| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt.Xpack.41536 in der Outlook .pstWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.01.2014, 10:27
| #1 |
 |  TR/Crypt.Xpack.41536 in der Outlook .pst Hallo! Bei Routine-Scans sind mir ein paar Dinge aufgefallen. Deswegen habe ich den PC mit der aktuellen Avira Rescue CD gebootet und scannen lassen. Dabei sind folgende Viren erkannt und dann umbenannt worden: Outlook2003_mehr_gb pst -> TR/Crypt.Xpack.41536 archivoutlook2003_mehr_gb.pst -> WORM/Ntech.T archiv1.pst -> TR/Crypt.ZPACK.Gen2 EXP.JAVA.Niabil.Gen Hier weiß ich leider nicht, wie man das Avira Rescue CD Logfile speichert. Fotos vom Screen sind angefügt. Danach habe ich Addition.txt, FRST.txt, defogger_disable.log und Gmer.log erstellt. Und wieder danach habe ich einen Quickscan mit Malwarebytes durchgeführt und "entferne Auswahl" gewählt. Logs auch anbei. Meine Fragen sind: 1) Was wäre generell als nächstes zu tun? 2) Wie kann ich die derzeit umgeschrieben Outlook-Dateien retten. Da sind alle meine E-Mails drin. Ggf. ist ja nicht die Datei an sich infiziert, sondern nur ein E-Mail Anhang darin. Solche Anhänge öffne ich sowieso nicht. Ich bin ein Einzelunternehmer. Vielen Dank! Franz Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2014
Ran by ***** at 2014-01-15 08:47:18
Running from G:\Users\*****\Documents\***\***** Hacker\trojaner-board.de
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (x32 Version: - Microsoft)
3InternetManager (x32 Version: 3.0.0.141 - Hutchison 3G Austria GmbH)
Acer Arcade Deluxe (x32 Version: 3.2.7116 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.2.7116 - CyberLink Corp.) Hidden
Acer Backup Manager (x32 Version: 2.0.2.19 - NewTech Infosystems)
Acer eRecovery Management (x32 Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (x32 Version: 5.1.0.2 - Oberon Media, Inc.)
Acer Registration (x32 Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.1.0812 - Acer Incorporated)
Acer Updater (x32 Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated)
Acronis*True*Image*Home (x32 Version: 11.0.8010 - Acronis)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (x32 Version: 7.1.0 - Adobe Systems) Hidden
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.004 - Adobe Systems)
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Creative Suite 2 (x32 Version: - )
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe GoLive CS2 (x32 Version: 8.0.1 - Ihr Firmenname) Hidden
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Illustrator CS2 (x32 Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe InDesign CS2 (x32 Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop 6.0 (x32 Version: 6.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (x32 Version: 3.0 - Adobe Systems, Inc.)
Adobe Version Cue CS2 (x32 Version: 2.0.1 - Adobe Systems, Inc.) Hidden
Advanced File Organizer (x32 Version: 2.61 - SoftPrime Development)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AIR iPad (x32 Version: 01 - UNKNOWN) Hidden
AIR iPad (x32 Version: v.01 - UNKNOWN)
Akeeba eXtract Wizard 3.3 (x32 Version: - Akeeba Developers)
Alice Greenfingers (x32 Version: - Oberon Media)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17 - Amazon Services LLC)
Amazonia (x32 Version: - Oberon Media)
Any Video Converter 3.5.2 (x32 Version: - Any-Video-Converter.com)
Apple Application Support (x32 Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (x32 Version: - )
Audacity 1.3.13 (Unicode) (x32 Version: - Audacity Team)
Audible Download Manager (x32 Version: 6.6.0.15 - Audible, Inc.)
Avery Wizard 4.0 (x32 Version: 4.0.201 - Avery)
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-6490CW (x32 Version: 1.0.1.0 - Brother Industries, Ltd.)
Bulk Rename Utility 2.7.1.2 (Version: - TGRMN Software)
Bullzip PDF Printer 10.1.0.1871 (Version: 10.1.0.1871 - Bullzip)
CamStudio (x32 Version: - )
Chicken Invaders 2 (x32 Version: - Oberon Media)
ColorChecker Passport 1.0 (x32 Version: - X-Rite)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
CSS Tab Designer v2.0 (x32 Version: - OverZone Software)
Dairy Dash (x32 Version: - Oberon Media)
DivX-Setup (x32 Version: 2.6.1.9 - DivX, LLC)
Dream Day First Home (x32 Version: - Oberon Media)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
eBay Worldwide (x32 Version: 2.1.0901 - OEM)
Engraver 2.0. (x32 Version: - )
Engraver 2.22 (64 Bit). (Version: - )
Engraver 2.22. (x32 Version: - )
Epson Easy Photo Print 2 (x32 Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Print CD (x32 Version: 2.05.00 - SEIKO EPSON CORPORATION)
Epson Stylus Photo R3000 Handbuch (x32 Version: - )
Epson Stylus Photo R3000 Netzwerk-Handbuch (x32 Version: - )
Epson Stylus Photo R3000 Printer Uninstall (Version: - SEIKO EPSON Corporation)
EpsonNet Print (x32 Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (x32 Version: 3.3b - SEIKO EPSON CORPORATION)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Farm Frenzy 2 (x32 Version: - Oberon Media)
FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.0.1.13 - MAGIX AG)
First Class Flurry (x32 Version: - Oberon Media)
FlippingBook Publisher (x32 Version: 2.5.19 - FlippingBook) Hidden
FlippingBook Publisher Professional (x32 Version: 2.5.19 - FlippingBook)
Free CD to MP3 Converter (x32 Version: - )
Free M4a to MP3 Converter 6.2 (x32 Version: - ManiacTools.com)
Free YouTube to MP3 Converter version 3.11.20.423 (x32 Version: 3.11.20.423 - DVDVideoSoft Ltd.)
FRITZ!Fernzugang (Version: 1.2.3 - AVM Berlin)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Desktop (x32 Version: 5.9.1005.12335 - Google)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Granny In Paradise (x32 Version: - Oberon Media)
gSyncit (x32 Version: 2.4.42 - Fieldston Software)
HappyFoto-Designer 4.4 (x32 Version: - )
Hauppauge WinTV 7 (x32 Version: v7.0.30108 (CD 2.5c) - Hauppauge Computer Works)
Heroes of Hellas (x32 Version: - Oberon Media)
HFSExplorer 0.21 (x32 Version: 0.21 - Catacombae Software)
Hotkey Utility (x32 Version: 2.05.3005 - Acer Incorporated)
HS3 2011 (x32 Version: 2011 (2011.04.002) - HS/3 Hotelsoftware GmbH & Co. KG)
Identity Card (x32 Version: 1.00.3002 - Acer Incorporated)
IETester v0.5.2 (remove only) (x32 Version: 0.5.2 - Core Services)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Inkscape 0.48.1 (x32 Version: 0.48.1 - )
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (Version: - Intel Corporation)
iTunes (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (x32 Version: 0.9 - AppWork GmbH)
JMicron JMB36X Driver (x32 Version: 1.00.0000 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kies (x32 Version: 1.4 - Ihr Firmenname)
Kies (x32 Version: 1.4 - Ihr Firmenname) Hidden
LAME v3.98.3 for Audacity (x32 Version: - )
LinkChecker 8.4 (x32 Version: - )
Macromedia Dreamweaver 8 (x32 Version: 8.0.0.2751 - Macromedia)
Macromedia Extension Manager (x32 Version: 1.7.270 - Ihr Firmenname)
Macromedia Fireworks 8 (x32 Version: 8.0.0.777 - Macromedia)
Macromedia Flash 8 (x32 Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (x32 Version: 1.00.0000 - Macromedia)
Macromedia FreeHand MXa (x32 Version: 11.0.1 - Macromedia)
MAGIX Screenshare 4.3.6.1987 (D) (x32 Version: 4.3.6.1987 - MAGIX AG)
MAGIX Video deluxe 15 8.0.0.62 (D) (x32 Version: 8.0.0.62 - MAGIX AG)
Merriam Websters Spell Jam (x32 Version: - Oberon Media)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Expression Design 4 (x32 Version: 7.0.20516.0 - Microsoft Corporation)
Microsoft Expression Design 4 (x32 Version: 7.0.20516.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 (x32 Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (x32 Version: 4.0.1651.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 Screen Capture Codec (x32 Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Web 4 (x32 Version: 4.0.1303.0 - Microsoft Corporation)
Microsoft Expression Web 4 (x32 Version: 4.0.1303.0 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 Service Pack 2 (x32 Version: - Microsoft Corporation)
Microsoft LifeCam (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - German/Deutsch (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (x32 Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Professional (x32 Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird (3.1.9) (x32 Version: 3.1.9 (de) - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.76.0 - Egis Technology Inc.)
Nero 9 Essentials (x32 Version: - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.16.0.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Notepad++ (x32 Version: 5.9 - )
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA Display Control Panel (Version: 6.14.11.9703 - NVIDIA Corporation)
NVIDIA Drivers (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0129 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4 (x32 Version: 3.4.9590 - OpenOffice.org)
Outlook Backup Assistant 5 (Testversion) (x32 Version: 5.0 - Priotecs IT GmbH)
Paragon Backup & Recovery™ 2012 Free (x32 Version: 90.00.0003 - Paragon Software)
PC Connectivity Solution (x32 Version: 8.47.7.0 - Nokia)
PDFCreator (x32 Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Phase 5 HTML-Editor (x32 Version: 5.6.2.3 - Systemberatung Schommer)
Picasa 3 (x32 Version: 3.8 - Google, Inc.)
Poedit (x32 Version: 1.5.5 - Vaclav Slavik)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Safari (x32 Version: 5.33.19.4 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.350.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (x32 Version: 1.00.0000 - Samsung)
Skype™ 5.0 (x32 Version: 5.0.156 - Skype Technologies S.A.)
SmartCopy (x32 Version: - Northstar Systems Corp.)
SmartLauncher (x32 Version: - Northstar Systems Corp.)
Stellarium 0.12.4 (Version: 0.12.4 - Stellarium team)
StuffIt Expander 2011 (Version: 15.0.1.17 - Smith Micro Software, Inc.)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53 (x32 Version: v2012.build.53 - eRightSoft)
TeamViewer 9 (x32 Version: 9.0.24951 - TeamViewer)
TeraCopy 2.2 (Version: - Code Sector Inc.)
Textmosaic Generator 1.10 (x32 Version: 1.10 - Philipp Winterberg)
TextPad 4.7 (x32 Version: 4.7.2 - Ihr Firmenname)
Thumbnail Generator by Disable Spyware (x32 Version: - )
TightVNC 2.0.2 (x32 Version: 2.0.2 - GlavSoft LLC.)
Total Commander 64-bit (Remove or Repair) (Version: 8.0 - Ghisler Software GmbH)
Total Immersion D'Fusion @Home Web Plug-In (x32 Version: - Total Immersion)
TrueCrypt (x32 Version: 7.0a - TrueCrypt Foundation)
TuxGuitar (x32 Version: 1.2 - Herac)
Überwachungstool für die Intel® Turbo-Boost-Technologie (Version: 1.0.115.11 - Intel)
UltraVnc (x32 Version: 1.0.9.62 - uvnc bvba)
Unlocker 1.9.1-x64 (Version: 1.9.1 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32 Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vista Buttons (x32 Version: - )
VLC media player 2.0.1 (x32 Version: 2.0.1 - VideoLAN)
Vuze (x32 Version: 4.7 - Vuze Inc.)
Web Album Generator 1.8.2 (x32 Version: - ornj.net)
Welcome Center (x32 Version: 1.00.3008 - Acer Incorporated)
Windows Home Server-Connector (Version: 6.0.3436.0 - Microsoft Corporation)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinHTTrack Website Copier 3.46-1 (x32 Version: 3.46.1 - HTTrack)
WinRAR (Version: - )
WinSCP 4.3.6 (x32 Version: 4.3.6 - Martin Prikryl)
Wisdom-soft AutoScreenRecorder 3.1 Pro (x32 Version: - Wisdom Software Inc.)
Yahoo! Detect (x32 Version: - )
==================== Restore Points =========================
09-01-2014 05:51:11 Windows Update
12-01-2014 08:02:58 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-05-21 18:45 - 00000894 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0DDD88D8-CFC7-4470-8DC6-EE036AD134CA} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {321EE57E-85B7-4405-9AEC-8BD4BB6EEE13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-11] (Google Inc.)
Task: {5A7AFC4B-76FA-4646-9E49-7B290CBEDD4D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-11] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-12-20 22:15 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2010-12-20 11:12 - 2009-06-21 09:52 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2010-12-20 11:12 - 2009-06-22 05:27 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2011-02-09 01:56 - 2011-02-09 01:56 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2005-04-06 16:52 - 2005-04-06 16:52 - 00028791 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00057453 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00102515 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\java.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00053364 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00057455 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\net.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00032880 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00434255 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 01019904 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-28 19:47 - 2011-08-23 09:04 - 00057344 _____ () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll
2012-05-28 17:02 - 2012-01-16 16:12 - 00018944 _____ () C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
2009-02-03 02:33 - 2009-02-03 02:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-05-06 03:24 - 2010-05-06 03:24 - 00151584 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2010-12-25 20:53 - 2006-01-12 21:20 - 00019968 _____ () C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.deu
2010-12-25 20:53 - 2006-01-12 21:13 - 00019968 _____ () C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.FRA
2010-12-18 20:25 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2007-08-31 17:13 - 2007-08-31 17:13 - 01336600 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll
2011-07-29 00:09 - 2011-07-29 00:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2008-09-29 02:55 - 2008-09-29 02:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-08 11:15 - 2010-09-17 09:00 - 12832768 _____ () C:\Program Files (x86)\Common Files\PDFCreator\GS9.00\gs9.00\Bin\gsdll32.dll
2013-12-12 07:59 - 2013-12-12 07:59 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/15/2014 08:11:12 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (01/15/2014 07:17:22 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 66.178.168.192.in-addr.arpa. PTR *****-PC.local.
Error: (01/15/2014 07:17:22 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.66:5353 19 66.178.168.192.in-addr.arpa. PTR *****-PC-2.local.
Error: (01/14/2014 07:14:50 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 66.178.168.192.in-addr.arpa. PTR *****-PC.local.
Error: (01/14/2014 07:14:50 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.66:5353 19 66.178.168.192.in-addr.arpa. PTR *****-PC-2.local.
Error: (01/14/2014 07:11:51 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 66.178.168.192.in-addr.arpa. PTR *****-PC.local.
Error: (01/14/2014 07:11:51 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.66:5353 19 66.178.168.192.in-addr.arpa. PTR *****-PC-2.local.
Error: (01/14/2014 07:35:47 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (01/14/2014 06:28:04 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 66.178.168.192.in-addr.arpa. PTR *****-PC.local.
Error: (01/14/2014 06:28:04 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.66:5353 19 66.178.168.192.in-addr.arpa. PTR *****-PC-2.local.
System errors:
=============
Error: (01/15/2014 07:38:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/15/2014 07:38:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/15/2014 07:34:25 AM) (Source: Ntfs) (User: )
Description: Auf dem Volume "\\?\Volume{10027dd9-c2d9-11e1-a534-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (01/15/2014 07:19:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/15/2014 07:19:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/15/2014 07:17:53 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Center TV Archive Transfer Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/15/2014 07:17:53 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Center TV Archive Transfer Service erreicht.
Error: (01/15/2014 07:16:45 AM) (Source: Ntfs) (User: )
Description: Auf dem Volume "\\?\Volume{10027dd9-c2d9-11e1-a534-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (01/14/2014 07:15:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Server" wurde mit folgendem Fehler beendet:
%%13
Error: (01/14/2014 07:15:00 PM) (Source: Microsoft Antimalware) (User: )
Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt
Feature: %%886
Fehlercode: 0x8007045b
Fehlerbeschreibung: Der Computer wird heruntergefahren.
Grund: %%892
Microsoft Office Sessions:
=========================
Error: (01/27/2012 03:16:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 141973 seconds with 60 seconds of active time. This session ended with a crash.
Error: (01/16/2012 02:17:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 372467 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/07/2011 01:39:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14856 seconds with 240 seconds of active time. This session ended with a crash.
Error: (10/07/2011 07:18:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 65 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/07/2011 07:04:15 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 89609 seconds with 4920 seconds of active time. This session ended with a crash.
Error: (10/05/2011 11:24:33 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14563 seconds with 60 seconds of active time. This session ended with a crash.
Error: (10/04/2011 09:19:59 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/04/2011 09:19:21 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 95561 seconds with 1080 seconds of active time. This session ended with a crash.
Error: (09/27/2011 01:21:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 338595 seconds with 360 seconds of active time. This session ended with a crash.
Error: (09/19/2011 09:07:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 6103.06 MB
Available physical RAM: 3217.85 MB
Total Pagefile: 12204.3 MB
Available Pagefile: 8446.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:456.78 GB) (Free:240.97 GB) NTFS
Drive d: (Data) (Fixed) (Total:456.63 GB) (Free:312.72 GB) NTFS
Drive f: (SYSTEM RESERVED) (Fixed) (Total:0.03 GB) (Free:0 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (AcerAlt) (Fixed) (Total:411.91 GB) (Free:105.53 GB) NTFS
Drive h: (DATAAlt) (Fixed) (Total:43.63 GB) (Free:30.32 GB) NTFS
Drive l: () (Removable) (Total:7.39 GB) (Free:7.39 GB) FAT32
Drive m: (Swap-M) (Fixed) (Total:1397.26 GB) (Free:479.25 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C7CAF91E)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=457 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=457 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B4768151)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=31 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=412 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=44 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 9526035C)
Partition 1: (Active) - (Size=-698723860480) - (Type=07 NTFS)
========================================================
Disk: 5 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:42 on 15/01/2014 (*****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014
Ran by ***** (administrator) on *****-PC on 15-01-2014 08:44:36
Running from G:\Users\*****\Documents\***\***** Hacker\trojaner-board.de
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official downoad link fo FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Devguru Co., Ltd.) C:\Windows\SysWOW64\dgdersvc.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\esClient.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
() C:\HS3 Hotelsoftware\DB-Server\bin\fbguard_hs3sr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Adobe Sytems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
() C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
(North Star com.) C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSTrayApp.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(pdfforge hxxp://www.pdfforge.org/) C:\Program Files (x86)\Common Files\PDFCreator\PDFCreator.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSConnector.exe
(Firebird Project) C:\HS3 Hotelsoftware\DB-Server\bin\fbserver_hs3sr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Helios Software Solutions) C:\Program Files (x86)\TextPad 4\TextPad.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] - C:\windows\oobeoffer\oobeoffer\ootag.exe [23072 2009-09-28] (Microsoft)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-08-31] (Acronis)
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [609312 2010-05-06] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-11-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-11-12] (Acer Corp.)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_15\Trayserver.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [Adobe Version Cue CS2] - C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622232 2007-08-31] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [907040 2007-08-31] (Acronis)
HKLM-x32\...\Run: [Google Desktop Search] - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-12-20] (Google)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-18] (Google Inc.)
HKCU\...\Run: [updateMgr] - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe [3365176 2010-05-14] (Samsung Electronics Co., Ltd.)
MountPoints2: {59c8f615-9a4a-11df-a62d-806e6f6e6963} - E:\wubi.exe
MountPoints2: {a6801d55-6f88-11e3-9574-90fba686407f} - I:\AutoRun.exe
MountPoints2: {a6801d61-6f88-11e3-9574-90fba686407f} - I:\AutoRun.exe
HKU\Admin\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-18] (Google Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL [123392 2010-12-20] (Google)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7811&r=17361210n705pe426v155w5741u221
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7811&r=17361210n705pe426v155w5741u221
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT409AT409
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT409AT409
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=91Tr_Mru3RxUJoRgsGdwbizWUc8?q={searchTerms}
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A8B01E69-7297-4C38-B3E3-40775DDD3E9E}: [NameServer]213.94.78.17 213.94.78.16
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default
FF user.js: detected! => C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\user.js
FF Homepage: hxxp://www.starobserver.org|hxxp://news.astronomie.info/
FF Keyword.URL: hxxp://search.skipity.com/?source=ab&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @t-immersion.com/DFusionHomeWebPlugIn - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\searchplugins\s-amazon.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\searchplugins\skipity-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\googledesktop.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-14]
FF Extension: Print pages to PDF - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\printPages2Pdf@reinhold.ripper [2013-11-12]
FF Extension: WOT - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: Firebug - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\firebug@software.joehewitt.com.xpi [2013-09-23]
FF Extension: Write Area - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\writearea@writearea.com.xpi [2012-10-22]
FF Extension: Web Developer - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-15]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-19]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2013-12-12]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2013-12-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-12]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (D'Fusion @Home Web Plug-In (3.20.20164)) - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-10-11]
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-10-11]
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-10-11]
CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-10-11]
CHR Extension: (Chrome In-App Payments service) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 [2013-10-11]
CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-04-19]
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-12-18] (Adobe Systems)
R2 Adobe Version Cue CS2; C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin)
R2 dgdersvc; C:\Windows\SysWOW64\dgdersvc.exe [95568 2010-05-13] (Devguru Co., Ltd.)
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
R2 FirebirdGuardianHS3SRInstance; C:\HS3 Hotelsoftware\DB-Server\bin\fbguard_hs3sr.exe [1265664 2011-01-17] ()
R3 FirebirdServerHS3SRInstance; C:\HS3 Hotelsoftware\DB-Server\bin\fbserver_hs3sr.exe [3735552 2011-01-17] (Firebird Project)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-12-20] (Google)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577024 2012-03-24] (Hauppauge Computer Works)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 KiesAllShare; C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [9241088 2010-05-13] ()
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2010-12-19] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin)
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-05-13] (Devguru Co., Ltd)
R3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [18136 2010-05-13] (Devguru Co., Ltd)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [242688 2012-12-22] (Huawei Technologies Co., Ltd.)
S4 Iaaidassi; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2010-03-30] (AVM Berlin)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-15 08:44 - 2014-01-15 08:44 - 00000000 ____D C:\FRST
2014-01-15 08:43 - 2014-01-15 08:44 - 02076160 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2014-01-15 08:42 - 2014-01-15 08:42 - 00000000 _____ C:\Users\*****\defogger_reenable
2014-01-15 08:41 - 2014-01-15 08:41 - 00050477 _____ C:\Users\*****\Downloads\Defogger.exe
2014-01-14 18:44 - 2014-01-14 18:44 - 00002952 _____ C:\Users\*****\Downloads\access_log_2013-11-12.gz
2014-01-14 18:42 - 2014-01-14 18:42 - 00002316 _____ C:\Users\*****\Downloads\access_log_2014-01-05.gz
2014-01-14 18:40 - 2014-01-14 18:50 - 121822819 _____ C:\Users\*****\Downloads\avg_arl_ffi_all_120_130801a6481.rar
2014-01-14 18:28 - 2014-01-14 18:35 - 112001024 _____ C:\Users\*****\Downloads\avg_arl_cdi_all_120_130801a6481.iso
2014-01-14 18:26 - 2014-01-14 18:54 - 625348608 _____ C:\Users\*****\Downloads\rescue-system.iso
2014-01-14 18:15 - 2014-01-14 18:38 - 00043520 ___SH C:\Users\*****\AppData\Roaming\Thumbs.db
2014-01-14 18:09 - 2014-01-14 18:09 - 05063616 _____ (PortableApps.com) C:\Users\*****\Downloads\FileZillaPortable_3.7.3.paf.exe
2014-01-14 15:11 - 2014-01-14 15:11 - 00378099 _____ C:\Users\*****\Downloads\10_246_16_68.sql
2014-01-14 11:03 - 2014-01-14 11:04 - 00000000 ____D C:\Users\*****\Desktop\templates_c
2014-01-13 16:31 - 2014-01-13 16:31 - 01790152 _____ C:\Users\*****\Downloads\com_phocagallery_v3.2.6(1).zip
2014-01-13 14:04 - 2014-01-13 14:04 - 00000282 _____ C:\Users\*****\Desktop\10 Schritte zum erfolgreichen Facebook-Gewinnspiel Fanpage Karma Blog.URL
2014-01-12 16:53 - 2014-01-12 16:53 - 00000217 _____ C:\Users\*****\Desktop\The Scale of the Universe 2 — Other Languages.URL
2014-01-12 10:56 - 2014-01-12 10:56 - 00028736 _____ C:\Users\*****\Downloads\12_01_2014_WebFTP.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00119546 _____ C:\Users\*****\Downloads\droid-serif.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00079700 _____ C:\Users\*****\Downloads\droid-sans-mono.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00011194 _____ C:\Users\*****\Downloads\Droid.zip
2014-01-12 09:19 - 2014-01-12 09:19 - 00211015 _____ C:\Users\*****\Downloads\Droid-Sans.zip
2014-01-11 20:32 - 2014-01-11 20:33 - 00002057 _____ C:\Users\*****\Desktop\configuration.php
2014-01-10 10:58 - 2014-01-10 10:58 - 00036115 _____ C:\Users\*****\Downloads\access-2014010821-2014011002.log.gz
2014-01-09 11:59 - 2014-01-09 12:03 - 126234924 _____ C:\Users\*****\Downloads\Vorübung zu Swan Dive Prep.wmv
2014-01-08 11:52 - 2014-01-08 11:52 - 00002371 _____ C:\Users\*****\Downloads\address.zip
2014-01-08 11:15 - 2014-01-08 11:15 - 00000000 ____D C:\Program Files (x86)\FlippingBook
2014-01-08 11:15 - 2004-03-09 00:00 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-01-08 11:15 - 1998-07-06 00:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-01-08 11:15 - 1998-06-24 00:00 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-01-08 11:13 - 2014-01-08 11:15 - 00000000 __HDC C:\ProgramData\{0C886C27-6204-4A3D-8348-A42A59BC7205}
2014-01-08 11:13 - 2014-01-08 11:13 - 00000000 ____D C:\Users\*****\AppData\Local\III
2014-01-07 19:50 - 2014-01-07 19:50 - 00000233 _____ C:\Users\*****\Desktop\Fly Birds Hd Legendary Birds Legendary Pokemon. Colourful Pheasant Birds Wallpapers. Fly Birds Hd ~ Photoinpixel.URL
2014-01-04 19:06 - 2014-01-04 19:06 - 00003714 _____ C:\Users\*****\Desktop\pointclouds - Verknüpfung.lnk
2014-01-02 11:26 - 2014-01-02 11:26 - 00000053 _____ C:\Users\*****\Desktop\google63a169ac443c121d.html
2013-12-31 14:08 - 2013-12-31 14:08 - 00000225 _____ C:\Users\*****\Desktop\macklemore album.URL
2013-12-30 20:11 - 2013-12-30 20:16 - 176752984 _____ (VMware, Inc. ) C:\Users\*****\Downloads\VMware-converter-en-5.5.0-1362012.exe
2013-12-30 08:54 - 2013-12-30 08:58 - 98508144 _____ (VMware, Inc.) C:\Users\*****\Downloads\VMware-player-6.0.1-1379776.exe
2013-12-30 08:35 - 2013-12-30 08:35 - 00409141 _____ C:\Users\*****\Downloads\torbutton146-current.zip
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Stellarium
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Local\stellarium
2013-12-29 12:28 - 2013-12-29 12:28 - 00001724 _____ C:\Users\Public\Desktop\Stellarium.lnk
2013-12-29 12:28 - 2013-12-29 12:28 - 00000000 ____D C:\Program Files\Stellarium
2013-12-29 11:22 - 2013-12-29 11:24 - 81699167 _____ (Stellarium team ) C:\Users\*****\Downloads\stellarium-0.12.4-win64.exe
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____D C:\Users\*****\AppData\Roaming\Sierra Wireless
2013-12-28 11:56 - 2013-12-28 11:57 - 00000000 ____D C:\ProgramData\mquadr.at
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____D C:\Users\*****\AppData\Local\mquadr.at
2013-12-28 11:55 - 2013-12-28 11:55 - 00001163 _____ C:\Users\Public\Desktop\3InternetManager.lnk
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 __HDC C:\ProgramData\{A48B2592-413B-41AB-8710-5543CB7481EC}
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\ProgramData\H3G
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\Program Files (x86)\3InternetManager
2013-12-28 11:55 - 2013-06-06 13:00 - 03748792 ____N (mquadr.at software engineering und consulting GmbH) C:\Windows\SysWOW64\M2ElevatedCalls.dll
2013-12-28 11:55 - 2012-12-22 09:46 - 00014976 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-12-28 11:55 - 2012-12-22 09:41 - 00242688 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2013-12-28 11:55 - 2012-12-22 09:41 - 00076800 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2013-12-28 11:55 - 2012-12-03 18:40 - 00452608 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2013-12-28 11:55 - 2012-12-03 14:57 - 00238592 ____N (Nicomsoft Ltd.) C:\Windows\SysWOW64\WiFiMan.dll
2013-12-28 11:55 - 2012-08-20 08:55 - 00104960 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2013-12-28 11:55 - 2012-08-20 08:55 - 00090112 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-12-28 11:55 - 2012-08-20 08:55 - 00030720 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2013-12-28 11:55 - 2012-08-20 08:37 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2013-12-28 11:55 - 2012-08-20 08:37 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2013-12-28 11:55 - 2011-12-31 09:20 - 00225920 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-12-28 11:55 - 2010-10-08 16:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2013-12-28 11:55 - 2010-09-26 18:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2013-12-28 11:55 - 2010-08-06 07:43 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2013-12-28 11:55 - 2010-07-27 09:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-12-28 11:53 - 2013-12-28 11:57 - 00000000 ____D C:\ProgramData\DatacardService
2013-12-23 08:35 - 2013-12-23 08:36 - 14335560 _____ C:\Users\*****\Downloads\flags.zip
2013-12-17 12:17 - 2013-12-17 12:21 - 103312806 _____ C:\Users\*****\Downloads\d012f60a.sql
2013-12-17 12:12 - 2013-12-17 12:12 - 00108255 _____ C:\Users\*****\Downloads\Open_Graph_Protocol_v2.6_j25_unzipfirst.zip
2013-12-17 11:41 - 2013-12-17 12:07 - 00000000 ____D C:\Users\*****\Desktop\mp3
==================== One Month Modified Files and Folders =======
2014-01-15 08:44 - 2014-01-15 08:44 - 00000000 ____D C:\FRST
2014-01-15 08:44 - 2014-01-15 08:43 - 02076160 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2014-01-15 08:42 - 2014-01-15 08:42 - 00000000 _____ C:\Users\*****\defogger_reenable
2014-01-15 08:42 - 2010-12-11 20:34 - 00000000 ____D C:\Users\*****
2014-01-15 08:41 - 2014-01-15 08:41 - 00050477 _____ C:\Users\*****\Downloads\Defogger.exe
2014-01-15 08:39 - 2010-12-11 20:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-15 07:43 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-15 07:43 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-15 07:39 - 2010-07-28 14:21 - 01592860 _____ C:\Windows\WindowsUpdate.log
2014-01-15 07:36 - 2011-07-14 17:04 - 00000000 ___RD C:\Users\*****\Dropbox
2014-01-15 07:36 - 2011-07-14 17:03 - 00000000 ____D C:\Users\*****\AppData\Roaming\Dropbox
2014-01-15 07:35 - 2010-12-11 20:50 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-15 07:34 - 2010-07-28 14:27 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-15 07:34 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-15 07:34 - 2009-07-14 05:51 - 00137813 _____ C:\Windows\setupact.log
2014-01-14 19:07 - 2010-07-26 14:08 - 00700380 _____ C:\Windows\system32\perfh007.dat
2014-01-14 19:07 - 2010-07-26 14:08 - 00149176 _____ C:\Windows\system32\perfc007.dat
2014-01-14 19:07 - 2009-07-14 06:13 - 01622100 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-14 18:58 - 2010-12-20 12:28 - 00000000 ____D C:\Users\*****\AppData\Roaming\gSyncit
2014-01-14 18:54 - 2014-01-14 18:26 - 625348608 _____ C:\Users\*****\Downloads\rescue-system.iso
2014-01-14 18:50 - 2014-01-14 18:40 - 121822819 _____ C:\Users\*****\Downloads\avg_arl_ffi_all_120_130801a6481.rar
2014-01-14 18:44 - 2014-01-14 18:44 - 00002952 _____ C:\Users\*****\Downloads\access_log_2013-11-12.gz
2014-01-14 18:42 - 2014-01-14 18:42 - 00002316 _____ C:\Users\*****\Downloads\access_log_2014-01-05.gz
2014-01-14 18:38 - 2014-01-14 18:15 - 00043520 ___SH C:\Users\*****\AppData\Roaming\Thumbs.db
2014-01-14 18:35 - 2014-01-14 18:28 - 112001024 _____ C:\Users\*****\Downloads\avg_arl_cdi_all_120_130801a6481.iso
2014-01-14 18:16 - 2010-12-18 20:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\FileZilla
2014-01-14 18:09 - 2014-01-14 18:09 - 05063616 _____ (PortableApps.com) C:\Users\*****\Downloads\FileZillaPortable_3.7.3.paf.exe
2014-01-14 17:08 - 2011-01-06 16:46 - 00269936 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-14 15:32 - 2013-10-19 19:14 - 00000557 _____ C:\Users\*****\Desktop\moooooovie.txt
2014-01-14 15:11 - 2014-01-14 15:11 - 00378099 _____ C:\Users\*****\Downloads\10_246_16_68.sql
2014-01-14 11:04 - 2014-01-14 11:03 - 00000000 ____D C:\Users\*****\Desktop\templates_c
2014-01-13 16:38 - 2013-12-04 17:50 - 00000053 _____ C:\Users\*****\Downloads\google63a169ac443c121d.html
2014-01-13 16:31 - 2014-01-13 16:31 - 01790152 _____ C:\Users\*****\Downloads\com_phocagallery_v3.2.6(1).zip
2014-01-13 14:04 - 2014-01-13 14:04 - 00000282 _____ C:\Users\*****\Desktop\10 Schritte zum erfolgreichen Facebook-Gewinnspiel Fanpage Karma Blog.URL
2014-01-13 06:48 - 2009-07-14 05:45 - 01348600 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-12 17:57 - 2013-11-29 20:15 - 00002356 _____ C:\Users\*****\Desktop\kauuuuuuf.txt
2014-01-12 16:53 - 2014-01-12 16:53 - 00000217 _____ C:\Users\*****\Desktop\The Scale of the Universe 2 — Other Languages.URL
2014-01-12 10:56 - 2014-01-12 10:56 - 00028736 _____ C:\Users\*****\Downloads\12_01_2014_WebFTP.zip
2014-01-12 09:24 - 2010-12-11 20:34 - 00269936 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-12 09:20 - 2014-01-12 09:20 - 00119546 _____ C:\Users\*****\Downloads\droid-serif.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00079700 _____ C:\Users\*****\Downloads\droid-sans-mono.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00011194 _____ C:\Users\*****\Downloads\Droid.zip
2014-01-12 09:19 - 2014-01-12 09:19 - 00211015 _____ C:\Users\*****\Downloads\Droid-Sans.zip
2014-01-11 20:33 - 2014-01-11 20:32 - 00002057 _____ C:\Users\*****\Desktop\configuration.php
2014-01-10 16:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-10 11:14 - 2009-07-14 03:34 - 00000531 _____ C:\Windows\win.ini
2014-01-10 10:58 - 2014-01-10 10:58 - 00036115 _____ C:\Users\*****\Downloads\access-2014010821-2014011002.log.gz
2014-01-09 12:03 - 2014-01-09 11:59 - 126234924 _____ C:\Users\*****\Downloads\Vorübung zu Swan Dive Prep.wmv
2014-01-09 07:10 - 2012-02-07 11:46 - 00001506 _____ C:\Windows\wininit.ini
2014-01-09 07:10 - 2011-07-14 17:04 - 00001025 _____ C:\Users\*****\Desktop\Dropbox.lnk
2014-01-09 07:10 - 2011-07-14 17:03 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-09 07:10 - 2010-12-11 20:35 - 00000000 ___RD C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-09 06:39 - 2009-11-18 23:09 - 00811302 _____ C:\Windows\PFRO.log
2014-01-08 11:52 - 2014-01-08 11:52 - 00002371 _____ C:\Users\*****\Downloads\address.zip
2014-01-08 11:15 - 2014-01-08 11:15 - 00000000 ____D C:\Program Files (x86)\FlippingBook
2014-01-08 11:15 - 2014-01-08 11:13 - 00000000 __HDC C:\ProgramData\{0C886C27-6204-4A3D-8348-A42A59BC7205}
2014-01-08 11:15 - 2013-12-09 14:27 - 00001153 _____ C:\Users\Public\Desktop\FlippingBook Publisher Professional.lnk
2014-01-08 11:14 - 2013-12-09 14:25 - 00000000 __HDC C:\ProgramData\{CA331EC7-0458-49DF-8B26-9E171A9EAE0D}
2014-01-08 11:13 - 2014-01-08 11:13 - 00000000 ____D C:\Users\*****\AppData\Local\III
2014-01-07 19:50 - 2014-01-07 19:50 - 00000233 _____ C:\Users\*****\Desktop\Fly Birds Hd Legendary Birds Legendary Pokemon. Colourful Pheasant Birds Wallpapers. Fly Birds Hd ~ Photoinpixel.URL
2014-01-05 16:21 - 2011-01-03 16:37 - 00000000 ____D C:\Users\*****\AppData\Roaming\Azureus
2014-01-04 19:06 - 2014-01-04 19:06 - 00003714 _____ C:\Users\*****\Desktop\pointclouds - Verknüpfung.lnk
2014-01-04 16:21 - 2013-12-12 14:55 - 00000000 ____D C:\Users\*****\Desktop\löschen_____
2014-01-02 11:26 - 2014-01-02 11:26 - 00000053 _____ C:\Users\*****\Desktop\google63a169ac443c121d.html
2013-12-31 14:08 - 2013-12-31 14:08 - 00000225 _____ C:\Users\*****\Desktop\macklemore album.URL
2013-12-30 20:16 - 2013-12-30 20:11 - 176752984 _____ (VMware, Inc. ) C:\Users\*****\Downloads\VMware-converter-en-5.5.0-1362012.exe
2013-12-30 08:58 - 2013-12-30 08:54 - 98508144 _____ (VMware, Inc.) C:\Users\*****\Downloads\VMware-player-6.0.1-1379776.exe
2013-12-30 08:35 - 2013-12-30 08:35 - 00409141 _____ C:\Users\*****\Downloads\torbutton146-current.zip
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Stellarium
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Local\stellarium
2013-12-29 12:28 - 2013-12-29 12:28 - 00001724 _____ C:\Users\Public\Desktop\Stellarium.lnk
2013-12-29 12:28 - 2013-12-29 12:28 - 00000000 ____D C:\Program Files\Stellarium
2013-12-29 11:24 - 2013-12-29 11:22 - 81699167 _____ (Stellarium team ) C:\Users\*****\Downloads\stellarium-0.12.4-win64.exe
2013-12-28 16:39 - 2013-09-01 18:06 - 00000000 ____D C:\Users\Admin\Desktop\test
2013-12-28 16:39 - 2010-12-23 11:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2013-12-28 16:36 - 2010-12-23 11:42 - 00000000 ____D C:\Users\Admin\AppData\Local\Mozilla
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____D C:\Users\*****\AppData\Roaming\Sierra Wireless
2013-12-28 11:57 - 2013-12-28 11:56 - 00000000 ____D C:\ProgramData\mquadr.at
2013-12-28 11:57 - 2013-12-28 11:53 - 00000000 ____D C:\ProgramData\DatacardService
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____D C:\Users\*****\AppData\Local\mquadr.at
2013-12-28 11:55 - 2013-12-28 11:55 - 00001163 _____ C:\Users\Public\Desktop\3InternetManager.lnk
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 __HDC C:\ProgramData\{A48B2592-413B-41AB-8710-5543CB7481EC}
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\ProgramData\H3G
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\Program Files (x86)\3InternetManager
2013-12-26 18:07 - 2013-09-26 18:33 - 00000000 ____D C:\Users\*****\Desktop\Stadtkrug Dropbox Lager brennen
2013-12-23 08:36 - 2013-12-23 08:35 - 14335560 _____ C:\Users\*****\Downloads\flags.zip
2013-12-22 12:18 - 2013-12-08 11:17 - 00001094 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2013-12-19 11:41 - 2009-11-18 22:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-17 20:00 - 2010-12-11 20:47 - 00000000 ____D C:\Users\*****\AppData\Roaming\Adobe
2013-12-17 12:21 - 2013-12-17 12:17 - 103312806 _____ C:\Users\*****\Downloads\d012f60a.sql
2013-12-17 12:12 - 2013-12-17 12:12 - 00108255 _____ C:\Users\*****\Downloads\Open_Graph_Protocol_v2.6_j25_unzipfirst.zip
2013-12-17 12:07 - 2013-12-17 11:41 - 00000000 ____D C:\Users\*****\Desktop\mp3
2013-12-16 09:17 - 2010-12-25 15:48 - 00001998 ____H C:\Users\*****\Documents\Default.rdp
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\7.2.20.2-EasyShrx.Dll
C:\Users\*****\AppData\Local\Temp\autorun.dll
C:\Users\*****\AppData\Local\Temp\fox.dll
C:\Users\*****\AppData\Local\Temp\i4jdel0.exe
C:\Users\*****\AppData\Local\Temp\icu34.dll
C:\Users\*****\AppData\Local\Temp\icudt34.dll
C:\Users\*****\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\*****\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\*****\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\*****\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\*****\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\mgxfonts.exe
C:\Users\*****\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\*****\AppData\Local\Temp\msvcp71.dll
C:\Users\*****\AppData\Local\Temp\msvcr71.dll
C:\Users\*****\AppData\Local\Temp\TrueImageInstallMenu_standard.exe
C:\Users\*****\AppData\Local\Temp\ufkdfhxo.dll
C:\Users\*****\AppData\Local\Temp\xmlUpdater.exe
C:\Users\*****\AppData\Local\Temp\_is5467.exe
C:\Users\*****\AppData\Local\Temp\_is8325.exe
C:\Users\*****\AppData\Local\Temp\~convert1847027883366102978.exe
C:\Users\*****\AppData\Local\Temp\~convert2352740266388634011.exe
C:\Users\*****\AppData\Local\Temp\~convert2379864614059401350.exe
C:\Users\*****\AppData\Local\Temp\~convert3333224244493361257.exe
C:\Users\*****\AppData\Local\Temp\~convert3538011537334474619.exe
C:\Users\*****\AppData\Local\Temp\~convert3758073310861530453.exe
C:\Users\*****\AppData\Local\Temp\~convert4662644507391680170.exe
C:\Users\*****\AppData\Local\Temp\~convert5385746307805284974.exe
C:\Users\*****\AppData\Local\Temp\~convert5447643698699501366.exe
C:\Users\*****\AppData\Local\Temp\~convert6248421720152768299.exe
C:\Users\*****\AppData\Local\Temp\~convert7003483147854060770.exe
C:\Users\*****\AppData\Local\Temp\~convert7495889309273498126.exe
C:\Users\*****\AppData\Local\Temp\~convert8100649724065807693.exe
C:\Users\*****\AppData\Local\Temp\~convert8170032136072084689.exe
C:\Users\*****\AppData\Local\Temp\~convert818302282860499790.exe
C:\Users\*****\AppData\Local\Temp\~convert8447076207564456903.exe
C:\Users\*****\AppData\Local\Temp\~convert8627151247518695499.exe
C:\Users\*****\AppData\Local\Temp\~convert8691066825310743538.exe
C:\Users\*****\AppData\Local\Temp\~convert901516844038934599.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-09 07:35
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-15 08:59:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.CC44 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\*****\AppData\Local\Temp\kwdirpoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003801000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000380102f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!free 0000000076699894 5 bytes JMP 000000010a90d2d0
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!malloc 0000000076699cee 5 bytes JMP 000000010a90d230
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!??3@YAXPAX@Z 000000007669b0b9 5 bytes JMP 000000010a90d2d0
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!??2@YAPAXI@Z 000000007669b0c9 5 bytes JMP 000000010a90d480
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!realloc 000000007669b10d 5 bytes JMP 000000010a90d2b0
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!calloc 000000007669c456 5 bytes JMP 000000010a90d270
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_msize 000000007669f43b 5 bytes JMP 000000010a90d2e0
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_aligned_free 00000000766b5942 5 bytes JMP 000000010a90d2d0
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_aligned_malloc 00000000766c028d 5 bytes JMP 000000010a90d3c0
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_malloc 00000000766c02a9 5 bytes JMP 000000010a90d3e0
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 00000000766ebfd1 5 bytes JMP 000000010a90d500
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_realloc 00000000766ebfe1 5 bytes JMP 000000010a90d420
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_aligned_realloc 00000000766ec16b 5 bytes JMP 000000010a90d400
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_expand 00000000766ec18a 5 bytes JMP 000000010a90d3a0
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_heapadd 00000000766edd03 5 bytes JMP 000000010a90d550
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_heapchk 00000000766edd17 5 bytes JMP 000000010a90d560
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_heapset + 1 00000000766ede16 4 bytes {JMP 0xffffffff9421f76b}
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_heapmin 00000000766ede1f 5 bytes JMP 000000010a90d650
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_heapused 00000000766edf05 5 bytes JMP 000000010a90d620
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_heapwalk 00000000766edf18 5 bytes JMP 000000010a90d590
.text C:\Windows\SysWOW64\dgdersvc.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Windows\SysWOW64\dgdersvc.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[4996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[4996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\kernel32.dll!FindResourceW 0000000076e65911 5 bytes JMP 0000000100440980
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\kernel32.dll!FindResourceA 0000000076e7e953 5 bytes JMP 0000000100440930
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\user32.DLL!LoadStringW 0000000076cf8eb9 5 bytes JMP 0000000100440fd0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\user32.DLL!LoadStringA 0000000076cfdb21 5 bytes JMP 0000000100441110
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\user32.DLL!LoadMenuW 0000000076d04391 5 bytes JMP 0000000100440b40
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\user32.DLL!LoadMenuA 0000000076d14eef 5 bytes JMP 0000000100440ad0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\user32.DLL!CreateDialogParamA 0000000076d15246 5 bytes JMP 00000001004409d0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\user32.DLL!CreateDialogParamW 0000000076d210dc 5 bytes JMP 0000000100440a50
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe[4756] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe[4756] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe[6468] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000071121b41 2 bytes [12, 71]
.text C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe[6468] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000071121be8 2 bytes [12, 71]
.text C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe[6468] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000071121c20 2 bytes [12, 71]
.text C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe[6468] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000071121cd2 2 bytes [12, 71]
.text C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe[6468] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000071121cf2 2 bytes [12, 71]
.text C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe[7172] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000071121b41 2 bytes [12, 71]
.text C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe[7172] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000071121be8 2 bytes [12, 71]
.text C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe[7172] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000071121c20 2 bytes [12, 71]
.text C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe[7172] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000071121cd2 2 bytes [12, 71]
.text C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe[7172] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000071121cf2 2 bytes [12, 71]
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\*****\Desktop\acer-istallation-201012\Acronis\xa0True\xa0Image\xa0Home 11.0 Kauf hhhhh BU Daten\Acronis\Setup.exe 1
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.15.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 ***** :: *****-PC [Administrator] 15.01.2014 09:06:41 MBAM-Quickscan-log-2014-01-15 (09-20-02).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 310708 Laufzeit: 9 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 1W1G1U1K1O1H -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\$Recycle.Bin\S-1-5-21-1797653687-739084669-777346648-1001\$ROMGUCE.exe (PUP.Optional.RegCleanerPro) -> Keine Aktion durchgeführt. C:\$Recycle.Bin\S-1-5-21-1797653687-739084669-777346648-1001\$RWBRD16.zip (Backdoor.Agent.WRRGen) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\4wSV1AXm.exe.part (PUP.Optional.Somoto) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\JeCbx_5v.exe.part (PUP.Optional.SweetIM) -> Keine Aktion durchgeführt. (Ende) MBAM-Quickscan-log-2014-01-15 (09-20-02) - entferne Auswahl gewählt.txt Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.15.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 ***** :: *****-PC [Administrator] 15.01.2014 09:06:41 mbam-log-2014-01-15 (09-06-41).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 310708 Laufzeit: 9 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 1W1G1U1K1O1H -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\$Recycle.Bin\S-1-5-21-1797653687-739084669-777346648-1001\$ROMGUCE.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-21-1797653687-739084669-777346648-1001\$RWBRD16.zip (Backdoor.Agent.WRRGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\*****\AppData\Local\Temp\4wSV1AXm.exe.part (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\*****\AppData\Local\Temp\JeCbx_5v.exe.part (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
15.01.2014, 10:31
| #2 |
| /// the machine /// TB-Ausbilder    | TR/Crypt.Xpack.41536 in der Outlook .pst hi,
__________________Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte. Für Outlook: Einzige Chance ist die PST DAtei wieder zu importieren und manuell zu suchen, welche Email oder welcher Anhang da betroffen ist und den löschen.
__________________ |
|
15.01.2014, 12:04
| #3 |
| | TR/Crypt.Xpack.41536 in der Outlook .pst Vielen Dank - hier unten die neuen Logs.
__________________Bzgl. Outlook... .pst. Meinen Sie, dass ich die Ordner auf verdächtige Mails durchsehen soll und dann diese lokal speichere und dann scanne. Gibt es hier irgendwelche Tools? Generell kann ich mir kaum vorstellen, dass Viren ins Outlook kommen. Zuerst werden die Mails von einem der großen Hoster geprüft, dann von microsoft security essentials, dann von Outlook selbst und schlussendlich entscheide ich noch, was ich öffne. Ich verstehe nicht ganz, wie hier Viren in die PST kommen. Kann die .pst generell infiziert sein (die ganze Datei), oder geht es immer nur um einzelne Mails, die in der .pst liegen? TFC ( von Oldtimer ) Code:
ATTFilter Getting user folders.
Stopping running processes.
Emptying Temp folders.
User: Admin
->Temp folder emptied: 10172507 bytes
->Temporary Internet Files folder emptied: 1350191 bytes
->Java cache emptied: 842 bytes
->FireFox cache emptied: 82977884 bytes
->Flash cache emptied: 592 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: *****
->Temp folder emptied: 11231320715 bytes
->Temporary Internet Files folder emptied: 754312207 bytes
->Java cache emptied: 36578 bytes
->FireFox cache emptied: 437468929 bytes
->Google Chrome cache emptied: 21853849 bytes
->Apple Safari cache emptied: 128000 bytes
->Flash cache emptied: 89297 bytes
User: Public
User: test
->Temp folder emptied: 1003760 bytes
->Temporary Internet Files folder emptied: 172796 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 86578084 bytes
->Flash cache emptied: 42256 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1007627252 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304047 bytes
Emptying RecycleBin. Do not interrupt.
RecycleBin emptied: 72697355433 bytes
Process complete!
Total Files Cleaned = 82.374,00 mb
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 15/01/2014 um 11:04:12
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ***** - *****-PC
# Gestartet von : G:\Users\*****\Documents\*****\***** Hacker\trojaner-board.de\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\Vuze
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\c0zhqkuq.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\c0zhqkuq.default\user.js
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-3d-photo-maker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-3d-photo-maker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\c0zhqkuq.default\prefs.js ]
[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\prefs.js ]
[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jla7zlsk.default\prefs.js ]
[ Datei : C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\fag0belg.default\prefs.js ]
-\\ Google Chrome v31.0.1650.63
[ Datei : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4195 octets] - [15/01/2014 10:47:53]
AdwCleaner[S0].txt - [3835 octets] - [15/01/2014 11:04:12]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3895 octets] ##########
Junkware Removal Tool Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by ***** on 15.01.2014 at 11:39:42,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasmancs
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\*****\AppData\Roaming\getrighttogo"
~~~ FireFox
Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\v60bhm7j.default\minidumps [185 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.01.2014 at 11:45:06,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014
Ran by ***** (administrator) on *****-PC on 15-01-2014 11:45:57
Running from G:\Users\*****\Documents\*****\***** Hacker\trojaner-board.de
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official downoad link fo FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Devguru Co., Ltd.) C:\Windows\SysWOW64\dgdersvc.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\esClient.exe
() C:\HS3 Hotelsoftware\DB-Server\bin\fbguard_hs3sr.exe
() C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Adobe Sytems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSConnector.exe
(pdfforge hxxp://www.pdfforge.org/) C:\Program Files (x86)\Common Files\PDFCreator\PDFCreator.exe
() C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Firebird Project) C:\HS3 Hotelsoftware\DB-Server\bin\fbserver_hs3sr.exe
(North Star com.) C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSTrayApp.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Helios Software Solutions) C:\Program Files (x86)\TextPad 4\TextPad.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] - C:\windows\oobeoffer\oobeoffer\ootag.exe [23072 2009-09-28] (Microsoft)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-08-31] (Acronis)
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [609312 2010-05-06] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-11-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-11-12] (Acer Corp.)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_15\Trayserver.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [Adobe Version Cue CS2] - C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622232 2007-08-31] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [907040 2007-08-31] (Acronis)
HKLM-x32\...\Run: [Google Desktop Search] - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-12-20] (Google)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-18] (Google Inc.)
HKCU\...\Run: [updateMgr] - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe [3365176 2010-05-14] (Samsung Electronics Co., Ltd.)
MountPoints2: {59c8f615-9a4a-11df-a62d-806e6f6e6963} - E:\wubi.exe
MountPoints2: {a6801d55-6f88-11e3-9574-90fba686407f} - I:\AutoRun.exe
MountPoints2: {a6801d61-6f88-11e3-9574-90fba686407f} - I:\AutoRun.exe
HKU\Admin\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-18] (Google Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL [123392 2010-12-20] (Google)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7811&r=17361210n705pe426v155w5741u221
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7811&r=17361210n705pe426v155w5741u221
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT409AT409
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A8B01E69-7297-4C38-B3E3-40775DDD3E9E}: [NameServer]213.94.78.17 213.94.78.16
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default
FF Homepage: hxxp://www.starobserver.org|hxxp://news.astronomie.info/
FF Keyword.URL: hxxp://search.skipity.com/?source=ab&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @t-immersion.com/DFusionHomeWebPlugIn - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\searchplugins\s-amazon.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\searchplugins\skipity-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\googledesktop.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-14]
FF Extension: Print pages to PDF - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\printPages2Pdf@reinhold.ripper [2013-11-12]
FF Extension: WOT - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: Firebug - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\firebug@software.joehewitt.com.xpi [2013-09-23]
FF Extension: Write Area - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\writearea@writearea.com.xpi [2012-10-22]
FF Extension: Web Developer - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-15]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-19]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2013-12-12]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2013-12-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-12]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (D'Fusion @Home Web Plug-In (3.20.20164)) - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-10-11]
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-10-11]
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-10-11]
CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-10-11]
CHR Extension: (Chrome In-App Payments service) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 [2013-10-11]
CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-04-19]
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-12-18] (Adobe Systems)
R2 Adobe Version Cue CS2; C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin)
R2 dgdersvc; C:\Windows\SysWOW64\dgdersvc.exe [95568 2010-05-13] (Devguru Co., Ltd.)
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
R2 FirebirdGuardianHS3SRInstance; C:\HS3 Hotelsoftware\DB-Server\bin\fbguard_hs3sr.exe [1265664 2011-01-17] ()
R3 FirebirdServerHS3SRInstance; C:\HS3 Hotelsoftware\DB-Server\bin\fbserver_hs3sr.exe [3735552 2011-01-17] (Firebird Project)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-12-20] (Google)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577024 2012-03-24] (Hauppauge Computer Works)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 KiesAllShare; C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [9241088 2010-05-13] ()
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2010-12-19] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin)
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-05-13] (Devguru Co., Ltd)
R3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [18136 2010-05-13] (Devguru Co., Ltd)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [242688 2012-12-22] (Huawei Technologies Co., Ltd.)
S4 Iaaidassi; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2010-03-30] (AVM Berlin)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-15 11:45 - 2014-01-15 11:45 - 00001206 _____ C:\Users\*****\Desktop\JRT.txt
2014-01-15 11:39 - 2014-01-15 11:39 - 00000000 ____D C:\Windows\ERUNT
2014-01-15 10:47 - 2014-01-15 11:04 - 00000000 ____D C:\AdwCleaner
2014-01-15 10:38 - 2014-01-15 10:38 - 00001688 _____ C:\Users\*****\Desktop\xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx tro.txt
2014-01-15 10:35 - 2014-01-15 10:35 - 01236282 _____ C:\Users\*****\Downloads\adwcleaner.exe
2014-01-15 10:35 - 2014-01-15 10:35 - 01037068 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe
2014-01-15 10:34 - 2014-01-15 10:34 - 00448512 _____ (OldTimer Tools) C:\Users\*****\Downloads\TFC.exe
2014-01-15 09:05 - 2014-01-15 09:05 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-15 09:05 - 2014-01-15 09:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-15 09:05 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-15 09:04 - 2014-01-15 09:05 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-15 08:45 - 2014-01-15 08:46 - 00377856 _____ C:\Users\*****\Downloads\gmer_2.1.19163.exe
2014-01-15 08:44 - 2014-01-15 08:44 - 00000000 ____D C:\FRST
2014-01-15 08:43 - 2014-01-15 08:44 - 02076160 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2014-01-15 08:42 - 2014-01-15 08:42 - 00000000 _____ C:\Users\*****\defogger_reenable
2014-01-15 08:41 - 2014-01-15 08:41 - 00050477 _____ C:\Users\*****\Downloads\Defogger.exe
2014-01-14 18:44 - 2014-01-14 18:44 - 00002952 _____ C:\Users\*****\Downloads\access_log_2013-11-12.gz
2014-01-14 18:42 - 2014-01-14 18:42 - 00002316 _____ C:\Users\*****\Downloads\access_log_2014-01-05.gz
2014-01-14 18:40 - 2014-01-14 18:50 - 121822819 _____ C:\Users\*****\Downloads\avg_arl_ffi_all_120_130801a6481.rar
2014-01-14 18:28 - 2014-01-14 18:35 - 112001024 _____ C:\Users\*****\Downloads\avg_arl_cdi_all_120_130801a6481.iso
2014-01-14 18:26 - 2014-01-14 18:54 - 625348608 _____ C:\Users\*****\Downloads\rescue-system.iso
2014-01-14 18:15 - 2014-01-14 18:38 - 00043520 ___SH C:\Users\*****\AppData\Roaming\Thumbs.db
2014-01-14 18:09 - 2014-01-14 18:09 - 05063616 _____ (PortableApps.com) C:\Users\*****\Downloads\FileZillaPortable_3.7.3.paf.exe
2014-01-14 15:11 - 2014-01-14 15:11 - 00378099 _____ C:\Users\*****\Downloads\10_246_16_68.sql
2014-01-14 11:03 - 2014-01-14 11:04 - 00000000 ____D C:\Users\*****\Desktop\templates_c
2014-01-13 16:31 - 2014-01-13 16:31 - 01790152 _____ C:\Users\*****\Downloads\com_phocagallery_v3.2.6(1).zip
2014-01-13 14:04 - 2014-01-13 14:04 - 00000282 _____ C:\Users\*****\Desktop\10 Schritte zum erfolgreichen Facebook-Gewinnspiel Fanpage Karma Blog.URL
2014-01-12 16:53 - 2014-01-12 16:53 - 00000217 _____ C:\Users\*****\Desktop\The Scale of the Universe 2 — Other Languages.URL
2014-01-12 10:56 - 2014-01-12 10:56 - 00028736 _____ C:\Users\*****\Downloads\12_01_2014_WebFTP.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00119546 _____ C:\Users\*****\Downloads\droid-serif.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00079700 _____ C:\Users\*****\Downloads\droid-sans-mono.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00011194 _____ C:\Users\*****\Downloads\Droid.zip
2014-01-12 09:19 - 2014-01-12 09:19 - 00211015 _____ C:\Users\*****\Downloads\Droid-Sans.zip
2014-01-11 20:32 - 2014-01-11 20:33 - 00002057 _____ C:\Users\*****\Desktop\configuration.php
2014-01-10 10:58 - 2014-01-10 10:58 - 00036115 _____ C:\Users\*****\Downloads\access-2014010821-2014011002.log.gz
2014-01-08 11:52 - 2014-01-08 11:52 - 00002371 _____ C:\Users\*****\Downloads\address.zip
2014-01-08 11:15 - 2014-01-08 11:15 - 00000000 ____D C:\Program Files (x86)\FlippingBook
2014-01-08 11:15 - 2004-03-09 00:00 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-01-08 11:15 - 1998-07-06 00:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-01-08 11:15 - 1998-06-24 00:00 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-01-08 11:13 - 2014-01-08 11:15 - 00000000 __HDC C:\ProgramData\{0C886C27-6204-4A3D-8348-A42A59BC7205}
2014-01-08 11:13 - 2014-01-08 11:13 - 00000000 ____D C:\Users\*****\AppData\Local\III
2014-01-07 19:50 - 2014-01-07 19:50 - 00000233 _____ C:\Users\*****\Desktop\Fly Birds Hd Legendary Birds Legendary Pokemon. Colourful Pheasant Birds Wallpapers. Fly Birds Hd ~ Photoinpixel.URL
2014-01-04 19:06 - 2014-01-04 19:06 - 00003714 _____ C:\Users\*****\Desktop\pointclouds - Verknüpfung.lnk
2014-01-02 11:26 - 2014-01-02 11:26 - 00000053 _____ C:\Users\*****\Desktop\google63a169ac443c121d.html
2013-12-31 14:08 - 2013-12-31 14:08 - 00000225 _____ C:\Users\*****\Desktop\macklemore album.URL
2013-12-30 20:11 - 2013-12-30 20:16 - 176752984 _____ (VMware, Inc. ) C:\Users\*****\Downloads\VMware-converter-en-5.5.0-1362012.exe
2013-12-30 08:54 - 2013-12-30 08:58 - 98508144 _____ (VMware, Inc.) C:\Users\*****\Downloads\VMware-player-6.0.1-1379776.exe
2013-12-30 08:35 - 2013-12-30 08:35 - 00409141 _____ C:\Users\*****\Downloads\torbutton146-current.zip
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Stellarium
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Local\stellarium
2013-12-29 12:28 - 2013-12-29 12:28 - 00001724 _____ C:\Users\Public\Desktop\Stellarium.lnk
2013-12-29 12:28 - 2013-12-29 12:28 - 00000000 ____D C:\Program Files\Stellarium
2013-12-29 11:22 - 2013-12-29 11:24 - 81699167 _____ (Stellarium team ) C:\Users\*****\Downloads\stellarium-0.12.4-win64.exe
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____D C:\Users\*****\AppData\Roaming\Sierra Wireless
2013-12-28 11:56 - 2013-12-28 11:57 - 00000000 ____D C:\ProgramData\mquadr.at
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____D C:\Users\*****\AppData\Local\mquadr.at
2013-12-28 11:55 - 2013-12-28 11:55 - 00001163 _____ C:\Users\Public\Desktop\3InternetManager.lnk
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 __HDC C:\ProgramData\{A48B2592-413B-41AB-8710-5543CB7481EC}
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\ProgramData\H3G
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\Program Files (x86)\3InternetManager
2013-12-28 11:55 - 2013-06-06 13:00 - 03748792 ____N (mquadr.at software engineering und consulting GmbH) C:\Windows\SysWOW64\M2ElevatedCalls.dll
2013-12-28 11:55 - 2012-12-22 09:46 - 00014976 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-12-28 11:55 - 2012-12-22 09:41 - 00242688 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2013-12-28 11:55 - 2012-12-22 09:41 - 00076800 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2013-12-28 11:55 - 2012-12-03 18:40 - 00452608 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2013-12-28 11:55 - 2012-12-03 14:57 - 00238592 ____N (Nicomsoft Ltd.) C:\Windows\SysWOW64\WiFiMan.dll
2013-12-28 11:55 - 2012-08-20 08:55 - 00104960 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2013-12-28 11:55 - 2012-08-20 08:55 - 00090112 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-12-28 11:55 - 2012-08-20 08:55 - 00030720 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2013-12-28 11:55 - 2012-08-20 08:37 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2013-12-28 11:55 - 2012-08-20 08:37 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2013-12-28 11:55 - 2011-12-31 09:20 - 00225920 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-12-28 11:55 - 2010-10-08 16:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2013-12-28 11:55 - 2010-09-26 18:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2013-12-28 11:55 - 2010-08-06 07:43 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2013-12-28 11:55 - 2010-07-27 09:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-12-28 11:53 - 2013-12-28 11:57 - 00000000 ____D C:\ProgramData\DatacardService
2013-12-23 08:35 - 2013-12-23 08:36 - 14335560 _____ C:\Users\*****\Downloads\flags.zip
2013-12-17 12:17 - 2013-12-17 12:21 - 103312806 _____ C:\Users\*****\Downloads\d012f60a.sql
2013-12-17 12:12 - 2013-12-17 12:12 - 00108255 _____ C:\Users\*****\Downloads\Open_Graph_Protocol_v2.6_j25_unzipfirst.zip
2013-12-17 11:41 - 2013-12-17 12:07 - 00000000 ____D C:\Users\*****\Desktop\mp3
==================== One Month Modified Files and Folders =======
2014-01-15 11:45 - 2014-01-15 11:45 - 00001206 _____ C:\Users\*****\Desktop\JRT.txt
2014-01-15 11:39 - 2014-01-15 11:39 - 00000000 ____D C:\Windows\ERUNT
2014-01-15 11:39 - 2010-12-11 20:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-15 11:13 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-15 11:13 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-15 11:07 - 2011-07-14 17:03 - 00000000 ____D C:\Users\*****\AppData\Roaming\Dropbox
2014-01-15 11:06 - 2010-12-11 20:50 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-15 11:05 - 2010-07-28 14:27 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-15 11:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-15 11:05 - 2009-07-14 05:51 - 00137925 _____ C:\Windows\setupact.log
2014-01-15 11:04 - 2014-01-15 10:47 - 00000000 ____D C:\AdwCleaner
2014-01-15 11:04 - 2010-07-28 14:21 - 01607546 _____ C:\Windows\WindowsUpdate.log
2014-01-15 10:38 - 2014-01-15 10:38 - 00001688 _____ C:\Users\*****\Desktop\xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx tro.txt
2014-01-15 10:35 - 2014-01-15 10:35 - 01236282 _____ C:\Users\*****\Downloads\adwcleaner.exe
2014-01-15 10:35 - 2014-01-15 10:35 - 01037068 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe
2014-01-15 10:34 - 2014-01-15 10:34 - 00448512 _____ (OldTimer Tools) C:\Users\*****\Downloads\TFC.exe
2014-01-15 09:39 - 2011-07-14 17:04 - 00000000 ___RD C:\Users\*****\Dropbox
2014-01-15 09:37 - 2009-11-18 23:09 - 00812466 _____ C:\Windows\PFRO.log
2014-01-15 09:05 - 2014-01-15 09:05 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-15 09:05 - 2014-01-15 09:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-15 09:05 - 2014-01-15 09:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-15 08:46 - 2014-01-15 08:45 - 00377856 _____ C:\Users\*****\Downloads\gmer_2.1.19163.exe
2014-01-15 08:44 - 2014-01-15 08:44 - 00000000 ____D C:\FRST
2014-01-15 08:44 - 2014-01-15 08:43 - 02076160 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2014-01-15 08:42 - 2014-01-15 08:42 - 00000000 _____ C:\Users\*****\defogger_reenable
2014-01-15 08:42 - 2010-12-11 20:34 - 00000000 ____D C:\Users\*****
2014-01-15 08:41 - 2014-01-15 08:41 - 00050477 _____ C:\Users\*****\Downloads\Defogger.exe
2014-01-14 19:07 - 2010-07-26 14:08 - 00700380 _____ C:\Windows\system32\perfh007.dat
2014-01-14 19:07 - 2010-07-26 14:08 - 00149176 _____ C:\Windows\system32\perfc007.dat
2014-01-14 19:07 - 2009-07-14 06:13 - 01622100 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-14 18:58 - 2010-12-20 12:28 - 00000000 ____D C:\Users\*****\AppData\Roaming\gSyncit
2014-01-14 18:54 - 2014-01-14 18:26 - 625348608 _____ C:\Users\*****\Downloads\rescue-system.iso
2014-01-14 18:50 - 2014-01-14 18:40 - 121822819 _____ C:\Users\*****\Downloads\avg_arl_ffi_all_120_130801a6481.rar
2014-01-14 18:44 - 2014-01-14 18:44 - 00002952 _____ C:\Users\*****\Downloads\access_log_2013-11-12.gz
2014-01-14 18:42 - 2014-01-14 18:42 - 00002316 _____ C:\Users\*****\Downloads\access_log_2014-01-05.gz
2014-01-14 18:38 - 2014-01-14 18:15 - 00043520 ___SH C:\Users\*****\AppData\Roaming\Thumbs.db
2014-01-14 18:35 - 2014-01-14 18:28 - 112001024 _____ C:\Users\*****\Downloads\avg_arl_cdi_all_120_130801a6481.iso
2014-01-14 18:16 - 2010-12-18 20:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\FileZilla
2014-01-14 18:09 - 2014-01-14 18:09 - 05063616 _____ (PortableApps.com) C:\Users\*****\Downloads\FileZillaPortable_3.7.3.paf.exe
2014-01-14 17:08 - 2011-01-06 16:46 - 00269936 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-14 15:32 - 2013-10-19 19:14 - 00000557 _____ C:\Users\*****\Desktop\moooooovie.txt
2014-01-14 15:11 - 2014-01-14 15:11 - 00378099 _____ C:\Users\*****\Downloads\10_246_16_68.sql
2014-01-14 11:04 - 2014-01-14 11:03 - 00000000 ____D C:\Users\*****\Desktop\templates_c
2014-01-13 16:38 - 2013-12-04 17:50 - 00000053 _____ C:\Users\*****\Downloads\google63a169ac443c121d.html
2014-01-13 16:31 - 2014-01-13 16:31 - 01790152 _____ C:\Users\*****\Downloads\com_phocagallery_v3.2.6(1).zip
2014-01-13 15:14 - 2014-01-13 15:13 - 04914782 _____ C:\Users\*****\Downloads\Palettenparade 13 Einladung.zip
2014-01-13 14:04 - 2014-01-13 14:04 - 00000282 _____ C:\Users\*****\Desktop\10 Schritte zum erfolgreichen Facebook-Gewinnspiel Fanpage Karma Blog.URL
2014-01-13 06:48 - 2009-07-14 05:45 - 01348600 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-12 17:57 - 2013-11-29 20:15 - 00002356 _____ C:\Users\*****\Desktop\kauuuuuuf.txt
2014-01-12 16:53 - 2014-01-12 16:53 - 00000217 _____ C:\Users\*****\Desktop\The Scale of the Universe 2 — Other Languages.URL
2014-01-12 10:56 - 2014-01-12 10:56 - 00028736 _____ C:\Users\*****\Downloads\12_01_2014_WebFTP.zip
2014-01-12 09:24 - 2010-12-11 20:34 - 00269936 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-12 09:20 - 2014-01-12 09:20 - 00119546 _____ C:\Users\*****\Downloads\droid-serif.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00079700 _____ C:\Users\*****\Downloads\droid-sans-mono.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00011194 _____ C:\Users\*****\Downloads\Droid.zip
2014-01-12 09:19 - 2014-01-12 09:19 - 00211015 _____ C:\Users\*****\Downloads\Droid-Sans.zip
2014-01-11 20:33 - 2014-01-11 20:32 - 00002057 _____ C:\Users\*****\Desktop\configuration.php
2014-01-10 16:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-10 11:14 - 2009-07-14 03:34 - 00000531 _____ C:\Windows\win.ini
2014-01-10 10:58 - 2014-01-10 10:58 - 00036115 _____ C:\Users\*****\Downloads\access-2014010821-2014011002.log.gz
2014-01-09 07:10 - 2012-02-07 11:46 - 00001506 _____ C:\Windows\wininit.ini
2014-01-09 07:10 - 2011-07-14 17:04 - 00001025 _____ C:\Users\*****\Desktop\Dropbox.lnk
2014-01-09 07:10 - 2011-07-14 17:03 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-09 07:10 - 2010-12-11 20:35 - 00000000 ___RD C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-08 11:52 - 2014-01-08 11:52 - 00002371 _____ C:\Users\*****\Downloads\address.zip
2014-01-08 11:15 - 2014-01-08 11:15 - 00000000 ____D C:\Program Files (x86)\FlippingBook
2014-01-08 11:15 - 2014-01-08 11:13 - 00000000 __HDC C:\ProgramData\{0C886C27-6204-4A3D-8348-A42A59BC7205}
2014-01-08 11:15 - 2013-12-09 14:27 - 00001153 _____ C:\Users\Public\Desktop\FlippingBook Publisher Professional.lnk
2014-01-08 11:14 - 2013-12-09 14:25 - 00000000 __HDC C:\ProgramData\{CA331EC7-0458-49DF-8B26-9E171A9EAE0D}
2014-01-08 11:13 - 2014-01-08 11:13 - 00000000 ____D C:\Users\*****\AppData\Local\III
2014-01-07 19:50 - 2014-01-07 19:50 - 00000233 _____ C:\Users\*****\Desktop\Fly Birds Hd Legendary Birds Legendary Pokemon. Colourful Pheasant Birds Wallpapers. Fly Birds Hd ~ Photoinpixel.URL
2014-01-05 16:21 - 2011-01-03 16:37 - 00000000 ____D C:\Users\*****\AppData\Roaming\Azureus
2014-01-04 19:06 - 2014-01-04 19:06 - 00003714 _____ C:\Users\*****\Desktop\pointclouds - Verknüpfung.lnk
2014-01-04 16:21 - 2013-12-12 14:55 - 00000000 ____D C:\Users\*****\Desktop\löschen_____
2014-01-02 11:26 - 2014-01-02 11:26 - 00000053 _____ C:\Users\*****\Desktop\google63a169ac443c121d.html
2013-12-31 14:08 - 2013-12-31 14:08 - 00000225 _____ C:\Users\*****\Desktop\macklemore album.URL
2013-12-30 20:16 - 2013-12-30 20:11 - 176752984 _____ (VMware, Inc. ) C:\Users\*****\Downloads\VMware-converter-en-5.5.0-1362012.exe
2013-12-30 08:58 - 2013-12-30 08:54 - 98508144 _____ (VMware, Inc.) C:\Users\*****\Downloads\VMware-player-6.0.1-1379776.exe
2013-12-30 08:35 - 2013-12-30 08:35 - 00409141 _____ C:\Users\*****\Downloads\torbutton146-current.zip
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Stellarium
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Local\stellarium
2013-12-29 12:28 - 2013-12-29 12:28 - 00001724 _____ C:\Users\Public\Desktop\Stellarium.lnk
2013-12-29 12:28 - 2013-12-29 12:28 - 00000000 ____D C:\Program Files\Stellarium
2013-12-29 11:24 - 2013-12-29 11:22 - 81699167 _____ (Stellarium team ) C:\Users\*****\Downloads\stellarium-0.12.4-win64.exe
2013-12-28 16:39 - 2013-09-01 18:06 - 00000000 ____D C:\Users\Admin\Desktop\test
2013-12-28 16:39 - 2010-12-23 11:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2013-12-28 16:36 - 2010-12-23 11:42 - 00000000 ____D C:\Users\Admin\AppData\Local\Mozilla
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____D C:\Users\*****\AppData\Roaming\Sierra Wireless
2013-12-28 11:57 - 2013-12-28 11:56 - 00000000 ____D C:\ProgramData\mquadr.at
2013-12-28 11:57 - 2013-12-28 11:53 - 00000000 ____D C:\ProgramData\DatacardService
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____D C:\Users\*****\AppData\Local\mquadr.at
2013-12-28 11:55 - 2013-12-28 11:55 - 00001163 _____ C:\Users\Public\Desktop\3InternetManager.lnk
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 __HDC C:\ProgramData\{A48B2592-413B-41AB-8710-5543CB7481EC}
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\ProgramData\H3G
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\Program Files (x86)\3InternetManager
2013-12-26 18:07 - 2013-09-26 18:33 - 00000000 ____D C:\Users\*****\Desktop\Stadtkrug Dropbox Lager brennen
2013-12-23 08:36 - 2013-12-23 08:35 - 14335560 _____ C:\Users\*****\Downloads\flags.zip
2013-12-22 12:18 - 2013-12-08 11:17 - 00001094 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2013-12-19 11:41 - 2009-11-18 22:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-17 20:00 - 2010-12-11 20:47 - 00000000 ____D C:\Users\*****\AppData\Roaming\Adobe
2013-12-17 12:21 - 2013-12-17 12:17 - 103312806 _____ C:\Users\*****\Downloads\d012f60a.sql
2013-12-17 12:12 - 2013-12-17 12:12 - 00108255 _____ C:\Users\*****\Downloads\Open_Graph_Protocol_v2.6_j25_unzipfirst.zip
2013-12-17 12:07 - 2013-12-17 11:41 - 00000000 ____D C:\Users\*****\Desktop\mp3
2013-12-16 09:17 - 2010-12-25 15:48 - 00001998 ____H C:\Users\*****\Documents\Default.rdp
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-09 07:35
==================== End Of Log ============================
--- --- --- |
|
16.01.2014, 08:36
| #4 |
| /// the machine /// TB-Ausbilder | TR/Crypt.Xpack.41536 in der Outlook .pstESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.01.2014, 08:00
| #5 |
| | TR/Crypt.Xpack.41536 in der Outlook .pst Danke! Es läuft alles problemlos. Es bleibt nur die Sorge, ob nicht doch noch jemand auf dem PC ist. Hier die Logs: ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f1b14229420287489037af2480ce8a99
# engine=16673
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-16 11:39:05
# local_time=2014-01-16 12:39:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 16350873 141502195 0 0
# scanned=260275
# found=0
# cleaned=0
# scan_time=6114
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f1b14229420287489037af2480ce8a99
# engine=16682
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-17 05:02:55
# local_time=2014-01-17 06:02:55 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 16413503 141564825 0 0
# scanned=2656904
# found=105
# cleaned=0
# scan_time=35198
Es wurden nur JS/TrojanDownloader.Agent.NSA trojan in den backup files der gehackten websites gefunden (.js). Aber das war mir klar. Ich habe die Zeilen gelöscht, weil zu viele Namen darin vorkommen.
sh=CB96C5E165BF209BE876FAD98C7E828D29395F0B ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Agent.NSA trojan" ac=I fn="G:\****\web 2013\cgi-bin\newgeocheck.js"
usw....
Code:
ATTFilter Results of screen317's Security Check version 0.99.78 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Thumbnail Generator by Disable Spyware Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 45 Adobe Flash Player 11.9.900.170 Adobe Reader XI Mozilla Firefox (26.0) Mozilla Thunderbird (3.1.9) Thunderbird out of Date! Google Chrome 31.0.1650.63 Google Chrome 32.0.1700.76 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014
Ran by ***** (administrator) on *****-PC on 17-01-2014 07:40:47
Running from G:\Users\*****\Documents\*****\Hacker 2014 01\trojaner-board.de
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official downoad link fo FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Devguru Co., Ltd.) C:\Windows\SysWOW64\dgdersvc.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\esClient.exe
() C:\HS3 Hotelsoftware\DB-Server\bin\fbguard_hs3sr.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
() C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSConnector.exe
(Firebird Project) C:\HS3 Hotelsoftware\DB-Server\bin\fbserver_hs3sr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Adobe Sytems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
() C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
(North Star com.) C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSTrayApp.exe
(pdfforge hxxp://www.pdfforge.org/) C:\Program Files (x86)\Common Files\PDFCreator\PDFCreator.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Helios Software Solutions) C:\Program Files (x86)\TextPad 4\TextPad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] - C:\windows\oobeoffer\oobeoffer\ootag.exe [23072 2009-09-28] (Microsoft)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-08-31] (Acronis)
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [609312 2010-05-06] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-11-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-11-12] (Acer Corp.)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_15\Trayserver.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [Adobe Version Cue CS2] - C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622232 2007-08-31] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [907040 2007-08-31] (Acronis)
HKLM-x32\...\Run: [Google Desktop Search] - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-12-20] (Google)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-18] (Google Inc.)
HKCU\...\Run: [updateMgr] - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe [3365176 2010-05-14] (Samsung Electronics Co., Ltd.)
MountPoints2: {a6801d55-6f88-11e3-9574-90fba686407f} - I:\AutoRun.exe
MountPoints2: {a6801d61-6f88-11e3-9574-90fba686407f} - I:\AutoRun.exe
HKU\Admin\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-18] (Google Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL [123392 2010-12-20] (Google)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7811&r=17361210n705pe426v155w5741u221
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7811&r=17361210n705pe426v155w5741u221
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT409AT409
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A8B01E69-7297-4C38-B3E3-40775DDD3E9E}: [NameServer]213.94.78.17 213.94.78.16
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default
FF Homepage: hxxp://www.starobserver.org|hxxp://news.astronomie.info/
FF Keyword.URL: hxxp://search.skipity.com/?source=ab&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @t-immersion.com/DFusionHomeWebPlugIn - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\searchplugins\s-amazon.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\searchplugins\skipity-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\googledesktop.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-14]
FF Extension: Print pages to PDF - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\printPages2Pdf@reinhold.ripper [2013-11-12]
FF Extension: WOT - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: Firebug - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\firebug@software.joehewitt.com.xpi [2013-09-23]
FF Extension: Write Area - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\writearea@writearea.com.xpi [2012-10-22]
FF Extension: Web Developer - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-15]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-19]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2013-12-12]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2013-12-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-12]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (D'Fusion @Home Web Plug-In (3.20.20164)) - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-10-11]
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-10-11]
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-10-11]
CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-10-11]
CHR Extension: (Chrome In-App Payments service) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 [2013-10-11]
CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-04-19]
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-12-18] (Adobe Systems)
R2 Adobe Version Cue CS2; C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin)
R2 dgdersvc; C:\Windows\SysWOW64\dgdersvc.exe [95568 2010-05-13] (Devguru Co., Ltd.)
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
R2 FirebirdGuardianHS3SRInstance; C:\HS3 Hotelsoftware\DB-Server\bin\fbguard_hs3sr.exe [1265664 2011-01-17] ()
R3 FirebirdServerHS3SRInstance; C:\HS3 Hotelsoftware\DB-Server\bin\fbserver_hs3sr.exe [3735552 2011-01-17] (Firebird Project)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-12-20] (Google)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577024 2012-03-24] (Hauppauge Computer Works)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 KiesAllShare; C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [9241088 2010-05-13] ()
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2010-12-19] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin)
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-05-13] (Devguru Co., Ltd)
R3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [18136 2010-05-13] (Devguru Co., Ltd)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [242688 2012-12-22] (Huawei Technologies Co., Ltd.)
S4 Iaaidassi; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2010-03-30] (AVM Berlin)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-16 15:50 - 2014-01-16 15:50 - 00001166 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-01-16 15:48 - 2014-01-16 15:49 - 06072408 _____ (TeamViewer GmbH) C:\Users\*****\Downloads\TeamViewer_Setup_de.exe
2014-01-16 15:08 - 2014-01-16 20:14 - 00000000 ____D C:\Users\*****\AppData\Local\VMware
2014-01-16 15:08 - 2014-01-16 20:08 - 00000000 ____D C:\Users\*****\AppData\Roaming\VMware
2014-01-16 15:08 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2014-01-16 15:08 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2014-01-16 15:08 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2014-01-16 15:07 - 2013-10-18 12:46 - 00064080 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2014-01-16 15:07 - 2013-10-18 12:45 - 00930384 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2014-01-16 15:07 - 2013-10-18 12:45 - 00437328 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2014-01-16 15:07 - 2013-10-18 12:45 - 00358480 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2014-01-16 15:07 - 2013-10-18 12:45 - 00030800 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2014-01-16 15:07 - 2013-10-18 12:44 - 00032848 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2014-01-16 15:07 - 2013-10-09 08:04 - 00053816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2014-01-16 15:06 - 2014-01-16 19:42 - 00000000 ____D C:\ProgramData\VMware
2014-01-16 15:06 - 2014-01-16 15:06 - 00002124 _____ C:\Users\Public\Desktop\VMware Player.lnk
2014-01-16 15:06 - 2014-01-16 15:06 - 00000000 ____D C:\Program Files\Common Files\VMware
2014-01-16 15:06 - 2014-01-16 15:06 - 00000000 ____D C:\Program Files (x86)\VMware
2014-01-16 10:51 - 2014-01-16 10:51 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-16 08:22 - 2014-01-16 08:22 - 00000404 _____ C:\Users\*****\Desktop\LAN-Verbindung - Verknüpfung.lnk
2014-01-15 20:58 - 2014-01-15 20:58 - 00000400 _____ C:\Users\*****\Desktop\Malwarebytes Malwarebytes Anti-Rootkit BETA.website
2014-01-15 16:05 - 2014-01-15 16:05 - 00000000 ____D C:\Users\*****\Desktop\ProcessExplorer_1540
2014-01-15 12:08 - 2014-01-15 12:08 - 00001638 _____ C:\Users\*****\Desktop\BU-pst - bald wieder löschen.lnk
2014-01-15 11:45 - 2014-01-15 11:45 - 00001206 _____ C:\Users\*****\Desktop\JRT.txt
2014-01-15 11:39 - 2014-01-15 11:39 - 00000000 ____D C:\Windows\ERUNT
2014-01-15 10:47 - 2014-01-15 11:04 - 00000000 ____D C:\AdwCleaner
2014-01-15 10:38 - 2014-01-15 10:38 - 00001688 _____ C:\Users\*****\Desktop\xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx tro.txt
2014-01-15 09:05 - 2014-01-15 09:05 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-15 09:05 - 2014-01-15 09:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-15 09:05 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-15 08:44 - 2014-01-15 08:44 - 00000000 ____D C:\FRST
2014-01-15 08:42 - 2014-01-15 08:42 - 00000000 _____ C:\Users\*****\defogger_reenable
2014-01-15 07:24 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 07:24 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 07:24 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 07:24 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 07:24 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 07:24 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 07:24 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 07:24 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 07:24 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 18:15 - 2014-01-14 18:38 - 00043520 ___SH C:\Users\*****\AppData\Roaming\Thumbs.db
2014-01-13 14:04 - 2014-01-13 14:04 - 00000282 _____ C:\Users\*****\Desktop\10 Schritte zum erfolgreichen Facebook-Gewinnspiel Fanpage Karma Blog.URL
2014-01-12 16:53 - 2014-01-12 16:53 - 00000217 _____ C:\Users\*****\Desktop\The Scale of the Universe 2 — Other Languages.URL
2014-01-11 20:32 - 2014-01-11 20:33 - 00002057 _____ C:\Users\*****\Desktop\configuration.php
2014-01-08 11:15 - 2014-01-08 11:15 - 00000000 ____D C:\Program Files (x86)\FlippingBook
2014-01-08 11:15 - 2004-03-09 00:00 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-01-08 11:15 - 1998-07-06 00:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-01-08 11:15 - 1998-06-24 00:00 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-01-08 11:13 - 2014-01-08 11:15 - 00000000 __HDC C:\ProgramData\{0C886C27-6204-4A3D-8348-A42A59BC7205}
2014-01-08 11:13 - 2014-01-08 11:13 - 00000000 ____D C:\Users\*****\AppData\Local\III
2014-01-07 19:50 - 2014-01-07 19:50 - 00000233 _____ C:\Users\*****\Desktop\Fly Birds Hd Legendary Birds Legendary Pokemon. Colourful Pheasant Birds Wallpapers. Fly Birds Hd ~ Photoinpixel.URL
2014-01-04 19:06 - 2014-01-04 19:06 - 00003714 _____ C:\Users\*****\Desktop\pointclouds - Verknüpfung.lnk
2014-01-02 11:26 - 2014-01-02 11:26 - 00000053 _____ C:\Users\*****\Desktop\google63a169ac443c121d.html
2013-12-31 14:08 - 2013-12-31 14:08 - 00000225 _____ C:\Users\*****\Desktop\macklemore album.URL
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Stellarium
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Local\stellarium
2013-12-29 12:28 - 2013-12-29 12:28 - 00001724 _____ C:\Users\Public\Desktop\Stellarium.lnk
2013-12-29 12:28 - 2013-12-29 12:28 - 00000000 ____D C:\Program Files\Stellarium
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____D C:\Users\*****\AppData\Roaming\Sierra Wireless
2013-12-28 11:56 - 2013-12-28 11:57 - 00000000 ____D C:\ProgramData\mquadr.at
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____D C:\Users\*****\AppData\Local\mquadr.at
2013-12-28 11:55 - 2013-12-28 11:55 - 00001163 _____ C:\Users\Public\Desktop\3InternetManager.lnk
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 __HDC C:\ProgramData\{A48B2592-413B-41AB-8710-5543CB7481EC}
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\ProgramData\H3G
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\Program Files (x86)\3InternetManager
2013-12-28 11:55 - 2013-06-06 13:00 - 03748792 ____N (mquadr.at software engineering und consulting GmbH) C:\Windows\SysWOW64\M2ElevatedCalls.dll
2013-12-28 11:55 - 2012-12-22 09:46 - 00014976 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-12-28 11:55 - 2012-12-22 09:41 - 00242688 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2013-12-28 11:55 - 2012-12-22 09:41 - 00076800 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2013-12-28 11:55 - 2012-12-03 18:40 - 00452608 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2013-12-28 11:55 - 2012-12-03 14:57 - 00238592 ____N (Nicomsoft Ltd.) C:\Windows\SysWOW64\WiFiMan.dll
2013-12-28 11:55 - 2012-08-20 08:55 - 00104960 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2013-12-28 11:55 - 2012-08-20 08:55 - 00090112 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-12-28 11:55 - 2012-08-20 08:55 - 00030720 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2013-12-28 11:55 - 2012-08-20 08:37 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2013-12-28 11:55 - 2012-08-20 08:37 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2013-12-28 11:55 - 2011-12-31 09:20 - 00225920 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-12-28 11:55 - 2010-10-08 16:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2013-12-28 11:55 - 2010-09-26 18:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2013-12-28 11:55 - 2010-08-06 07:43 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2013-12-28 11:55 - 2010-07-27 09:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-12-28 11:53 - 2013-12-28 11:57 - 00000000 ____D C:\ProgramData\DatacardService
==================== One Month Modified Files and Folders =======
2014-01-17 07:39 - 2010-12-11 20:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-17 07:34 - 2010-12-20 12:28 - 00000000 ____D C:\Users\*****\AppData\Roaming\gSyncit
2014-01-17 07:21 - 2010-12-18 20:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\FileZilla
2014-01-17 07:03 - 2011-07-14 17:03 - 00000000 ____D C:\Users\*****\AppData\Roaming\Dropbox
2014-01-17 06:44 - 2010-07-28 14:21 - 01560187 _____ C:\Windows\WindowsUpdate.log
2014-01-16 20:14 - 2014-01-16 15:08 - 00000000 ____D C:\Users\*****\AppData\Local\VMware
2014-01-16 20:08 - 2014-01-16 15:08 - 00000000 ____D C:\Users\*****\AppData\Roaming\VMware
2014-01-16 19:42 - 2014-01-16 15:06 - 00000000 ____D C:\ProgramData\VMware
2014-01-16 19:41 - 2010-12-11 20:34 - 00269936 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-16 16:33 - 2010-12-11 20:50 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-16 16:32 - 2011-01-06 16:46 - 00269936 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-16 15:50 - 2014-01-16 15:50 - 00001166 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-01-16 15:49 - 2014-01-16 15:48 - 06072408 _____ (TeamViewer GmbH) C:\Users\*****\Downloads\TeamViewer_Setup_de.exe
2014-01-16 15:06 - 2014-01-16 15:06 - 00002124 _____ C:\Users\Public\Desktop\VMware Player.lnk
2014-01-16 15:06 - 2014-01-16 15:06 - 00000000 ____D C:\Program Files\Common Files\VMware
2014-01-16 15:06 - 2014-01-16 15:06 - 00000000 ____D C:\Program Files (x86)\VMware
2014-01-16 15:06 - 2011-05-18 15:43 - 01650334 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-16 15:06 - 2010-07-26 14:08 - 00703102 _____ C:\Windows\system32\perfh007.dat
2014-01-16 15:06 - 2010-07-26 14:08 - 00150424 _____ C:\Windows\system32\perfc007.dat
2014-01-16 14:42 - 2013-04-19 11:22 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-16 12:45 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-16 12:45 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-16 10:51 - 2014-01-16 10:51 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-16 10:45 - 2009-07-14 06:13 - 01622100 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-16 08:22 - 2014-01-16 08:22 - 00000404 _____ C:\Users\*****\Desktop\LAN-Verbindung - Verknüpfung.lnk
2014-01-16 07:21 - 2011-07-14 17:04 - 00000000 ___RD C:\Users\*****\Dropbox
2014-01-16 06:34 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-16 06:34 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-16 06:34 - 2009-07-14 05:51 - 00138261 _____ C:\Windows\setupact.log
2014-01-16 06:33 - 2010-07-28 14:27 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-16 03:25 - 2009-07-14 05:45 - 01347808 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 03:24 - 2009-11-18 23:09 - 00812778 _____ C:\Windows\PFRO.log
2014-01-16 03:08 - 2009-11-18 22:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 03:04 - 2013-08-17 21:05 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 03:04 - 2010-12-18 09:40 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 20:58 - 2014-01-15 20:58 - 00000400 _____ C:\Users\*****\Desktop\Malwarebytes Malwarebytes Anti-Rootkit BETA.website
2014-01-15 16:05 - 2014-01-15 16:05 - 00000000 ____D C:\Users\*****\Desktop\ProcessExplorer_1540
2014-01-15 12:08 - 2014-01-15 12:08 - 00001638 _____ C:\Users\*****\Desktop\BU-pst - bald wieder löschen.lnk
2014-01-15 11:45 - 2014-01-15 11:45 - 00001206 _____ C:\Users\*****\Desktop\JRT.txt
2014-01-15 11:39 - 2014-01-15 11:39 - 00000000 ____D C:\Windows\ERUNT
2014-01-15 11:04 - 2014-01-15 10:47 - 00000000 ____D C:\AdwCleaner
2014-01-15 10:38 - 2014-01-15 10:38 - 00001688 _____ C:\Users\*****\Desktop\xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx tro.txt
2014-01-15 09:05 - 2014-01-15 09:05 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-15 09:05 - 2014-01-15 09:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-15 08:44 - 2014-01-15 08:44 - 00000000 ____D C:\FRST
2014-01-15 08:42 - 2014-01-15 08:42 - 00000000 _____ C:\Users\*****\defogger_reenable
2014-01-15 08:42 - 2010-12-11 20:34 - 00000000 ____D C:\Users\*****
2014-01-14 18:38 - 2014-01-14 18:15 - 00043520 ___SH C:\Users\*****\AppData\Roaming\Thumbs.db
2014-01-14 15:32 - 2013-10-19 19:14 - 00000557 _____ C:\Users\*****\Desktop\moooooovie.txt
2014-01-13 14:04 - 2014-01-13 14:04 - 00000282 _____ C:\Users\*****\Desktop\10 Schritte zum erfolgreichen Facebook-Gewinnspiel Fanpage Karma Blog.URL
2014-01-12 17:57 - 2013-11-29 20:15 - 00002356 _____ C:\Users\*****\Desktop\kauuuuuuf.txt
2014-01-12 16:53 - 2014-01-12 16:53 - 00000217 _____ C:\Users\*****\Desktop\The Scale of the Universe 2 — Other Languages.URL
2014-01-11 20:33 - 2014-01-11 20:32 - 00002057 _____ C:\Users\*****\Desktop\configuration.php
2014-01-10 16:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-10 11:14 - 2009-07-14 03:34 - 00000531 _____ C:\Windows\win.ini
2014-01-09 07:10 - 2012-02-07 11:46 - 00001506 _____ C:\Windows\wininit.ini
2014-01-09 07:10 - 2011-07-14 17:04 - 00001025 _____ C:\Users\*****\Desktop\Dropbox.lnk
2014-01-09 07:10 - 2011-07-14 17:03 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-09 07:10 - 2010-12-11 20:35 - 00000000 ___RD C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-08 11:15 - 2014-01-08 11:15 - 00000000 ____D C:\Program Files (x86)\FlippingBook
2014-01-08 11:15 - 2014-01-08 11:13 - 00000000 __HDC C:\ProgramData\{0C886C27-6204-4A3D-8348-A42A59BC7205}
2014-01-08 11:15 - 2013-12-09 14:27 - 00001153 _____ C:\Users\Public\Desktop\FlippingBook Publisher Professional.lnk
2014-01-08 11:14 - 2013-12-09 14:25 - 00000000 __HDC C:\ProgramData\{CA331EC7-0458-49DF-8B26-9E171A9EAE0D}
2014-01-08 11:13 - 2014-01-08 11:13 - 00000000 ____D C:\Users\*****\AppData\Local\III
2014-01-07 19:50 - 2014-01-07 19:50 - 00000233 _____ C:\Users\*****\Desktop\Fly Birds Hd Legendary Birds Legendary Pokemon. Colourful Pheasant Birds Wallpapers. Fly Birds Hd ~ Photoinpixel.URL
2014-01-05 16:21 - 2011-01-03 16:37 - 00000000 ____D C:\Users\*****\AppData\Roaming\Azureus
2014-01-04 19:06 - 2014-01-04 19:06 - 00003714 _____ C:\Users\*****\Desktop\pointclouds - Verknüpfung.lnk
2014-01-02 11:26 - 2014-01-02 11:26 - 00000053 _____ C:\Users\*****\Desktop\google63a169ac443c121d.html
2013-12-31 14:08 - 2013-12-31 14:08 - 00000225 _____ C:\Users\*****\Desktop\macklemore album.URL
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Stellarium
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Local\stellarium
2013-12-29 12:28 - 2013-12-29 12:28 - 00001724 _____ C:\Users\Public\Desktop\Stellarium.lnk
2013-12-29 12:28 - 2013-12-29 12:28 - 00000000 ____D C:\Program Files\Stellarium
2013-12-28 16:39 - 2013-09-01 18:06 - 00000000 ____D C:\Users\Admin\Desktop\test
2013-12-28 16:39 - 2010-12-23 11:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2013-12-28 16:36 - 2010-12-23 11:42 - 00000000 ____D C:\Users\Admin\AppData\Local\Mozilla
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____D C:\Users\*****\AppData\Roaming\Sierra Wireless
2013-12-28 11:57 - 2013-12-28 11:56 - 00000000 ____D C:\ProgramData\mquadr.at
2013-12-28 11:57 - 2013-12-28 11:53 - 00000000 ____D C:\ProgramData\DatacardService
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____D C:\Users\*****\AppData\Local\mquadr.at
2013-12-28 11:55 - 2013-12-28 11:55 - 00001163 _____ C:\Users\Public\Desktop\3InternetManager.lnk
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 __HDC C:\ProgramData\{A48B2592-413B-41AB-8710-5543CB7481EC}
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\ProgramData\H3G
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\Program Files (x86)\3InternetManager
2013-12-26 18:07 - 2013-09-26 18:33 - 00000000 ____D C:\Users\*****\Desktop\*****
2013-12-19 11:41 - 2009-11-18 22:56 - 00000000 ____D C:\Program Files (x86)\Google
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-09 07:35
==================== End Of Log ============================
--- --- --- |
|
17.01.2014, 20:41
| #6 | ||
| /// the machine /// TB-Ausbilder | TR/Crypt.Xpack.41536 in der Outlook .pstZitat:
Zitat:
__________________ --> TR/Crypt.Xpack.41536 in der Outlook .pst |
|
18.01.2014, 16:54
| #7 | |
| | TR/Crypt.Xpack.41536 in der Outlook .pstZitat:
Drei Fragen noch, wenn ich darf  1) War in den Logs am Anfang dieses Beitrags verdächtiges drin? 2) Kann ich noch irgendwelche Tools drüber laufen lassen? 3) Mit was sollte ich USB-Sticks und externe Festplatten scannen, die immer wieder am PC waren? Ich habe noch Sophos Anti-Rootkit drüber laufen lassen. Hier das sarscan.log: Code:
ATTFilter Sophos Anti-Rootkit Version 1.5.0 (c) 2009 Sophos Plc
Started logging on 17.01.2014 at 13:54:56
User "*****" on computer "*****-PC"
Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\CTF\Assemblies\0x00000409
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
Hidden: file C:\OEM\Preload\Autorun\APP\Acer Registration\SetupGREG.exe
Hidden: file C:\OEM\Preload\Autorun\APP\Adobe Flash Player\Install Flash Player 10 ActiveX.exe
Hidden: file C:\OEM\Preload\Autorun\APP\Backup Management Advanced\Setup.exe
Hidden: file C:\OEM\Preload\Autorun\APP\eSobi\eSobiLiteSetup-SAB-204.exe
Hidden: file C:\OEM\Preload\Autorun\APP\Google Toolbar Acer Edition\Installer_v6.exe
Hidden: file C:\OEM\Preload\Autorun\APP\MyWinLocker v3\MyWinLocker.exe
Hidden: file C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\Shredder.exe
Hidden: file C:\OEM\Preload\Autorun\APP\Nero 9 Essentials Acer Edition\unnero.exe
Hidden: file C:\OEM\Preload\Autorun\APP\Welcome Center\SetupOWC.exe
Hidden: file C:\OEM\Preload\Autorun\APP\MCI Home key (Smart Launcher)\Setup.exe
Hidden: file C:\OEM\Preload\Autorun\SET\Screen saver\Setup.exe
Hidden: file C:\OEM\Preload\Autorun\SET\SmartLauncher\Setup.exe
Hidden: file C:\Program Files (x86)\Acer GameZone\Alice Greenfingers\TimeProtect.dll
Hidden: file C:\Program Files (x86)\Acer GameZone\Amazonia\TimeProtect.dll
Hidden: file C:\Program Files (x86)\Acer GameZone\Dairy Dash\TimeProtect.dll
Hidden: file C:\Program Files (x86)\Acer GameZone\Dream Day First Home\DEU\TimeProtect.dll
Hidden: file C:\Program Files (x86)\Acer GameZone\Dream Day First Home\ENU\TimeProtect.dll
Hidden: file C:\Program Files (x86)\Acer GameZone\Dream Day First Home\FRA\TimeProtect.dll
Hidden: file C:\Program Files (x86)\Acer GameZone\Dream Day First Home\JPN\TimeProtect.dll
Hidden: file C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\TimeProtect.dll
Hidden: file C:\Program Files (x86)\Acer GameZone\First Class Flurry\TimeProtect.dll
Hidden: file C:\Program Files (x86)\Acer GameZone\Granny In Paradise\TimeProtect.dll
Hidden: file C:\Program Files (x86)\Acer GameZone\Heroes of Hellas\TimeProtect.dll
Hidden: file C:\Program Files (x86)\Acer GameZone\Merriam Websters Spell Jam\TimeProtect.dll
Hidden: file C:\Program Files (x86)\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe
Hidden: file C:\OEM\Preload\Autorun\APP\Acer Arcade Deluxe\PCinema\setup.exe
Hidden: file C:\OEM\Preload\Autorun\APP\Acer Arcade Deluxe\setup.exe
Hidden: file C:\Windows\System32\config\SOFTWARE.LOG2
Hidden: file C:\OEM\Preload\Autorun\DRV\nVidia Graphic Card PCI-E Driver\Nvidia_VGA_x64\Display\NvCplSetupInt.exe
Hidden: file C:\OEM\Preload\Autorun\DRV\nVidia Graphic Card PCI-E Driver\Nvidia_VGA_x86\Display\NvCplSetupInt.exe
Hidden: file C:\Program Files (x86)\MAGIX\Video_deluxe_15\videodeLuxe.exe
Hidden: file C:\Users\*****\Downloads\mbar-1.07.0.1008.exe
Hidden: file C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
Hidden: file C:\Users\Public\Mediaparts Interactive\FlippingBook Publisher\Updates\Professional_2_5_19_Full.exe
Hidden: file C:\Program Files (x86)\SWFTools\gpdf2swf.exe
Hidden: file C:\Program Files (x86)\Macromedia\FreeHand MXa\FH_FL_Reader_Installer.exe
Hidden: file C:\Program Files (x86)\Macromedia\FreeHand MXa\FH_FW_Reader_Installer.exe
Hidden: file C:\Program Files (x86)\Macromedia\FreeHand MXa\actlib.dll
Hidden: file C:\Program Files (x86)\Google\Picasa3\Uninstall.exe
Hidden: file C:\Program Files (x86)\HappyFoto-Designer\Extraction.exe
Hidden: file C:\Program Files (x86)\eRightSoft\SUPER\spk\Smab.spk
Hidden: file C:\Program Files (x86)\eRightSoft\SUPER\mencoder\mencoder.exe
Hidden: file C:\Program Files (x86)\eRightSoft\SUPER\mencoder\MPlayer.exe
Hidden: file C:\Program Files (x86)\eRightSoft\SUPER\mencoder\mplayer\Mplayer.exe
Hidden: file C:\HS3 Hotelsoftware\HS3Remote.exe
Hidden: file C:\Program Files (x86)\FlippingBook\FlippingBook Publisher Professional\Resources\VpPrinterSetup.exe
Hidden: file C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\extensions\printPages2Pdf@reinhold.ripper\libraries\wkhtmltox0.dll
Hidden: file C:\Program Files (x86)\HappyFoto-Designer\HappyFoto-Designer.exe
Hidden: file C:\ProgramData\{0C886C27-6204-4A3D-8348-A42A59BC7205}\OFFLINE\D68E83A7\A18896BF\Publisher2.exe
Hidden: file C:\ProgramData\{0C886C27-6204-4A3D-8348-A42A59BC7205}\OFFLINE\D749CF2B\105CB71E\VpPrinterSetup.exe
Hidden: file C:\Program Files (x86)\Inkscape\inkscape.com
Hidden: file C:\Program Files (x86)\Vista Buttons\uninstall.exe
Hidden: file C:\Program Files (x86)\InstallShield Installation Information\unwintv7.exe
Hidden: file C:\Hauppauge\WinTV v7 CD 2.5c\Setup.exe
Hidden: file C:\Hauppauge\WinTV v7 CD 2.5c\Registration\Register.exe
Hidden: file C:\Hauppauge\WinTV v7 CD 2.5c\WinTV7\WinTV7Setup.exe
Hidden: file C:\Program Files (x86)\MarkAny\ContentSafer\MPXBox.exe
Hidden: file C:\Program Files (x86)\Common Files\Samsung\DeviceService\Setup.exe
Stopped logging on 17.01.2014 at 19:30:24
|
|
19.01.2014, 10:24
| #8 | |||
| /// the machine /// TB-Ausbilder | TR/Crypt.Xpack.41536 in der Outlook .pstZitat:
Zitat:
Zitat:
Log ist sauber. Fertig Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.01.2014, 08:17
| #9 |
| | TR/Crypt.Xpack.41536 in der Outlook .pst Vielen Dank! Ist alles erfolgreich erledigt. Wunderbar!!! |
|
21.01.2014, 09:25
| #10 |
| /// the machine /// TB-Ausbilder | TR/Crypt.Xpack.41536 in der Outlook .pst Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.01.2014, 08:30
| #11 |
| | TR/Crypt.Xpack.41536 in der Outlook .pst Hallo nochmal! Ich habe mich in das Thema etwas mehr eingelesen und die Tipps zur Absicherung gemacht. Bitte könnt ihr euch noch dieses netstat, btw. netstat -b ansehen? Mir ist nicht klar, was die Zeilen mit "[fe80::d93b:b9e0" hier bedeuten. Werden von Malwarebytes bzw. den anderen Tools diese Ports und die Orte, bzw. Dateigrößen der Programme auch geprüft? Vielen Dank! Code:
ATTFilter Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Alle Rechte vorbehalten.
C:\Windows\system32>netstat -b
Aktive Verbindungen
Proto Lokale Adresse Remoteadresse Status
TCP 127.0.0.1:19872 *****-PC:49907 HERGESTELLT
[Dropbox.exe]
TCP 127.0.0.1:27015 *****-PC:49889 HERGESTELLT
[AppleMobileDeviceService.exe]
TCP 127.0.0.1:49162 *****-PC:50701 HERGESTELLT
[VersionCueCS2.exe]
TCP 127.0.0.1:49889 *****-PC:27015 HERGESTELLT
[iTunesHelper.exe]
TCP 127.0.0.1:49907 *****-PC:19872 HERGESTELLT
[Dropbox.exe]
TCP 127.0.0.1:50701 *****-PC:49162 HERGESTELLT
[mysqld-nt.exe]
TCP 127.0.0.1:56423 *****-PC:2559 SYN_GESENDET
[nvtray.exe]
TCP 192.168.178.66:49933 snt-re2-10c:http HERGESTELLT
[Dropbox.exe]
TCP [::1]:49157 *****-PC:49159 HERGESTELLT
[LMS.exe]
TCP [::1]:49159 *****-PC:49157 HERGESTELLT
[LMS.exe]
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56232 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56248 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56264 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56280 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56297 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56313 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56329 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56345 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56361 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56378 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56394 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56410 *****-PC:16992 WARTEND
C:\Windows\system32>netstat
Aktive Verbindungen
Proto Lokale Adresse Remoteadresse Status
TCP 127.0.0.1:19872 *****-PC:49907 HERGESTELLT
TCP 127.0.0.1:27015 *****-PC:49889 HERGESTELLT
TCP 127.0.0.1:49162 *****-PC:50701 HERGESTELLT
TCP 127.0.0.1:49889 *****-PC:27015 HERGESTELLT
TCP 127.0.0.1:49907 *****-PC:19872 HERGESTELLT
TCP 127.0.0.1:50701 *****-PC:49162 HERGESTELLT
TCP 127.0.0.1:56210 *****-PC:2559 SYN_GESENDET
TCP 192.168.140.1:56209 *****-PC:16993 SYN_GESENDET
TCP 192.168.178.66:49933 snt-re2-10c:http HERGESTELLT
TCP 192.168.178.66:55545 ham02s13-in-f24:https WARTEND
TCP 192.168.178.66:55985 muc03s01-in-f15:https WARTEND
TCP 192.168.178.66:55988 muc03s07-in-f15:https WARTEND
TCP 192.168.178.66:55989 cache:https WARTEND
TCP 192.168.178.66:55990 cache:https WARTEND
TCP 192.168.178.66:55993 cache:https WARTEND
TCP 192.168.178.66:55996 cache:https WARTEND
TCP 192.168.178.66:55997 cache:https WARTEND
TCP 192.168.178.66:55998 cache:https WARTEND
TCP 192.168.178.66:55999 cache:https WARTEND
TCP 192.168.178.66:56011 api:http WARTEND
TCP 192.168.178.66:56017 ham02s13-in-f24:http WARTEND
TCP 192.168.178.66:56018 ham02s13-in-f24:http WARTEND
TCP 192.168.178.66:56022 cache:http WARTEND
TCP 192.168.178.66:56023 cfdprivileges:http WARTEND
TCP 192.168.178.66:56025 cache:http WARTEND
TCP 192.168.178.66:56027 mail:http WARTEND
TCP 192.168.178.66:56029 mail:http WARTEND
TCP 192.168.178.66:56030 mail:http WARTEND
TCP 192.168.178.66:56033 malthus:http WARTEND
TCP 192.168.178.66:56037 p3nlhg214c1214:http WARTEND
TCP 192.168.178.66:56038 p3nlhg214c1214:http WARTEND
TCP [::1]:49157 *****-PC:49159 HERGESTELLT
TCP [::1]:49159 *****-PC:49157 HERGESTELLT
TCP [fe80::d93b:b9e0:44c4:57a0%20]:55991 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56014 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56049 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56065 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56084 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56100 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56117 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56134 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56150 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56166 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56183 *****-PC:16992 WARTEND
TCP [fe80::d93b:b9e0:44c4:57a0%20]:56199 *****-PC:16992 WARTEND
C:\Windows\system32>
|
|
22.01.2014, 16:40
| #12 | ||
| /// the machine /// TB-Ausbilder | TR/Crypt.Xpack.41536 in der Outlook .pstZitat:
Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu TR/Crypt.Xpack.41536 in der Outlook .pst |
| .com, adblock, backdoor.agent.wrrgen, computer, dvdvideosoft ltd., e-mail anhang, flash player, gmer.log, js/trojandownloader.agent.nsa, pup.optional.installcore.a, pup.optional.regcleanerpro, pup.optional.somoto, pup.optional.sweetim, richtlinie, security, sierra, software, spyware, svchost.exe, tr/crypt.xpack.41536, tr/crypt.zpack.gen2, worm/ntech.t |
Linear-Darstellung
