| |
| |||||||
Log-Analyse und Auswertung: Werbefenster, Umleitung von Webseitenaufrufen bzw. win64/adware.adpeak.c nach Klick auf E-Mail-AttachmentWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.06.2014, 15:36
| #1 |
| |  Werbefenster, Umleitung von Webseitenaufrufen bzw. win64/adware.adpeak.c nach Klick auf E-Mail-Attachment Liebe Helfer, nachdem meine Mutter vor einigen Tagen unvorsichtigerweise einen dubiosen E-Mail-Anhang ausgeführt hat, geschah folgendes: * Werbefenster auf dem Desktop * Umleitung von Webseitenaufrufen auf merkwürdige andere Webseiten * ständiges Blinken des Mauscursors Sie hat daraufhin mit NOD32 das System geprüft. Gefunden wurden einige Bedorhungen vom Typ "win64/adware.adpeak.c". Diese hat sie bereinigen lassen. Ich habe daraufhin den Rechner mit einer aktuellen Version Desinfect (Zeitschrift c't) gescannt. Ergebnis: 0 Infektionen erkannt. Alsdann habe ich anhand eures Leitfadens 1. Defogger eingesetzt 2. Einen Systemscan mit FRST gemacht (Logfiles unten) 3. Einen Scan mit GMER druchgeführt. Dies hat allerdings nur im abgesichertenModus funktioniert (Logfiles ebenfalls unten) Vielen Dank im voraus für eure Hilfe! Hier die Logfiles: FRST.txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01
Ran by ***** (administrator) on AKOYA on 22-06-2014 15:12:17
Running from D:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Security Updates Service\winupdsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\SmartCam\SmartCam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(HexaD) C:\Program Files\Duplicati\Duplicati.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(AVM Berlin) C:\Users\*****\AppData\Local\Apps\2.0\VCDQLPJD.X1E\40ZYLAAO.KE1\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10358784 2011-11-15] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [4081008 2012-03-07] (ESET)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2011-08-06] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2011-08-06] (Wistron Corp.)
HKLM-x32\...\Run: [LMgrOSD] => "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe"
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [447016 2011-08-13] (Wistron Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [TP-LINK USB Printer Controller] => C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe [4226048 2012-09-21] ()
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1217699553-3716128148-941317649-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-1217699553-3716128148-941317649-1001\...\Run: [AVMUSBFernanschluss] => C:\Users\*****\AppData\Local\Apps\2.0\VCDQLPJD.X1E\40ZYLAAO.KE1\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2013-12-31] (AVM Berlin)
HKU\S-1-5-21-1217699553-3716128148-941317649-1001\...\MountPoints2: {66a262ce-e026-11e3-a3e9-bc7737209edb} - D:\AutoRun.exe
HKU\S-1-5-21-1217699553-3716128148-941317649-1001\...\MountPoints2: {66a262d9-e026-11e3-a3e9-bc7737209edb} - D:\AutoRun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-03-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-03-11] (NVIDIA Corporation)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Duplicati.lnk
ShortcutTarget: Duplicati.lnk -> C:\Program Files\Duplicati\Duplicati.exe (HexaD)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: EZ YouTube Video Downloader 1.0 - {FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A} - C:\Program Files (x86)\EZ YouTube Video Downloader\yvd.dll (XtensionPlus)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {336C9D79-263A-4D75-AA7C-60DAF945AE67} hxxp://192.168.78.79/classes/OvisLinkCamV_H264.cab
DPF: HKLM-x32 {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} hxxp://192.168.79.77/RtspVaPgDec.cab
DPF: HKLM-x32 {62415890-4985-0825-2508-23487C2A845F} hxxp://192.168.79.79/en/cab/ipcamera.cab
DPF: HKLM-x32 {B1953AD6-C50E-11D3-B020-00A0C9251384} hxxp://www.o2c.de/download/o2cplayer.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{70B3F7DF-247C-4210-9119-6973DA3FE5FE}: [NameServer]192.168.78.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\47agqhf3.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF Extension: EZ YouTube Video Downloader - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B} [2014-06-16]
FF HKLM-x32\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF Extension: EZ YouTube Video Downloader - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B} [2014-06-16]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-10-30]
==================== Services (Whitelisted) =================
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-11-15] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1355840 2011-11-15] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-11-15] (Intel Corporation) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [913144 2012-03-07] (ESET)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]
R2 Security Updates Service; C:\Program Files (x86)\Security Updates Service\winupdsvc.exe [2019840 2014-06-11] () [File not signed]
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2011-08-06] (Wistron Corp.)
R2 WTGService; C:\Program Files (x86)\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116096 2012-11-01] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2012-12-14] (AVM Berlin)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [29184 2005-10-06] (REINER SCT)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [209768 2012-03-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [148528 2012-03-14] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [137144 2012-03-14] (ESET)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [115328 2008-07-24] (Huawei Technologies Co., Ltd.)
S3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [116864 2013-11-01] (KOBIL Systems GmbH)
S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [117912 2012-09-24] (Qualcomm Atheros Co., Ltd.)
R3 TPLINKUDSMBus; C:\Windows\System32\drivers\TplinkUDSMBus.sys [102688 2012-09-21] (Windows (R) Codename Longhorn DDK provider)
S3 TplinkUDSTcpBus; C:\Windows\System32\drivers\TplinkUDSTcpBus.sys [181024 2012-09-21] (Windows (R) Codename Longhorn DDK provider)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-22 15:11 - 2014-06-22 15:12 - 00000000 ____D () C:\FRST
2014-06-22 15:11 - 2014-06-22 15:11 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-06-18 16:38 - 2014-06-18 16:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-16 21:39 - 2014-06-16 21:39 - 00000000 ____D () C:\Program Files (x86)\Security Updates Service
2014-06-16 21:16 - 2014-06-16 21:16 - 00000191 _____ () C:\prefs.js
2014-06-16 21:16 - 2014-06-16 21:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Mozilla
2014-06-16 21:16 - 2014-06-16 21:16 - 00000000 ____D () C:\Users\Default\AppData\Local\Mozilla
2014-06-16 21:16 - 2014-06-16 21:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Mozilla
2014-06-16 21:16 - 2014-06-16 21:16 - 00000000 ____D () C:\Users\Default User\AppData\Local\Mozilla
2014-06-16 21:15 - 2014-06-19 17:40 - 02501961 _____ () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.1.9.exe
2014-06-16 18:54 - 2014-06-16 18:54 - 00000000 ____D () C:\Program Files\suprasavings
2014-06-16 18:53 - 2014-06-16 18:53 - 00000000 ____D () C:\Users\*****\AppData\Roaming\EPSON PERFECTION V600 PHOTO user guide
2014-06-16 18:53 - 2014-06-16 18:53 - 00000000 ____D () C:\Program Files\003
2014-06-16 18:53 - 2014-06-16 18:53 - 00000000 ____D () C:\Program Files (x86)\EZ YouTube Video Downloader
2014-06-13 14:34 - 2014-06-13 14:34 - 00000000 ____D () C:\Users\*****\AppData\Local\{010AD676-ABF4-4FC1-A488-507A1ACCD330}
2014-06-12 19:20 - 2014-06-12 19:20 - 09442928 _____ (ALF AG ) C:\Users\*****\Downloads\UpdateBanCo_541.exe
2014-06-12 18:55 - 2014-06-12 18:56 - 01057672 _____ (Adobe) C:\Users\*****\Downloads\install_reader11_de_mssa_aaa_aih.exe
2014-06-12 17:11 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 17:11 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 17:11 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 17:11 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 17:11 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 17:11 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 17:11 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 17:11 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 17:11 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 17:11 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 17:11 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 17:11 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 17:11 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 17:11 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 17:11 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 17:11 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 17:11 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 17:11 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 17:11 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 17:11 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 17:11 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 17:11 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 17:11 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 17:11 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 17:11 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 17:11 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 17:11 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 17:11 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 17:11 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 17:11 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 17:11 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 17:11 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 17:11 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 17:11 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 17:11 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 17:11 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 17:11 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 17:11 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 17:11 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 17:11 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 17:11 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 17:11 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 17:11 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 17:11 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 17:11 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 17:11 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 17:11 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 17:11 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 17:11 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 17:11 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 17:11 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 17:11 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 17:11 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 17:11 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 17:11 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 17:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 17:11 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 17:11 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 17:11 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 17:11 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 17:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 17:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 17:11 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 17:11 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 17:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 17:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-07 18:26 - 2014-06-07 18:27 - 00000000 ____D () C:\Users\*****\AppData\Local\{B58C040A-7A5F-4DBD-A22F-822E149E14BD}
2014-06-07 18:01 - 2014-06-07 18:01 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SanDisk SecureAccess
2014-06-07 16:08 - 2014-06-07 16:09 - 00000000 ____D () C:\Users\*****\Documents\Sparkasse
2014-06-07 05:20 - 2014-06-07 16:17 - 00000000 ____D () C:\Users\*****\Documents\Nachbarn
2014-06-01 09:42 - 2014-06-01 09:43 - 00000000 ____D () C:\Users\*****\AppData\Local\{ED8D2E32-8B10-4CC3-86AB-9BD40EB778E9}
2014-05-27 18:34 - 2014-05-27 18:37 - 00000000 ____D () C:\Users\*****\Documents\Netzwerke
==================== One Month Modified Files and Folders =======
2014-06-22 15:12 - 2014-06-22 15:11 - 00000000 ____D () C:\FRST
2014-06-22 15:11 - 2014-06-22 15:11 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-06-22 15:11 - 2012-10-30 18:39 - 00000000 ____D () C:\Users\*****
2014-06-22 15:10 - 2009-07-14 06:51 - 00180238 _____ () C:\Windows\setupact.log
2014-06-22 15:09 - 2012-10-30 18:42 - 00000000 ____D () C:\Users\*****\Documents\Youcam
2014-06-22 15:06 - 2012-03-20 00:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-22 15:06 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-20 15:56 - 2012-10-30 18:32 - 01112183 _____ () C:\Windows\WindowsUpdate.log
2014-06-20 15:23 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-20 15:23 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-20 15:21 - 2012-11-07 17:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-19 17:57 - 2014-03-11 18:21 - 00000000 ____D () C:\Users\*****\Documents\*****
2014-06-19 17:40 - 2014-06-16 21:15 - 02501961 _____ () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.1.9.exe
2014-06-19 17:39 - 2014-03-10 17:53 - 00000000 ____D () C:\Users\*****\Documents\*****
2014-06-19 17:18 - 2013-10-03 14:31 - 00000000 ____D () C:\Users\*****\AppData\Roaming\KeePass
2014-06-19 16:47 - 2012-11-01 13:47 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{83AB4207-0211-4530-A1AB-6D539FADF900}
2014-06-19 16:39 - 2013-10-05 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 16:54 - 2014-06-18 16:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-18 16:38 - 2013-11-01 14:57 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ALFBanCo5
2014-06-18 16:38 - 2013-11-01 14:56 - 00000000 ____D () C:\ProgramData\AlfBanCo5
2014-06-17 19:24 - 2014-03-15 19:44 - 00000000 ____D () C:\Users\*****\AppData\Local\Windows Live
2014-06-17 18:01 - 2012-10-30 18:40 - 00000000 ____D () C:\Users\*****\AppData\Local\VirtualStore
2014-06-16 21:39 - 2014-06-16 21:39 - 00000000 ____D () C:\Program Files (x86)\Security Updates Service
2014-06-16 21:16 - 2014-06-16 21:16 - 00000191 _____ () C:\prefs.js
2014-06-16 21:16 - 2014-06-16 21:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Mozilla
2014-06-16 21:16 - 2014-06-16 21:16 - 00000000 ____D () C:\Users\Default\AppData\Local\Mozilla
2014-06-16 21:16 - 2014-06-16 21:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Mozilla
2014-06-16 21:16 - 2014-06-16 21:16 - 00000000 ____D () C:\Users\Default User\AppData\Local\Mozilla
2014-06-16 21:14 - 2010-11-21 05:47 - 00193636 _____ () C:\Windows\PFRO.log
2014-06-16 18:54 - 2014-06-16 18:54 - 00000000 ____D () C:\Program Files\suprasavings
2014-06-16 18:53 - 2014-06-16 18:53 - 00000000 ____D () C:\Users\*****\AppData\Roaming\EPSON PERFECTION V600 PHOTO user guide
2014-06-16 18:53 - 2014-06-16 18:53 - 00000000 ____D () C:\Program Files\003
2014-06-16 18:53 - 2014-06-16 18:53 - 00000000 ____D () C:\Program Files (x86)\EZ YouTube Video Downloader
2014-06-15 16:23 - 2013-12-14 20:47 - 00000000 ____D () C:\Users\*****\Documents\Verbrauch
2014-06-15 15:58 - 2013-12-24 12:01 - 00000000 ____D () C:\Users\*****\Documents\Buchführung
2014-06-15 15:48 - 2014-03-11 18:41 - 00000000 ____D () C:\Users\*****\Documents\To Do
2014-06-15 15:18 - 2013-01-19 17:22 - 00000000 ____D () C:\Users\*****\Documents\Rentenversicherung
2014-06-13 14:34 - 2014-06-13 14:34 - 00000000 ____D () C:\Users\*****\AppData\Local\{010AD676-ABF4-4FC1-A488-507A1ACCD330}
2014-06-12 19:20 - 2014-06-12 19:20 - 09442928 _____ (ALF AG ) C:\Users\*****\Downloads\UpdateBanCo_541.exe
2014-06-12 18:56 - 2014-06-12 18:55 - 01057672 _____ (Adobe) C:\Users\*****\Downloads\install_reader11_de_mssa_aaa_aih.exe
2014-06-12 17:19 - 2013-07-26 14:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 17:17 - 2011-07-18 22:31 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 17:16 - 2012-11-02 20:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-09 15:17 - 2011-05-16 16:04 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-06-09 15:17 - 2011-05-16 16:04 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-06-09 15:17 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-07 18:27 - 2014-06-07 18:26 - 00000000 ____D () C:\Users\*****\AppData\Local\{B58C040A-7A5F-4DBD-A22F-822E149E14BD}
2014-06-07 18:01 - 2014-06-07 18:01 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SanDisk SecureAccess
2014-06-07 16:17 - 2014-06-07 05:20 - 00000000 ____D () C:\Users\*****\Documents\Nachbarn
2014-06-07 16:09 - 2014-06-07 16:08 - 00000000 ____D () C:\Users\*****\Documents\Sparkasse
2014-06-07 05:00 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-06 14:32 - 2012-10-31 19:00 - 00018432 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-02 20:29 - 2013-12-25 18:58 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Duplicati
2014-06-01 14:38 - 2014-01-17 21:25 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-06-01 14:38 - 2011-07-18 23:07 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-01 09:43 - 2014-06-01 09:42 - 00000000 ____D () C:\Users\*****\AppData\Local\{ED8D2E32-8B10-4CC3-86AB-9BD40EB778E9}
2014-06-01 09:28 - 2013-12-14 21:21 - 00000000 ____D () C:\Users\*****\AppData\Local\iCopy
2014-05-30 12:21 - 2014-06-12 17:11 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-12 17:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-12 17:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-12 17:11 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-12 17:11 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-12 17:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-12 17:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-12 17:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-12 17:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-12 17:11 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-12 17:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-12 17:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-12 17:11 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-12 17:11 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-12 17:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-12 17:11 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-12 17:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-12 17:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-12 17:11 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-12 17:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-12 17:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-12 17:11 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-12 17:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-12 17:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-12 17:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 17:11 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-12 17:11 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-12 17:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 17:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-12 17:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-12 17:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-12 17:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-12 17:11 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-12 17:11 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-12 17:11 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-12 17:11 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 17:11 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 17:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-12 17:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 17:11 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-12 17:11 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-12 17:11 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-12 17:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 17:11 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 17:11 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-12 17:11 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-12 17:11 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-12 17:11 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-12 17:11 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-12 17:11 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-12 17:11 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-12 17:11 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 14:11 - 2014-05-14 17:26 - 00000000 ____D () C:\Users\*****\Documents\Steuererklärung
2014-05-28 16:21 - 2013-11-01 14:31 - 00000000 ____D () C:\Users\*****\Desktop\alt
2014-05-28 16:09 - 2014-03-10 11:16 - 00000000 ____D () C:\Users\*****\Downloads\NIBC
2014-05-28 14:42 - 2013-11-01 17:36 - 00000000 ____D () C:\Users\*****\Documents\Keepass
2014-05-27 18:37 - 2014-05-27 18:34 - 00000000 ____D () C:\Users\*****\Documents\Netzwerke
2014-05-26 08:20 - 2014-03-10 11:30 - 00000000 ____D () C:\Users\*****\Documents\Adressen
2014-05-26 07:38 - 2012-11-01 16:01 - 00000000 ____D () C:\Users\*****\AppData\Local\Deployment
2014-05-23 18:15 - 2012-11-01 16:03 - 00026224 _____ () C:\Windows\avmacc.log
Files to move or delete:
====================
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.1.9.exe
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\*****\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\*****\AppData\Local\Temp\install_flashplayer11x32axau_gtba_chra_dy_aaa_aih.exe
C:\Users\*****\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih.exe
C:\Users\*****\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\*****\AppData\Local\Temp\ResetDevice.exe
C:\Users\*****\AppData\Local\Temp\RTBK.EXE
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\*****\AppData\Local\Temp\wordicon (3).exe
C:\Users\*****\AppData\Local\Temp\wordicon.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-08 17:46
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2014 01
Ran by ***** at 2014-06-22 15:13:21
Running from D:\
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: ESET NOD32 Antivirus 5.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 5.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AirLive_Cam_Pro_HD_6.0 (HKLM-x32\...\AirLive_Cam_Pro_HD_6.0) (Version: - )
ALF-BanCo 5 (HKLM-x32\...\Alf-BanCo5_is1) (Version: 5.3.1 - ALF AG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Atheros Communications Inc.)
cam2pc (remove only) (HKLM-x32\...\cam2pc) (Version: - )
CanoScan LiDE 90 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412) (Version: - )
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version: - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.4125 - CyberLink Corp.)
CyberLink PowerRecover (x32 Version: 5.5.4125 - CyberLink Corp.) Hidden
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.3320 - CyberLink Corp.)
CyberLink WaveEditor (x32 Version: 1.0.1.3320 - CyberLink Corp.) Hidden
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2308 - CyberLink Corp.)
CyberLink YouCam 5 (x32 Version: 5.0.2308 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DDBAC (HKLM-x32\...\{021BC94E-D464-4B9D-96F1-C6566B476A71}) (Version: 5.3.3 - DataDesign)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
Duplicati (x64) (HKLM\...\{77BA8977-0BA6-4A83-A741-1DFAD23A6B23}) (Version: 1.3.4 - HexaD)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
ESET NOD32 Antivirus (HKLM\...\{E9641237-252F-467E-88FB-5CAB9E42583E}) (Version: 5.2.9.12 - ESET, spol. s r.o.)
eWallet 7.4.1 for Windows PCs (HKLM-x32\...\Ilium Software eWallet_is1) (Version: 7.4.1 - Ilium Software)
EZ YouTube Video Downloader (HKLM-x32\...\EZ YouTube Video Downloader) (Version: 1.1.9 - XtensionPlus)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FRITZ!Box USB-Fernanschluss (HKCU\...\2db37667170956ee) (Version: 2.3.2.0 - AVM Berlin)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
iCopy (HKLM-x32\...\iCopy) (Version: 1.6.1 - Matteo Rossi)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{077BF055-512A-4D48-B3C2-44AD860FEB0A}) (Version: 1.3.0.0621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
Internet Explorer (x32 Version: 9 - Microsoft Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 2.23 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
KOBIL drivers x64x86 installation (x32 Version: 1.013.02221 - KOBIL Systems) Hidden
KOBIL Kartenleser Treiber v2.3 (HKLM-x32\...\{3ECA0079-088F-4E69-B66A-65D5E687B092}) (Version: 2.3.03111 - KOBIL Systems)
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.4 - Wistron Corp.)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.3216 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NetSetMan 3.5.3 (HKLM-x32\...\NetSetMan_is1) (Version: 3.5.3 - Ilja Herlein)
NVIDIA 3D Vision Treiber 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.00 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.00 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1100 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.00 (Version: 311.00 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PopMan 1.3.1 (HKLM-x32\...\PopMan-CH-Software_is1) (Version: - CH-Software)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PS Date Calculator 3.5 (HKLM-x32\...\{1E0A0919-D830-4209-82B0-8C880A9267E5}_is1) (Version: 3.5 - PolarSoft)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.130 - Skype Technologies S.A.)
SmartCam -- Smart Phone Camera (HKLM-x32\...\SmartCam) (Version: 1.4 - Ionut Dediu)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
suprasavings (HKLM\...\suprasavings) (Version: 2.0.1 - suprasavings) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
System Requirements Lab for Intel (HKLM-x32\...\{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}) (Version: 4.5.11.0 - Husdawg, LLC)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{AA8B3F71-1481-404D-9DEE-C8862A85C63A}) (Version: 1.12.25 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.16 - Texas Instruments Inc.) Hidden
TI USB3 Host Driver (x32 Version: 1.12.25 - Texas Instruments Inc.) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
TP-LINK USB Printer Controller (HKLM-x32\...\{3EC900B5-28EE-4472-A9FF-B11A879EC838}) (Version: 1.12.0927 - Ihr Firmenname)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
Verbindungsassistent (HKLM-x32\...\Verbindungsassistent) (Version: 2.1 - Verbindungsassistent)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
06-05-2014 15:19:52 Windows Update
06-05-2014 17:01:12 Windows Update
13-05-2014 08:13:35 Windows Update
14-05-2014 16:02:15 Windows Update
20-05-2014 19:13:29 Windows Update
24-05-2014 20:03:33 Windows Update
30-05-2014 07:38:16 Windows Update
03-06-2014 13:31:14 Windows Update
10-06-2014 15:22:42 Windows Update
12-06-2014 15:05:00 Windows Update
12-06-2014 15:14:30 Windows Update
17-06-2014 14:55:35 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {5BE6CE6C-E17E-47B5-B79A-461CB5F734BF} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2012-11-29] (CyberLink Corp.)
Task: {914E1D7B-A4DD-4B0F-A0BD-7FD5AE271E64} - System32\Tasks\{7AB48A29-30D6-4549-A878-897BCA21F360} => C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe [2012-09-21] ()
Task: {E3D86EB3-BF45-433B-BA32-B9C39AD3B2D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-01-04 22:32 - 2012-09-18 16:27 - 00192512 _____ () C:\Windows\System32\ZLhp1020.DLL
2013-01-04 22:32 - 2012-09-18 16:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2014-06-11 05:33 - 2014-06-11 05:33 - 02019840 _____ () C:\Program Files (x86)\Security Updates Service\winupdsvc.exe
2014-05-20 16:01 - 2009-03-03 12:45 - 00296400 ____N () C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
2012-03-20 00:33 - 2013-01-10 23:36 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-01-27 12:40 - 2009-01-27 12:40 - 00249856 _____ () C:\Program Files (x86)\SmartCam\SmartCam.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-03-20 00:02 - 2012-01-10 07:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-05-21 21:41 - 2012-05-21 21:41 - 00131072 _____ () C:\Program Files\Duplicati\LightDatamodel.dll
2012-05-21 21:41 - 2012-05-21 21:41 - 00931840 _____ () C:\Program Files\Duplicati\SQLite\win64\System.Data.SQLite.dll
2013-01-31 16:12 - 2013-01-31 16:12 - 00446464 _____ () C:\Program Files\Duplicati\de-DE\Duplicati.resources.dll
2009-01-27 12:40 - 2009-01-27 12:40 - 00364544 _____ () C:\Program Files (x86)\SmartCam\SmartCamFilter.ax
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-02-13 18:30 - 2014-02-13 18:30 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll
2012-03-20 00:19 - 2011-11-30 05:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Description: Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/16/2014 09:16:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: regsvr32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca28
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xd80
Startzeit der fehlerhaften Anwendung: 0xregsvr32.exe0
Pfad der fehlerhaften Anwendung: regsvr32.exe1
Pfad des fehlerhaften Moduls: regsvr32.exe2
Berichtskennung: regsvr32.exe3
Error: (06/11/2014 05:17:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17041 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: d68
Startzeit: 01cf85884254528f
Endzeit: 16
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (06/03/2014 03:35:57 PM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll (292) SUS20ClientDataStore: Der Versionsspeicher für Instanz 0 hat seine maximale Größe von 32 MB erreicht. Wahrscheinlich verhindert eine lange andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert ihn. Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion ein vollständiger Commit- oder Rollbackvorgang durchgeführt wurde.
Mögliche lange andauernde Transaktion:
Sitzungs-ID: 0x00000000016104A0
Sitzungskontext: 0x00000000
Thread-ID des Sitzungskontextes: 0x00000000000013B8
Cleanup: 1
Error: (05/08/2014 05:48:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PopMan.exe, Version: 1.3.1.0, Zeitstempel: 0x4bc38f50
Name des fehlerhaften Moduls: PopMan.exe, Version: 1.3.1.0, Zeitstempel: 0x4bc38f50
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000023e9
ID des fehlerhaften Prozesses: 0x624
Startzeit der fehlerhaften Anwendung: 0xPopMan.exe0
Pfad der fehlerhaften Anwendung: PopMan.exe1
Pfad des fehlerhaften Moduls: PopMan.exe2
Berichtskennung: PopMan.exe3
Error: (04/18/2014 10:44:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cam2pc.exe, Version: 4.6.1.0, Zeitstempel: 0x4722fab6
Name des fehlerhaften Moduls: cam2pc.exe, Version: 4.6.1.0, Zeitstempel: 0x4722fab6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000ea730
ID des fehlerhaften Prozesses: 0x1650
Startzeit der fehlerhaften Anwendung: 0xcam2pc.exe0
Pfad der fehlerhaften Anwendung: cam2pc.exe1
Pfad des fehlerhaften Moduls: cam2pc.exe2
Berichtskennung: cam2pc.exe3
Error: (04/15/2014 09:36:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cam2pc.exe, Version: 4.6.1.0, Zeitstempel: 0x4722fab6
Name des fehlerhaften Moduls: cam2pc.exe, Version: 4.6.1.0, Zeitstempel: 0x4722fab6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000ea730
ID des fehlerhaften Prozesses: 0xf50
Startzeit der fehlerhaften Anwendung: 0xcam2pc.exe0
Pfad der fehlerhaften Anwendung: cam2pc.exe1
Pfad des fehlerhaften Moduls: cam2pc.exe2
Berichtskennung: cam2pc.exe3
Error: (04/02/2014 10:47:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PopMan.exe, Version: 1.3.1.0, Zeitstempel: 0x4bc38f50
Name des fehlerhaften Moduls: PopMan.exe, Version: 1.3.1.0, Zeitstempel: 0x4bc38f50
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000023e9
ID des fehlerhaften Prozesses: 0x17a0
Startzeit der fehlerhaften Anwendung: 0xPopMan.exe0
Pfad der fehlerhaften Anwendung: PopMan.exe1
Pfad des fehlerhaften Moduls: PopMan.exe2
Berichtskennung: PopMan.exe3
Error: (03/30/2014 02:14:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cam2pc.exe, Version: 4.6.1.0, Zeitstempel: 0x4722fab6
Name des fehlerhaften Moduls: cam2pc.exe, Version: 4.6.1.0, Zeitstempel: 0x4722fab6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00076aac
ID des fehlerhaften Prozesses: 0x14ec
Startzeit der fehlerhaften Anwendung: 0xcam2pc.exe0
Pfad der fehlerhaften Anwendung: cam2pc.exe1
Pfad des fehlerhaften Moduls: cam2pc.exe2
Berichtskennung: cam2pc.exe3
Error: (03/30/2014 02:07:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cam2pc.exe, Version: 4.6.1.0, Zeitstempel: 0x4722fab6
Name des fehlerhaften Moduls: cam2pc.exe, Version: 4.6.1.0, Zeitstempel: 0x4722fab6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00076b8d
ID des fehlerhaften Prozesses: 0x584
Startzeit der fehlerhaften Anwendung: 0xcam2pc.exe0
Pfad der fehlerhaften Anwendung: cam2pc.exe1
Pfad des fehlerhaften Moduls: cam2pc.exe2
Berichtskennung: cam2pc.exe3
Error: (03/27/2014 05:33:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PopMan.exe, Version: 1.3.1.0, Zeitstempel: 0x4bc38f50
Name des fehlerhaften Moduls: PopMan.exe, Version: 1.3.1.0, Zeitstempel: 0x4bc38f50
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000023e9
ID des fehlerhaften Prozesses: 0x96c
Startzeit der fehlerhaften Anwendung: 0xPopMan.exe0
Pfad der fehlerhaften Anwendung: PopMan.exe1
Pfad des fehlerhaften Moduls: PopMan.exe2
Berichtskennung: PopMan.exe3
System errors:
=============
Error: (06/22/2014 03:09:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/22/2014 03:09:15 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (06/20/2014 03:17:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/20/2014 03:17:58 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (06/19/2014 06:07:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/19/2014 06:07:51 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (06/19/2014 04:42:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/19/2014 04:42:28 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (06/18/2014 04:15:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/18/2014 04:15:08 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Microsoft Office Sessions:
=========================
Error: (06/16/2014 09:16:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: regsvr32.exe6.1.7600.163854a5bca28KERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42dd8001cf89976bc50188C:\Windows\SysWOW64\regsvr32.exeC:\Windows\syswow64\KERNELBASE.dllab0e768a-f58a-11e3-94e8-bc7737209edb
Error: (06/11/2014 05:17:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17041d6801cf85884254528f16C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (06/03/2014 03:35:57 PM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll292SUS20ClientDataStore: 0320x00000000016104A00x000000000x00000000000013B81
Error: (05/08/2014 05:48:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PopMan.exe1.3.1.04bc38f50PopMan.exe1.3.1.04bc38f50c0000005000023e962401cf6ad4cfd88969C:\Program Files (x86)\PopMan\PopMan.exeC:\Program Files (x86)\PopMan\PopMan.exe2c80a48b-d6c8-11e3-a203-bc7737209edb
Error: (04/18/2014 10:44:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cam2pc.exe4.6.1.04722fab6cam2pc.exe4.6.1.04722fab6c0000005000ea730165001cf5ae1a2e8e8acC:\Program Files (x86)\cam2pc\cam2pc.exeC:\Program Files (x86)\cam2pc\cam2pc.exea356cb9d-c6d5-11e3-964c-bc7737209edb
Error: (04/15/2014 09:36:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cam2pc.exe4.6.1.04722fab6cam2pc.exe4.6.1.04722fab6c0000005000ea730f5001cf587bb403b113C:\Program Files (x86)\cam2pc\cam2pc.exeC:\Program Files (x86)\cam2pc\cam2pc.exeb6467b8b-c470-11e3-9676-bc7737209edb
Error: (04/02/2014 10:47:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PopMan.exe1.3.1.04bc38f50PopMan.exe1.3.1.04bc38f50c0000005000023e917a001cf4e5024d18f94C:\Program Files (x86)\PopMan\PopMan.exeC:\Program Files (x86)\PopMan\PopMan.exe7d5fa56a-ba43-11e3-9595-bc7737209edb
Error: (03/30/2014 02:14:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cam2pc.exe4.6.1.04722fab6cam2pc.exe4.6.1.04722fab6c000000500076aac14ec01cf4c109728d11eC:\Program Files (x86)\cam2pc\cam2pc.exeC:\Program Files (x86)\cam2pc\cam2pc.exedb741179-b804-11e3-919b-bc7737209edb
Error: (03/30/2014 02:07:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cam2pc.exe4.6.1.04722fab6cam2pc.exe4.6.1.04722fab6c000000500076b8d58401cf4c0df1c41f46C:\Program Files (x86)\cam2pc\cam2pc.exeC:\Program Files (x86)\cam2pc\cam2pc.exece557a1f-b803-11e3-919b-bc7737209edb
Error: (03/27/2014 05:33:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PopMan.exe1.3.1.04bc38f50PopMan.exe1.3.1.04bc38f50c0000005000023e996c01cf49d1c4db2f51C:\Program Files (x86)\PopMan\PopMan.exeC:\Program Files (x86)\PopMan\PopMan.exe25ce8139-b5c5-11e3-8fb0-bc7737209edb
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 4001.87 MB
Available physical RAM: 2322.39 MB
Total Pagefile: 8001.92 MB
Available Pagefile: 6238.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:697.54 GB) (Free:613.01 GB) NTFS
Drive d: (Help) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 3D36D2A8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1 GB) - (Type=12)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 956 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=956 MB) - (Type=0C)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-22 15:42:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB
Running: is310l4n.exe; Driver: C:\Users\*****\AppData\Local\Temp\ugtdrpob.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac7289781008
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc7737209edb
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc7737209edb@0007616e5aab 0x69 0xF4 0xAA 0xEE ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac7289781008 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc7737209edb (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc7737209edb@0007616e5aab 0x69 0xF4 0xAA 0xEE ...
---- EOF - GMER 2.1 ----
|
| Themen zu Werbefenster, Umleitung von Webseitenaufrufen bzw. win64/adware.adpeak.c nach Klick auf E-Mail-Attachment |
| 4d36e972-e325-11ce-bfc1-08002be10318, antivirus, association, browser, calculator, device driver, downloader, duplicati, flash player, html/iframe.b.gen, iexplore.exe, installation, launch, pup.optional.getnow.a, pup.optional.suprasavings.a, pup.optional.windowsupdateservice.a, services.exe, software, svchost.exe, werbefenster, win32/elex.al, windows, windows xp |
Baum-Darstellung