ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-03 14:43 - 2014-01-03 14:43 - 00000000 ____D C:\FRST
2014-01-03 14:40 - 2014-01-03 14:40 - 00000000 ____D C:\Program Files\iMesh Applications
2014-01-03 14:39 - 2014-01-03 14:39 - 00000593 _____ C:\Users\Public\Desktop\iMesh-Installation fortsetzen.lnk
2014-01-03 08:07 - 2014-01-03 14:48 - 00000000 ____D C:\Antivirus
2014-01-02 14:21 - 2014-01-02 14:34 - 00000000 ____D C:\Mail_Backup_16_12-13
2013-12-31 08:43 - 2012-07-26 11:51 - 324664460 _____ C:\Users\Y6KMF6GJ\Desktop\UNIV_5.273.17.0.zip
2013-12-30 17:04 - 2013-08-26 08:46 - 02873609 _____ C:\Users\Y6KMF6GJ\Downloads\llconnectkeyv1.zip
2013-12-30 17:04 - 2012-05-31 13:27 - 00066444 _____ C:\Users\Y6KMF6GJ\Downloads\Deutsch.5.250.0.zip
2013-12-30 17:04 - 2012-04-23 12:09 - 259215206 _____ C:\Users\Y6KMF6GJ\Downloads\WorkCentre_6400-system-sw_06107010205100.zip
2013-12-30 17:03 - 2012-09-11 10:37 - 00233984 _____ C:\Users\Y6KMF6GJ\Documents\Kopie von ICSS Report Office von Level 1 und Field am 07 09 12.xls
2013-12-30 17:03 - 2012-08-20 12:54 - 00058368 _____ C:\Users\Y6KMF6GJ\Documents\Kopie von Office_Lab_IP.xls
2013-12-30 17:03 - 2012-07-05 08:48 - 00759929 _____ C:\Users\Y6KMF6GJ\Documents\Kopie von Time Table BWI.xlsx
2013-12-30 17:03 - 2012-06-26 08:59 - 00027160 _____ C:\Users\Y6KMF6GJ\Documents\Kopie von Labor Anforderungen xls.xlsx
2013-12-30 17:03 - 2012-05-10 14:53 - 00000256 _____ C:\Users\Y6KMF6GJ\Downloads\cert_P50v2_WC56xx08_Patch.zip
2013-12-30 17:03 - 2011-10-12 10:50 - 00076288 _____ C:\Users\Y6KMF6GJ\Documents\Begleitblatt_Rechnerausgabe.xls
2013-12-30 17:03 - 2011-10-07 09:38 - 00337363 _____ C:\Users\Y6KMF6GJ\Documents\X-LEARN_Xerox Local Release Full Catalog.xlsx
2013-12-30 16:50 - 2014-01-02 10:55 - 00000000 ____D C:\Users\Y6KMF6GJ\Downloads\Decrypter
2013-12-24 07:00 - 2013-12-24 07:01 - 00002024 _____ C:\freefallprotection.log
2013-12-23 19:38 - 2013-12-23 19:38 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-23 19:38 - 2013-12-23 19:38 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-23 19:38 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-23 10:59 - 2013-12-23 10:59 - 00062976 _____ C:\Users\Y6KMF6GJ\Documents\Kopie von BWI Liste Firmware (3).xls
==================== One Month Modified Files and Folders =======
2014-01-03 14:48 - 2014-01-03 08:07 - 00000000 ____D C:\Antivirus
2014-01-03 14:48 - 2012-04-13 14:34 - 00000000 ____D C:\Mail_Benno
2014-01-03 14:43 - 2014-01-03 14:43 - 00000000 ____D C:\FRST
2014-01-03 14:40 - 2014-01-03 14:40 - 00000000 ____D C:\Program Files\iMesh Applications
2014-01-03 14:39 - 2014-01-03 14:39 - 00000593 _____ C:\Users\Public\Desktop\iMesh-Installation fortsetzen.lnk
2014-01-03 14:36 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing
2014-01-03 14:29 - 2012-04-16 11:26 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-03 14:27 - 2013-02-11 07:09 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-03 11:43 - 2012-04-11 16:04 - 00002216 _____ C:\Windows\system32\config\netlogon.ftl
2014-01-03 09:29 - 2012-04-16 11:26 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-03 08:10 - 2009-07-14 05:34 - 00027488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 08:10 - 2009-07-14 05:34 - 00027488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-03 07:50 - 2012-04-26 12:14 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2014-01-03 07:50 - 2012-04-11 15:07 - 00000462 _____ C:\Windows\SMSCFG.ini
2014-01-03 07:50 - 2012-02-17 22:34 - 00072456 _____ C:\Windows\setupact.log
2014-01-03 07:50 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-02 20:15 - 2012-04-11 15:46 - 01168616 _____ C:\Windows\WindowsUpdate.log
2014-01-02 17:24 - 2012-02-17 22:07 - 00000000 ____D C:\ProgramData\Sonic
2014-01-02 14:55 - 2012-04-23 11:46 - 00000000 ____D C:\ProgramData\WirelessManager
2014-01-02 14:34 - 2014-01-02 14:21 - 00000000 ____D C:\Mail_Backup_16_12-13
2014-01-02 10:55 - 2013-12-30 16:50 - 00000000 ____D C:\Users\Y6KMF6GJ\Downloads\Decrypter
2014-01-01 13:38 - 2013-08-07 07:35 - 00000000 ____D C:\EPA.EPA.u
2014-01-01 13:27 - 2012-04-18 07:43 - 00000000 ____D C:\Xerox
2014-01-01 12:02 - 2012-06-26 07:53 - 00000000 ____D C:\Transfer
2014-01-01 10:46 - 2012-05-07 10:07 - 00000000 ____D C:\totalcmd
2014-01-01 10:43 - 2012-04-11 15:18 - 00000000 ____D C:\proxyset
2014-01-01 10:39 - 2012-02-17 17:41 - 00715418 _____ C:\Windows\system32\prfh0416.dat
2014-01-01 10:39 - 2012-02-17 17:41 - 00152584 _____ C:\Windows\system32\prfc0416.dat
2014-01-01 10:39 - 2012-02-17 17:37 - 00742588 _____ C:\Windows\system32\perfh010.dat
2014-01-01 10:39 - 2012-02-17 17:37 - 00151918 _____ C:\Windows\system32\perfc010.dat
2014-01-01 10:39 - 2010-11-20 22:01 - 05224060 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-31 09:14 - 2013-08-26 14:38 - 00000000 ____D C:\Scantests
2013-12-31 09:12 - 2012-07-13 13:24 - 00000000 ____D C:\ProgramData\WebEx
2013-12-31 09:12 - 2012-02-17 22:06 - 00000000 ____D C:\ProgramData\Roxio
2013-12-31 08:56 - 2013-01-23 07:21 - 00000000 ____D C:\Partiton Magic
2013-12-31 08:25 - 2013-04-18 16:31 - 00000000 ____D C:\Users\Y6KMF6GJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2013-12-31 08:25 - 2013-04-18 16:31 - 00000000 ____D C:\Users\Y6KMF6GJ\AppData\Roaming\IrfanView
2013-12-31 08:25 - 2012-05-07 11:20 - 00000000 ____D C:\Users\Y6KMF6GJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2013-12-31 08:25 - 2012-05-07 10:07 - 00000000 ____D C:\Users\Y6KMF6GJ\AppData\Roaming\GHISLER
2013-12-31 08:25 - 2012-04-16 11:07 - 00000000 ____D C:\Users\Y6KMF6GJ\AppData\Roaming\Xerox
2013-12-31 08:25 - 2012-04-11 16:32 - 00000000 ____D C:\Users\Y6KMF6GJ\AppData\Roaming\WMCore
2013-12-31 08:25 - 2012-04-11 16:32 - 00000000 ____D C:\Users\Y6KMF6GJ\AppData\Roaming\WirelessManager
2013-12-31 08:25 - 2012-04-11 15:19 - 00000000 ____D C:\Users\Y6KMF6GJ\AppData\Roaming\ICAClient
2013-12-31 08:25 - 2012-04-11 15:05 - 00000000 ___RD C:\Users\Y6KMF6GJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-31 08:25 - 2012-04-11 15:05 - 00000000 ___RD C:\Users\Y6KMF6GJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-31 08:06 - 2013-11-22 10:47 - 00000000 ____D C:\Users\Y6KMF6GJ\Downloads\ConnectKey DEmo
2013-12-31 08:06 - 2013-08-30 09:11 - 00000000 ____D C:\Users\Y6KMF6GJ\Documents\Neuer Ordner
2013-12-31 08:06 - 2013-08-20 11:50 - 00000000 ____D C:\Users\Y6KMF6GJ\Documents\PWC Scan
2013-12-31 08:06 - 2013-05-27 08:50 - 00000000 ____D C:\Users\Y6KMF6GJ\Documents\WC58XX
2013-12-31 08:06 - 2012-07-19 15:30 - 00000000 ____D C:\Users\Y6KMF6GJ\Tracing
2013-12-31 08:06 - 2012-06-12 12:55 - 00000000 ____D C:\Users\Y6KMF6GJ\PCL5
2013-12-31 08:06 - 2012-06-04 11:33 - 00000000 ____D C:\Users\Y6KMF6GJ\Neuer Ordner
2013-12-31 08:06 - 2012-05-03 12:35 - 00000000 ____D C:\Users\Y6KMF6GJ\Documents\Urlaub2012
2013-12-31 08:05 - 2013-06-13 10:13 - 00000000 ____D C:\Users\Y6KMF6GJ\Downloads\Connect Key
2013-12-31 08:03 - 2011-04-12 02:34 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-31 08:03 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Public\Libraries
2013-12-31 08:03 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-12-31 08:00 - 2012-12-05 12:30 - 00000000 ____D C:\Users\Y6KMF6GJ\Documents\Admin Password
2013-12-31 08:00 - 2012-04-11 15:41 - 00000000 ____D C:\Users\Administrator
2013-12-31 07:59 - 2013-05-27 10:32 - 00000000 ____D C:\Users\Y6KMF6GJ\Downloads\4260
2013-12-30 17:03 - 2013-03-12 14:38 - 00000000 ____D C:\Users\Y6KMF6GJ\Documents\Software Upgrade
2013-12-24 07:01 - 2013-12-24 07:00 - 00002024 _____ C:\freefallprotection.log
2013-12-24 06:57 - 2012-04-23 17:51 - 00000000 ____D C:\Users\Y6KMF6GJ\Documents\Add-in Express
2013-12-24 06:57 - 2012-04-17 14:00 - 00000000 ____D C:\Users\Y6KMF6GJ\Documents\4250Fettdruck
2013-12-24 06:55 - 2013-06-26 11:44 - 00000000 ____D C:\Users\Y6KMF6GJ\Documents\The Hub
2013-12-23 23:00 - 2012-04-16 11:28 - 00029688 _____ C:\Windows\PFRO.log
2013-12-23 20:39 - 2013-03-11 12:17 - 00000000 ____D C:\FTP
2013-12-23 20:38 - 2013-04-18 16:29 - 00000000 ____D C:\IrfanView
2013-12-23 20:38 - 2012-08-24 07:15 - 00000000 ___HD C:\GrandeDevice
2013-12-23 19:38 - 2013-12-23 19:38 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-23 19:38 - 2013-12-23 19:38 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-23 11:09 - 2012-04-11 15:11 - 00000290 _____ C:\Windows\Adlogin.ini
2013-12-23 10:59 - 2013-12-23 10:59 - 00062976 _____ C:\Users\Y6KMF6GJ\Documents\Kopie von BWI Liste Firmware (3).xls
2013-12-20 09:17 - 2012-04-16 13:54 - 00002016 ____H C:\Users\Y6KMF6GJ\Documents\Default.rdp
2013-12-10 14:00 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-12-05 11:29 - 2013-02-22 09:16 - 00004502 _____ C:\Users\Y6KMF6GJ\Documents\default.xpb
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\PREPUSER.EXE
C:\Users\Y6KMF6GJ\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Y6KMF6GJ\AppData\Local\Temp\unInstall2.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-02 13:39
==================== End Of Log ============================
--- --- --- --- --- --- Addition:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-01-2014 01
Ran by Y6KMF6GJ at 2014-01-03 14:49:06
Running from C:\Antivirus
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: McAfee VirusScan Enterprise (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
==================== Installed Programs ======================
Adobe Flash Player 11 ActiveX (Version: 11.8.800.168 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) MUI (Version: 10.1.7 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (Version: 3.0 - Adobe)
Ask Toolbar (Version: 1.15.2.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (Version: 1.2.1.23037 - Ask.com) <==== ATTENTION
BlackBerry Desktop Software 6.1 (Version: 6.1.0.36 - Research in Motion Ltd.)
BlackBerry Desktop Software 6.1 (Version: 6.1.0.36 - Research in Motion Ltd.) Hidden
Check Point Endpoint Security - Full Disk Encryption (Version: 7.4.1627 - Check Point Software Technologies Ltd)
Cisco WebEx Meetings (Version: - Cisco WebEx LLC)
Citrix Receiver (Enterprise) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Citrix Receiver Inside (Version: 3.0.0.56418 - Citrix Systems, Inc.) Hidden
Citrix Receiver(PNA) (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Citrix Receiver(SSON) (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
ClientsInstaller_2_EPA_EPM_EDA (Version: 9.7.004 - ERACENT)
Conexant HDA D330 MDC V.92 Modem (Version: 7.80.4.0 - Conexant)
Configuration Manager Client (Version: 4.00.6487.2700 - Microsoft Corporation) Hidden
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version: - Microsoft)
Dell Mobile Broadband Manager (Version: 6.3.3.2 - Dell)
Dell System Manager (Version: 1.7.10000 - Dell Inc.)
Dell Touchpad (Version: 7.1208.101.125 - ALPS ELECTRIC CO., LTD.)
Dell Wireless HSPA Mini-Card Drivers (Version: 6.3.3.6 - Dell)
DHTML Editing Component (Version: 6.02.0001 - Microsoft Corporation)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Eupr (Version: 1.1.1 - EDS)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
IDT Audio (Version: 1.0.6324.0 - IDT)
Intel(R) Network Connections Drivers (Version: 16.1 - Intel)
Internet Explorer (Version: 9 - Microsoft Corporation) Hidden
IrfanView (remove only) (Version: 4.35 - Irfan Skiljan)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lookeen Version 3.7.3.4482 (Version: 3.7.3.4482 - Axonic)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Agent (Version: 4.6.0.2292 - McAfee, Inc.)
McAfee VirusScan Enterprise (Version: 8.8.02004 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (Version: - Microsoft) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Communicator 2007 (Version: 2.0.6362.188 - Microsoft Corporation)
Microsoft Office Communicator 2007, MUI (Version: 2.0.6362.0 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Arabic) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Basque) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Catalan) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Dutch) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Galician) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (Version: 9.0 - SAP AG)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (Version: 23.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Online Plug-in (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
PDFCreator (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PhotoShowExpress (Version: 2.0.063 - Sonic Solutions) Hidden
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (Version: 1.3.3 - Roxio) Hidden
Roxio Burn (Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
SAP Business Explorer (Version: 7.20 - SAP AG)
SAP GUI for Windows 7.20 (Version: 7.20 Compilation 3 - SAP)
SearchLite Update (Version: 1.0.0.0 - Xerox Corporation)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
TeamViewer 7 (Version: 7.0.12979 - TeamViewer)
Total Commander (Remove or Repair) (Version: - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2553065) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Outlook Social Connector (KB2583935) (Version: - Microsoft)
WebEx Productivity Tools (Version: 2.29.3100 - Cisco WebEx LLC)
WIDCOMM Bluetooth Software (Version: 6.3.0.6900 - Broadcom Corporation)
Windows Media DRM Reset (Version: - )
WinSCP 5.1.4 (Version: 5.1.4 - Martin Prikryl)
WinZip (Version: 8.1 (4331) - WinZip Computing, Inc.)
XEAN VPN Client (Version: 10.04.108 - Nortel Networks)
Xerox GSN Lock Client (Version: 4.0.1.2 - Xerox Corporation)
Xerox GSN Web Components 4 (Version: 4.0.11.5 - Xerox Corporation)
Xerox NG EDOC WorkCentre 5890 Family (Version: 1.0 - Xerox)
Xerox XPRODB Backup And Restore Installer (Version: 1.0.0.0 - Xerox Corporation)
Xerox XPROMaintRunAdmin (Version: 11.0.0.0 - Xerox Corporation)
==================== Restore Points =========================
09-12-2013 06:53:58 Windows-Sicherung
16-12-2013 11:58:29 Windows-Sicherung
23-12-2013 07:04:49 Windows-Sicherung
24-12-2013 06:01:15 Entfernt AccelerometerP11
30-12-2013 07:05:04 Windows-Sicherung
==================== Hosts content: ==========================
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {27836725-7794-457F-841E-7682110C67BC} - System32\Tasks\XPRODBBackUp on startup => C:\Xerox\XPWS\Controls\XPRODB_Backup.exe [2009-12-15] (Xerox Corporation)
Task: {3A0FC4D7-B044-41C3-9514-56B7F36824E8} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-05-04] ()
Task: {4F36BA8C-AAD4-4AFC-907D-5A39BD3C3BE9} - System32\Tasks\{09712194-A785-43BD-85B2-049CACB74C8F} => C:\Utils\BgInfo\Bginfo.exe [2003-06-19] (Bryce Cogswell)
Task: {85E9BC51-1D77-4DBD-9FCA-BAF8B4C283A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-16] (Google Inc.)
Task: {CEC1F5EB-627C-4D01-A799-82BA34AD5A50} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-16] (Adobe Systems Incorporated)
Task: {D84434A2-72F4-4246-9238-C91AEAF3CA89} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E2743E6C-3896-497D-B26B-BF81C2E0BDF3} - System32\Tasks\XPRODBBackUp Daily => C:\Xerox\XPWS\Controls\XPRODB_Backup.exe [2009-12-15] (Xerox Corporation)
Task: {FFF96291-FEDF-4F0B-9CD0-DA55DB6FA174} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-16] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-08-05 08:39 - 2010-08-05 08:39 - 00135168 _____ () C:\Windows\system32\LogonAgentAPI.dll
2012-04-11 16:09 - 2001-10-28 16:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-07-24 08:08 - 2013-07-24 08:08 - 00105472 _____ () C:\Windows\system32\XMobPM.dll
2012-08-24 07:15 - 2011-03-31 06:47 - 00019456 _____ () C:\Windows\System32\xrhk2alm.dll
2012-08-24 07:15 - 2011-05-12 15:05 - 15050752 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\xrhk2aRC.DLL
2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files\McAfee\Common Framework\cryptocme2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files\McAfee\Common Framework\ccme_base.dll
2011-09-15 02:08 - 2011-09-15 02:08 - 00150032 _____ () C:\Program Files\McAfee\VirusScan Enterprise\WscAv.dll
2008-01-17 12:43 - 2008-01-17 12:43 - 00112136 _____ () C:\Program Files\Xerox Extranet Access Network\certicom.dll
2012-04-11 16:04 - 2010-02-17 10:20 - 00065576 ____R () C:\Program Files\Dell\Dell WWAN\WMCore\MBMDebug.dll
2010-10-15 17:14 - 2010-10-15 17:14 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-03-17 06:11 - 2011-03-17 06:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-11-25 04:44 - 2010-11-25 04:44 - 00375280 _____ () c:\program files\common files\roxio shared\dllshared\SQLite352.dll
2012-02-17 16:23 - 2011-06-10 23:36 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2010-02-17 10:20 - 2010-02-17 10:20 - 00065576 ____R () C:\Program Files\Dell\Dell Mobile Broadband Manager\MBMDebug.dll
2012-04-18 07:44 - 2010-11-18 10:44 - 00180224 _____ () c:\Xerox\XPWS\Controls\RECORD~1.DLL
2011-03-17 06:11 - 2011-03-17 06:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2012-04-18 07:44 - 2010-11-18 10:44 - 00147456 _____ () c:\Xerox\XPWS\Controls\StandardWorkFlows.dll
2012-04-18 07:44 - 2010-11-18 10:44 - 00159744 _____ () c:\Xerox\XPWS\Controls\SOFTWA~1.DLL
2012-04-23 17:51 - 2011-08-26 10:54 - 00471776 _____ () C:\Program Files\Axonic\Lookeen\adxloader.dll
2012-04-23 17:51 - 2012-04-23 17:51 - 00286720 _____ () C:\Users\Y6KMF6GJ\AppData\Local\assembly\dl3\EK9LABP1.HJE\7VPT4PW2.5AC\46b9ddd8\002c108f_f737c701\Interop.Outlook.DLL
2010-12-21 07:15 - 2010-12-21 07:15 - 01041248 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/03/2014 02:29:22 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/03/2014 02:29:15 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/03/2014 07:50:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/02/2014 05:17:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/02/2014 01:40:32 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/02/2014 01:40:21 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/02/2014 00:04:14 PM) (Source: RasClient) (User: )
Description: CoID={2B2C05AA-E8F5-47E4-B860-7C1529441D18}: Der Benutzer "XRXEU\Y6KMF6GJ" hat eine Verbindung mit dem Namen "Vodafone" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.
Error: (01/02/2014 00:04:14 PM) (Source: RasClient) (User: )
Description: CoID={2B2C05AA-E8F5-47E4-B860-7C1529441D18}: Der Benutzer "XRXEU\Y6KMF6GJ" hat eine Verbindung mit dem Namen "Vodafone" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 680.
Error: (12/20/2013 11:44:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/02/2014 10:35:01 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/03/2014 01:23:51 PM) (Source: Microsoft-Windows-GroupPolicy) (User: XRXEU)
Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Der Computername konnte nicht aufgelöst werden. Dies kann mindestens eine der folgenden Ursachen haben:
a) Fehler bei der Namensauflösung mit dem aktuellen Domänencontroller.
b) Active Directory-Replikationswartezeit (ein auf einem anderen Domänencontroller erstelltes Konto hat nicht auf dem aktuellen Domänencontroller repliziert).
Error: (01/03/2014 01:21:47 PM) (Source: NETLOGON) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne XRXEU aufgrund der folgenden
Ursache nicht einrichten:
%%1311
Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.
ZUSÄTZLICHE INFORMATIONEN
Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error: (01/03/2014 01:16:06 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT-AUTORITÄT)
Description: Fehler beim Verarbeiten der Gruppenrichtlinie. Der Name eines Domänencontrollers konnte nicht abgerufen werden. Dies kann auf einen Fehler bei der Namensauflösung zurückzuführen sein. Überprüfen Sie, ob DNS (Domain Name System) konfiguriert ist und richtig ausgeführt wird.
Error: (01/03/2014 07:57:45 AM) (Source: Microsoft-Windows-GroupPolicy) (User: XRXEU)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error: (01/03/2014 07:53:20 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{EE1BD859-AACD-48FE-A9B6-9358DC21ADAE}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT-AUTORITÄTNETZWERKDIENSTS-1-5-20LocalHost (unter Verwendung von LRPC)
Error: (01/03/2014 07:52:38 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/03/2014 07:50:13 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT-AUTORITÄT)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error: (01/03/2014 07:50:11 AM) (Source: NETLOGON) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne XRXEU aufgrund der folgenden
Ursache nicht einrichten:
%%1311
Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.
ZUSÄTZLICHE INFORMATIONEN
Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error: (01/02/2014 05:24:17 PM) (Source: Microsoft-Windows-GroupPolicy) (User: XRXEU)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error: (01/02/2014 05:19:42 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
Error: (01/03/2014 02:29:22 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe
Error: (01/03/2014 02:29:15 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe
Error: (01/03/2014 07:50:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/02/2014 05:17:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/02/2014 01:40:32 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe
Error: (01/02/2014 01:40:21 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe
Error: (01/02/2014 00:04:14 PM) (Source: RasClient)(User: )
Description: {2B2C05AA-E8F5-47E4-B860-7C1529441D18}XRXEU\Y6KMF6GJVodafone0
Error: (01/02/2014 00:04:14 PM) (Source: RasClient)(User: )
Description: {2B2C05AA-E8F5-47E4-B860-7C1529441D18}XRXEU\Y6KMF6GJVodafone680
Error: (12/20/2013 11:44:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/02/2014 10:35:01 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 60%
Total physical RAM: 3240.97 MB
Available physical RAM: 1270.19 MB
Total Pagefile: 6480.23 MB
Available Pagefile: 4507.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1886.44 MB
==================== Drives ================================
Drive c: (SYSTEM) (Fixed) (Total:237.14 GB) (Free:160.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:228.62 GB) (Free:14.84 GB) NTFS
Drive f: (USB_BACKUP) (Fixed) (Total:18.62 GB) (Free:2.91 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4045D88A)
Partition 1: (Active) - (Size=237 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=229 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 19 GB) (Disk ID: F30D0000)
Partition 1: (Active) - (Size=19 GB) - (Type=0C)
==================== End Of Log ============================
Gruss Jörg |
|
04.01.2014, 15:53
| #4 |
| /// the machine /// TB-Ausbilder | Trojaner verschlüsselt Dateien ( Locked ) Bereinigen können wir den Rechner, die verschlüsselten Daten sind aber verloren. Sollen wir?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.01.2014, 12:57
| #5 |
| | Trojaner verschlüsselt Dateien ( Locked ) Hallo Schrauber, gerne, was muss ich machen ? Gruss Comdata Hallo Schrauber, hat sich erledigt, mein Vater musste zur IT. Sie setzen den Rechner neu auf  Danke aber für die Hilfe |
|
07.01.2014, 09:42
| #6 |
| /// the machine /// TB-Ausbilder | Trojaner verschlüsselt Dateien ( Locked ) Ok 
__________________ --> Trojaner verschlüsselt Dateien ( Locked ) |
|
| Themen zu Trojaner verschlüsselt Dateien ( Locked ) |
| backup, dateien, diverse, file, folgenden, folgendes, geladen, gen, informationen, konnte, malwarebytes, original, panel, tools, troja, trojan.filecoder, trojaner, troll, vater, verschlüsselt, versucht, webseite, white, wieder herstellen |
Linear-Darstellung
