| |
| |||||||
Log-Analyse und Auswertung: Sehr langsamer ProgrammstartWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.07.2014, 19:43
| #1 |
 |  Sehr langsamer Programmstart Seit einiger Zeit werden einige Programme, besonders aber Thunderbird, immer langsamer beim Start, stellen teilweise gar keine Verbindung mit dem Server her. "Normale" Internet-Verbindungen (über Browser) laufen mit akzeptabler normaler Geschwindigkeit. Alle Hinweise des Thunderbird-Supportforums für derartige Fälle wurden befolgt (Löschung der Indexdatei und deren Neuaufbau usw.) wurden erfolglos probiert. Mehrfache Komplett-De- und Neuinstallation brachte keinerlei Hilfe. Da ich auf einem zweiten Rechner im gleichen Netz überhaupt keine Probleme habe (habe zur Sicherheit auch dort das Programm mal deinstalliert und neu installiert - fast in Sekundenschnelle waar es getan), habe ich die Befürchtung, dass mein Rechner auf irgendeine Weise infiziert ist und bin dankbar für jede Hilfe. Die Dateien (defogger_disable.txt habe ich nicht gefunden, wurde evtl. nicht erstellt?) einschließlich einer von GData generierten Datei wie folgt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01 Ran by HDS (administrator) on HDS-NEU2 on 07-07-2014 18:41:42 Running from E:\Downloads\trojanerboard Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe () C:\Program Files (x86)\AntiBrowserSpy\SocialBlock_ProxyCheck.exe () C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpy-IE-SocialBlock.exe () C:\Program Files (x86)\AntiBrowserSpy\BrowserMask.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe () C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe () C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (freenet.de GmbH) C:\Program Files (x86)\freenetMail Dateimanager\DBDDsktDrvTrayApp.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-17] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG) HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2014-01-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation) HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [freenet.de Dateimanager Taskleistensymbol] => C:\Program Files (x86)\freenetMail Dateimanager\DBDDsktDrvTrayApp.exe [142336 2009-01-22] (freenet.de GmbH) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe, Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-1477405295-139641872-1139874065-1005\...\Run: [dradio-RecorderTimer] => C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [41472 2012-04-03] () HKU\S-1-5-21-1477405295-139641872-1139874065-1005\...\Run: [] => [X] HKU\S-1-5-21-1477405295-139641872-1139874065-1005\...\MountPoints2: {0eb18823-749a-11e3-9f74-806e6f6e6963} - F:\Autoplay.exe -auto Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled () ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () BootExecute: autocheck autochk * auto_reactivate \\?\Volume{0eb18820-749a-11e3-9f74-806e6f6e6963}\bootwiz\asrm.bin ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: localhost:8088 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope {71CA019B-6980-4703-BBEF-AAA0CC218409} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKLM - {71CA019B-6980-4703-BBEF-AAA0CC218409} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {71CA019B-6980-4703-BBEF-AAA0CC218409} URL = BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: PrintEco - {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader64.dll () BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: PrintEco - {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader.dll () BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: 127.0.0.1 google-analytics.com Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\HDS\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default FF DefaultSearchEngine: Wikipedia (de) FF SelectedSearchEngine: Wikipedia (de) FF Homepage: about:home FF NetworkProxy: "ftp", "87.250.52.230" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "87.250.52.230" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "87.250.52.230" FF NetworkProxy: "socks_port", 8080 FF NetworkProxy: "ssl", "87.250.52.230" FF NetworkProxy: "ssl_port", 8080 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll No File FF SearchPlugin: C:\Users\HDS\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\searchplugins\wikipdia-fr.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: FRITZ!Box AddOn - C:\Users\HDS\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\Extensions\fb_add_on@avm.de [2014-01-04] FF Extension: Nokia Maps 3D browser plugin - C:\Users\HDS\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\Extensions\maps@ovi.com [2014-01-04] FF Extension: WOT - C:\Users\HDS\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-12] FF Extension: DownloadHelper - C:\Users\HDS\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26] FF Extension: anonymoX - C:\Users\HDS\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\Extensions\client@anonymox.net.xpi [2014-01-04] FF Extension: Preispilot - C:\Users\HDS\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\Extensions\extension@preispilot.com.xpi [2014-01-04] FF Extension: CleanTube - C:\Users\HDS\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\Extensions\jid0-Oh6YfHwkh8Cb1Y4efKhBukwKfB0@jetpack.xpi [2014-01-04] FF Extension: Safe Preview - C:\Users\HDS\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\Extensions\safepreview@everhelper.me.xpi [2014-01-07] FF Extension: Stealthy - C:\Users\HDS\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\Extensions\stealthyextension@gmail.com.xpi [2014-01-04] FF Extension: Webutation - C:\Users\HDS\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\Extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi [2014-01-07] FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\HDS\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2014-01-04] FF Extension: NoScript - C:\Users\HDS\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-01] FF Extension: Youtube Converter MP3 - C:\Users\HDS\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi [2014-01-04] FF Extension: Go To Google - C:\Users\HDS\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\Extensions\{BCC877E7-7F3F-4632-8338-DAEE4475DE35}.xpi [2014-01-04] FF Extension: Adblock Plus - C:\Users\HDS\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-04] FF Extension: Fox!Box - C:\Users\HDS\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2014-01-04] FF Extension: QuickJava - C:\Users\HDS\AppData\Roaming\Mozilla\Firefox\Profiles\l63f1fcz.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-01-04] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-01-04] FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-01-16] FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-01-16] FF HKLM-x32\...\Firefox\Extensions: [jid0-1wPBLrijxGVkIUhu0kFYq6ZaWzA@jetpack] - C:\Program Files (x86)\AntiBrowserSpy\Addons\Firefox FF Extension: AntiBrowserSpy - SocialBlocker - C:\Program Files (x86)\AntiBrowserSpy\Addons\Firefox [2014-02-25] FF HKLM-x32\...\Firefox\Extensions: [firefox@printecosoftware.com] - C:\Program Files (x86)\PrintEco\PrintEco Office\firefox@printecosoftware.com.xpi FF Extension: PrintEco - C:\Program Files (x86)\PrintEco\PrintEco Office\firefox@printecosoftware.com.xpi [2014-03-17] ==================== Services (Whitelisted) ================= S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-01-06] (Adobe Systems) [File not signed] R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] () R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-05-27] (G Data Software AG) R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed] R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-05-27] (Freemake) [File not signed] S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-01-13] (Ellora Assets Corp.) [File not signed] R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3203392 2014-05-20] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG) R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG) R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed] R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2155848 2011-11-15] () R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) S3 Mtpip000ode; No ImagePath ==================== Drivers (Whitelisted) ==================== R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH) R3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-07-03] (G Data Software AG) R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-07-03] (G Data Software AG) R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-07-03] (G Data Software AG) R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-07-03] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-07-03] (G Data Software AG) R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-03-06] (G Data Software) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-07-03] (G Data Software AG) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-28] (Malwarebytes Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation) R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-01-04] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-01-04] (Acronis International GmbH) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-01-04] (Acronis International GmbH) S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-07 18:41 - 2014-07-07 18:41 - 00000000 ____D () C:\FRST 2014-07-07 18:36 - 2014-07-07 18:36 - 00000000 _____ () C:\Users\HDS\defogger_reenable 2014-07-07 15:11 - 2014-07-07 15:11 - 00000000 ____D () C:\Users\HDS\AppData\Roaming\Thunderbird 2014-07-07 13:11 - 2014-07-07 13:11 - 00002098 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2014-07-07 13:11 - 2014-07-07 13:11 - 00002086 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk 2014-07-07 13:11 - 2014-07-07 13:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-07-07 12:38 - 2014-07-07 12:38 - 00000000 ____D () C:\Users\HDS\AppData\Local\Thunderbird 2014-07-03 08:56 - 2014-07-03 08:56 - 00000000 ____D () C:\Users\HDS\AppData\Local\G DATA 2014-07-03 08:41 - 2014-07-03 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2014-07-02 11:06 - 2014-07-02 11:06 - 00000000 ____D () C:\Users\HDS\AppData\Local\FreemakeVideoConverter 2014-07-02 11:05 - 2014-07-02 11:05 - 00000000 ____D () C:\Users\HDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2014-06-28 15:09 - 2014-07-03 16:49 - 00000000 ____D () C:\Users\HDS\AppData\Roaming\DropboxMaster 2014-06-24 14:22 - 2014-06-24 14:22 - 00001132 _____ () C:\Users\Public\Desktop\freenetMail Dateimanager.lnk 2014-06-24 14:22 - 2014-06-24 14:22 - 00000000 ____D () C:\Users\HDS\AppData\Roaming\freenet 2014-06-24 14:22 - 2014-06-24 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freenetMail Dateimanager 2014-06-24 14:22 - 2014-06-24 14:22 - 00000000 ____D () C:\ProgramData\freenet 2014-06-24 14:22 - 2014-06-24 14:22 - 00000000 ____D () C:\Program Files (x86)\freenetMail Dateimanager 2014-06-20 07:47 - 2014-06-20 07:47 - 00000000 ____D () C:\Users\HDS\AppData\Local\FreeOCR 2014-06-20 07:44 - 2014-06-20 07:47 - 00000000 ____D () C:\FreeOCR 2014-06-20 07:44 - 2014-06-20 07:44 - 00000590 _____ () C:\Users\HDS\Desktop\FreeOCR.lnk 2014-06-20 07:44 - 2014-06-20 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR 2014-06-20 07:44 - 2007-03-10 10:11 - 02680320 _____ (HiComponents) C:\Windows\SysWOW64\ImageEnXLibrary.ocx 2014-06-20 07:43 - 2014-06-20 08:40 - 00000000 ____D () C:\Users\HDS\Documents\Add-in Express 2014-06-20 07:43 - 2014-06-20 07:43 - 00000000 ____D () C:\Program Files (x86)\PrintEco 2014-06-20 07:40 - 2014-06-20 07:41 - 00000000 ____D () C:\Users\HDS\AppData\Roaming\InetStat 2014-06-18 16:12 - 2014-06-18 16:18 - 00000000 ____D () C:\Users\HDS\Documents\Fax 2014-06-18 09:46 - 2014-06-18 09:46 - 00003090 _____ () C:\Windows\System32\Tasks\{05AE3A2C-E679-448E-AB6E-97F7FFBF0FD5} 2014-06-17 12:09 - 2014-06-17 12:09 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 6.0.lnk 2014-06-17 12:09 - 2014-06-17 12:09 - 00001107 _____ () C:\Users\Public\Desktop\Adobe Photoshop Elements 6.0.lnk 2014-06-17 12:06 - 2014-06-17 12:06 - 01628920 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxsfs.dll 2014-06-17 12:06 - 2014-06-17 12:06 - 00547576 ____N (Sonic Solutions) C:\Windows\SysWOW64\px.dll 2014-06-17 12:06 - 2014-06-17 12:06 - 00510712 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxdrv.dll 2014-06-17 12:06 - 2014-06-17 12:06 - 00379640 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxwave.dll 2014-06-17 12:06 - 2014-06-17 12:06 - 00187128 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxmas.dll 2014-06-17 12:06 - 2014-06-17 12:06 - 00129784 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxafs.dll 2014-06-17 12:06 - 2014-06-17 12:06 - 00118520 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxinsi64.exe 2014-06-17 12:06 - 2014-06-17 12:06 - 00116472 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxcpyi64.exe 2014-06-17 12:06 - 2014-06-17 12:06 - 00072440 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxhpinst.exe 2014-06-17 12:06 - 2014-06-17 12:06 - 00064760 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxinsa64.exe 2014-06-17 12:06 - 2014-06-17 12:06 - 00064760 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxcpya64.exe 2014-06-17 12:06 - 2014-06-17 12:06 - 00052856 ____N (Sonic Solutions) C:\Windows\system32\Drivers\PxHlpa64.sys 2014-06-17 12:06 - 2014-06-17 12:06 - 00039672 ____N (Sonic Solutions) C:\Windows\SysWOW64\vxblock.dll 2014-06-17 12:06 - 2014-06-17 12:06 - 00010488 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys 2014-06-17 12:06 - 2014-06-17 12:06 - 00010488 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys 2014-06-13 20:21 - 2014-06-13 20:21 - 00000000 ____D () C:\Users\HDS\AppData\Roaming\eXPert PDF 5 2014-06-13 17:19 - 2014-06-16 17:26 - 00000000 ____D () C:\Users\HDS\AppData\Local\Adobe 2014-06-11 07:58 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-11 07:58 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-11 07:58 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-11 07:58 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-11 07:58 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-11 07:58 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-11 07:58 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-11 07:58 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-11 07:58 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-11 07:58 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-11 07:58 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-11 07:58 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-11 07:58 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-11 07:58 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-11 07:58 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-11 07:58 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-11 07:58 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-11 07:58 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-11 07:58 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-11 07:58 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-11 07:58 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-11 07:58 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-11 07:58 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-11 07:58 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-11 07:58 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-11 07:58 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-11 07:58 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-11 07:58 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-11 07:58 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-11 07:58 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-11 07:58 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-11 07:58 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-11 07:58 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-11 07:58 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-11 07:58 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-11 07:58 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-11 07:58 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-11 07:58 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-11 07:58 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-11 07:58 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-11 07:58 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-11 07:58 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-11 07:58 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-11 07:58 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-11 07:58 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-11 07:58 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-11 07:58 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-11 07:58 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-11 07:58 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-11 07:58 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-11 07:58 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-11 07:58 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-11 07:33 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-11 07:33 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-11 07:33 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-11 07:33 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-11 07:33 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-11 07:33 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-11 07:33 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-11 07:33 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-11 07:33 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-11 07:33 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-11 07:33 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-11 07:33 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-11 07:28 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-11 07:28 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-10 13:22 - 2014-04-09 17:51 - 06715624 _____ (TomTom International B.V.) C:\Users\HDS\Downloads\InstallMyDriveConnect_3_3_0_1502.exe 2014-06-08 15:09 - 2014-06-08 15:09 - 00000000 ____D () C:\Program Files (x86)\SuperCar 2014-06-08 14:57 - 2014-06-08 15:09 - 00001905 _____ () C:\Users\Public\Desktop\SuperCar.lnk 2014-06-08 14:57 - 2014-06-08 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperCar 2014-06-07 08:59 - 2014-06-07 08:59 - 00000938 _____ () C:\Users\HDS\Desktop\DL - Verknüpfung.lnk ==================== One Month Modified Files and Folders ======= 2014-07-07 18:41 - 2014-07-07 18:41 - 00000000 ____D () C:\FRST 2014-07-07 18:36 - 2014-07-07 18:36 - 00000000 _____ () C:\Users\HDS\defogger_reenable 2014-07-07 18:36 - 2014-01-04 17:50 - 00000000 ____D () C:\Users\HDS 2014-07-07 18:28 - 2014-01-04 14:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-07 18:19 - 2014-01-03 19:14 - 01827938 _____ () C:\Windows\WindowsUpdate.log 2014-07-07 15:11 - 2014-07-07 15:11 - 00000000 ____D () C:\Users\HDS\AppData\Roaming\Thunderbird 2014-07-07 13:16 - 2009-07-14 06:45 - 00018816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-07 13:16 - 2009-07-14 06:45 - 00018816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-07 13:11 - 2014-07-07 13:11 - 00002098 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2014-07-07 13:11 - 2014-07-07 13:11 - 00002086 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk 2014-07-07 13:11 - 2014-07-07 13:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-07-07 13:11 - 2014-01-03 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-07 13:09 - 2014-01-05 13:18 - 00000000 ____D () C:\Users\HDS\AppData\Local\HTC MediaHub 2014-07-07 13:09 - 2014-01-04 11:59 - 00262046 _____ () C:\Windows\PFRO.log 2014-07-07 13:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-07 13:09 - 2009-07-14 06:51 - 00058674 _____ () C:\Windows\setupact.log 2014-07-07 12:38 - 2014-07-07 12:38 - 00000000 ____D () C:\Users\HDS\AppData\Local\Thunderbird 2014-07-06 21:14 - 2014-01-04 13:52 - 00001617 _____ () C:\Windows\BRRBCOM.INI 2014-07-05 08:19 - 2014-01-05 11:57 - 00001841 _____ () C:\Windows\system32\TeamViewer9_Hooks.log 2014-07-05 08:19 - 2014-01-05 11:56 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-07-05 08:19 - 2014-01-05 11:56 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-07-03 21:36 - 2014-04-05 16:09 - 00000000 ___RD () C:\Users\HDS\Dropbox 2014-07-03 16:52 - 2014-04-05 16:06 - 00000000 ____D () C:\Users\HDS\AppData\Roaming\Dropbox 2014-07-03 16:49 - 2014-06-28 15:09 - 00000000 ____D () C:\Users\HDS\AppData\Roaming\DropboxMaster 2014-07-03 08:56 - 2014-07-03 08:56 - 00000000 ____D () C:\Users\HDS\AppData\Local\G DATA 2014-07-03 08:41 - 2014-07-03 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2014-07-03 08:41 - 2014-04-10 14:04 - 00020992 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys 2014-07-03 08:41 - 2014-04-10 14:04 - 00001978 _____ () C:\Users\Public\Desktop\G Data InternetSecurity.lnk 2014-07-03 08:41 - 2014-01-03 20:03 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys 2014-07-03 08:41 - 2014-01-03 20:02 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys 2014-07-03 08:41 - 2014-01-03 20:02 - 00061440 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys 2014-07-03 08:40 - 2014-01-05 13:17 - 00053328 _____ () C:\Windows\DPINST.LOG 2014-07-03 08:40 - 2014-01-03 20:02 - 00142336 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys 2014-07-03 08:40 - 2014-01-03 20:02 - 00055808 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys 2014-07-02 17:31 - 2014-01-05 10:50 - 00000000 ____D () C:\Users\HDS\AppData\Roaming\vlc 2014-07-02 17:26 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-07-02 17:26 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-07-02 17:26 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-02 14:01 - 2014-01-22 18:39 - 00000000 ____D () C:\Users\HDS\AppData\Roaming\KeePass 2014-07-02 11:06 - 2014-07-02 11:06 - 00000000 ____D () C:\Users\HDS\AppData\Local\FreemakeVideoConverter 2014-07-02 11:05 - 2014-07-02 11:05 - 00000000 ____D () C:\Users\HDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2014-07-02 11:05 - 2014-01-16 16:28 - 00001320 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk 2014-07-02 11:05 - 2014-01-16 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake 2014-06-30 15:40 - 2014-01-05 11:34 - 00000000 ____D () C:\Users\HDS\AppData\Roaming\CoreFTP 2014-06-29 16:14 - 2014-01-05 11:58 - 00000000 ____D () C:\Users\HDS\AppData\Roaming\Skype 2014-06-29 13:30 - 2014-03-28 18:36 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-06-29 13:30 - 2014-01-05 11:58 - 00000000 ____D () C:\ProgramData\Skype 2014-06-28 15:09 - 2014-04-05 16:09 - 00001011 _____ () C:\Users\HDS\Desktop\Dropbox.lnk 2014-06-28 12:34 - 2014-01-14 16:49 - 00017920 _____ () C:\Users\HDS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-06-24 14:22 - 2014-06-24 14:22 - 00001132 _____ () C:\Users\Public\Desktop\freenetMail Dateimanager.lnk 2014-06-24 14:22 - 2014-06-24 14:22 - 00000000 ____D () C:\Users\HDS\AppData\Roaming\freenet 2014-06-24 14:22 - 2014-06-24 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freenetMail Dateimanager 2014-06-24 14:22 - 2014-06-24 14:22 - 00000000 ____D () C:\ProgramData\freenet 2014-06-24 14:22 - 2014-06-24 14:22 - 00000000 ____D () C:\Program Files (x86)\freenetMail Dateimanager 2014-06-20 08:40 - 2014-06-20 07:43 - 00000000 ____D () C:\Users\HDS\Documents\Add-in Express 2014-06-20 07:47 - 2014-06-20 07:47 - 00000000 ____D () C:\Users\HDS\AppData\Local\FreeOCR 2014-06-20 07:47 - 2014-06-20 07:44 - 00000000 ____D () C:\FreeOCR 2014-06-20 07:44 - 2014-06-20 07:44 - 00000590 _____ () C:\Users\HDS\Desktop\FreeOCR.lnk 2014-06-20 07:44 - 2014-06-20 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR 2014-06-20 07:43 - 2014-06-20 07:43 - 00000000 ____D () C:\Program Files (x86)\PrintEco 2014-06-20 07:41 - 2014-06-20 07:40 - 00000000 ____D () C:\Users\HDS\AppData\Roaming\InetStat 2014-06-18 17:58 - 2014-01-04 12:07 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-06-18 16:18 - 2014-06-18 16:12 - 00000000 ____D () C:\Users\HDS\Documents\Fax 2014-06-18 09:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help 2014-06-18 09:46 - 2014-06-18 09:46 - 00003090 _____ () C:\Windows\System32\Tasks\{05AE3A2C-E679-448E-AB6E-97F7FFBF0FD5} 2014-06-18 09:43 - 2014-01-04 13:21 - 00002669 _____ () C:\Users\Public\Desktop\TAXMAN 2014 spezial.lnk 2014-06-18 09:43 - 2014-01-03 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware 2014-06-18 09:27 - 2014-01-04 17:50 - 00000000 ____D () C:\Users\HDS\AppData\Roaming\Adobe 2014-06-17 12:16 - 2014-01-04 09:54 - 00000000 ____D () C:\ProgramData\Adobe 2014-06-17 12:14 - 2014-01-04 17:50 - 00096280 _____ () C:\Users\HDS\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-17 12:14 - 2009-07-14 06:45 - 00369552 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-06-17 12:09 - 2014-06-17 12:09 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 6.0.lnk 2014-06-17 12:09 - 2014-06-17 12:09 - 00001107 _____ () C:\Users\Public\Desktop\Adobe Photoshop Elements 6.0.lnk 2014-06-17 12:06 - 2014-06-17 12:06 - 01628920 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxsfs.dll 2014-06-17 12:06 - 2014-06-17 12:06 - 00547576 ____N (Sonic Solutions) C:\Windows\SysWOW64\px.dll 2014-06-17 12:06 - 2014-06-17 12:06 - 00510712 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxdrv.dll 2014-06-17 12:06 - 2014-06-17 12:06 - 00379640 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxwave.dll 2014-06-17 12:06 - 2014-06-17 12:06 - 00187128 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxmas.dll 2014-06-17 12:06 - 2014-06-17 12:06 - 00129784 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxafs.dll 2014-06-17 12:06 - 2014-06-17 12:06 - 00118520 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxinsi64.exe 2014-06-17 12:06 - 2014-06-17 12:06 - 00116472 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxcpyi64.exe 2014-06-17 12:06 - 2014-06-17 12:06 - 00072440 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxhpinst.exe 2014-06-17 12:06 - 2014-06-17 12:06 - 00064760 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxinsa64.exe 2014-06-17 12:06 - 2014-06-17 12:06 - 00064760 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxcpya64.exe 2014-06-17 12:06 - 2014-06-17 12:06 - 00052856 ____N (Sonic Solutions) C:\Windows\system32\Drivers\PxHlpa64.sys 2014-06-17 12:06 - 2014-06-17 12:06 - 00039672 ____N (Sonic Solutions) C:\Windows\SysWOW64\vxblock.dll 2014-06-17 12:06 - 2014-06-17 12:06 - 00010488 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys 2014-06-17 12:06 - 2014-06-17 12:06 - 00010488 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys 2014-06-17 12:06 - 2014-01-04 11:53 - 00000209 _____ () C:\Windows\ODBCINST.INI 2014-06-17 12:06 - 2014-01-04 09:53 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-06-17 12:03 - 2014-02-19 18:37 - 00000000 ____D () C:\Users\Hans-Dieter\AppData\Roaming\Adobe 2014-06-17 12:03 - 2014-01-04 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe 2014-06-17 10:53 - 2014-03-27 18:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-17 10:53 - 2014-01-05 13:05 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-17 10:48 - 2014-03-27 18:12 - 00004118 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-17 10:48 - 2014-01-05 13:05 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-17 08:47 - 2014-01-18 14:52 - 00007906 _____ () C:\Users\HDS\Documents\capella.log 2014-06-16 17:26 - 2014-06-13 17:19 - 00000000 ____D () C:\Users\HDS\AppData\Local\Adobe 2014-06-15 15:50 - 2014-01-22 18:37 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk 2014-06-15 15:50 - 2014-01-22 18:37 - 00001105 _____ () C:\Users\HDS\Desktop\KeePass 2.lnk 2014-06-15 15:50 - 2014-01-22 18:37 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2 2014-06-15 12:53 - 2014-01-05 10:30 - 00000000 ____D () C:\Users\HDS\Documents\MyHeritage 2014-06-13 20:21 - 2014-06-13 20:21 - 00000000 ____D () C:\Users\HDS\AppData\Roaming\eXPert PDF 5 2014-06-13 20:17 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-06-13 07:12 - 2014-02-25 16:15 - 00000000 ____D () C:\Program Files (x86)\AntiBrowserSpy 2014-06-13 07:11 - 2014-06-03 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-12 17:21 - 2014-01-03 20:51 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-12 17:21 - 2014-01-03 20:51 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-06-12 13:28 - 2014-01-04 14:48 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-06-12 13:28 - 2014-01-04 14:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-06-12 13:28 - 2014-01-03 19:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-12 08:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-06-11 21:59 - 2014-01-05 09:57 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-11 21:54 - 2014-01-05 09:57 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-11 21:54 - 2014-01-04 10:06 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-11 21:53 - 2014-06-04 05:15 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-09 16:03 - 2014-01-05 10:43 - 00000000 ____D () C:\Users\HDS\AppData\Roaming\GeoSetter 2014-06-08 15:09 - 2014-06-08 15:09 - 00000000 ____D () C:\Program Files (x86)\SuperCar 2014-06-08 15:09 - 2014-06-08 14:57 - 00001905 _____ () C:\Users\Public\Desktop\SuperCar.lnk 2014-06-08 14:57 - 2014-06-08 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperCar 2014-06-08 11:13 - 2014-06-11 07:28 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-08 11:08 - 2014-06-11 07:28 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-07 08:59 - 2014-06-07 08:59 - 00000938 _____ () C:\Users\HDS\Desktop\DL - Verknüpfung.lnk Some content of TEMP: ==================== C:\Users\HDS\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe C:\Users\HDS\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl_pmpy.dll C:\Users\HDS\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsbry6o.dll C:\Users\HDS\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.1.exe C:\Users\HDS\AppData\Local\Temp\FreemakeVideoDownloader_3.6.2.3.exe C:\Users\HDS\AppData\Local\Temp\NOSEventMessages.dll C:\Users\HDS\AppData\Local\Temp\Quarantine.exe C:\Users\HDS\AppData\Local\Temp\vlc-2.1.4-win64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-29 07:49 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01 Ran by HDS at 2014-07-07 18:43:23 Running from E:\Downloads\trojanerboard Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: G Data InternetSecurity (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0} AS: G Data InternetSecurity (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Acoustica 4.1 (HKLM-x32\...\Acoustica_is1) (Version: 4.1 - Acon Digital Media GmbH) Acronis True Image 2014 (HKLM-x32\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis) Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden Acronis*Disk*Director*11*Home (HKLM-x32\...\{8EFB7927-48AD-4E6D-91B7-6B2BD6C3F380}) (Version: 11.0.2343 - Acronis) Adobe Acrobat 7.0 Professional - English, Français, Deutsch (x32 Version: 7.1.0 - Adobe Systems) Hidden Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.1.0 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden Adobe Dreamweaver CS4 (HKLM-x32\...\Adobe_acce07fd2c8fe7f9e3f26243e626578) (Version: 10.0 - Adobe Systems Incorporated) Adobe Dreamweaver CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated) Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated) Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems, Inc.) Adobe Photoshop Elements 6.0 (x32 Version: 6.0 - Adobe Systems, Inc.) Hidden Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.) Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden AntiBrowserSpy (HKLM-x32\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 141 - Abelssoft) Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI AVIVO64 Codecs (Version: 11.6.0.50517 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{14AF193A-EC13-3B3E-BFBF-D2C471F12718}) (Version: 3.0.778.0 - ATI Technologies, Inc.) Bizzybolt (HKLM\...\Bizzybolt) (Version: 2013.11.20.184610 - Bizzybolt) <==== ATTENTION Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{D6E46FC2-B513-4B7D-8C8C-352F4735C541}) (Version: 12.54.02 - Broadcom Corporation) Brother MFL-Pro Suite MFC-J470DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.) CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.5.0.3 - Canon Inc.) Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.1.6 - Canon Inc.) Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 3.3.0.5 - Canon Inc.) Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.2.21 - Canon Inc.) Canon Utilities Digital Photo Professional 3.4 (HKLM-x32\...\DPP) (Version: 3.4.0.0 - Canon Inc.) Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.4.0.1 - Canon Inc.) Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.) Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.) Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.) Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.3.0.0 - Canon Inc.) Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.) Canon Utilities WFT-E1/E2/E3 Utility (HKLM-x32\...\WFTK) (Version: 3.2.1.1 - Canon Inc.) Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.1.21 - Canon Inc.) capella 7 (HKLM-x32\...\{4623BAA6-0B23-4D47-ABD0-73F2DA4FAF56}) (Version: 7.1.20 - capella software AG) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0517.1742.29870 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0517.1742.29870 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0517.1742.29870 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0517.1742.29870 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help English (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help French (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help German (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0517.1741.29870 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden ccc-core-static (x32 Version: 2010.0517.1742.29870 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2010.0517.1742.29870 - ATI) Hidden Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper) Core FTP LE (HKLM-x32\...\CoreFTP) (Version: - ) DDBAC (HKLM-x32\...\{AC3DC2B3-9380-4966-87B6-9FAEB5E7739C}) (Version: 5.3.25 - DataDesign) DDBAC (HKLM-x32\...\{E3B6D3FB-A593-41BA-9AB1-FFE46F608565}) (Version: 5.3.21 - DataDesign) Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{2A16B95F-7377-410A-B961-EFD9394E1AF3}) (Version: - Microsoft) dradio-Recorder Version 3.02.6 (HKLM-x32\...\dradio-Recorder_is1) (Version: - ) Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden eXPert PDF 5 (HKLM-x32\...\{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}) (Version: 5.1.200.0 - Visage Software) Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation) Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.6.2 - Ellora Assets Corporation) freenetMail Dateimanager (HKLM-x32\...\freenetMail Dateimanager) (Version: 1.4.15a - freenet.de GmbH) FreeOCR v5.0 (HKLM-x32\...\freeocr_is1) (Version: - ) G Data InternetSecurity (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.4 - G Data Software AG) Garmin BaseCamp (HKLM-x32\...\{EBAC8FD4-28EC-46F7-BF9E-89D6E6673001}) (Version: 4.2.5 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) GeoSetter 3.4.16 (HKLM-x32\...\GeoSetter_is1) (Version: - Friedemann Schmidt) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) GoogleClean (HKLM-x32\...\{4281435C-AD1D-4C8A-B9C0-3961C08EF142}_is1) (Version: 5.0.000 - Abelssoft) High-Definition Video Playback (x32 Version: 11.1.11100.4.196 - Nero AG) Hidden HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation) HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.0.52.0 - HTC) iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) InetStat (HKCU\...\InetStat) (Version: 0.5b - InetStat) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation) Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation) Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle) Java(TM) 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle) KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl) kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Lexware Info Service (HKLM-x32\...\{85BF9FDB-BD5B-407C-9CAE-3542E5164783}) (Version: 4.00.00.0075 - Haufe-Lexware GmbH & Co.KG) Lexware online banking (HKLM-x32\...\{A64DF516-9CDC-4299-BD34-2B2C80CD453B}) (Version: 19.00.00.0059 - Haufe-Lexware GmbH & Co.KG) LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe) Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech) Lotus Notes 6.5.1 de (HKLM-x32\...\{C626B47C-8312-4D8C-89E1-16FE42EF34E6}) (Version: 6.501.421 - IBM) Lupas Rename 2000 v5.0 Release (HKLM-x32\...\Lupas Rename 2000_is1) (Version: - Ivan Anton Albarracin) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation) Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6422.14 - PC-Doctor, Inc.) MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom) MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7129 - MyHeritage.com) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger) Nero 11 Cliparts (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero 11 Disc Menus 1 (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero 11 Disc Menus 2 (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero 11 Disc Menus 3 (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero 11 Disc Menus Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero 11 Effects Basic (x32 Version: 11.0.11400.14.0 - Nero AG) Hidden Nero 11 Image Samples (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero 11 Kwik Themes 1 (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero 11 Kwik Themes 2 (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero 11 Kwik Themes 3 (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero 11 Kwik Themes 4 (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero 11 Kwik Themes Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero 11 PiP Effects 1 (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero 11 PiP Effects Basic (x32 Version: 11.0.11400.14.0 - Nero AG) Hidden Nero 11 Platinum (HKLM-x32\...\{79B3E8EE-35F2-4CCD-82D9-4A57F408E449}) (Version: 11.2.00700 - Nero AG) Nero 11 Video Samples (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero 11 Video Transitions 1 (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden Nero BackItUp 11 (x32 Version: 6.2.18400.2.100 - Nero AG) Hidden Nero BackItUp 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG) Nero Burning ROM 11 (x32 Version: 11.2.10300.0.0 - Nero AG) Hidden Nero Burning ROM 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero ControlCenter 11 (x32 Version: 11.0.12700.0.27 - Nero AG) Hidden Nero ControlCenter 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero Core Components 11 (x32 Version: 11.0.16300.1.23 - Nero AG) Hidden Nero CoverDesigner 11 (x32 Version: 6.0.11000.13.100 - Nero AG) Hidden Nero CoverDesigner 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero Express 11 (x32 Version: 11.2.10300.0.0 - Nero AG) Hidden Nero Express 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero Kwik Media (x32 Version: 1.10.24800.146.100 - Nero AG) Hidden Nero Kwik Media Help (CHM) (x32 Version: 11.0.10200 - Nero AG) Hidden Nero Recode 11 (x32 Version: 5.2.10900.0.0 - Nero AG) Hidden Nero Recode 11 Help (CHM) (x32 Version: 11.0.10600 - Nero AG) Hidden Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100 - Nero AG) Hidden Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden Nero SharedVideoCodecs (x32 Version: 1.0.11500.1.5 - Nero AG) Hidden Nero SoundTrax 11 (x32 Version: 5.0.10700.6.100 - Nero AG) Hidden Nero SoundTrax 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden Nero Video 11 (x32 Version: 8.2.15700.3.100 - Nero AG) Hidden Nero Video 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero WaveEditor 11 (x32 Version: 6.2.11300.0.100 - Nero AG) Hidden Nero WaveEditor 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden nero.prerequisites.msi (x32 Version: 11.0.20010 - Nero AG) Hidden Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia) Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia) Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia) PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) PrintEco Office (HKLM-x32\...\{864C0654-5C9F-4F03-85D5-47CA3062C7E2}) (Version: 1.4.70 - PrintEco) Quicken 2014 (HKLM-x32\...\{E60036CF-1E46-4DFE-832F-5476574B30FF}) (Version: 21.37.00.0185 - Haufe-Lexware GmbH & Co.KG) Quicken DELUXE Jubiläumsversion (HKLM-x32\...\{A907A713-DA24-4352-8786-96C7A6944646}) (Version: 20.36.00.0134 - Haufe-Lexware GmbH & Co.KG) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net) Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden Secure Eraser (HKLM-x32\...\Secure Eraser_is1) (Version: 4.2.0.1 - ASCOMP Software GmbH) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden SUPER © v2014.build.60+Recorder (2014/02/18) Version v2014.buil (HKLM-x32\...\{8E2A18E2-96AF-8549-4DE7-5C06B75719A4}_is1) (Version: v2014.build.60+Recorder - eRightSoft) SuperCar (HKLM-x32\...\SuperCar) (Version: - ) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TAXMAN 2014 spezial (HKLM-x32\...\{23CCE76F-7421-4090-8081-BD519F2F93F4}) (Version: 20.04.00.0003 - Haufe-Lexware GmbH & Co.KG) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer) Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.SingleImage_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0410-1000-0000000FF1CE}_Office14.SingleImage_{B2508D75-61CF-4CC0-84C0-CF257219201D}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.SingleImage_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version: - Microsoft) UpdateYeti (HKLM-x32\...\UpdateYeti_is1) (Version: 2.16 - Abelssoft) Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN) Welcome App (Start-up experience) (x32 Version: 11.0.23500.0.0 - Nero AG) Hidden Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) XnView 2.12 (HKLM-x32\...\XnView_is1) (Version: 2.12 - Gougelet Pierre-e) ==================== Restore Points ========================= 22-06-2014 16:11:57 Windows Update 28-06-2014 10:21:06 Windows Update 02-07-2014 07:36:40 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2014-03-31 15:24 - 00000863 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 google-analytics.com ==================== Scheduled Tasks (whitelisted) ============= Task: {1FECA8C6-0AF7-4BDA-8463-A95604FC3964} - System32\Tasks\AntiBrowserSpy - SocialBlock - IEProxyCheck => C:\Program Files (x86)\AntiBrowserSpy\SocialBlock_ProxyCheck.exe [2014-01-08] () Task: {30EE096A-F76E-4793-97A4-C487EA3C2650} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-03] (PC-Doctor, Inc.) Task: {38565432-BFA7-4836-8020-C12C9F5E6DF8} - System32\Tasks\Abelssoft\UpdateYeti scan => C:\Program Files (x86)\UpdateYeti\UpdateYeti.exe [2014-02-18] (Ascora GmbH) Task: {435A0533-5AF4-4078-B580-08CAFB0A7898} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {50F7C0A7-34B3-43E2-8E84-D811DB9F182D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-12-03] (PC-Doctor, Inc.) Task: {95BC6CCC-9B9B-45BA-A5F6-AAA741E5E77B} - System32\Tasks\AntiBrowserSpy - SocialBlock - IE => C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpy-IE-SocialBlock.exe [2014-01-08] () Task: {980E0CDC-C1FE-4BFD-8CB8-F6F7CB6F5481} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-12] (Adobe Systems Incorporated) Task: {CDD01417-B496-493F-B6DD-43A9FFC02AF3} - System32\Tasks\AntiBrowserSpy - BrowserMask => C:\Program Files (x86)\AntiBrowserSpy\BrowserMask.exe [2014-01-08] () Task: {E3F06EE1-F3B9-4C89-A4E3-3CA6A1E74C5F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-05] (Google Inc.) Task: {E83FDDA6-C32F-4394-A1AB-B03D54319006} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-05] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2007-09-11 00:45 - 2007-09-11 00:45 - 00124832 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe 2014-01-05 13:17 - 2012-12-07 18:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2014-01-04 13:50 - 2005-04-22 06:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll 2014-02-25 16:15 - 2014-01-08 09:21 - 00778240 _____ () C:\Program Files (x86)\AntiBrowserSpy\SocialBlock_ProxyCheck.exe 2014-02-25 16:15 - 2014-01-08 09:18 - 01136640 _____ () C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpy-IE-SocialBlock.exe 2013-10-01 11:32 - 2013-10-01 11:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll 2014-02-25 16:15 - 2014-01-08 09:21 - 00823424 _____ () C:\Program Files (x86)\AntiBrowserSpy\BrowserMask.exe 2014-02-25 16:15 - 2014-01-08 09:21 - 00055936 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbSettings.dll 2014-02-25 16:15 - 2014-01-08 09:21 - 00861312 _____ () C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyResources.dll 2014-02-25 16:15 - 2014-01-08 09:21 - 01340032 _____ () C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyLibrary.dll 2014-02-25 16:15 - 2014-01-08 09:21 - 01401472 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbGui.dll 2014-02-25 16:15 - 2014-01-08 09:21 - 00016000 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbProcessManager.dll 2011-11-15 19:44 - 2011-11-15 19:44 - 02155848 _____ () C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe 2011-10-07 11:39 - 2011-10-07 11:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll 2014-01-04 15:15 - 2012-04-03 18:14 - 00041472 _____ () C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe 2008-11-18 13:00 - 2008-11-18 13:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-05-17 18:40 - 2010-05-17 18:40 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-03-21 16:07 - 2014-03-21 16:07 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe 2014-05-20 03:38 - 2014-05-20 03:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-03-21 16:05 - 2014-03-21 16:05 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll 2014-03-21 16:06 - 2014-03-21 16:06 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll 2014-03-21 16:06 - 2014-03-21 16:06 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll 2014-03-21 16:06 - 2014-03-21 16:06 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll 2014-03-21 16:06 - 2014-03-21 16:06 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll 2014-03-21 16:08 - 2014-03-21 16:08 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll 2014-03-21 16:09 - 2014-03-21 16:09 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll 2014-01-04 13:50 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2013-10-10 13:02 - 2013-10-10 13:02 - 00013120 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00656896 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll 2012-02-22 17:46 - 2012-02-22 17:46 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll 2012-01-05 23:40 - 2012-01-05 23:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll 2014-02-04 19:25 - 2014-02-04 19:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll 2014-02-04 19:28 - 2014-02-04 19:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2014-06-03 18:43 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-10-01 12:00 - 2013-10-01 12:00 - 00022336 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/07/2014 06:35:19 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/07/2014 06:18:49 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Das Stammelement der Manifestdatei muss assembliert sein. Error: (07/07/2014 04:06:35 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8019 Error: (07/07/2014 04:06:35 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8019 Error: (07/07/2014 04:06:35 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/07/2014 04:06:34 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7020 Error: (07/07/2014 04:06:34 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7020 Error: (07/07/2014 04:06:34 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/07/2014 04:06:33 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6022 Error: (07/07/2014 04:06:33 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6022 System errors: ============= Error: (07/07/2014 06:18:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst afcdpsrv erreicht. Error: (07/07/2014 00:06:54 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {1EF75F33-893B-4E8F-9655-C3D602BA4897} Error: (07/03/2014 09:36:03 PM) (Source: srv) (EventID: 2017) (User: ) Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde. Error: (07/03/2014 08:44:25 PM) (Source: srv) (EventID: 2017) (User: ) Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde. Error: (07/03/2014 08:44:05 PM) (Source: srv) (EventID: 2017) (User: ) Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde. Error: (07/03/2014 08:43:25 PM) (Source: srv) (EventID: 2017) (User: ) Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde. Error: (07/03/2014 08:43:05 PM) (Source: srv) (EventID: 2017) (User: ) Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde. Error: (07/03/2014 08:42:25 PM) (Source: srv) (EventID: 2017) (User: ) Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde. Error: (07/03/2014 08:38:05 PM) (Source: srv) (EventID: 2017) (User: ) Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde. Error: (07/03/2014 08:37:45 PM) (Source: srv) (EventID: 2017) (User: ) Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde. Microsoft Office Sessions: ========================= Error: (07/07/2014 06:35:19 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\Downloads\trojanerboard\esetsmartinstaller_enu.exe Error: (07/07/2014 06:18:49 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader.dll.ManifestC:\Program Files (x86)\PrintEco\PrintEco Office\adxloader.dll.Manifest2 Error: (07/07/2014 04:06:35 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8019 Error: (07/07/2014 04:06:35 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8019 Error: (07/07/2014 04:06:35 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/07/2014 04:06:34 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7020 Error: (07/07/2014 04:06:34 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7020 Error: (07/07/2014 04:06:34 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/07/2014 04:06:33 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6022 Error: (07/07/2014 04:06:33 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6022 ==================== Memory info =========================== Percentage of memory in use: 34% Total physical RAM: 6103.12 MB Available physical RAM: 3990.33 MB Total Pagefile: 12204.41 MB Available Pagefile: 8727.71 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1862.92 GB) (Free:1764.17 GB) NTFS Drive d: () (Fixed) (Total:425.58 GB) (Free:207.57 GB) NTFS Drive e: (Eigene Dateien) (Fixed) (Total:554.98 GB) (Free:244.44 GB) NTFS Drive i: () (Fixed) (Total:662.53 GB) (Free:182.89 GB) NTFS Drive j: (MEDIA) (Removable) (Total:29.71 GB) (Free:23.96 GB) FAT32 Drive o: (Kopie C alt) (Fixed) (Total:205.97 GB) (Free:37.65 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: 6E7A038E) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=-198731366400) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1863 GB) (Disk ID: 722B620C) Partition 1: (Not Active) - (Size=150 MB) - (Type=DE) Partition 2: (Not Active) - (Size=206 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=-434765733888) - (Type=05) ======================================================== Disk: 2 (Size: 30 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-07-07 20:23:44 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST2000DM001-1CH164 rev.CC29 1863,02GB Running: Gmer-19357.exe; Driver: C:\Users\HDS\AppData\Local\Temp\awlyipow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031f6000 45 bytes [00, 00, 12, 02, 47, 44, 57, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574 fffff800031f602e 17 bytes [5C, 00, 55, 00, 53, 00, 45, ...] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [1120:4064] 000007fee7c0a2b0 Thread C:\Windows\System32\svchost.exe [1120:1824] 000007fee52a3efc Thread C:\Windows\System32\svchost.exe [1120:4816] 000007fee52e8a4c Thread C:\Windows\system32\svchost.exe [1580:1164] 000007fefa2335c0 Thread C:\Windows\system32\svchost.exe [1580:5116] 000007fefa235600 Thread C:\Windows\system32\svchost.exe [1580:3812] 000007fee8662888 Thread C:\Windows\system32\svchost.exe [1580:2716] 000007fee84b2940 Thread C:\Windows\system32\svchost.exe [1580:4104] 000007fee8662a40 Thread C:\Windows\system32\svchost.exe [2312:2620] 000007fef99e5fd0 Thread C:\Windows\system32\svchost.exe [2312:2700] 000007fef91a3438 Thread C:\Windows\system32\svchost.exe [2312:2712] 000007fef99e63ec Thread C:\Windows\system32\svchost.exe [2312:2848] 000000000033b128 Thread C:\Windows\system32\svchost.exe [2312:2984] 000007fef9a6a850 Thread C:\Windows\system32\Dwm.exe [2600:2956] 000007fef988f0d8 Thread C:\Windows\system32\Dwm.exe [2600:2960] 000007fef669abf0 Thread C:\Program Files (x86)\AntiBrowserSpy\BrowserMask.exe [2936:2944] 000007fef7f2bd94 Thread C:\Program Files (x86)\AntiBrowserSpy\BrowserMask.exe [2936:2948] 000007fef7ea3368 Thread C:\Program Files (x86)\AntiBrowserSpy\BrowserMask.exe [2936:5060] 000007fef7ed87b8 Thread C:\Program Files (x86)\AntiBrowserSpy\BrowserMask.exe [2936:6440] 000007fef24b4bf4 Thread C:\Program Files (x86)\AntiBrowserSpy\BrowserMask.exe [2936:6608] 000007fef7fb8970 Thread C:\Program Files (x86)\AntiBrowserSpy\BrowserMask.exe [2936:4796] 000007fef7ea3368 Thread C:\Program Files (x86)\AntiBrowserSpy\BrowserMask.exe [2936:6016] 000007fef7ea3368 Thread C:\Program Files (x86)\AntiBrowserSpy\BrowserMask.exe [2936:3484] 000007fef7ea3368 Thread C:\Program Files (x86)\AntiBrowserSpy\BrowserMask.exe [2936:6468] 000007fef7e993d4 Thread C:\Windows\system32\wbem\wmiprvse.exe [3204:3244] 000007fef08210f0 Thread C:\Windows\System32\WUDFHost.exe [5056:5280] 000007fee78624a0 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- ---GData-------------- Ihr Rechner wurden von einem entfernten Rechner auf offene Internet-Dienste (Ports) abgetastet. Die Firewall hat diesen Angriff unterbunden. Netzwerk Info: Netzwerk : LAN-Verbindung 2 Entfernter Rechner : 193.175.234.83 (nugo.dife.de) Besten Dank im voraus Masin |
Baum-Darstellung