| |
| |||||||
Log-Analyse und Auswertung: Laptop arbeitet sehr langsam; Warnhinweise vorhandenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.05.2014, 13:19
| #1 |
| |  Laptop arbeitet sehr langsam; Warnhinweise vorhanden Hallo, seit mehreren Tagen arbeitet mein Laptop sehr langsam, dh Programm werden mit erheblicher zeitlicher Verzögerung geöffnet, das Hochfahren des Laptops dauert ca. 8 Minuten und beim Anschließen einer externen Speicherkarte mit Bildern reagiert er gar nicht mehr. Seit gestern erhalte ich die Fehlermeldung:"windows hostprozess (Rundll32) funktioniert nicht mehr." Zudem ist der Windows Sicherheitscenter ausgeschaltet. Beim Klicken von der Taste "Einschalten" erscheint die Fehlermeldung:"Der Sicherheitscenterdienst konnte nicht gestartet werden." GDATA Internet Secuirity (Firewall + Wächter) erkennt keine Virenbefall. Windows Vista ich nutze überwiegend Firefox Veränderungen am System wurden von mir keine vorgenommen. Die Anleitungen habe ich durchgelesen und folgende logs erstellt: Schritt 1: Laufwerksemulationen abschalten mit Defogger Schritt 2: Systemscan mit FRST Schritt 3: Scan mit GMER Bei GMER erhielt ich folgende Fehlermeldung: "GMER1957.exe - kein Datenträger Es befindet sich kein Datenträger im Laufwerk. Legen sie ein Datenträger in Laufwerk \Device\Harddisk1\DR2 ein FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014
Ran by Andreas Wagner (administrator) on ANDREASWAGNER on 21-05-2014 11:16:24
Running from C:\Users\Andreas Wagner\Desktop
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\MyEPSON Connect\mepService.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\MyEPSON Connect\mep.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(G Data Software AG) C:\Program Files\Common Files\G DATA\AVKProxy\GDKBFltExe32.exe
() C:\Windows\tsnp2uvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Samsung Electronics.) C:\Program Files\Samsung Connection Manager\ModemPnPService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(G Data Software AG) C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\MOZILLA FIREFOX\firefox.exe
(Dropbox, Inc.) C:\Users\Andreas Wagner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files\MOZILLA FIREFOX\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [tsnp2uvc] => C:\Windows\tsnp2uvc.exe [233472 2008-08-28] ()
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13605408 2009-02-10] (NVIDIA Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1406024 2008-06-10] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Blackcomb] => C:\Program Files\Samsung Connection Manager\ModemPnPService.exe [131072 2011-02-11] (Samsung Electronics.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [GDFirewallTray] => C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files\g data\internetsecurity\avkkid\avkcks.exe,C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"
HKU\S-1-5-21-1340235693-356929383-2439854242-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1340235693-356929383-2439854242-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1340235693-356929383-2439854242-1000\...\Run: [DataMgr] => C:\Users\Andreas Wagner\AppData\Roaming\DataMgr\DataMgr.exe [168824 2013-07-21] (HTTO Group, Ltd.)
HKU\S-1-5-21-1340235693-356929383-2439854242-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILEE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1340235693-356929383-2439854242-1000\...\Run: [CPN Notifier] => C:\Program Files\Cake Poker 2.0\PokerNotifier.exe
HKU\S-1-5-21-1340235693-356929383-2439854242-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1340235693-356929383-2439854242-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1340235693-356929383-2439854242-1001\...\RunOnce: [SetScreenSaver] - C:\Windows\System32\oobe\info\SetScreenSaver.lnk [772 2008-07-20] ()
Startup: C:\Users\Andreas Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Andreas Wagner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA089FE85CE11CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Andreas Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\f5ru44qx.default-1395400580471
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Andreas Wagner\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Andreas Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\f5ru44qx.default-1395400580471\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-24]
FF Extension: PrivacyChoice TrackerBlock - C:\Users\Andreas Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\f5ru44qx.default-1395400580471\Extensions\trackerblock@privacychoice.org.xpi [2014-04-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\ffpwdman\
Chrome:
=======
CHR HomePage: hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21
CHR StartupUrls: "hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21"
CHR DefaultSearchKeyword: search_the_web
CHR DefaultSearchProvider: Search the web
CHR DefaultSearchURL: hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Andreas Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-19]
CHR Extension: (YouTube) - C:\Users\Andreas Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-19]
CHR Extension: (Google-Suche) - C:\Users\Andreas Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-19]
CHR Extension: (OfferMosquito) - C:\Users\Andreas Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk [2013-07-30]
CHR Extension: (Google Wallet) - C:\Users\Andreas Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-07]
CHR Extension: (Google Mail) - C:\Users\Andreas Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-19]
CHR HKCU\...\Chrome\Extension: [gbmdkmlcnbapgegninelmjbfibaghdmk] - C:\Users\Andreas Wagner\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx [2013-07-19]
========================== Services (Whitelisted) =================
R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2159472 2014-03-25] (G Data Software AG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
R2 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2409280 2014-01-30] (G Data Software AG)
R2 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [239968 2014-01-18] ()
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 MyEPSON Connect Service; C:\Program Files\EPSON\MyEPSON Connect\mepService.exe [703616 2012-10-01] (SEIKO EPSON CORPORATION)
R2 pgsql-8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2008-09-19] (PostgreSQL Global Development Group)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 resetWinService; C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [70656 2008-10-29] ()
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [247152 2009-02-25] ()
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-12-22] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin)
S3 C2XXCOM; C:\Windows\System32\DRIVERS\C2XXCOMV3.sys [38784 2010-08-09] (Samsung Electronics)
S3 C2xxUSB; C:\Windows\System32\DRIVERS\C2xxUSBV3.sys [36352 2010-11-04] (Samsung Electronics)
S3 C2xxUsbStorage; C:\Windows\System32\DRIVERS\C2xSTRV3.sys [6656 2010-06-10] (Samsung Electronics)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [44544 2014-04-04] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt32.sys [20736 2014-04-04] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [101504 2014-04-04] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [56832 2014-04-04] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2014-04-04] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2014-04-04] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [50176 2014-04-04] (G Data Software AG)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-12-22] ()
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [552448 2007-08-15] (Ralink Technology Corp.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799808 2008-12-29] ()
S3 WINIO; C:\Windows\system32\WinIo.sys [0 2009-09-03] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\ANDREA~1\AppData\Local\Temp\catchme.sys [X]
S3 Fadpu16E; \??\C:\Users\ADMINI~1\AppData\Local\Temp\Fadpu16E.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 uxddrv; \??\G:\uxddrv86.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-21 11:04 - 2014-05-21 11:16 - 00021771 _____ () C:\Users\Andreas Wagner\Desktop\FRST.txt
2014-05-21 11:02 - 2014-05-21 11:02 - 01056768 _____ (Farbar) C:\Users\Andreas Wagner\Desktop\FRST.exe
2014-05-21 11:00 - 2014-05-21 11:01 - 00000490 _____ () C:\Users\Andreas Wagner\Desktop\defogger_disable.log
2014-05-21 11:00 - 2014-05-21 11:00 - 00000000 _____ () C:\Users\Andreas Wagner\defogger_reenable
2014-05-21 10:58 - 2014-05-21 10:58 - 00050477 _____ () C:\Users\Andreas Wagner\Desktop\Defogger.exe
2014-05-19 16:41 - 2014-05-19 16:41 - 00000898 _____ () C:\Users\Andreas Wagner\Desktop\Win Cake.lnk
2014-05-19 16:41 - 2014-05-19 16:41 - 00000000 ____D () C:\Users\Andreas Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Win Cake
2014-05-17 16:21 - 2014-05-17 16:21 - 00000000 ____D () C:\Users\Andreas Wagner\Desktop\Sophia
2014-05-17 08:27 - 2014-05-17 08:29 - 00000344 _____ () C:\Users\Andreas Wagner\Documents\pgadmin.log
2014-05-16 07:35 - 2014-05-16 07:35 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 07:31 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 07:31 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 07:31 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 06:49 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 06:18 - 2014-05-17 16:33 - 00003980 _____ () C:\Windows\setupact.log
2014-05-15 06:18 - 2014-05-15 06:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-12 22:11 - 2014-05-12 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\partypoker
2014-05-10 10:21 - 2014-05-10 10:23 - 00000000 ____D () C:\Program Files\MOZILLA FIREFOX
2014-05-09 15:22 - 2014-05-09 16:30 - 00000000 ____D () C:\Users\Andreas Wagner\Top B
2014-05-09 15:21 - 2014-05-09 15:21 - 00000000 ____D () C:\Users\Andreas Wagner\Neuer Ordner
2014-05-06 15:17 - 2014-05-06 15:17 - 00001686 _____ () C:\Users\Andreas Wagner\Documents\cc_20140506_151651.reg
2014-05-01 16:22 - 2014-05-01 16:23 - 00009158 _____ () C:\Users\Andreas Wagner\Documents\Mai 2014.xlsx
2014-05-01 00:04 - 2014-05-01 00:04 - 00000774 _____ () C:\Users\Andreas Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ladbrokes Poker.lnk
2014-05-01 00:04 - 2014-05-01 00:04 - 00000744 _____ () C:\Users\Andreas Wagner\Desktop\Ladbrokes Poker.lnk
2014-05-01 00:03 - 2014-05-01 00:03 - 00457528 _____ (Playtech) C:\Users\Andreas Wagner\Downloads\PokerSetup_3f9ece.exe
2014-04-30 23:40 - 2014-04-30 23:40 - 00000792 _____ () C:\Users\Andreas Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betfair.com Poker.lnk
2014-04-30 23:40 - 2014-04-30 23:40 - 00000762 _____ () C:\Users\Andreas Wagner\Desktop\Betfair.com Poker.lnk
2014-04-30 23:38 - 2014-04-30 23:38 - 00286520 _____ (Playtech) C:\Users\Andreas Wagner\Downloads\SetupPoker_b8e1fb.exe
2014-04-30 22:58 - 2014-04-30 22:58 - 00501048 _____ (Playtech) C:\Users\Andreas Wagner\Downloads\SetupPoker_48c40.exe
2014-04-29 23:11 - 2014-04-29 23:11 - 00001663 _____ () C:\Users\Andreas Wagner\Desktop\Titan Poker.lnk
2014-04-29 23:09 - 2014-04-30 21:41 - 00000000 ____D () C:\Users\Andreas Wagner\AppData\Local\Titan Poker
2014-04-29 18:36 - 2014-04-29 18:41 - 00001814 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Betway Poker.lnk
2014-04-29 18:36 - 2014-04-29 18:41 - 00001808 _____ () C:\Users\Public\Desktop\Betway Poker.lnk
2014-04-29 18:36 - 2014-04-29 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Betway Poker
2014-04-29 18:34 - 2014-04-29 18:34 - 00983134 _____ () C:\Users\Andreas Wagner\Downloads\betwaypoker.exe
2014-04-29 11:57 - 2014-04-29 11:57 - 00000755 _____ () C:\Users\Andreas Wagner\Desktop\EverestPoker.com.lnk
2014-04-29 10:59 - 2014-04-29 11:00 - 00616760 _____ (Playtech) C:\Users\Andreas Wagner\Downloads\WinnerPSetup_73acf1.exe
2014-04-28 22:45 - 2014-04-28 22:45 - 00000728 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myBet Poker.lnk
2014-04-28 22:45 - 2014-04-28 22:45 - 00000716 _____ () C:\Users\Public\Desktop\myBet Poker.lnk
2014-04-28 22:43 - 2014-04-28 22:43 - 00271160 _____ (Playtech) C:\Users\Andreas Wagner\Downloads\SetupCasino_a21255.exe
2014-04-25 11:32 - 2014-04-25 11:32 - 00009324 _____ () C:\Users\Andreas Wagner\Documents\cc_20140425_113149.reg
2014-04-24 15:28 - 2014-04-29 11:51 - 00332128 _____ (Playtech) C:\Users\Andreas Wagner\Downloads\SetupPoker.exe
2014-04-24 12:18 - 2014-04-25 15:23 - 00012503 _____ () C:\Users\Andreas Wagner\Documents\Kaderförderung geändert.xlsx
2014-04-24 09:08 - 2014-04-24 12:17 - 00013910 _____ () C:\Users\Andreas Wagner\Documents\Kaderförderung.xlsx
==================== One Month Modified Files and Folders =======
2014-05-21 11:16 - 2014-05-21 11:04 - 00021771 _____ () C:\Users\Andreas Wagner\Desktop\FRST.txt
2014-05-21 11:16 - 2013-10-07 13:00 - 00000000 ____D () C:\FRST
2014-05-21 11:11 - 2014-02-26 09:11 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {1974A753-ABB1-427D-B6C8-1D09A1EB9BDD}.job
2014-05-21 11:11 - 2010-05-30 11:19 - 00000000 ____D () C:\Users\Andreas Wagner\AppData\Roaming\Skype
2014-05-21 11:10 - 2014-02-26 09:10 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {1974A753-ABB1-427D-B6C8-1D09A1EB9BDD}.job
2014-05-21 11:04 - 2014-02-26 12:04 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {F6506E58-0381-4259-B6C1-A7EF74CA41C9}.job
2014-05-21 11:04 - 2014-02-26 12:04 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {F6506E58-0381-4259-B6C1-A7EF74CA41C9}.job
2014-05-21 11:02 - 2014-05-21 11:02 - 01056768 _____ (Farbar) C:\Users\Andreas Wagner\Desktop\FRST.exe
2014-05-21 11:02 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-21 11:02 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-21 11:01 - 2014-05-21 11:00 - 00000490 _____ () C:\Users\Andreas Wagner\Desktop\defogger_disable.log
2014-05-21 11:00 - 2014-05-21 11:00 - 00000000 _____ () C:\Users\Andreas Wagner\defogger_reenable
2014-05-21 11:00 - 2009-06-27 20:35 - 00000000 ____D () C:\Users\Andreas Wagner
2014-05-21 10:58 - 2014-05-21 10:58 - 00050477 _____ () C:\Users\Andreas Wagner\Desktop\Defogger.exe
2014-05-21 10:58 - 2013-03-18 15:48 - 00000000 ____D () C:\Users\Andreas Wagner\AppData\Roaming\HoldemManager
2014-05-21 10:44 - 2012-10-07 10:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-21 10:21 - 2014-03-12 16:21 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {CADB9165-D1C7-46CC-93BF-A8A4DEB93ED3}.job
2014-05-21 10:20 - 2014-03-12 16:21 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {CADB9165-D1C7-46CC-93BF-A8A4DEB93ED3}.job
2014-05-21 09:13 - 2011-01-10 20:37 - 00000000 ____D () C:\Users\Andreas Wagner\AppData\Roaming\Microgaming
2014-05-21 09:10 - 2009-06-27 20:31 - 01172743 _____ () C:\Windows\WindowsUpdate.log
2014-05-21 08:59 - 2009-03-02 15:15 - 00131216 _____ () C:\ProgramData\nvModes.dat
2014-05-21 08:59 - 2009-03-02 15:15 - 00131216 _____ () C:\ProgramData\nvModes.001
2014-05-21 07:26 - 2014-02-04 22:46 - 00000000 ____D () C:\Users\Andreas Wagner\AppData\Roaming\Dropbox
2014-05-21 07:25 - 2014-02-04 22:52 - 00000000 ___RD () C:\Users\Andreas Wagner\Dropbox
2014-05-21 07:02 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-20 23:01 - 2006-11-02 15:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-20 22:14 - 2010-09-22 22:32 - 00000000 ____D () C:\Users\Andreas Wagner\dwhelper
2014-05-20 14:29 - 2012-11-13 23:48 - 00000000 ____D () C:\Users\Andreas Wagner\AppData\Local\PokerStars.EU
2014-05-20 14:29 - 2012-08-14 20:56 - 02727271 _____ () C:\blitzerr.txt
2014-05-19 16:41 - 2014-05-19 16:41 - 00000898 _____ () C:\Users\Andreas Wagner\Desktop\Win Cake.lnk
2014-05-19 16:41 - 2014-05-19 16:41 - 00000000 ____D () C:\Users\Andreas Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Win Cake
2014-05-19 16:41 - 2012-11-13 09:38 - 00000000 ____D () C:\Program Files\Cake Poker 2.0
2014-05-17 23:48 - 2013-03-18 17:24 - 00015800 _____ () C:\speederr.txt
2014-05-17 16:33 - 2014-05-15 06:18 - 00003980 _____ () C:\Windows\setupact.log
2014-05-17 16:21 - 2014-05-17 16:21 - 00000000 ____D () C:\Users\Andreas Wagner\Desktop\Sophia
2014-05-17 08:29 - 2014-05-17 08:27 - 00000344 _____ () C:\Users\Andreas Wagner\Documents\pgadmin.log
2014-05-16 09:11 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 07:46 - 2009-02-26 21:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 07:45 - 2014-01-16 09:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 07:37 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-16 07:35 - 2014-05-16 07:35 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 17:24 - 2011-11-24 23:01 - 00000000 ____D () C:\Users\Andreas Wagner\Documents\LuckyAcePoker
2014-05-15 06:30 - 2014-02-04 22:52 - 00001003 _____ () C:\Users\Andreas Wagner\Desktop\Dropbox.lnk
2014-05-15 06:30 - 2014-02-04 22:49 - 00000000 ____D () C:\Users\Andreas Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-15 06:18 - 2014-05-15 06:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-14 08:46 - 2012-07-16 21:51 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 08:46 - 2011-10-07 08:55 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 14:55 - 2013-02-25 22:56 - 00000000 ____D () C:\Users\Andreas Wagner\AppData\Local\FullTiltPoker.eu
2014-05-13 14:31 - 2013-07-17 22:55 - 02120848 _____ () C:\rusherr.txt
2014-05-13 14:31 - 2013-02-25 22:53 - 00000000 ____D () C:\Program Files\Full Tilt Poker.Eu
2014-05-12 22:11 - 2014-05-12 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\partypoker
2014-05-12 22:11 - 2014-04-15 18:50 - 00001485 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\partypoker.lnk
2014-05-12 22:11 - 2014-04-15 18:50 - 00001479 _____ () C:\Users\Andreas Wagner\Desktop\partypoker.lnk
2014-05-12 22:11 - 2006-11-02 14:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-11 18:34 - 2012-08-16 11:22 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-10 10:23 - 2014-05-10 10:21 - 00000000 ____D () C:\Program Files\MOZILLA FIREFOX
2014-05-09 16:30 - 2014-05-09 15:22 - 00000000 ____D () C:\Users\Andreas Wagner\Top B
2014-05-09 15:21 - 2014-05-09 15:21 - 00000000 ____D () C:\Users\Andreas Wagner\Neuer Ordner
2014-05-07 20:14 - 2012-11-19 22:24 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-07 20:14 - 2012-11-19 22:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-07 08:54 - 2014-01-07 01:24 - 00000930 _____ () C:\Users\Public\Desktop\HoldemManager2.lnk
2014-05-07 08:54 - 2013-03-18 15:43 - 00000000 ____D () C:\Program Files\Holdem Manager 2
2014-05-06 18:32 - 2012-10-01 10:14 - 02437984 _____ () C:\Users\Andreas Wagner\Documents\Poker Konten11.xlsx
2014-05-06 15:17 - 2014-05-06 15:17 - 00001686 _____ () C:\Users\Andreas Wagner\Documents\cc_20140506_151651.reg
2014-05-06 01:32 - 2014-05-16 07:31 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 01:14 - 2014-05-16 07:31 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 01:14 - 2014-05-16 07:31 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-01 16:23 - 2014-05-01 16:22 - 00009158 _____ () C:\Users\Andreas Wagner\Documents\Mai 2014.xlsx
2014-05-01 00:04 - 2014-05-01 00:04 - 00000774 _____ () C:\Users\Andreas Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ladbrokes Poker.lnk
2014-05-01 00:04 - 2014-05-01 00:04 - 00000744 _____ () C:\Users\Andreas Wagner\Desktop\Ladbrokes Poker.lnk
2014-05-01 00:04 - 2009-06-27 22:13 - 00000000 ____D () C:\Poker
2014-05-01 00:03 - 2014-05-01 00:03 - 00457528 _____ (Playtech) C:\Users\Andreas Wagner\Downloads\PokerSetup_3f9ece.exe
2014-04-30 23:40 - 2014-04-30 23:40 - 00000792 _____ () C:\Users\Andreas Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betfair.com Poker.lnk
2014-04-30 23:40 - 2014-04-30 23:40 - 00000762 _____ () C:\Users\Andreas Wagner\Desktop\Betfair.com Poker.lnk
2014-04-30 23:38 - 2014-04-30 23:38 - 00286520 _____ (Playtech) C:\Users\Andreas Wagner\Downloads\SetupPoker_b8e1fb.exe
2014-04-30 23:23 - 2011-08-21 10:39 - 00000760 _____ () C:\Users\Andreas Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betfred Poker.lnk
2014-04-30 23:23 - 2011-08-21 10:39 - 00000730 _____ () C:\Users\Andreas Wagner\Desktop\Betfred Poker.lnk
2014-04-30 23:17 - 2013-07-18 10:55 - 00289080 _____ (Playtech) C:\Users\Andreas Wagner\Downloads\SetupPoker_25ed.exe
2014-04-30 23:00 - 2013-11-06 01:06 - 00000795 _____ () C:\Users\Andreas Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\William Hill Poker.lnk
2014-04-30 23:00 - 2013-11-06 01:06 - 00000765 _____ () C:\Users\Andreas Wagner\Desktop\William Hill Poker.lnk
2014-04-30 22:58 - 2014-04-30 22:58 - 00501048 _____ (Playtech) C:\Users\Andreas Wagner\Downloads\SetupPoker_48c40.exe
2014-04-30 21:41 - 2014-04-29 23:09 - 00000000 ____D () C:\Users\Andreas Wagner\AppData\Local\Titan Poker
2014-04-29 23:11 - 2014-04-29 23:11 - 00001663 _____ () C:\Users\Andreas Wagner\Desktop\Titan Poker.lnk
2014-04-29 23:11 - 2012-08-31 08:14 - 00001665 _____ () C:\Users\Andreas Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Titan Poker.lnk
2014-04-29 19:30 - 2010-09-20 08:07 - 00000000 ____D () C:\Users\Andreas Wagner\AppData\Roaming\vlc
2014-04-29 18:41 - 2014-04-29 18:36 - 00001814 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Betway Poker.lnk
2014-04-29 18:41 - 2014-04-29 18:36 - 00001808 _____ () C:\Users\Public\Desktop\Betway Poker.lnk
2014-04-29 18:41 - 2014-04-29 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Betway Poker
2014-04-29 18:34 - 2014-04-29 18:34 - 00983134 _____ () C:\Users\Andreas Wagner\Downloads\betwaypoker.exe
2014-04-29 11:57 - 2014-04-29 11:57 - 00000755 _____ () C:\Users\Andreas Wagner\Desktop\EverestPoker.com.lnk
2014-04-29 11:57 - 2013-11-28 17:26 - 00000785 _____ () C:\Users\Andreas Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EverestPoker.com.lnk
2014-04-29 11:51 - 2014-04-24 15:28 - 00332128 _____ (Playtech) C:\Users\Andreas Wagner\Downloads\SetupPoker.exe
2014-04-29 11:04 - 2012-09-02 12:27 - 00000753 _____ () C:\Users\Andreas Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winner Poker.lnk
2014-04-29 11:04 - 2012-09-02 12:27 - 00000723 _____ () C:\Users\Andreas Wagner\Desktop\Winner Poker.lnk
2014-04-29 11:00 - 2014-04-29 10:59 - 00616760 _____ (Playtech) C:\Users\Andreas Wagner\Downloads\WinnerPSetup_73acf1.exe
2014-04-28 22:55 - 2013-12-05 22:41 - 00002353 _____ () C:\Users\Andreas Wagner\AppData\Roaming\fotobuch.xml
2014-04-28 22:53 - 2013-12-05 22:32 - 00549384 _____ () C:\Users\Andreas Wagner\AppData\Roaming\fotobuch-tcache.xml
2014-04-28 22:45 - 2014-04-28 22:45 - 00000728 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myBet Poker.lnk
2014-04-28 22:45 - 2014-04-28 22:45 - 00000716 _____ () C:\Users\Public\Desktop\myBet Poker.lnk
2014-04-28 22:43 - 2014-04-28 22:43 - 00271160 _____ (Playtech) C:\Users\Andreas Wagner\Downloads\SetupCasino_a21255.exe
2014-04-28 14:27 - 2014-02-04 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2014-04-28 13:03 - 2014-02-06 13:59 - 00111551 _____ () C:\Users\Andreas Wagner\Documents\Reisekosten RHH 2014 I.xlsx
2014-04-25 15:23 - 2014-04-24 12:18 - 00012503 _____ () C:\Users\Andreas Wagner\Documents\Kaderförderung geändert.xlsx
2014-04-25 11:32 - 2014-04-25 11:32 - 00009324 _____ () C:\Users\Andreas Wagner\Documents\cc_20140425_113149.reg
2014-04-25 10:36 - 2014-02-15 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poker Heaven by Microgaming
2014-04-25 10:36 - 2012-11-22 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedKings Poker
2014-04-25 10:36 - 2012-08-21 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heypoker
2014-04-24 15:31 - 2013-07-06 10:28 - 00000732 _____ () C:\Users\Andreas Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Poker 770.lnk
2014-04-24 15:31 - 2013-07-06 10:28 - 00000702 _____ () C:\Users\Andreas Wagner\Desktop\Poker 770.lnk
2014-04-24 12:17 - 2014-04-24 09:08 - 00013910 _____ () C:\Users\Andreas Wagner\Documents\Kaderförderung.xlsx
2014-04-24 08:59 - 2010-03-15 12:04 - 00000000 ____D () C:\Users\Andreas Wagner\AppData\Local\Microsoft Help
2014-04-23 08:20 - 2009-06-30 12:49 - 00000000 ____D () C:\Users\Andreas Wagner\AppData\Local\Adobe
2014-04-22 15:18 - 2013-04-01 08:24 - 00000746 _____ () C:\Users\Andreas Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coral Poker.lnk
2014-04-22 15:18 - 2013-04-01 08:24 - 00000716 _____ () C:\Users\Andreas Wagner\Desktop\Coral Poker.lnk
Some content of TEMP:
====================
C:\Users\Andreas Wagner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphgfkms.dll
C:\Users\Andreas Wagner\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-20 18:27
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-05-2014
Ran by Andreas Wagner at 2014-05-21 11:17:32
Running from C:\Users\Andreas Wagner\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
==================== Installed Programs ======================
24hPoker (HKLM\...\1180-6883-2514-0226-24hPoker-PROD) (Version: 54.0.31226-30520-7 - IGT Interactive AB)
24hPoker (HKLM\...\24hPoker (Poker)) (Version: 16.6.2.11243 - )
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
888poker (HKLM\...\888poker) (Version: - )
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.7.0.1860 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Badaboom 1.1.1.194 (HKLM\...\Badaboom) (Version: 1.1.1.194 - Elemental Technologies)
Betfair.com Poker (HKCU\...\Betfair.com Poker) (Version: - )
Betfred Poker (HKCU\...\Betfred Poker) (Version: - )
BetMost Poker (HKCU\...\BetMost Poker) (Version: - )
Betway Poker (HKLM\...\Betwaypoker (Poker)) (Version: 16.6.2.11243 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
bwin Poker (HKLM\...\bwincomPoker) (Version: - bwincom)
Cake Poker 2.0 (HKLM\...\Cake Poker 2.0) (Version: 2.0.1.6506 - Cake Poker N.V.)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.0.9 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM\...\CameraWindowMC) (Version: 6.3.0.8 - )
Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - )
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.3.1.5 - )
Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.5.1.4 - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 2.4.0.14 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 2.6.0.13 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.0.8 - )
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.19.43 - )
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 5.8.0.74 - )
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Comeon Poker 2.0 (HKLM\...\Comeon Poker 2.0) (Version: 2.0.1.6587 - Comeon Poker)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coral Poker (HKCU\...\Coral Poker) (Version: - )
Corel MediaOne (HKLM\...\{A062A15F-9CAC-4B88-98DF-87628A0BD721}) (Version: 2.00.0000 - Corel Corporation)
CorelDRAW Essential Edition 3 (Version: 3.0 - Corel Corporation) Hidden
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.2325 - CyberLink Corp.)
CyberLink MediaShow (Version: 4.1.2325 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.5615 - CyberLink Corp.)
CyberLink PhotoNow (Version: 1.1.5615 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2625 - CyberLink Corp.)
CyberLink PowerDirector (Version: 7.0.2625 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2606a - CyberLink Corp.)
CyberLink PowerDVD 8 (Version: 8.0.2606a - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1412 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0.1.1412 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2521 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.2521 - CyberLink Corp.) Hidden
DE (Version: 3.0 - Corel Corporation) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-412 413 415 Series Printer Uninstall (HKLM\...\EPSON XP-412 413 415 Series) (Version: - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.0.1.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden
EverestPoker.com (HKCU\...\EverestPoker.com) (Version: - )
fotokasten comfort (HKLM\...\FKC22153088_is1) (Version: - )
Full Tilt Poker.Eu (HKLM\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 4.55.4.WIN.FullTilt.EU - )
FUSSBALL MANAGER 06 (HKLM\...\{DFB5612F-AF7E-4CB3-00AB-3C0CD2520B29}) (Version: - )
G Data InternetSecurity (HKLM\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG)
Gala Casino Poker (HKCU\...\Gala Casino Poker) (Version: - )
GKFX FX - CFDs (HKLM\...\GKFX FX - CFDs) (Version: 4.00 - MetaQuotes Software Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Hama Wireless LAN Adapter (HKLM\...\{E91E8912-769D-42F0-8408-0E329443BABC}) (Version: 1.00.0000 - Hama)
HM Cloud HUD (HKLM\...\HM Cloud HUD) (Version: - )
Holdem Manager (HKLM\...\{42DE940E-8037-4266-9FBF-5A3AEDA39E96}) (Version: 1.07 - RVG Software)
Holdem Manager (HKLM\...\HoldemManager) (Version: - )
Holdem Manager 2 (HKLM\...\HoldemManager2) (Version: - )
HoldemResources Calculator (HKLM\...\HoldemResources Calculator) (Version: release - HoldemResources)
InterPoker 1.0.0 (HKLM\...\InterPoker_is1) (Version: 1.0.0 - Interpoker)
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM\...\7289-1030-5602-7421) (Version: 0.9 - AppWork GmbH)
join.me (HKCU\...\JoinMe) (Version: 1.9.0.133 - LogMeIn, Inc.)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
KeePass Password Safe 1.23 (HKLM\...\KeePass Password Safe_is1) (Version: 1.23 - Dominik Reichl)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Ladbrokes Poker (HKCU\...\Ladbrokes Poker) (Version: - )
Ladbrokes Poker (HKLM\...\ladbrokes (Poker)) (Version: 16.3.2.9976 - )
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
LuckyAcePoker.com (HKLM\...\LuckyAcePoker.com) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 6.3 (HKLM\...\{66A9D30D-1464-4C7F-B2F3-507DADAF2595}) (Version: 6.30.191.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2007 (HKLM\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 21.005.15.02.382 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
my moments (HKCU\...\mymoments) (Version: 2.6.5.0 - my moments Fotobuch Verlag GmbH & Co. KG)
myBet Poker (HKLM\...\myBet Poker) (Version: - )
MyEPSON Portal (HKLM\...\MyEPSON Connect) (Version: - SEIKO EPSON Corporation)
MyEPSON Portal (Version: 1.0.4.0 - SEIKO EPSON CORPORATION) Hidden
Nero 8 Essentials (HKLM\...\{47948554-90C6-4AAC-8CFA-D23CE11C1031}) (Version: 8.3.124 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
Paf Spade Poker 1.0.0 (HKLM\...\Paf Spade Poker_is1) (Version: 1.0.0 - Paf)
partypoker (HKLM\...\PartyPoker) (Version: - PartyGaming)
pgAdmin III 1.10 (HKLM\...\{30DE52AF-3186-4396-883B-E3AFC7E522BB}) (Version: 1.10 - The pgAdmin Development Team)
PKR (HKLM\...\PKR) (Version: - PKR Ltd)
Poker (HKCU\...\Poker) (Version: - )
Poker 770 (HKCU\...\Poker 770) (Version: - )
Poker Heaven (HKLM\...\Poker Heaven) (Version: - )
Poker Heaven by Microgaming (HKLM\...\pokerheaven (Poker)) (Version: 16.6.2.11243 - )
PokerHeaven by Ongame 1.0.0 (HKLM\...\PokerHeaven by Ongame_is1) (Version: 1.0.0 - Heaven Bet)
PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)
PokerStars.fr (HKLM\...\PokerStars.fr) (Version: - PokerStars.fr)
PokerStrategy.com Equilab (HKLM\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PokerTracker 4 (remove only) (HKLM\...\PokerTracker4) (Version: - )
PostgreSQL 8.3 (HKLM\...\{B823632F-3B72-4514-8861-B961CE263224}) (Version: 8.3 - PostgreSQL Global Development Group)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5730 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20111 - Realtek Semiconductor Corp.)
Redmark Vereinsverwaltung easy (HKLM\...\{06A75F9F-BB8B-4548-93F8-621A183536D2}) (Version: 8.0 - Ihr Firmenname)
Samsung Connection Manager (HKLM\...\{F3F95061-0427-4386-AB03-1556CBE52927}) (Version: 112 - Samsung Electronics)
SENSUS MT4 Client Terminal (HKLM\...\SENSUS MT4 Client Terminal) (Version: 4.00 - MetaQuotes Software Corp.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartFTP Client (HKLM\...\{D48175EA-1AA1-436C-B0AC-BC36CB6FE9FA}) (Version: 4.1.1321.0 - SmartSoft Ltd.)
Software Updater (HKLM\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
StarMoney (Version: 1.0 - StarFinanz) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.16447 - TeamViewer)
Titan Poker (HKCU\...\Titan Poker) (Version: - )
Unibet (HKLM\...\unibetpoker (Poker)) (Version: 16.6.2.11243 - )
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
USB Video Device (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.51000.200_WHQL - Sonix)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
William Hill Poker (HKCU\...\William Hill Poker) (Version: - )
Win Cake (HKLM\...\Win Cake) (Version: 2.0.1.7462 - Cake Entertainment N.V.)
Windows Live Anmelde-Assistent (HKLM\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Winner Poker (HKCU\...\winnerpoker) (Version: - )
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
WPT Poker (HKLM\...\WPTPoker) (Version: - WPT)
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2006-11-02 12:23 - 2013-10-08 16:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0A6798D4-9AA2-4276-9EC5-9E326A7D95DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {1C51E2C6-42A7-4F44-B61B-A59329087C8F} - System32\Tasks\{C5DA12E5-BDA2-4A49-9374-B15DC81F84F6} => Firefox.exe hxxp://ui.skype.com/ui/0/5.3.0.111.217/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1E05D7F5-5D2B-4E57-B247-11FE620505BA} - System32\Tasks\{F49FD84B-8610-4C34-99CF-1D17EC9B25FC} => Firefox.exe hxxp://ui.skype.com/ui/0/5.3.0.111.217/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {1F6323AC-502E-413A-8FE1-BCF9B8898DE5} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {333A1D92-0F60-45DF-82A3-F8CEE41CA1C0} - System32\Tasks\EPSON XP-412 413 415 Series Update {CADB9165-D1C7-46CC-93BF-A8A4DEB93ED3} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3F8BEF76-D230-469C-BE3F-9C95BB224114} - System32\Tasks\EPSON XP-412 413 415 Series Invitation {1974A753-ABB1-427D-B6C8-1D09A1EB9BDD} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4B6A5E64-650F-46A9-B963-17F7B2E9D8A3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {565DA20E-2649-4709-BAEF-AAD3F2D74376} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-19] (Google Inc.)
Task: {5DCC4E13-F343-4E75-BD83-62684ACE28E7} - System32\Tasks\EPSON XP-412 413 415 Series Update {1974A753-ABB1-427D-B6C8-1D09A1EB9BDD} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {5E362009-664B-4BBC-87D5-77B07297D0BC} - System32\Tasks\{ECDCB764-0038-4EE4-8CC3-E7DE5604C198} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {687F1C5C-B797-4256-8351-5AAB8CAC6B69} - System32\Tasks\EPSON XP-412 413 415 Series Invitation {F6506E58-0381-4259-B6C1-A7EF74CA41C9} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {861C78C5-3712-4FFC-BF95-D742A81DF44A} - System32\Tasks\EPSON XP-412 413 415 Series Update {F6506E58-0381-4259-B6C1-A7EF74CA41C9} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {A3EB9CB5-4D36-492D-85AF-4015136DB9D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A8E398C2-8F99-457D-8A1B-C0430325A176} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-19] (Google Inc.)
Task: {E495A3B7-53AF-48D7-B366-8801021932BC} - System32\Tasks\EPSON XP-412 413 415 Series Invitation {CADB9165-D1C7-46CC-93BF-A8A4DEB93ED3} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EA2C60FF-7B09-4697-BB92-BE9F118F8C4D} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2008-06-10] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {1974A753-ABB1-427D-B6C8-1D09A1EB9BDD}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLEE.EXE
Task: C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {CADB9165-D1C7-46CC-93BF-A8A4DEB93ED3}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLEE.EXE
Task: C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {F6506E58-0381-4259-B6C1-A7EF74CA41C9}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLEE.EXE
Task: C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {1974A753-ABB1-427D-B6C8-1D09A1EB9BDD}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLEE.EXE
Task: C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {CADB9165-D1C7-46CC-93BF-A8A4DEB93ED3}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLEE.EXE
Task: C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {F6506E58-0381-4259-B6C1-A7EF74CA41C9}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLEE.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-14 17:27 - 2011-03-14 17:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2014-01-18 16:51 - 2014-01-18 16:48 - 00239968 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2014-01-18 16:51 - 2014-01-18 16:48 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-01-18 16:51 - 2014-01-18 16:48 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-01-18 16:51 - 2014-01-18 16:48 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-01-18 16:51 - 2014-01-18 16:48 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-01-18 16:51 - 2014-01-18 16:48 - 00383488 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-01-18 16:51 - 2014-01-18 16:48 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2008-09-19 03:03 - 2008-09-19 03:03 - 00167936 _____ () C:\Program Files\PostgreSQL\8.3\bin\LIBPQ.dll
2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2009-02-26 21:03 - 2008-10-29 17:20 - 00070656 _____ () C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
2006-11-06 18:18 - 2006-11-06 18:18 - 00963584 _____ () C:\Program Files\PostgreSQL\8.3\bin\libxml2.dll
2005-07-20 06:48 - 2005-07-20 06:48 - 00059904 _____ () C:\Program Files\PostgreSQL\8.3\bin\zlib1.dll
2008-02-04 22:43 - 2008-02-04 22:43 - 00027136 _____ () C:\Program Files\PostgreSQL\8.3\lib\plugins\plugin_debugger.dll
2009-03-04 07:36 - 2009-02-25 10:13 - 00247152 _____ () C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2013-12-19 04:42 - 2013-12-19 04:42 - 00287864 ____N () C:\Program Files\Common Files\G Data\AVKProxy\PktIcpt2.dll
2010-04-30 15:57 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2009-12-13 19:34 - 2009-12-13 19:34 - 00043520 _____ () C:\Windows\system32\CmdLineExt03.dll
2009-02-27 19:17 - 2008-08-28 16:03 - 00233472 _____ () C:\Windows\tsnp2uvc.exe
2014-05-10 10:23 - 2014-05-10 10:23 - 03839088 _____ () C:\PROGRAM FILES\MOZILLA FIREFOX\mozjs.dll
2014-05-21 07:17 - 2014-05-21 07:17 - 00041984 _____ () C:\Users\Andreas Wagner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphgfkms.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Andreas Wagner\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-14 08:46 - 2014-05-14 08:46 - 16361136 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Program Files\Cake Poker 2.0:MID
AlternateDataStreams: C:\Users\Andreas Wagner\Downloads\7961_Hm2AutoUpdate.exe:BDU
AlternateDataStreams: C:\Users\Andreas Wagner\Downloads\avg_isct_x86_all_2014_4259a6848_huawei.exe:BDU
AlternateDataStreams: C:\Users\Andreas Wagner\Downloads\BitDefenderQS_EN.exe:BDU
AlternateDataStreams: C:\Users\Andreas Wagner\Downloads\BitDefender_Uninstall_Tool.exe:BDU
AlternateDataStreams: C:\Users\Andreas Wagner\Downloads\ccsetup409.exe:BDU
AlternateDataStreams: C:\Users\Andreas Wagner\Downloads\Dropbox 2.6.2.exe:BDU
AlternateDataStreams: C:\Users\Andreas Wagner\Downloads\ECPS1_1_1.exe:BDU
AlternateDataStreams: C:\Users\Andreas Wagner\Downloads\gkfx4setup.exe:BDU
AlternateDataStreams: C:\Users\Andreas Wagner\Downloads\iTunesSetup.exe:BDU
AlternateDataStreams: C:\Users\Andreas Wagner\Downloads\PokerHeaven(1).exe:BDU
AlternateDataStreams: C:\Users\Andreas Wagner\Downloads\The_New_Bitdefender_UninstallTool.exe:BDU
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hama Wireless LAN Utility.lnk => C:\Windows\pss\Hama Wireless LAN Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk => C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Andreas Wagner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Andreas Wagner\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Bitdefender-Geldbörse-Agent => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
MSCONFIG\startupreg: Bitdefender-Geldbörse-Anwendungs-Agent => "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"
MSCONFIG\startupreg: DU Meter => C:\Program Files\DU Meter\DUMeter.exe
MSCONFIG\startupreg: MDS_Menu => "C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: PDVD8LanguageShortcut => "C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SSync => "C:\Users\Andreas Wagner\AppData\Roaming\SSync\SSync.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/21/2014 07:28:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15616
Error: (05/21/2014 07:28:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15616
Error: (05/21/2014 07:28:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/21/2014 07:28:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14618
Error: (05/21/2014 07:28:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14618
Error: (05/21/2014 07:28:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/21/2014 07:28:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13604
Error: (05/21/2014 07:28:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13604
Error: (05/21/2014 07:28:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/21/2014 07:28:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12481
System errors:
=============
Error: (05/21/2014 09:07:48 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse 0022FA04C192 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (05/20/2014 08:58:34 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 20.05.2014 um 08:56:48 unerwartet heruntergefahren.
Error: (05/20/2014 08:53:17 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse 0022FA04C192 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (05/20/2014 00:03:40 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053GDFwSvc-Service{1DED95CA-C567-464A-B405-087EDDF0B095}
Error: (05/19/2014 06:52:13 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse 0022FA04C192 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (05/18/2014 07:26:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 18.05.2014 um 19:24:19 unerwartet heruntergefahren.
Error: (05/18/2014 07:01:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {BCB3CC02-761B-4C74-8B04-891A31034D19}
Error: (05/18/2014 06:58:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 18.05.2014 um 18:56:29 unerwartet heruntergefahren.
Error: (05/18/2014 06:07:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {BCB3CC02-761B-4C74-8B04-891A31034D19}
Error: (05/18/2014 06:51:05 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {BCB3CC02-761B-4C74-8B04-891A31034D19}
Microsoft Office Sessions:
=========================
Error: (07/11/2013 03:55:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 63 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/10/2013 09:25:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 38 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/10/2013 09:24:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35 seconds with 0 seconds of active time. This session ended with a crash.
Error: (05/24/2013 10:38:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 38 seconds with 0 seconds of active time. This session ended with a crash.
Error: (05/24/2013 09:22:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17 seconds with 0 seconds of active time. This session ended with a crash.
Error: (05/24/2013 09:22:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash.
Error: (05/24/2013 09:21:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 40 seconds with 0 seconds of active time. This session ended with a crash.
Error: (05/24/2013 09:20:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 31 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/21/2013 00:21:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 79 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/21/2013 10:22:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 41 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-05-21 11:16:37.742
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-21 11:16:37.292
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-21 11:16:36.852
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-21 11:16:36.419
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-21 11:15:38.195
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-21 11:15:37.756
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-21 11:15:37.338
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-21 11:15:36.923
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-21 11:06:17.557
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-21 11:06:17.126
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 48%
Total physical RAM: 3065.95 MB
Available physical RAM: 1567.96 MB
Total Pagefile: 6334.17 MB
Available Pagefile: 3077.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.54 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:440.37 GB) (Free:60.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:25.38 GB) (Free:10.76 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 806E6361)
Partition 1: (Active) - (Size=440 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=25 GB) - (Type=0C)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-21 12:20:52
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 Hitachi_HTS545050B9A300 rev.PB4OC60G 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\ANDREA~1\AppData\Local\Temp\uwtorkob.sys
---- System - GMER 2.1 ----
INT 0x61 ? 90212050
INT 0x71 ? 902122D0
INT 0x82 ? 90212CD0
INT 0xA2 ? 902127D0
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F20C320, 0x3EEAF7, 0xE8000020]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA7C68300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA7CAB300, 0x1BEE, 0xE8000020]
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Devices\00-00-00-00-00-00@IsControlPoint 1
---- EOF - GMER 2.1 ----
Viele Grüße Geändert von SophiaMama (21.05.2014 um 13:31 Uhr) |
|
21.05.2014, 15:16
| #2 |
| /// the machine /// TB-Ausbilder    | Laptop arbeitet sehr langsam; Warnhinweise vorhanden hi,
__________________Scan mit Combofix
__________________ |
|
| Themen zu Laptop arbeitet sehr langsam; Warnhinweise vorhanden |
| association, bonjour, calculator, ccsetup, email, error, excel, fehlermeldung, flash player, ftp, home, homepage, internet, langsam, launch, mozilla, programm, prozess, realtek, registry, rundll, security, server, services.exe, software, svchost.exe, system, usb, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
