| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt.Xpack.41536 in der Outlook .pstWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.01.2014, 10:27
| #1 |
 |  TR/Crypt.Xpack.41536 in der Outlook .pst Hallo! Bei Routine-Scans sind mir ein paar Dinge aufgefallen. Deswegen habe ich den PC mit der aktuellen Avira Rescue CD gebootet und scannen lassen. Dabei sind folgende Viren erkannt und dann umbenannt worden: Outlook2003_mehr_gb pst -> TR/Crypt.Xpack.41536 archivoutlook2003_mehr_gb.pst -> WORM/Ntech.T archiv1.pst -> TR/Crypt.ZPACK.Gen2 EXP.JAVA.Niabil.Gen Hier weiß ich leider nicht, wie man das Avira Rescue CD Logfile speichert. Fotos vom Screen sind angefügt. Danach habe ich Addition.txt, FRST.txt, defogger_disable.log und Gmer.log erstellt. Und wieder danach habe ich einen Quickscan mit Malwarebytes durchgeführt und "entferne Auswahl" gewählt. Logs auch anbei. Meine Fragen sind: 1) Was wäre generell als nächstes zu tun? 2) Wie kann ich die derzeit umgeschrieben Outlook-Dateien retten. Da sind alle meine E-Mails drin. Ggf. ist ja nicht die Datei an sich infiziert, sondern nur ein E-Mail Anhang darin. Solche Anhänge öffne ich sowieso nicht. Ich bin ein Einzelunternehmer. Vielen Dank! Franz Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2014
Ran by ***** at 2014-01-15 08:47:18
Running from G:\Users\*****\Documents\***\***** Hacker\trojaner-board.de
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (x32 Version: - Microsoft)
3InternetManager (x32 Version: 3.0.0.141 - Hutchison 3G Austria GmbH)
Acer Arcade Deluxe (x32 Version: 3.2.7116 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.2.7116 - CyberLink Corp.) Hidden
Acer Backup Manager (x32 Version: 2.0.2.19 - NewTech Infosystems)
Acer eRecovery Management (x32 Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (x32 Version: 5.1.0.2 - Oberon Media, Inc.)
Acer Registration (x32 Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.1.0812 - Acer Incorporated)
Acer Updater (x32 Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated)
Acronis*True*Image*Home (x32 Version: 11.0.8010 - Acronis)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (x32 Version: 7.1.0 - Adobe Systems) Hidden
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.004 - Adobe Systems)
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Creative Suite 2 (x32 Version: - )
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe GoLive CS2 (x32 Version: 8.0.1 - Ihr Firmenname) Hidden
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Illustrator CS2 (x32 Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe InDesign CS2 (x32 Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop 6.0 (x32 Version: 6.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (x32 Version: 3.0 - Adobe Systems, Inc.)
Adobe Version Cue CS2 (x32 Version: 2.0.1 - Adobe Systems, Inc.) Hidden
Advanced File Organizer (x32 Version: 2.61 - SoftPrime Development)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AIR iPad (x32 Version: 01 - UNKNOWN) Hidden
AIR iPad (x32 Version: v.01 - UNKNOWN)
Akeeba eXtract Wizard 3.3 (x32 Version: - Akeeba Developers)
Alice Greenfingers (x32 Version: - Oberon Media)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17 - Amazon Services LLC)
Amazonia (x32 Version: - Oberon Media)
Any Video Converter 3.5.2 (x32 Version: - Any-Video-Converter.com)
Apple Application Support (x32 Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (x32 Version: - )
Audacity 1.3.13 (Unicode) (x32 Version: - Audacity Team)
Audible Download Manager (x32 Version: 6.6.0.15 - Audible, Inc.)
Avery Wizard 4.0 (x32 Version: 4.0.201 - Avery)
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-6490CW (x32 Version: 1.0.1.0 - Brother Industries, Ltd.)
Bulk Rename Utility 2.7.1.2 (Version: - TGRMN Software)
Bullzip PDF Printer 10.1.0.1871 (Version: 10.1.0.1871 - Bullzip)
CamStudio (x32 Version: - )
Chicken Invaders 2 (x32 Version: - Oberon Media)
ColorChecker Passport 1.0 (x32 Version: - X-Rite)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
CSS Tab Designer v2.0 (x32 Version: - OverZone Software)
Dairy Dash (x32 Version: - Oberon Media)
DivX-Setup (x32 Version: 2.6.1.9 - DivX, LLC)
Dream Day First Home (x32 Version: - Oberon Media)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
eBay Worldwide (x32 Version: 2.1.0901 - OEM)
Engraver 2.0. (x32 Version: - )
Engraver 2.22 (64 Bit). (Version: - )
Engraver 2.22. (x32 Version: - )
Epson Easy Photo Print 2 (x32 Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Print CD (x32 Version: 2.05.00 - SEIKO EPSON CORPORATION)
Epson Stylus Photo R3000 Handbuch (x32 Version: - )
Epson Stylus Photo R3000 Netzwerk-Handbuch (x32 Version: - )
Epson Stylus Photo R3000 Printer Uninstall (Version: - SEIKO EPSON Corporation)
EpsonNet Print (x32 Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (x32 Version: 3.3b - SEIKO EPSON CORPORATION)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Farm Frenzy 2 (x32 Version: - Oberon Media)
FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.0.1.13 - MAGIX AG)
First Class Flurry (x32 Version: - Oberon Media)
FlippingBook Publisher (x32 Version: 2.5.19 - FlippingBook) Hidden
FlippingBook Publisher Professional (x32 Version: 2.5.19 - FlippingBook)
Free CD to MP3 Converter (x32 Version: - )
Free M4a to MP3 Converter 6.2 (x32 Version: - ManiacTools.com)
Free YouTube to MP3 Converter version 3.11.20.423 (x32 Version: 3.11.20.423 - DVDVideoSoft Ltd.)
FRITZ!Fernzugang (Version: 1.2.3 - AVM Berlin)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Desktop (x32 Version: 5.9.1005.12335 - Google)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Granny In Paradise (x32 Version: - Oberon Media)
gSyncit (x32 Version: 2.4.42 - Fieldston Software)
HappyFoto-Designer 4.4 (x32 Version: - )
Hauppauge WinTV 7 (x32 Version: v7.0.30108 (CD 2.5c) - Hauppauge Computer Works)
Heroes of Hellas (x32 Version: - Oberon Media)
HFSExplorer 0.21 (x32 Version: 0.21 - Catacombae Software)
Hotkey Utility (x32 Version: 2.05.3005 - Acer Incorporated)
HS3 2011 (x32 Version: 2011 (2011.04.002) - HS/3 Hotelsoftware GmbH & Co. KG)
Identity Card (x32 Version: 1.00.3002 - Acer Incorporated)
IETester v0.5.2 (remove only) (x32 Version: 0.5.2 - Core Services)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Inkscape 0.48.1 (x32 Version: 0.48.1 - )
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (Version: - Intel Corporation)
iTunes (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (x32 Version: 0.9 - AppWork GmbH)
JMicron JMB36X Driver (x32 Version: 1.00.0000 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kies (x32 Version: 1.4 - Ihr Firmenname)
Kies (x32 Version: 1.4 - Ihr Firmenname) Hidden
LAME v3.98.3 for Audacity (x32 Version: - )
LinkChecker 8.4 (x32 Version: - )
Macromedia Dreamweaver 8 (x32 Version: 8.0.0.2751 - Macromedia)
Macromedia Extension Manager (x32 Version: 1.7.270 - Ihr Firmenname)
Macromedia Fireworks 8 (x32 Version: 8.0.0.777 - Macromedia)
Macromedia Flash 8 (x32 Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (x32 Version: 1.00.0000 - Macromedia)
Macromedia FreeHand MXa (x32 Version: 11.0.1 - Macromedia)
MAGIX Screenshare 4.3.6.1987 (D) (x32 Version: 4.3.6.1987 - MAGIX AG)
MAGIX Video deluxe 15 8.0.0.62 (D) (x32 Version: 8.0.0.62 - MAGIX AG)
Merriam Websters Spell Jam (x32 Version: - Oberon Media)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Expression Design 4 (x32 Version: 7.0.20516.0 - Microsoft Corporation)
Microsoft Expression Design 4 (x32 Version: 7.0.20516.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 (x32 Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (x32 Version: 4.0.1651.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 Screen Capture Codec (x32 Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Web 4 (x32 Version: 4.0.1303.0 - Microsoft Corporation)
Microsoft Expression Web 4 (x32 Version: 4.0.1303.0 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 Service Pack 2 (x32 Version: - Microsoft Corporation)
Microsoft LifeCam (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - German/Deutsch (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (x32 Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Professional (x32 Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird (3.1.9) (x32 Version: 3.1.9 (de) - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.76.0 - Egis Technology Inc.)
Nero 9 Essentials (x32 Version: - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.16.0.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Notepad++ (x32 Version: 5.9 - )
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA Display Control Panel (Version: 6.14.11.9703 - NVIDIA Corporation)
NVIDIA Drivers (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0129 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4 (x32 Version: 3.4.9590 - OpenOffice.org)
Outlook Backup Assistant 5 (Testversion) (x32 Version: 5.0 - Priotecs IT GmbH)
Paragon Backup & Recovery™ 2012 Free (x32 Version: 90.00.0003 - Paragon Software)
PC Connectivity Solution (x32 Version: 8.47.7.0 - Nokia)
PDFCreator (x32 Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Phase 5 HTML-Editor (x32 Version: 5.6.2.3 - Systemberatung Schommer)
Picasa 3 (x32 Version: 3.8 - Google, Inc.)
Poedit (x32 Version: 1.5.5 - Vaclav Slavik)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Safari (x32 Version: 5.33.19.4 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.350.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (x32 Version: 1.00.0000 - Samsung)
Skype™ 5.0 (x32 Version: 5.0.156 - Skype Technologies S.A.)
SmartCopy (x32 Version: - Northstar Systems Corp.)
SmartLauncher (x32 Version: - Northstar Systems Corp.)
Stellarium 0.12.4 (Version: 0.12.4 - Stellarium team)
StuffIt Expander 2011 (Version: 15.0.1.17 - Smith Micro Software, Inc.)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53 (x32 Version: v2012.build.53 - eRightSoft)
TeamViewer 9 (x32 Version: 9.0.24951 - TeamViewer)
TeraCopy 2.2 (Version: - Code Sector Inc.)
Textmosaic Generator 1.10 (x32 Version: 1.10 - Philipp Winterberg)
TextPad 4.7 (x32 Version: 4.7.2 - Ihr Firmenname)
Thumbnail Generator by Disable Spyware (x32 Version: - )
TightVNC 2.0.2 (x32 Version: 2.0.2 - GlavSoft LLC.)
Total Commander 64-bit (Remove or Repair) (Version: 8.0 - Ghisler Software GmbH)
Total Immersion D'Fusion @Home Web Plug-In (x32 Version: - Total Immersion)
TrueCrypt (x32 Version: 7.0a - TrueCrypt Foundation)
TuxGuitar (x32 Version: 1.2 - Herac)
Überwachungstool für die Intel® Turbo-Boost-Technologie (Version: 1.0.115.11 - Intel)
UltraVnc (x32 Version: 1.0.9.62 - uvnc bvba)
Unlocker 1.9.1-x64 (Version: 1.9.1 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32 Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vista Buttons (x32 Version: - )
VLC media player 2.0.1 (x32 Version: 2.0.1 - VideoLAN)
Vuze (x32 Version: 4.7 - Vuze Inc.)
Web Album Generator 1.8.2 (x32 Version: - ornj.net)
Welcome Center (x32 Version: 1.00.3008 - Acer Incorporated)
Windows Home Server-Connector (Version: 6.0.3436.0 - Microsoft Corporation)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinHTTrack Website Copier 3.46-1 (x32 Version: 3.46.1 - HTTrack)
WinRAR (Version: - )
WinSCP 4.3.6 (x32 Version: 4.3.6 - Martin Prikryl)
Wisdom-soft AutoScreenRecorder 3.1 Pro (x32 Version: - Wisdom Software Inc.)
Yahoo! Detect (x32 Version: - )
==================== Restore Points =========================
09-01-2014 05:51:11 Windows Update
12-01-2014 08:02:58 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-05-21 18:45 - 00000894 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0DDD88D8-CFC7-4470-8DC6-EE036AD134CA} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {321EE57E-85B7-4405-9AEC-8BD4BB6EEE13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-11] (Google Inc.)
Task: {5A7AFC4B-76FA-4646-9E49-7B290CBEDD4D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-11] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-12-20 22:15 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2010-12-20 11:12 - 2009-06-21 09:52 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2010-12-20 11:12 - 2009-06-22 05:27 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2011-02-09 01:56 - 2011-02-09 01:56 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2005-04-06 16:52 - 2005-04-06 16:52 - 00028791 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00057453 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00102515 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\java.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00053364 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00057455 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\net.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00032880 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00434255 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 01019904 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-28 19:47 - 2011-08-23 09:04 - 00057344 _____ () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll
2012-05-28 17:02 - 2012-01-16 16:12 - 00018944 _____ () C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
2009-02-03 02:33 - 2009-02-03 02:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-05-06 03:24 - 2010-05-06 03:24 - 00151584 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2010-12-25 20:53 - 2006-01-12 21:20 - 00019968 _____ () C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.deu
2010-12-25 20:53 - 2006-01-12 21:13 - 00019968 _____ () C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.FRA
2010-12-18 20:25 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2007-08-31 17:13 - 2007-08-31 17:13 - 01336600 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll
2011-07-29 00:09 - 2011-07-29 00:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2008-09-29 02:55 - 2008-09-29 02:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-08 11:15 - 2010-09-17 09:00 - 12832768 _____ () C:\Program Files (x86)\Common Files\PDFCreator\GS9.00\gs9.00\Bin\gsdll32.dll
2013-12-12 07:59 - 2013-12-12 07:59 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/15/2014 08:11:12 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (01/15/2014 07:17:22 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 66.178.168.192.in-addr.arpa. PTR *****-PC.local.
Error: (01/15/2014 07:17:22 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.66:5353 19 66.178.168.192.in-addr.arpa. PTR *****-PC-2.local.
Error: (01/14/2014 07:14:50 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 66.178.168.192.in-addr.arpa. PTR *****-PC.local.
Error: (01/14/2014 07:14:50 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.66:5353 19 66.178.168.192.in-addr.arpa. PTR *****-PC-2.local.
Error: (01/14/2014 07:11:51 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 66.178.168.192.in-addr.arpa. PTR *****-PC.local.
Error: (01/14/2014 07:11:51 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.66:5353 19 66.178.168.192.in-addr.arpa. PTR *****-PC-2.local.
Error: (01/14/2014 07:35:47 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (01/14/2014 06:28:04 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 66.178.168.192.in-addr.arpa. PTR *****-PC.local.
Error: (01/14/2014 06:28:04 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.66:5353 19 66.178.168.192.in-addr.arpa. PTR *****-PC-2.local.
System errors:
=============
Error: (01/15/2014 07:38:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/15/2014 07:38:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/15/2014 07:34:25 AM) (Source: Ntfs) (User: )
Description: Auf dem Volume "\\?\Volume{10027dd9-c2d9-11e1-a534-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (01/15/2014 07:19:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/15/2014 07:19:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/15/2014 07:17:53 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Center TV Archive Transfer Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/15/2014 07:17:53 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Center TV Archive Transfer Service erreicht.
Error: (01/15/2014 07:16:45 AM) (Source: Ntfs) (User: )
Description: Auf dem Volume "\\?\Volume{10027dd9-c2d9-11e1-a534-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (01/14/2014 07:15:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Server" wurde mit folgendem Fehler beendet:
%%13
Error: (01/14/2014 07:15:00 PM) (Source: Microsoft Antimalware) (User: )
Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt
Feature: %%886
Fehlercode: 0x8007045b
Fehlerbeschreibung: Der Computer wird heruntergefahren.
Grund: %%892
Microsoft Office Sessions:
=========================
Error: (01/27/2012 03:16:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 141973 seconds with 60 seconds of active time. This session ended with a crash.
Error: (01/16/2012 02:17:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 372467 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/07/2011 01:39:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14856 seconds with 240 seconds of active time. This session ended with a crash.
Error: (10/07/2011 07:18:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 65 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/07/2011 07:04:15 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 89609 seconds with 4920 seconds of active time. This session ended with a crash.
Error: (10/05/2011 11:24:33 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14563 seconds with 60 seconds of active time. This session ended with a crash.
Error: (10/04/2011 09:19:59 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/04/2011 09:19:21 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 95561 seconds with 1080 seconds of active time. This session ended with a crash.
Error: (09/27/2011 01:21:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 338595 seconds with 360 seconds of active time. This session ended with a crash.
Error: (09/19/2011 09:07:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 6103.06 MB
Available physical RAM: 3217.85 MB
Total Pagefile: 12204.3 MB
Available Pagefile: 8446.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:456.78 GB) (Free:240.97 GB) NTFS
Drive d: (Data) (Fixed) (Total:456.63 GB) (Free:312.72 GB) NTFS
Drive f: (SYSTEM RESERVED) (Fixed) (Total:0.03 GB) (Free:0 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (AcerAlt) (Fixed) (Total:411.91 GB) (Free:105.53 GB) NTFS
Drive h: (DATAAlt) (Fixed) (Total:43.63 GB) (Free:30.32 GB) NTFS
Drive l: () (Removable) (Total:7.39 GB) (Free:7.39 GB) FAT32
Drive m: (Swap-M) (Fixed) (Total:1397.26 GB) (Free:479.25 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C7CAF91E)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=457 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=457 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B4768151)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=31 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=412 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=44 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 9526035C)
Partition 1: (Active) - (Size=-698723860480) - (Type=07 NTFS)
========================================================
Disk: 5 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:42 on 15/01/2014 (*****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014
Ran by ***** (administrator) on *****-PC on 15-01-2014 08:44:36
Running from G:\Users\*****\Documents\***\***** Hacker\trojaner-board.de
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official downoad link fo FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Devguru Co., Ltd.) C:\Windows\SysWOW64\dgdersvc.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\esClient.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
() C:\HS3 Hotelsoftware\DB-Server\bin\fbguard_hs3sr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Adobe Sytems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
() C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
(North Star com.) C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSTrayApp.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(pdfforge hxxp://www.pdfforge.org/) C:\Program Files (x86)\Common Files\PDFCreator\PDFCreator.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSConnector.exe
(Firebird Project) C:\HS3 Hotelsoftware\DB-Server\bin\fbserver_hs3sr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Helios Software Solutions) C:\Program Files (x86)\TextPad 4\TextPad.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] - C:\windows\oobeoffer\oobeoffer\ootag.exe [23072 2009-09-28] (Microsoft)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-08-31] (Acronis)
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [609312 2010-05-06] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-11-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-11-12] (Acer Corp.)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_15\Trayserver.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [Adobe Version Cue CS2] - C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622232 2007-08-31] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [907040 2007-08-31] (Acronis)
HKLM-x32\...\Run: [Google Desktop Search] - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-12-20] (Google)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-18] (Google Inc.)
HKCU\...\Run: [updateMgr] - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe [3365176 2010-05-14] (Samsung Electronics Co., Ltd.)
MountPoints2: {59c8f615-9a4a-11df-a62d-806e6f6e6963} - E:\wubi.exe
MountPoints2: {a6801d55-6f88-11e3-9574-90fba686407f} - I:\AutoRun.exe
MountPoints2: {a6801d61-6f88-11e3-9574-90fba686407f} - I:\AutoRun.exe
HKU\Admin\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-18] (Google Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL [123392 2010-12-20] (Google)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7811&r=17361210n705pe426v155w5741u221
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7811&r=17361210n705pe426v155w5741u221
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT409AT409
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT409AT409
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=91Tr_Mru3RxUJoRgsGdwbizWUc8?q={searchTerms}
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A8B01E69-7297-4C38-B3E3-40775DDD3E9E}: [NameServer]213.94.78.17 213.94.78.16
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default
FF user.js: detected! => C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\user.js
FF Homepage: hxxp://www.starobserver.org|hxxp://news.astronomie.info/
FF Keyword.URL: hxxp://search.skipity.com/?source=ab&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @t-immersion.com/DFusionHomeWebPlugIn - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\searchplugins\s-amazon.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\searchplugins\skipity-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\googledesktop.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-14]
FF Extension: Print pages to PDF - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\printPages2Pdf@reinhold.ripper [2013-11-12]
FF Extension: WOT - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: Firebug - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\firebug@software.joehewitt.com.xpi [2013-09-23]
FF Extension: Write Area - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\writearea@writearea.com.xpi [2012-10-22]
FF Extension: Web Developer - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-15]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-19]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2013-12-12]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2013-12-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-12]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (D'Fusion @Home Web Plug-In (3.20.20164)) - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-10-11]
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-10-11]
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-10-11]
CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-10-11]
CHR Extension: (Chrome In-App Payments service) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 [2013-10-11]
CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-04-19]
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-12-18] (Adobe Systems)
R2 Adobe Version Cue CS2; C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin)
R2 dgdersvc; C:\Windows\SysWOW64\dgdersvc.exe [95568 2010-05-13] (Devguru Co., Ltd.)
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
R2 FirebirdGuardianHS3SRInstance; C:\HS3 Hotelsoftware\DB-Server\bin\fbguard_hs3sr.exe [1265664 2011-01-17] ()
R3 FirebirdServerHS3SRInstance; C:\HS3 Hotelsoftware\DB-Server\bin\fbserver_hs3sr.exe [3735552 2011-01-17] (Firebird Project)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-12-20] (Google)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577024 2012-03-24] (Hauppauge Computer Works)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 KiesAllShare; C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [9241088 2010-05-13] ()
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2010-12-19] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin)
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-05-13] (Devguru Co., Ltd)
R3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [18136 2010-05-13] (Devguru Co., Ltd)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [242688 2012-12-22] (Huawei Technologies Co., Ltd.)
S4 Iaaidassi; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2010-03-30] (AVM Berlin)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-15 08:44 - 2014-01-15 08:44 - 00000000 ____D C:\FRST
2014-01-15 08:43 - 2014-01-15 08:44 - 02076160 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2014-01-15 08:42 - 2014-01-15 08:42 - 00000000 _____ C:\Users\*****\defogger_reenable
2014-01-15 08:41 - 2014-01-15 08:41 - 00050477 _____ C:\Users\*****\Downloads\Defogger.exe
2014-01-14 18:44 - 2014-01-14 18:44 - 00002952 _____ C:\Users\*****\Downloads\access_log_2013-11-12.gz
2014-01-14 18:42 - 2014-01-14 18:42 - 00002316 _____ C:\Users\*****\Downloads\access_log_2014-01-05.gz
2014-01-14 18:40 - 2014-01-14 18:50 - 121822819 _____ C:\Users\*****\Downloads\avg_arl_ffi_all_120_130801a6481.rar
2014-01-14 18:28 - 2014-01-14 18:35 - 112001024 _____ C:\Users\*****\Downloads\avg_arl_cdi_all_120_130801a6481.iso
2014-01-14 18:26 - 2014-01-14 18:54 - 625348608 _____ C:\Users\*****\Downloads\rescue-system.iso
2014-01-14 18:15 - 2014-01-14 18:38 - 00043520 ___SH C:\Users\*****\AppData\Roaming\Thumbs.db
2014-01-14 18:09 - 2014-01-14 18:09 - 05063616 _____ (PortableApps.com) C:\Users\*****\Downloads\FileZillaPortable_3.7.3.paf.exe
2014-01-14 15:11 - 2014-01-14 15:11 - 00378099 _____ C:\Users\*****\Downloads\10_246_16_68.sql
2014-01-14 11:03 - 2014-01-14 11:04 - 00000000 ____D C:\Users\*****\Desktop\templates_c
2014-01-13 16:31 - 2014-01-13 16:31 - 01790152 _____ C:\Users\*****\Downloads\com_phocagallery_v3.2.6(1).zip
2014-01-13 14:04 - 2014-01-13 14:04 - 00000282 _____ C:\Users\*****\Desktop\10 Schritte zum erfolgreichen Facebook-Gewinnspiel Fanpage Karma Blog.URL
2014-01-12 16:53 - 2014-01-12 16:53 - 00000217 _____ C:\Users\*****\Desktop\The Scale of the Universe 2 — Other Languages.URL
2014-01-12 10:56 - 2014-01-12 10:56 - 00028736 _____ C:\Users\*****\Downloads\12_01_2014_WebFTP.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00119546 _____ C:\Users\*****\Downloads\droid-serif.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00079700 _____ C:\Users\*****\Downloads\droid-sans-mono.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00011194 _____ C:\Users\*****\Downloads\Droid.zip
2014-01-12 09:19 - 2014-01-12 09:19 - 00211015 _____ C:\Users\*****\Downloads\Droid-Sans.zip
2014-01-11 20:32 - 2014-01-11 20:33 - 00002057 _____ C:\Users\*****\Desktop\configuration.php
2014-01-10 10:58 - 2014-01-10 10:58 - 00036115 _____ C:\Users\*****\Downloads\access-2014010821-2014011002.log.gz
2014-01-09 11:59 - 2014-01-09 12:03 - 126234924 _____ C:\Users\*****\Downloads\Vorübung zu Swan Dive Prep.wmv
2014-01-08 11:52 - 2014-01-08 11:52 - 00002371 _____ C:\Users\*****\Downloads\address.zip
2014-01-08 11:15 - 2014-01-08 11:15 - 00000000 ____D C:\Program Files (x86)\FlippingBook
2014-01-08 11:15 - 2004-03-09 00:00 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-01-08 11:15 - 1998-07-06 00:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-01-08 11:15 - 1998-06-24 00:00 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-01-08 11:13 - 2014-01-08 11:15 - 00000000 __HDC C:\ProgramData\{0C886C27-6204-4A3D-8348-A42A59BC7205}
2014-01-08 11:13 - 2014-01-08 11:13 - 00000000 ____D C:\Users\*****\AppData\Local\III
2014-01-07 19:50 - 2014-01-07 19:50 - 00000233 _____ C:\Users\*****\Desktop\Fly Birds Hd Legendary Birds Legendary Pokemon. Colourful Pheasant Birds Wallpapers. Fly Birds Hd ~ Photoinpixel.URL
2014-01-04 19:06 - 2014-01-04 19:06 - 00003714 _____ C:\Users\*****\Desktop\pointclouds - Verknüpfung.lnk
2014-01-02 11:26 - 2014-01-02 11:26 - 00000053 _____ C:\Users\*****\Desktop\google63a169ac443c121d.html
2013-12-31 14:08 - 2013-12-31 14:08 - 00000225 _____ C:\Users\*****\Desktop\macklemore album.URL
2013-12-30 20:11 - 2013-12-30 20:16 - 176752984 _____ (VMware, Inc. ) C:\Users\*****\Downloads\VMware-converter-en-5.5.0-1362012.exe
2013-12-30 08:54 - 2013-12-30 08:58 - 98508144 _____ (VMware, Inc.) C:\Users\*****\Downloads\VMware-player-6.0.1-1379776.exe
2013-12-30 08:35 - 2013-12-30 08:35 - 00409141 _____ C:\Users\*****\Downloads\torbutton146-current.zip
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Stellarium
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Local\stellarium
2013-12-29 12:28 - 2013-12-29 12:28 - 00001724 _____ C:\Users\Public\Desktop\Stellarium.lnk
2013-12-29 12:28 - 2013-12-29 12:28 - 00000000 ____D C:\Program Files\Stellarium
2013-12-29 11:22 - 2013-12-29 11:24 - 81699167 _____ (Stellarium team ) C:\Users\*****\Downloads\stellarium-0.12.4-win64.exe
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____D C:\Users\*****\AppData\Roaming\Sierra Wireless
2013-12-28 11:56 - 2013-12-28 11:57 - 00000000 ____D C:\ProgramData\mquadr.at
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____D C:\Users\*****\AppData\Local\mquadr.at
2013-12-28 11:55 - 2013-12-28 11:55 - 00001163 _____ C:\Users\Public\Desktop\3InternetManager.lnk
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 __HDC C:\ProgramData\{A48B2592-413B-41AB-8710-5543CB7481EC}
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\ProgramData\H3G
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\Program Files (x86)\3InternetManager
2013-12-28 11:55 - 2013-06-06 13:00 - 03748792 ____N (mquadr.at software engineering und consulting GmbH) C:\Windows\SysWOW64\M2ElevatedCalls.dll
2013-12-28 11:55 - 2012-12-22 09:46 - 00014976 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-12-28 11:55 - 2012-12-22 09:41 - 00242688 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2013-12-28 11:55 - 2012-12-22 09:41 - 00076800 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2013-12-28 11:55 - 2012-12-03 18:40 - 00452608 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2013-12-28 11:55 - 2012-12-03 14:57 - 00238592 ____N (Nicomsoft Ltd.) C:\Windows\SysWOW64\WiFiMan.dll
2013-12-28 11:55 - 2012-08-20 08:55 - 00104960 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2013-12-28 11:55 - 2012-08-20 08:55 - 00090112 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-12-28 11:55 - 2012-08-20 08:55 - 00030720 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2013-12-28 11:55 - 2012-08-20 08:37 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2013-12-28 11:55 - 2012-08-20 08:37 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2013-12-28 11:55 - 2011-12-31 09:20 - 00225920 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-12-28 11:55 - 2010-10-08 16:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2013-12-28 11:55 - 2010-09-26 18:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2013-12-28 11:55 - 2010-08-06 07:43 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2013-12-28 11:55 - 2010-07-27 09:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-12-28 11:53 - 2013-12-28 11:57 - 00000000 ____D C:\ProgramData\DatacardService
2013-12-23 08:35 - 2013-12-23 08:36 - 14335560 _____ C:\Users\*****\Downloads\flags.zip
2013-12-17 12:17 - 2013-12-17 12:21 - 103312806 _____ C:\Users\*****\Downloads\d012f60a.sql
2013-12-17 12:12 - 2013-12-17 12:12 - 00108255 _____ C:\Users\*****\Downloads\Open_Graph_Protocol_v2.6_j25_unzipfirst.zip
2013-12-17 11:41 - 2013-12-17 12:07 - 00000000 ____D C:\Users\*****\Desktop\mp3
==================== One Month Modified Files and Folders =======
2014-01-15 08:44 - 2014-01-15 08:44 - 00000000 ____D C:\FRST
2014-01-15 08:44 - 2014-01-15 08:43 - 02076160 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2014-01-15 08:42 - 2014-01-15 08:42 - 00000000 _____ C:\Users\*****\defogger_reenable
2014-01-15 08:42 - 2010-12-11 20:34 - 00000000 ____D C:\Users\*****
2014-01-15 08:41 - 2014-01-15 08:41 - 00050477 _____ C:\Users\*****\Downloads\Defogger.exe
2014-01-15 08:39 - 2010-12-11 20:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-15 07:43 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-15 07:43 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-15 07:39 - 2010-07-28 14:21 - 01592860 _____ C:\Windows\WindowsUpdate.log
2014-01-15 07:36 - 2011-07-14 17:04 - 00000000 ___RD C:\Users\*****\Dropbox
2014-01-15 07:36 - 2011-07-14 17:03 - 00000000 ____D C:\Users\*****\AppData\Roaming\Dropbox
2014-01-15 07:35 - 2010-12-11 20:50 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-15 07:34 - 2010-07-28 14:27 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-15 07:34 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-15 07:34 - 2009-07-14 05:51 - 00137813 _____ C:\Windows\setupact.log
2014-01-14 19:07 - 2010-07-26 14:08 - 00700380 _____ C:\Windows\system32\perfh007.dat
2014-01-14 19:07 - 2010-07-26 14:08 - 00149176 _____ C:\Windows\system32\perfc007.dat
2014-01-14 19:07 - 2009-07-14 06:13 - 01622100 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-14 18:58 - 2010-12-20 12:28 - 00000000 ____D C:\Users\*****\AppData\Roaming\gSyncit
2014-01-14 18:54 - 2014-01-14 18:26 - 625348608 _____ C:\Users\*****\Downloads\rescue-system.iso
2014-01-14 18:50 - 2014-01-14 18:40 - 121822819 _____ C:\Users\*****\Downloads\avg_arl_ffi_all_120_130801a6481.rar
2014-01-14 18:44 - 2014-01-14 18:44 - 00002952 _____ C:\Users\*****\Downloads\access_log_2013-11-12.gz
2014-01-14 18:42 - 2014-01-14 18:42 - 00002316 _____ C:\Users\*****\Downloads\access_log_2014-01-05.gz
2014-01-14 18:38 - 2014-01-14 18:15 - 00043520 ___SH C:\Users\*****\AppData\Roaming\Thumbs.db
2014-01-14 18:35 - 2014-01-14 18:28 - 112001024 _____ C:\Users\*****\Downloads\avg_arl_cdi_all_120_130801a6481.iso
2014-01-14 18:16 - 2010-12-18 20:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\FileZilla
2014-01-14 18:09 - 2014-01-14 18:09 - 05063616 _____ (PortableApps.com) C:\Users\*****\Downloads\FileZillaPortable_3.7.3.paf.exe
2014-01-14 17:08 - 2011-01-06 16:46 - 00269936 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-14 15:32 - 2013-10-19 19:14 - 00000557 _____ C:\Users\*****\Desktop\moooooovie.txt
2014-01-14 15:11 - 2014-01-14 15:11 - 00378099 _____ C:\Users\*****\Downloads\10_246_16_68.sql
2014-01-14 11:04 - 2014-01-14 11:03 - 00000000 ____D C:\Users\*****\Desktop\templates_c
2014-01-13 16:38 - 2013-12-04 17:50 - 00000053 _____ C:\Users\*****\Downloads\google63a169ac443c121d.html
2014-01-13 16:31 - 2014-01-13 16:31 - 01790152 _____ C:\Users\*****\Downloads\com_phocagallery_v3.2.6(1).zip
2014-01-13 14:04 - 2014-01-13 14:04 - 00000282 _____ C:\Users\*****\Desktop\10 Schritte zum erfolgreichen Facebook-Gewinnspiel Fanpage Karma Blog.URL
2014-01-13 06:48 - 2009-07-14 05:45 - 01348600 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-12 17:57 - 2013-11-29 20:15 - 00002356 _____ C:\Users\*****\Desktop\kauuuuuuf.txt
2014-01-12 16:53 - 2014-01-12 16:53 - 00000217 _____ C:\Users\*****\Desktop\The Scale of the Universe 2 — Other Languages.URL
2014-01-12 10:56 - 2014-01-12 10:56 - 00028736 _____ C:\Users\*****\Downloads\12_01_2014_WebFTP.zip
2014-01-12 09:24 - 2010-12-11 20:34 - 00269936 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-12 09:20 - 2014-01-12 09:20 - 00119546 _____ C:\Users\*****\Downloads\droid-serif.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00079700 _____ C:\Users\*****\Downloads\droid-sans-mono.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00011194 _____ C:\Users\*****\Downloads\Droid.zip
2014-01-12 09:19 - 2014-01-12 09:19 - 00211015 _____ C:\Users\*****\Downloads\Droid-Sans.zip
2014-01-11 20:33 - 2014-01-11 20:32 - 00002057 _____ C:\Users\*****\Desktop\configuration.php
2014-01-10 16:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-10 11:14 - 2009-07-14 03:34 - 00000531 _____ C:\Windows\win.ini
2014-01-10 10:58 - 2014-01-10 10:58 - 00036115 _____ C:\Users\*****\Downloads\access-2014010821-2014011002.log.gz
2014-01-09 12:03 - 2014-01-09 11:59 - 126234924 _____ C:\Users\*****\Downloads\Vorübung zu Swan Dive Prep.wmv
2014-01-09 07:10 - 2012-02-07 11:46 - 00001506 _____ C:\Windows\wininit.ini
2014-01-09 07:10 - 2011-07-14 17:04 - 00001025 _____ C:\Users\*****\Desktop\Dropbox.lnk
2014-01-09 07:10 - 2011-07-14 17:03 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-09 07:10 - 2010-12-11 20:35 - 00000000 ___RD C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-09 06:39 - 2009-11-18 23:09 - 00811302 _____ C:\Windows\PFRO.log
2014-01-08 11:52 - 2014-01-08 11:52 - 00002371 _____ C:\Users\*****\Downloads\address.zip
2014-01-08 11:15 - 2014-01-08 11:15 - 00000000 ____D C:\Program Files (x86)\FlippingBook
2014-01-08 11:15 - 2014-01-08 11:13 - 00000000 __HDC C:\ProgramData\{0C886C27-6204-4A3D-8348-A42A59BC7205}
2014-01-08 11:15 - 2013-12-09 14:27 - 00001153 _____ C:\Users\Public\Desktop\FlippingBook Publisher Professional.lnk
2014-01-08 11:14 - 2013-12-09 14:25 - 00000000 __HDC C:\ProgramData\{CA331EC7-0458-49DF-8B26-9E171A9EAE0D}
2014-01-08 11:13 - 2014-01-08 11:13 - 00000000 ____D C:\Users\*****\AppData\Local\III
2014-01-07 19:50 - 2014-01-07 19:50 - 00000233 _____ C:\Users\*****\Desktop\Fly Birds Hd Legendary Birds Legendary Pokemon. Colourful Pheasant Birds Wallpapers. Fly Birds Hd ~ Photoinpixel.URL
2014-01-05 16:21 - 2011-01-03 16:37 - 00000000 ____D C:\Users\*****\AppData\Roaming\Azureus
2014-01-04 19:06 - 2014-01-04 19:06 - 00003714 _____ C:\Users\*****\Desktop\pointclouds - Verknüpfung.lnk
2014-01-04 16:21 - 2013-12-12 14:55 - 00000000 ____D C:\Users\*****\Desktop\löschen_____
2014-01-02 11:26 - 2014-01-02 11:26 - 00000053 _____ C:\Users\*****\Desktop\google63a169ac443c121d.html
2013-12-31 14:08 - 2013-12-31 14:08 - 00000225 _____ C:\Users\*****\Desktop\macklemore album.URL
2013-12-30 20:16 - 2013-12-30 20:11 - 176752984 _____ (VMware, Inc. ) C:\Users\*****\Downloads\VMware-converter-en-5.5.0-1362012.exe
2013-12-30 08:58 - 2013-12-30 08:54 - 98508144 _____ (VMware, Inc.) C:\Users\*****\Downloads\VMware-player-6.0.1-1379776.exe
2013-12-30 08:35 - 2013-12-30 08:35 - 00409141 _____ C:\Users\*****\Downloads\torbutton146-current.zip
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Stellarium
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Local\stellarium
2013-12-29 12:28 - 2013-12-29 12:28 - 00001724 _____ C:\Users\Public\Desktop\Stellarium.lnk
2013-12-29 12:28 - 2013-12-29 12:28 - 00000000 ____D C:\Program Files\Stellarium
2013-12-29 11:24 - 2013-12-29 11:22 - 81699167 _____ (Stellarium team ) C:\Users\*****\Downloads\stellarium-0.12.4-win64.exe
2013-12-28 16:39 - 2013-09-01 18:06 - 00000000 ____D C:\Users\Admin\Desktop\test
2013-12-28 16:39 - 2010-12-23 11:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2013-12-28 16:36 - 2010-12-23 11:42 - 00000000 ____D C:\Users\Admin\AppData\Local\Mozilla
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____D C:\Users\*****\AppData\Roaming\Sierra Wireless
2013-12-28 11:57 - 2013-12-28 11:56 - 00000000 ____D C:\ProgramData\mquadr.at
2013-12-28 11:57 - 2013-12-28 11:53 - 00000000 ____D C:\ProgramData\DatacardService
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____D C:\Users\*****\AppData\Local\mquadr.at
2013-12-28 11:55 - 2013-12-28 11:55 - 00001163 _____ C:\Users\Public\Desktop\3InternetManager.lnk
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 __HDC C:\ProgramData\{A48B2592-413B-41AB-8710-5543CB7481EC}
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\ProgramData\H3G
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\Program Files (x86)\3InternetManager
2013-12-26 18:07 - 2013-09-26 18:33 - 00000000 ____D C:\Users\*****\Desktop\Stadtkrug Dropbox Lager brennen
2013-12-23 08:36 - 2013-12-23 08:35 - 14335560 _____ C:\Users\*****\Downloads\flags.zip
2013-12-22 12:18 - 2013-12-08 11:17 - 00001094 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2013-12-19 11:41 - 2009-11-18 22:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-17 20:00 - 2010-12-11 20:47 - 00000000 ____D C:\Users\*****\AppData\Roaming\Adobe
2013-12-17 12:21 - 2013-12-17 12:17 - 103312806 _____ C:\Users\*****\Downloads\d012f60a.sql
2013-12-17 12:12 - 2013-12-17 12:12 - 00108255 _____ C:\Users\*****\Downloads\Open_Graph_Protocol_v2.6_j25_unzipfirst.zip
2013-12-17 12:07 - 2013-12-17 11:41 - 00000000 ____D C:\Users\*****\Desktop\mp3
2013-12-16 09:17 - 2010-12-25 15:48 - 00001998 ____H C:\Users\*****\Documents\Default.rdp
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\7.2.20.2-EasyShrx.Dll
C:\Users\*****\AppData\Local\Temp\autorun.dll
C:\Users\*****\AppData\Local\Temp\fox.dll
C:\Users\*****\AppData\Local\Temp\i4jdel0.exe
C:\Users\*****\AppData\Local\Temp\icu34.dll
C:\Users\*****\AppData\Local\Temp\icudt34.dll
C:\Users\*****\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\*****\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\*****\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\*****\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\*****\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\mgxfonts.exe
C:\Users\*****\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\*****\AppData\Local\Temp\msvcp71.dll
C:\Users\*****\AppData\Local\Temp\msvcr71.dll
C:\Users\*****\AppData\Local\Temp\TrueImageInstallMenu_standard.exe
C:\Users\*****\AppData\Local\Temp\ufkdfhxo.dll
C:\Users\*****\AppData\Local\Temp\xmlUpdater.exe
C:\Users\*****\AppData\Local\Temp\_is5467.exe
C:\Users\*****\AppData\Local\Temp\_is8325.exe
C:\Users\*****\AppData\Local\Temp\~convert1847027883366102978.exe
C:\Users\*****\AppData\Local\Temp\~convert2352740266388634011.exe
C:\Users\*****\AppData\Local\Temp\~convert2379864614059401350.exe
C:\Users\*****\AppData\Local\Temp\~convert3333224244493361257.exe
C:\Users\*****\AppData\Local\Temp\~convert3538011537334474619.exe
C:\Users\*****\AppData\Local\Temp\~convert3758073310861530453.exe
C:\Users\*****\AppData\Local\Temp\~convert4662644507391680170.exe
C:\Users\*****\AppData\Local\Temp\~convert5385746307805284974.exe
C:\Users\*****\AppData\Local\Temp\~convert5447643698699501366.exe
C:\Users\*****\AppData\Local\Temp\~convert6248421720152768299.exe
C:\Users\*****\AppData\Local\Temp\~convert7003483147854060770.exe
C:\Users\*****\AppData\Local\Temp\~convert7495889309273498126.exe
C:\Users\*****\AppData\Local\Temp\~convert8100649724065807693.exe
C:\Users\*****\AppData\Local\Temp\~convert8170032136072084689.exe
C:\Users\*****\AppData\Local\Temp\~convert818302282860499790.exe
C:\Users\*****\AppData\Local\Temp\~convert8447076207564456903.exe
C:\Users\*****\AppData\Local\Temp\~convert8627151247518695499.exe
C:\Users\*****\AppData\Local\Temp\~convert8691066825310743538.exe
C:\Users\*****\AppData\Local\Temp\~convert901516844038934599.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-09 07:35
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-15 08:59:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.CC44 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\*****\AppData\Local\Temp\kwdirpoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003801000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000380102f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!free 0000000076699894 5 bytes JMP 000000010a90d2d0
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!malloc 0000000076699cee 5 bytes JMP 000000010a90d230
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!??3@YAXPAX@Z 000000007669b0b9 5 bytes JMP 000000010a90d2d0
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!??2@YAPAXI@Z 000000007669b0c9 5 bytes JMP 000000010a90d480
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!realloc 000000007669b10d 5 bytes JMP 000000010a90d2b0
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!calloc 000000007669c456 5 bytes JMP 000000010a90d270
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_msize 000000007669f43b 5 bytes JMP 000000010a90d2e0
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_aligned_free 00000000766b5942 5 bytes JMP 000000010a90d2d0
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_aligned_malloc 00000000766c028d 5 bytes JMP 000000010a90d3c0
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_malloc 00000000766c02a9 5 bytes JMP 000000010a90d3e0
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 00000000766ebfd1 5 bytes JMP 000000010a90d500
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_realloc 00000000766ebfe1 5 bytes JMP 000000010a90d420
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_aligned_realloc 00000000766ec16b 5 bytes JMP 000000010a90d400
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_expand 00000000766ec18a 5 bytes JMP 000000010a90d3a0
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_heapadd 00000000766edd03 5 bytes JMP 000000010a90d550
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_heapchk 00000000766edd17 5 bytes JMP 000000010a90d560
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_heapset + 1 00000000766ede16 4 bytes {JMP 0xffffffff9421f76b}
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_heapmin 00000000766ede1f 5 bytes JMP 000000010a90d650
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_heapused 00000000766edf05 5 bytes JMP 000000010a90d620
.text C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_heapwalk 00000000766edf18 5 bytes JMP 000000010a90d590
.text C:\Windows\SysWOW64\dgdersvc.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Windows\SysWOW64\dgdersvc.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[4996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[4996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\kernel32.dll!FindResourceW 0000000076e65911 5 bytes JMP 0000000100440980
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\kernel32.dll!FindResourceA 0000000076e7e953 5 bytes JMP 0000000100440930
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\user32.DLL!LoadStringW 0000000076cf8eb9 5 bytes JMP 0000000100440fd0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\user32.DLL!LoadStringA 0000000076cfdb21 5 bytes JMP 0000000100441110
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\user32.DLL!LoadMenuW 0000000076d04391 5 bytes JMP 0000000100440b40
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\user32.DLL!LoadMenuA 0000000076d14eef 5 bytes JMP 0000000100440ad0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\user32.DLL!CreateDialogParamA 0000000076d15246 5 bytes JMP 00000001004409d0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\user32.DLL!CreateDialogParamW 0000000076d210dc 5 bytes JMP 0000000100440a50
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe[4756] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76]
.text C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe[4756] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe[6468] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000071121b41 2 bytes [12, 71]
.text C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe[6468] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000071121be8 2 bytes [12, 71]
.text C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe[6468] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000071121c20 2 bytes [12, 71]
.text C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe[6468] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000071121cd2 2 bytes [12, 71]
.text C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe[6468] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000071121cf2 2 bytes [12, 71]
.text C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe[7172] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000071121b41 2 bytes [12, 71]
.text C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe[7172] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000071121be8 2 bytes [12, 71]
.text C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe[7172] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000071121c20 2 bytes [12, 71]
.text C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe[7172] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000071121cd2 2 bytes [12, 71]
.text C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe[7172] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000071121cf2 2 bytes [12, 71]
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\*****\Desktop\acer-istallation-201012\Acronis\xa0True\xa0Image\xa0Home 11.0 Kauf hhhhh BU Daten\Acronis\Setup.exe 1
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.15.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 ***** :: *****-PC [Administrator] 15.01.2014 09:06:41 MBAM-Quickscan-log-2014-01-15 (09-20-02).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 310708 Laufzeit: 9 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 1W1G1U1K1O1H -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\$Recycle.Bin\S-1-5-21-1797653687-739084669-777346648-1001\$ROMGUCE.exe (PUP.Optional.RegCleanerPro) -> Keine Aktion durchgeführt. C:\$Recycle.Bin\S-1-5-21-1797653687-739084669-777346648-1001\$RWBRD16.zip (Backdoor.Agent.WRRGen) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\4wSV1AXm.exe.part (PUP.Optional.Somoto) -> Keine Aktion durchgeführt. C:\Users\*****\AppData\Local\Temp\JeCbx_5v.exe.part (PUP.Optional.SweetIM) -> Keine Aktion durchgeführt. (Ende) MBAM-Quickscan-log-2014-01-15 (09-20-02) - entferne Auswahl gewählt.txt Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.15.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 ***** :: *****-PC [Administrator] 15.01.2014 09:06:41 mbam-log-2014-01-15 (09-06-41).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 310708 Laufzeit: 9 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 1W1G1U1K1O1H -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\$Recycle.Bin\S-1-5-21-1797653687-739084669-777346648-1001\$ROMGUCE.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-21-1797653687-739084669-777346648-1001\$RWBRD16.zip (Backdoor.Agent.WRRGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\*****\AppData\Local\Temp\4wSV1AXm.exe.part (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\*****\AppData\Local\Temp\JeCbx_5v.exe.part (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
| Themen zu TR/Crypt.Xpack.41536 in der Outlook .pst |
| .com, adblock, backdoor.agent.wrrgen, computer, dvdvideosoft ltd., e-mail anhang, flash player, gmer.log, js/trojandownloader.agent.nsa, pup.optional.installcore.a, pup.optional.regcleanerpro, pup.optional.somoto, pup.optional.sweetim, richtlinie, security, sierra, software, spyware, svchost.exe, tr/crypt.xpack.41536, tr/crypt.zpack.gen2, worm/ntech.t |
Baum-Darstellung