| |
| |||||||
Log-Analyse und Auswertung: Windows 7 / TR/Rogue.1123358 / VBS/Kryptik.N / Kopien auf USb Stick nur als VerknüpfungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.07.2014, 22:38
| #1 |
 |  Windows 7 / TR/Rogue.1123358 / VBS/Kryptik.N / Kopien auf USb Stick nur als Verknüpfung Guten Tag, mein Rechner wurde in den letzten Wochen immer langsamer nachdem ich dann Avira heruntergeladen habe wurden Viren gefunden und in Quarantaene verschoben, nun weiss ich nicht ob das ausreicht oder ob weitere Massnahmen erforderlich sind. Seit ca. 3 Monaten habe ich auch das Problem, das wenn ich Daten auf einen USB Stick kopiere später nur Verknüpfungen auf diesem sind. GMER habe ich wie beschrieben laufen lassen, allerdings wurde das Programm immer abgebrochen, wehen eines unerwartenden schweren Fehler und es wurde ein Neustart erzwungen. Ich hoffe das jemand mal einen Blick drauf werfen kann und mir evtl helfen wenn eine Aktion nötig sein sollte. Vielen Dank im voraus, Thomas Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 10. Juli 2014 11:29
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Starter
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : *****
Computername : *****-PC
Versionsinformationen:
BUILD.DAT : 14.0.5.464 91868 Bytes 02.07.2014 13:06:00
AVSCAN.EXE : 14.0.5.396 1042512 Bytes 02.07.2014 10:06:43
AVSCANRC.DLL : 14.0.5.364 62544 Bytes 02.07.2014 10:06:43
LUKE.DLL : 14.0.5.336 57936 Bytes 02.07.2014 10:06:46
AVSCPLR.DLL : 14.0.5.376 89680 Bytes 02.07.2014 10:06:43
AVREG.DLL : 14.0.5.356 261200 Bytes 02.07.2014 10:06:43
avlode.dll : 14.0.5.396 588368 Bytes 02.07.2014 10:06:42
avlode.rdf : 14.0.4.36 65096 Bytes 09.07.2014 22:11:34
XBV00008.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00009.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00010.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00011.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00012.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00013.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00014.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00015.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00016.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00017.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00018.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00019.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00020.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00021.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00022.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00023.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00024.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00025.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00026.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00027.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00028.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00029.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00030.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00031.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00032.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00033.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00034.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00035.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00036.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00037.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00038.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00039.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00040.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00041.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00056.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:11:58
XBV00057.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:11:58
XBV00058.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:11:59
XBV00059.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:11:59
XBV00060.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:00
XBV00061.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:00
XBV00062.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:00
XBV00063.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:00
XBV00064.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:01
XBV00065.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:01
XBV00066.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:01
XBV00067.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:02
XBV00068.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:02
XBV00069.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:02
XBV00070.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:02
XBV00071.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:03
XBV00072.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:03
XBV00073.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:03
XBV00074.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:04
XBV00075.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:04
XBV00076.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:04
XBV00077.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:05
XBV00078.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:05
XBV00079.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:05
XBV00080.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:05
XBV00081.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:06
XBV00082.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:06
XBV00083.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:06
XBV00084.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:06
XBV00085.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:07
XBV00086.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:07
XBV00087.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:07
XBV00088.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:08
XBV00089.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:08
XBV00090.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:08
XBV00091.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:08
XBV00092.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:09
XBV00093.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:09
XBV00094.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:09
XBV00095.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:09
XBV00096.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:10
XBV00097.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:10
XBV00098.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:10
XBV00099.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:11
XBV00100.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:11
XBV00101.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:11
XBV00102.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:11
XBV00103.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:12
XBV00104.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:12
XBV00105.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:12
XBV00106.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:13
XBV00107.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:13
XBV00108.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:14
XBV00109.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:14
XBV00110.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:14
XBV00111.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:14
XBV00112.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:15
XBV00113.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:15
XBV00114.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:15
XBV00115.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:15
XBV00116.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:16
XBV00117.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:16
XBV00118.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:16
XBV00119.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:16
XBV00120.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:17
XBV00121.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:17
XBV00122.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:17
XBV00123.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:18
XBV00124.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:18
XBV00125.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:18
XBV00126.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:19
XBV00127.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:19
XBV00128.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:19
XBV00129.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:19
XBV00130.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:20
XBV00131.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:20
XBV00132.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:20
XBV00133.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:20
XBV00134.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:21
XBV00135.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:21
XBV00136.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:21
XBV00137.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:22
XBV00138.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:22
XBV00139.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:22
XBV00140.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:23
XBV00141.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:23
XBV00142.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:23
XBV00143.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:24
XBV00144.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:24
XBV00145.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:24
XBV00146.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:24
XBV00147.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:25
XBV00148.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:25
XBV00149.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:25
XBV00150.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:26
XBV00151.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:26
XBV00152.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:26
XBV00153.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:27
XBV00154.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:27
XBV00155.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:27
XBV00156.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:27
XBV00157.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:28
XBV00158.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:28
XBV00159.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:28
XBV00160.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:28
XBV00161.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:29
XBV00162.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:29
XBV00163.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:29
XBV00164.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:30
XBV00165.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:30
XBV00166.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:30
XBV00167.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:31
XBV00168.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:31
XBV00169.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:31
XBV00170.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:32
XBV00171.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:32
XBV00172.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:33
XBV00173.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:33
XBV00174.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:33
XBV00175.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:34
XBV00176.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:34
XBV00177.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:34
XBV00178.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:35
XBV00179.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:35
XBV00180.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:35
XBV00181.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:36
XBV00182.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:36
XBV00183.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:36
XBV00184.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:37
XBV00185.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:37
XBV00186.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:37
XBV00187.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:38
XBV00188.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:38
XBV00189.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:39
XBV00190.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:39
XBV00191.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:39
XBV00192.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:39
XBV00193.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:40
XBV00194.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:40
XBV00195.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:40
XBV00196.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:40
XBV00197.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:41
XBV00198.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:41
XBV00199.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:41
XBV00200.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:42
XBV00201.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:42
XBV00202.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:42
XBV00203.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:42
XBV00204.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:43
XBV00205.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:43
XBV00206.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:43
XBV00207.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:44
XBV00208.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:44
XBV00209.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:44
XBV00210.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:45
XBV00211.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:45
XBV00212.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:45
XBV00213.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:45
XBV00214.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:46
XBV00215.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:46
XBV00216.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:46
XBV00217.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:47
XBV00218.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:47
XBV00219.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:47
XBV00220.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:47
XBV00221.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:48
XBV00222.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:48
XBV00223.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:48
XBV00224.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:48
XBV00225.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:49
XBV00226.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:49
XBV00227.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:49
XBV00228.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:50
XBV00229.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:50
XBV00230.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:50
XBV00231.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:51
XBV00232.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:51
XBV00233.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:51
XBV00234.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:52
XBV00235.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:52
XBV00236.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:52
XBV00237.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:53
XBV00238.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:53
XBV00239.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:53
XBV00240.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:54
XBV00241.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:54
XBV00242.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:54
XBV00243.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:54
XBV00244.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:55
XBV00245.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:55
XBV00246.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:55
XBV00247.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:56
XBV00248.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:56
XBV00249.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:56
XBV00250.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:56
XBV00251.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:57
XBV00252.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:57
XBV00253.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:57
XBV00254.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:57
XBV00255.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:58
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 10:06:47
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 10:06:47
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 10:06:47
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 10:06:47
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 10:06:47
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 10:06:47
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 10:06:47
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 10:06:47
XBV00042.VDF : 8.11.153.142 710656 Bytes 06.06.2014 10:06:47
XBV00043.VDF : 8.11.155.44 1013760 Bytes 16.06.2014 10:06:47
XBV00044.VDF : 8.11.159.102 1662976 Bytes 08.07.2014 22:11:51
XBV00045.VDF : 8.11.159.104 13824 Bytes 08.07.2014 22:11:52
XBV00046.VDF : 8.11.159.108 13312 Bytes 08.07.2014 22:11:52
XBV00047.VDF : 8.11.159.112 30720 Bytes 09.07.2014 22:11:52
XBV00048.VDF : 8.11.159.114 6144 Bytes 09.07.2014 22:11:53
XBV00049.VDF : 8.11.159.116 10240 Bytes 09.07.2014 22:11:53
XBV00050.VDF : 8.11.159.118 5632 Bytes 09.07.2014 22:11:53
XBV00051.VDF : 8.11.159.122 7168 Bytes 09.07.2014 22:11:54
XBV00052.VDF : 8.11.159.126 180736 Bytes 09.07.2014 22:11:56
XBV00053.VDF : 8.11.159.148 174080 Bytes 09.07.2014 22:11:57
XBV00054.VDF : 8.11.159.168 2560 Bytes 09.07.2014 22:11:58
XBV00055.VDF : 8.11.159.188 15360 Bytes 09.07.2014 22:11:58
LOCAL000.VDF : 8.11.159.188 107699200 Bytes 09.07.2014 22:21:49
Engineversion : 8.3.20.30
AEVDF.DLL : 8.3.0.4 118976 Bytes 02.07.2014 10:06:41
AESCRIPT.DLL : 8.1.4.218 532680 Bytes 09.07.2014 22:11:33
AESCN.DLL : 8.3.1.2 135360 Bytes 02.07.2014 10:06:41
AESBX.DLL : 8.2.20.24 1409224 Bytes 02.07.2014 10:06:41
AERDL.DLL : 8.2.0.138 704888 Bytes 02.07.2014 10:06:41
AEPACK.DLL : 8.4.0.42 786632 Bytes 09.07.2014 22:11:32
AEOFFICE.DLL : 8.3.0.8 205000 Bytes 09.07.2014 22:11:28
AEHEUR.DLL : 8.1.4.1132 6820040 Bytes 02.07.2014 10:06:41
AEHELP.DLL : 8.3.1.0 278728 Bytes 02.07.2014 10:06:41
AEGEN.DLL : 8.1.7.28 450752 Bytes 02.07.2014 10:06:41
AEEXP.DLL : 8.4.2.6 237760 Bytes 02.07.2014 10:06:41
AEEMU.DLL : 8.1.3.2 393587 Bytes 02.07.2014 10:06:41
AEDROID.DLL : 8.4.2.24 442568 Bytes 02.07.2014 10:06:41
AECORE.DLL : 8.3.1.4 241864 Bytes 02.07.2014 10:06:41
AEBB.DLL : 8.1.1.4 53619 Bytes 02.07.2014 10:06:41
AVWINLL.DLL : 14.0.5.320 24144 Bytes 02.07.2014 10:06:44
AVPREF.DLL : 14.0.5.320 50256 Bytes 02.07.2014 10:06:43
AVREP.DLL : 14.0.5.320 219216 Bytes 02.07.2014 10:06:43
AVARKT.DLL : 14.0.5.368 226384 Bytes 02.07.2014 10:06:42
AVEVTLOG.DLL : 14.0.5.320 182352 Bytes 02.07.2014 10:06:42
SQLITE3.DLL : 14.0.5.320 452176 Bytes 02.07.2014 10:06:47
AVSMTP.DLL : 14.0.5.320 76368 Bytes 02.07.2014 10:06:44
NETNT.DLL : 14.0.5.320 13392 Bytes 02.07.2014 10:06:46
RCIMAGE.DLL : 14.0.5.320 4998224 Bytes 02.07.2014 10:06:46
RCTEXT.DLL : 14.0.5.322 73808 Bytes 02.07.2014 10:06:46
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Donnerstag, 10. Juli 2014 11:29
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'wmiprvse.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'FacebookUpdate.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'EasySpeedUpManager.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUPBackground.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'ymsgr_tray.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSCKbdHk.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'MovieColorEnhancer.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SRSPremiumPanel.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'FNPLicensingService.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '143' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrlHelper.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'SmartRestarter.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'MobileMonitor.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'WCScheduler.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrl.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'dmhkcore.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'airtel mobile broadband.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCSHelper.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCSHelper.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '173' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'HWDeviceService.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'ouc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\windows\system32\svchost.exe'
Signiert -> 'C:\windows\system32\winlogon.exe'
Signiert -> 'C:\windows\explorer.exe'
Signiert -> 'C:\windows\system32\smss.exe'
Signiert -> 'C:\windows\system32\wininet.DLL'
Signiert -> 'C:\windows\system32\wsock32.DLL'
Signiert -> 'C:\windows\system32\ws2_32.DLL'
Signiert -> 'C:\windows\system32\services.exe'
Signiert -> 'C:\windows\system32\lsass.exe'
Signiert -> 'C:\windows\system32\csrss.exe'
Signiert -> 'C:\windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\windows\system32\spoolsv.exe'
Signiert -> 'C:\windows\system32\alg.exe'
Signiert -> 'C:\windows\system32\wuauclt.exe'
Signiert -> 'C:\windows\system32\advapi32.DLL'
Signiert -> 'C:\windows\system32\user32.DLL'
Signiert -> 'C:\windows\system32\gdi32.DLL'
Signiert -> 'C:\windows\system32\kernel32.DLL'
Signiert -> 'C:\windows\system32\ntdll.DLL'
Signiert -> 'C:\windows\system32\ntoskrnl.exe'
Signiert -> 'C:\windows\system32\drivers\beep.sys'
Signiert -> 'C:\windows\system32\ctfmon.exe'
Signiert -> 'C:\windows\system32\imm32.dll'
Signiert -> 'C:\windows\system32\dsound.dll'
Signiert -> 'C:\windows\system32\aclui.dll'
Signiert -> 'C:\windows\system32\msvcrt.dll'
Signiert -> 'C:\windows\system32\d3d9.dll'
Signiert -> 'C:\windows\system32\dnsapi.dll'
Signiert -> 'C:\windows\system32\mshtml.dll'
Signiert -> 'C:\windows\system32\regsvr32.exe'
Signiert -> 'C:\windows\system32\rundll32.exe'
Signiert -> 'C:\windows\system32\userinit.exe'
Signiert -> 'C:\windows\system32\reg.exe'
Signiert -> 'C:\windows\system32\ntvdm.exe'
Signiert -> 'C:\windows\regedit.exe'
Die Systemdateien wurden durchsucht ('35' Dateien)
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2682' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Users\*****\AppData\Roaming\rining\rining.exe
[FUND] Ist das Trojanische Pferd TR/Rogue.1123358
Beginne mit der Suche in 'D:\'
Beginne mit der Desinfektion:
C:\Users\*****\AppData\Roaming\rining\rining.exe
[FUND] Ist das Trojanische Pferd TR/Rogue.1123358
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50527802.qua' verschoben!
Ende des Suchlaufs: Donnerstag, 10. Juli 2014 21:07
Benötigte Zeit: 7:48:03 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
31816 Verzeichnisse wurden überprüft
1630538 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1630537 Dateien ohne Befall
23262 Archive wurden durchsucht
0 Warnungen
1 Hinweise
786866 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Code:
ATTFilter
Typ: Datei
Quelle: C:\Users\*****\AppData\Roaming\rining\rining.exe
Status: Infiziert
Quarantäne-Objekt: 50527802.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: TR/Rogue.1123358
Datum/Uhrzeit: 10.07.2014, 21:07
Typ: Datei
Quelle: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 5075d08f.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 10:51
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 503ed468.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 10:44
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 481968eb.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 02:55
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 508e41c1.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 02:55
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 4812609c.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 02:49
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 50854aa8.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 02:49
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 48556d1d.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 02:43
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 50c24537.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 02:43
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 48026c65.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 02:37
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 5095454f.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 02:37
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 48766463.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 02:32
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 50e14159.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 02:32
Typ: Datei
Quelle: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 501d5dfc.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 02:03
Typ: Datei
Quelle: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 50245a85.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 02:00
Typ: Datei
Quelle: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 57d45fe1.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 01:56
Typ: Datei
Quelle: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 50e957c9.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 01:53
Typ: Datei
Quelle: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 57d457ff.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 01:52
Typ: Datei
Quelle: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 50ef57c5.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 01:49
Typ: Datei
Quelle: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 505157e8.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 01:45
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 1a55184e.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 01:41
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 480a4722.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 01:41
Typ: Datei
Quelle: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 509d6886.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 01:41
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 481e7d54.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 01:30
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 5089574f.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.30
Virendefinitionsdatei: 8.11.159.188
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 01:30
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 480f72eb.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 01:25
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 509853c1.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 01:25
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 50e861f8.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 01:21
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 487f44db.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 01:21
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 4f580a8e.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 01:17
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 57cf2fb5.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 01:17
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 50832b7d.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 01:16
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 48140e56.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 01:16
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 4f560be8.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 01:13
Typ: Datei
Quelle: C:\ProgramData\IDM confirmer.vbs
Status: Infiziert
Quarantäne-Objekt: 57c12ec3.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.20.26
Virendefinitionsdatei: 8.11.157.250
Gefunden: VBS/Kryptik.N
Datum/Uhrzeit: 10.07.2014, 01:13
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-07-2014
Ran by ***** (administrator) on *****-PC on 10-07-2014 11:07:41
Running from C:\Users\*****\Desktop
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\ProgramData\airtel mobile broadband\OnlineUpdate\ouc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(F-Secure Corporation) C:\Program Files\F-Secure\fshoster32.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files\airtel mobile broadband\airtel mobile broadband.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
() C:\Program Files\Mobile Genie\MobileMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(F-Secure Corporation) C:\Program Files\F-Secure\fshoster32.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Samsung Electronics) C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9378408 2010-07-14] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1812264 2010-11-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [RealTray] => C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe_ID0EYTHM] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [MobileMonitor] => C:\Program Files\Mobile Genie\MobileMonitor.exe [372736 2013-03-19] ()
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [183376 2014-05-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [F-Secure Hoster (666)] => C:\Program Files\F-Secure\fshoster32.exe [187432 2014-02-19] (F-Secure Corporation)
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-06] (Google Inc.)
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6497592 2011-11-24] (Yahoo! Inc.)
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\Run: [HW_OPENEYE_OUC_airtel mobile broadband] => C:\Program Files\airtel mobile broadband\UpdateDog\ouc.exe [246112 2013-12-17] ()
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\Run: [Facebook Update] => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-01] (Facebook Inc.)
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\Run: [IDM confirmer] => wscript.exe //B "C:\ProgramData\IDM confirmer.vbs"
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\RunOnce: [Application Restart #1] - C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {0486a851-224f-11e1-b914-e8113275d9e0} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {0486a85f-224f-11e1-b914-e8113275d9e0} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {1a350206-122a-11e2-ae56-e8113275d9e0} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {1a350209-122a-11e2-ae56-e8113275d9e0} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {1f2b278d-2ce7-11e3-a1c5-e8113275d9e0} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {1f2b2790-2ce7-11e3-a1c5-e8113275d9e0} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {1ffba1a5-5bde-11e2-a7d0-e8113275d9e0} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {3a849472-a18f-11e1-adcd-e8113275d9e0} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {3a84948e-a18f-11e1-adcd-e8113275d9e0} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {422b95d0-7ad8-11e3-8ebb-e8113275d9e0} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {481595ba-9333-11e3-a1af-e8113275d9e0} - G:\setup.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {4a1aa50a-2c62-11e3-8dfb-e8113275d9e0} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {4a1aa518-2c62-11e3-8dfb-e8113275d9e0} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {4b24abba-6725-11e3-94b1-e8113275d9e0} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {52c9357a-6957-11e3-a81a-e8113275d9e0} - F:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {5a8059a5-59ac-11e2-a857-e8113275d9e0} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {5a8059c3-59ac-11e2-a857-e8113275d9e0} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {772f1fde-2043-11e1-a0cb-e8113275d9e0} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {772f1fe1-2043-11e1-a0cb-e8113275d9e0} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {8f3e82c4-2cff-11e3-8eb4-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {8f3e8346-2cff-11e3-8eb4-e8113275d9e0} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {8f3e8386-2cff-11e3-8eb4-e8113275d9e0} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {948f10c2-f607-11e2-8e93-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {fb5c07d9-2e86-11e2-9b94-e8113275d9e0} - E:\AutoRun.exe
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\MountPoints2: {fb5c07f4-2e86-11e2-9b94-e8113275d9e0} - E:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut6_96BE12D997374F89986526ECCB660D4F.exe (Acresso Software Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://translate.google.de/#
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
URLSearchHook: HKCU - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: SaveSense - {71e129ff-6c2a-4984-818c-7e2c998b8d99} - C:\Users\*****\AppData\Local\SaveSense\SaveSenseIE.dll (SaveSense)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Samsung BHO Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\..\Interfaces\{600755AA-D652-4DB7-B218-33E6D00923FB}: [NameServer]197.239.0.249 8.8.8.8
Tcpip\..\Interfaces\{88844D40-CFC7-4910-BFE0-628EA6BD3F47}: [NameServer]
Tcpip\..\Interfaces\{A93D9F56-8E83-4BE1-8770-D45859EE753A}: [NameServer]
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @rim.com/npappworld - C:\Program Files\Research In Motion Limited\Browser-Plug-In für BlackBerry World\npappworld.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.updaterss.com/SaveSenseLive Update;version=3 - C:\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF Plugin: @tools.updaterss.com/SaveSenseLive Update;version=9 - C:\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\*****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome:
=======
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-24]
CHR Extension: (DVDVideoSoftTB) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo [2014-05-20]
CHR HKLM\...\Chrome\Extension: [plmlpkfpkijnlijgalnjaacllnjmoamo] - C:\Users\*****\AppData\Local\CRE\plmlpkfpkijnlijgalnjaacllnjmoamo.crx [2012-04-04]
CHR HKCU\...\Chrome\Extension: [plmlpkfpkijnlijgalnjaacllnjmoamo] - C:\Users\*****\AppData\Local\CRE\plmlpkfpkijnlijgalnjaacllnjmoamo.crx [2012-04-04]
CHR StartMenuInternet: Google Chrome - C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
S2 airtel mobile broadband. RunOuc; C:\Program Files\airtel mobile broadband\UpdateDog\ouc.exe [246112 2013-12-17] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-02] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [123984 2014-05-14] (Avira Operations GmbH & Co. KG)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-11-19] (Macrovision Europe Ltd.) [File not signed]
R2 fshoster; C:\Program Files\F-Secure\fshoster32.exe [187432 2014-02-19] (F-Secure Corporation)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.)
S2 savesenselive; C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-02-11] (SaveSense)
S3 savesenselivem; C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-02-11] (SaveSense)
==================== Drivers (Whitelisted) ====================
S3 androidusb; C:\windows\System32\Drivers\androidusb.sys [25088 2012-08-30] (Google Inc)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-07-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2014-07-02] (Avira Operations GmbH & Co. KG)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [116008 2010-11-13] (ELAN Microelectronics Corp.)
R3 huawei_cdcacm; C:\windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2013-12-17] (Huawei Technologies Co., Ltd.)
R3 huawei_ext_ctrl; C:\windows\System32\DRIVERS\ew_juextctrl.sys [27520 2013-12-17] (Huawei Technologies Co., Ltd.)
R3 huawei_wwanecm; C:\windows\System32\DRIVERS\ew_juwwanecm.sys [202752 2013-12-17] (Huawei Technologies Co., Ltd.)
S3 ivusb; C:\windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
S3 qciusbnet; C:\windows\System32\DRIVERS\qciusbnet.sys [133120 2012-09-05] (Quanta Computer Inc.)
S3 qciusbser; C:\windows\System32\DRIVERS\qciusbser.sys [107776 2012-09-05] (Quanta Computer Inc.)
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2011-08-10] (Windows (R) 2003 DDK 3790 provider)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2014-07-02] (Avira GmbH)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-10 11:07 - 2014-07-10 11:09 - 00020281 _____ () C:\Users\*****\Desktop\FRST.txt
2014-07-10 11:07 - 2014-07-10 11:08 - 00000000 ____D () C:\FRST
2014-07-10 11:05 - 2014-07-10 11:05 - 01074688 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-07-10 11:02 - 2014-07-10 11:03 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-07-10 11:02 - 2014-07-10 11:02 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-07-10 10:58 - 2014-07-10 10:58 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-07-10 03:58 - 2014-07-10 03:58 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-10 03:15 - 2013-05-10 07:56 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2014-07-10 03:15 - 2013-05-10 07:56 - 11410432 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-07-10 03:11 - 2014-07-10 03:13 - 00005736 _____ () C:\windows\IE11_main.log
2014-07-10 03:08 - 2014-06-30 04:40 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-10 03:08 - 2014-06-30 04:36 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-10 03:08 - 2014-06-18 04:51 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-10 03:08 - 2014-06-18 03:52 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-10 03:08 - 2014-03-25 05:09 - 12874240 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-07-10 03:08 - 2014-03-04 12:17 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-07-10 03:08 - 2014-01-29 05:06 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-07-10 03:08 - 2013-11-12 05:07 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-07-10 03:07 - 2014-06-06 12:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-10 03:07 - 2014-05-30 09:36 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-10 03:07 - 2014-04-05 05:25 - 01294272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-07-10 03:07 - 2014-04-05 05:24 - 00187840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-07-10 03:07 - 2014-03-26 17:27 - 01389056 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-07-10 03:07 - 2014-03-26 17:27 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-07-10 03:07 - 2014-03-26 17:25 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-07-10 03:07 - 2014-03-26 17:25 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-07-10 03:07 - 2014-01-28 05:07 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-07-10 03:07 - 2014-01-24 05:18 - 01212352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-07-10 03:07 - 2014-01-01 02:05 - 00420008 _____ () C:\windows\system32\locale.nls
2014-07-10 03:07 - 2013-11-26 14:11 - 00240576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-07-10 03:07 - 2013-10-30 05:19 - 00301568 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2014-07-10 03:07 - 2013-10-12 05:04 - 00121856 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-07-10 03:07 - 2013-10-12 05:03 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-07-10 03:07 - 2013-10-12 04:15 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2014-07-10 03:07 - 2013-10-12 04:15 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-07-10 03:07 - 2013-10-04 04:49 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2014-07-10 03:07 - 2013-10-04 04:17 - 00177152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2014-07-10 03:01 - 2014-04-25 05:06 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-07-10 02:50 - 2013-12-04 05:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-07-10 02:50 - 2013-12-04 05:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-07-10 02:50 - 2013-12-04 05:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-07-10 02:50 - 2013-12-04 05:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-07-10 02:50 - 2013-12-04 05:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-07-10 02:50 - 2013-12-04 04:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-07-10 02:50 - 2013-12-04 04:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-07-10 02:50 - 2013-12-04 04:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-07-10 02:50 - 2013-12-04 04:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-07-10 02:25 - 2014-07-10 02:25 - 00132112 _____ () C:\windows\PFRO.log
2014-07-10 02:08 - 2014-06-05 17:26 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-10 02:08 - 2014-04-12 05:15 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-07-10 02:08 - 2014-04-12 05:15 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-07-10 02:08 - 2014-04-12 05:12 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-07-10 02:08 - 2014-04-12 05:12 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-07-10 02:08 - 2014-04-12 05:12 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-07-10 02:08 - 2014-04-12 05:11 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-07-10 02:08 - 2014-03-04 12:17 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-10 02:08 - 2014-03-04 12:17 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-10 02:08 - 2014-03-04 12:17 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-10 02:08 - 2014-03-04 12:17 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-10 02:08 - 2014-03-04 12:17 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-10 02:08 - 2014-03-04 12:17 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-10 02:08 - 2013-11-27 04:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-07-10 02:08 - 2013-11-27 04:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-07-10 02:08 - 2013-11-27 04:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-07-10 02:08 - 2013-11-27 04:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-07-10 02:08 - 2013-11-27 04:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-07-10 02:08 - 2013-11-27 04:13 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-07-10 02:08 - 2013-11-27 04:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-07-10 01:56 - 2014-07-10 01:56 - 00001933 _____ () C:\Users\Public\Desktop\F-Secure.lnk
2014-07-10 01:56 - 2014-07-10 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure
2014-07-10 01:55 - 2014-07-10 02:00 - 00000000 ____D () C:\Program Files\F-Secure
2014-07-10 01:50 - 2014-07-10 02:21 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-10 01:19 - 2014-07-10 01:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Avira
2014-07-10 01:06 - 2014-07-02 13:06 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-07-10 01:06 - 2014-07-02 13:06 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-07-10 01:06 - 2014-07-02 13:06 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2014-07-10 01:06 - 2014-07-02 13:06 - 00028520 _____ (Avira GmbH) C:\windows\system32\Drivers\ssmdrv.sys
2014-07-10 00:36 - 2014-07-10 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-10 00:36 - 2014-07-10 01:06 - 00000000 ____D () C:\ProgramData\Avira
2014-07-10 00:36 - 2014-07-10 01:06 - 00000000 ____D () C:\Program Files\Avira
2014-07-10 00:36 - 2014-07-10 00:36 - 00001055 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-10 00:36 - 2014-07-10 00:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-09 23:22 - 2014-07-09 23:22 - 00000000 ____D () C:\Users\*****\Desktop\BB Pics
2014-07-04 16:14 - 2014-07-04 16:18 - 00000000 ____D () C:\Users\*****\Desktop\Reisen Hamburg
2014-07-04 16:10 - 2014-07-04 16:15 - 00000000 ____D () C:\Users\*****\Desktop\free 2015
2014-07-04 16:07 - 2014-07-07 13:38 - 00000000 ____D () C:\Users\*****\Desktop\CMT 2014
2014-07-03 19:09 - 2014-07-05 13:34 - 00000000 ____D () C:\Users\*****\Desktop\Reiselust 2014
2014-07-03 17:33 - 2014-07-04 16:03 - 00014848 _____ () C:\Users\*****\Desktop\Road To Germany Part 2.xls
2014-07-03 09:59 - 2014-07-03 13:16 - 00014848 _____ () C:\Users\*****\Desktop\Road To Germany Part 1.xls
2014-07-02 13:04 - 2014-07-02 13:21 - 00000000 ____D () C:\Users\*****\Desktop\anti virus
2014-07-01 17:21 - 2014-07-10 10:44 - 00000000 ____D () C:\Users\*****\Desktop\LinkedIn Kontakte
2014-06-29 22:20 - 2014-07-01 19:20 - 00000000 ____D () C:\Users\*****\Desktop\UMA Directory
2014-06-29 19:00 - 2014-07-04 11:55 - 00000000 ____D () C:\Users\*****\Desktop\AUTO
2014-06-29 11:32 - 2014-06-30 13:34 - 00000000 ____D () C:\Users\*****\Desktop\KATO
2014-06-28 22:07 - 2014-06-28 22:34 - 00000675 _____ () C:\Users\*****\Desktop\dubai events.txt
2014-06-28 18:21 - 2014-07-01 11:42 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-28 07:10 - 2014-07-10 10:22 - 00002296 _____ () C:\windows\setupact.log
2014-06-28 07:10 - 2014-06-28 07:10 - 00000000 _____ () C:\windows\setuperr.log
2014-06-22 14:59 - 2014-06-22 18:02 - 00028160 _____ () C:\Users\*****\Desktop\countries of the world.xls
2014-06-22 02:22 - 2014-06-22 02:22 - 00000000 ____D () C:\Users\*****\AppData\Local\{4B4107BC-614E-481F-9491-71E6D7294491}
2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ___RD () C:\Program Files\Skype
2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-21 13:35 - 2014-07-10 10:53 - 01955874 _____ () C:\windows\WindowsUpdate.log
2014-06-20 21:28 - 2014-06-20 21:32 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Lavasoft
2014-06-20 21:25 - 2014-06-20 21:33 - 00000000 ____D () C:\Users\*****\AppData\Roaming\LavasoftStatistics
2014-06-20 21:21 - 2014-06-20 21:21 - 00000000 ____D () C:\Program Files\Lavasoft
2014-06-20 21:13 - 2014-06-20 21:13 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-17 22:22 - 2014-06-17 22:22 - 00001202 _____ () C:\Users\*****\Desktop\MediaHuman YouTube to MP3 Converter.lnk
2014-06-17 22:22 - 2014-06-17 22:22 - 00000000 ____D () C:\Users\*****\AppData\Roaming\OpenCandy
2014-06-17 22:22 - 2014-06-17 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman
2014-06-17 22:22 - 2014-06-17 22:22 - 00000000 ____D () C:\Program Files\MediaHuman
2014-06-16 12:38 - 2014-06-16 12:56 - 00120320 _____ () C:\Users\*****\Desktop\EXHI UGX Contacts.xls
2014-06-16 11:01 - 2014-06-16 11:33 - 00606208 _____ () C:\Users\*****\Desktop\WA Tourism Contacts.xls
2014-06-16 10:24 - 2014-06-16 11:00 - 01070592 _____ () C:\Users\*****\Desktop\EA Tourism Contacts.xls
2014-06-13 17:00 - 2014-06-13 17:01 - 00000000 ____D () C:\Users\*****\Desktop\Sheraton KLA June 2014
2014-06-11 13:23 - 2014-06-25 20:28 - 00000698 _____ () C:\Users\*****\Desktop\east africa contacts.txt
==================== One Month Modified Files and Folders =======
2014-07-10 11:09 - 2014-07-10 11:07 - 00020281 _____ () C:\Users\*****\Desktop\FRST.txt
2014-07-10 11:08 - 2014-07-10 11:07 - 00000000 ____D () C:\FRST
2014-07-10 11:08 - 2012-01-09 19:30 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-07-10 11:05 - 2014-07-10 11:05 - 01074688 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-07-10 11:03 - 2014-07-10 11:02 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-07-10 11:02 - 2014-07-10 11:02 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-07-10 11:02 - 2011-12-06 21:21 - 00000000 ____D () C:\Users\*****
2014-07-10 10:58 - 2014-07-10 10:58 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-07-10 10:55 - 2012-01-05 18:02 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-10 10:53 - 2014-06-21 13:35 - 01955874 _____ () C:\windows\WindowsUpdate.log
2014-07-10 10:52 - 2014-02-11 19:46 - 00000920 _____ () C:\windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2014-07-10 10:45 - 2014-02-11 19:45 - 00000296 _____ () C:\windows\Tasks\SaveSense.job
2014-07-10 10:44 - 2014-07-01 17:21 - 00000000 ____D () C:\Users\*****\Desktop\LinkedIn Kontakte
2014-07-10 10:34 - 2009-07-14 07:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-10 10:34 - 2009-07-14 07:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-10 10:30 - 2014-02-11 19:46 - 00000916 _____ () C:\windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
2014-07-10 10:30 - 2012-01-05 18:02 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-10 10:30 - 2010-11-21 00:01 - 00726316 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-10 10:23 - 2011-12-06 21:51 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000UA.job
2014-07-10 10:22 - 2014-06-28 07:10 - 00002296 _____ () C:\windows\setupact.log
2014-07-10 10:22 - 2009-07-14 07:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-10 10:22 - 2009-07-14 07:33 - 01792080 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-10 10:20 - 2011-03-30 13:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-10 03:59 - 2009-07-14 05:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-07-10 03:58 - 2014-07-10 03:58 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-10 03:15 - 2011-03-30 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-10 03:13 - 2014-07-10 03:11 - 00005736 _____ () C:\windows\IE11_main.log
2014-07-10 02:45 - 2013-01-01 13:40 - 00000932 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000UA.job
2014-07-10 02:25 - 2014-07-10 02:25 - 00132112 _____ () C:\windows\PFRO.log
2014-07-10 02:21 - 2014-07-10 01:50 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-10 02:00 - 2014-07-10 01:55 - 00000000 ____D () C:\Program Files\F-Secure
2014-07-10 01:56 - 2014-07-10 01:56 - 00001933 _____ () C:\Users\Public\Desktop\F-Secure.lnk
2014-07-10 01:56 - 2014-07-10 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure
2014-07-10 01:19 - 2014-07-10 01:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Avira
2014-07-10 01:08 - 2014-07-10 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-10 01:06 - 2014-07-10 00:36 - 00000000 ____D () C:\ProgramData\Avira
2014-07-10 01:06 - 2014-07-10 00:36 - 00000000 ____D () C:\Program Files\Avira
2014-07-10 00:36 - 2014-07-10 00:36 - 00001055 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-10 00:36 - 2014-07-10 00:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-09 23:22 - 2014-07-09 23:22 - 00000000 ____D () C:\Users\*****\Desktop\BB Pics
2014-07-09 16:23 - 2011-12-06 21:51 - 00001072 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000Core.job
2014-07-09 11:45 - 2013-01-01 13:40 - 00000910 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000Core.job
2014-07-08 19:15 - 2011-12-09 20:27 - 00005141 _____ () C:\windows\ULEAD32.INI
2014-07-07 20:56 - 2011-12-20 15:20 - 00000000 ____D () C:\Users\*****\AppData\Roaming\FileZilla
2014-07-07 13:38 - 2014-07-04 16:07 - 00000000 ____D () C:\Users\*****\Desktop\CMT 2014
2014-07-06 12:04 - 2011-12-09 22:31 - 00000030 _____ () C:\windows\Iedit.INI
2014-07-05 13:34 - 2014-07-03 19:09 - 00000000 ____D () C:\Users\*****\Desktop\Reiselust 2014
2014-07-04 16:18 - 2014-07-04 16:14 - 00000000 ____D () C:\Users\*****\Desktop\Reisen Hamburg
2014-07-04 16:15 - 2014-07-04 16:10 - 00000000 ____D () C:\Users\*****\Desktop\free 2015
2014-07-04 16:03 - 2014-07-03 17:33 - 00014848 _____ () C:\Users\*****\Desktop\Road To Germany Part 2.xls
2014-07-04 12:11 - 2014-05-16 11:28 - 00000000 ____D () C:\Users\*****\Desktop\TW Project
2014-07-04 11:55 - 2014-06-29 19:00 - 00000000 ____D () C:\Users\*****\Desktop\AUTO
2014-07-03 13:16 - 2014-07-03 09:59 - 00014848 _____ () C:\Users\*****\Desktop\Road To Germany Part 1.xls
2014-07-02 13:21 - 2014-07-02 13:04 - 00000000 ____D () C:\Users\*****\Desktop\anti virus
2014-07-02 13:06 - 2014-07-10 01:06 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-07-02 13:06 - 2014-07-10 01:06 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-07-02 13:06 - 2014-07-10 01:06 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2014-07-02 13:06 - 2014-07-10 01:06 - 00028520 _____ (Avira GmbH) C:\windows\system32\Drivers\ssmdrv.sys
2014-07-01 19:20 - 2014-06-29 22:20 - 00000000 ____D () C:\Users\*****\Desktop\UMA Directory
2014-07-01 18:26 - 2012-10-13 23:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-01 15:46 - 2013-10-13 02:57 - 00000000 ____D () C:\Users\*****\AppData\Local\CrashDumps
2014-07-01 11:42 - 2014-06-28 18:21 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-30 13:34 - 2014-06-29 11:32 - 00000000 ____D () C:\Users\*****\Desktop\KATO
2014-06-30 04:40 - 2014-07-10 03:08 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-30 04:36 - 2014-07-10 03:08 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-28 22:34 - 2014-06-28 22:07 - 00000675 _____ () C:\Users\*****\Desktop\dubai events.txt
2014-06-28 07:10 - 2014-06-28 07:10 - 00000000 _____ () C:\windows\setuperr.log
2014-06-27 21:26 - 2014-05-27 12:47 - 00000000 ____D () C:\Users\*****\Desktop\EATTM
2014-06-25 20:28 - 2014-06-11 13:23 - 00000698 _____ () C:\Users\*****\Desktop\east africa contacts.txt
2014-06-22 18:02 - 2014-06-22 14:59 - 00028160 _____ () C:\Users\*****\Desktop\countries of the world.xls
2014-06-22 02:22 - 2014-06-22 02:22 - 00000000 ____D () C:\Users\*****\AppData\Local\{4B4107BC-614E-481F-9491-71E6D7294491}
2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ___RD () C:\Program Files\Skype
2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-21 14:11 - 2011-12-06 21:26 - 00000000 ____D () C:\ProgramData\Skype
2014-06-20 21:33 - 2014-06-20 21:25 - 00000000 ____D () C:\Users\*****\AppData\Roaming\LavasoftStatistics
2014-06-20 21:32 - 2014-06-20 21:28 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Lavasoft
2014-06-20 21:21 - 2014-06-20 21:21 - 00000000 ____D () C:\Program Files\Lavasoft
2014-06-20 21:13 - 2014-06-20 21:13 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-18 04:51 - 2014-07-10 03:08 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-18 03:52 - 2014-07-10 03:08 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-06-17 22:22 - 2014-06-17 22:22 - 00001202 _____ () C:\Users\*****\Desktop\MediaHuman YouTube to MP3 Converter.lnk
2014-06-17 22:22 - 2014-06-17 22:22 - 00000000 ____D () C:\Users\*****\AppData\Roaming\OpenCandy
2014-06-17 22:22 - 2014-06-17 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman
2014-06-17 22:22 - 2014-06-17 22:22 - 00000000 ____D () C:\Program Files\MediaHuman
2014-06-16 12:56 - 2014-06-16 12:38 - 00120320 _____ () C:\Users\*****\Desktop\EXHI UGX Contacts.xls
2014-06-16 11:33 - 2014-06-16 11:01 - 00606208 _____ () C:\Users\*****\Desktop\WA Tourism Contacts.xls
2014-06-16 11:00 - 2014-06-16 10:24 - 01070592 _____ () C:\Users\*****\Desktop\EA Tourism Contacts.xls
2014-06-13 17:01 - 2014-06-13 17:00 - 00000000 ____D () C:\Users\*****\Desktop\Sheraton KLA June 2014
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-08 13:45
==================== End Of Log ============================
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 10. Juli 2014 11:29
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Starter
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : *****
Computername : *****-PC
Versionsinformationen:
BUILD.DAT : 14.0.5.464 91868 Bytes 02.07.2014 13:06:00
AVSCAN.EXE : 14.0.5.396 1042512 Bytes 02.07.2014 10:06:43
AVSCANRC.DLL : 14.0.5.364 62544 Bytes 02.07.2014 10:06:43
LUKE.DLL : 14.0.5.336 57936 Bytes 02.07.2014 10:06:46
AVSCPLR.DLL : 14.0.5.376 89680 Bytes 02.07.2014 10:06:43
AVREG.DLL : 14.0.5.356 261200 Bytes 02.07.2014 10:06:43
avlode.dll : 14.0.5.396 588368 Bytes 02.07.2014 10:06:42
avlode.rdf : 14.0.4.36 65096 Bytes 09.07.2014 22:11:34
XBV00008.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00009.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00010.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00011.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00012.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00013.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00014.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00015.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00016.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00017.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00018.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00019.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00020.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00021.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00022.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00023.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00024.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00025.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00026.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00027.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00028.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00029.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00030.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00031.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00032.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00033.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00034.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00035.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00036.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00037.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00038.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00039.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00040.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00041.VDF : 8.11.153.142 2048 Bytes 06.06.2014 10:06:47
XBV00056.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:11:58
XBV00057.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:11:58
XBV00058.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:11:59
XBV00059.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:11:59
XBV00060.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:00
XBV00061.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:00
XBV00062.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:00
XBV00063.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:00
XBV00064.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:01
XBV00065.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:01
XBV00066.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:01
XBV00067.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:02
XBV00068.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:02
XBV00069.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:02
XBV00070.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:02
XBV00071.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:03
XBV00072.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:03
XBV00073.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:03
XBV00074.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:04
XBV00075.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:04
XBV00076.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:04
XBV00077.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:05
XBV00078.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:05
XBV00079.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:05
XBV00080.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:05
XBV00081.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:06
XBV00082.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:06
XBV00083.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:06
XBV00084.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:06
XBV00085.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:07
XBV00086.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:07
XBV00087.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:07
XBV00088.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:08
XBV00089.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:08
XBV00090.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:08
XBV00091.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:08
XBV00092.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:09
XBV00093.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:09
XBV00094.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:09
XBV00095.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:09
XBV00096.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:10
XBV00097.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:10
XBV00098.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:10
XBV00099.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:11
XBV00100.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:11
XBV00101.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:11
XBV00102.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:11
XBV00103.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:12
XBV00104.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:12
XBV00105.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:12
XBV00106.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:13
XBV00107.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:13
XBV00108.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:14
XBV00109.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:14
XBV00110.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:14
XBV00111.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:14
XBV00112.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:15
XBV00113.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:15
XBV00114.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:15
XBV00115.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:15
XBV00116.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:16
XBV00117.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:16
XBV00118.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:16
XBV00119.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:16
XBV00120.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:17
XBV00121.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:17
XBV00122.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:17
XBV00123.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:18
XBV00124.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:18
XBV00125.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:18
XBV00126.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:19
XBV00127.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:19
XBV00128.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:19
XBV00129.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:19
XBV00130.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:20
XBV00131.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:20
XBV00132.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:20
XBV00133.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:20
XBV00134.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:21
XBV00135.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:21
XBV00136.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:21
XBV00137.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:22
XBV00138.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:22
XBV00139.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:22
XBV00140.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:23
XBV00141.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:23
XBV00142.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:23
XBV00143.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:24
XBV00144.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:24
XBV00145.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:24
XBV00146.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:24
XBV00147.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:25
XBV00148.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:25
XBV00149.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:25
XBV00150.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:26
XBV00151.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:26
XBV00152.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:26
XBV00153.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:27
XBV00154.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:27
XBV00155.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:27
XBV00156.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:27
XBV00157.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:28
XBV00158.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:28
XBV00159.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:28
XBV00160.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:28
XBV00161.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:29
XBV00162.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:29
XBV00163.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:29
XBV00164.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:30
XBV00165.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:30
XBV00166.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:30
XBV00167.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:31
XBV00168.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:31
XBV00169.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:31
XBV00170.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:32
XBV00171.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:32
XBV00172.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:33
XBV00173.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:33
XBV00174.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:33
XBV00175.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:34
XBV00176.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:34
XBV00177.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:34
XBV00178.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:35
XBV00179.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:35
XBV00180.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:35
XBV00181.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:36
XBV00182.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:36
XBV00183.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:36
XBV00184.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:37
XBV00185.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:37
XBV00186.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:37
XBV00187.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:38
XBV00188.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:38
XBV00189.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:39
XBV00190.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:39
XBV00191.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:39
XBV00192.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:39
XBV00193.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:40
XBV00194.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:40
XBV00195.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:40
XBV00196.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:40
XBV00197.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:41
XBV00198.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:41
XBV00199.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:41
XBV00200.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:42
XBV00201.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:42
XBV00202.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:42
XBV00203.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:42
XBV00204.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:43
XBV00205.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:43
XBV00206.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:43
XBV00207.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:44
XBV00208.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:44
XBV00209.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:44
XBV00210.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:45
XBV00211.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:45
XBV00212.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:45
XBV00213.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:45
XBV00214.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:46
XBV00215.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:46
XBV00216.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:46
XBV00217.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:47
XBV00218.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:47
XBV00219.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:47
XBV00220.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:47
XBV00221.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:48
XBV00222.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:48
XBV00223.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:48
XBV00224.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:48
XBV00225.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:49
XBV00226.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:49
XBV00227.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:49
XBV00228.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:50
XBV00229.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:50
XBV00230.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:50
XBV00231.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:51
XBV00232.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:51
XBV00233.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:51
XBV00234.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:52
XBV00235.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:52
XBV00236.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:52
XBV00237.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:53
XBV00238.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:53
XBV00239.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:53
XBV00240.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:54
XBV00241.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:54
XBV00242.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:54
XBV00243.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:54
XBV00244.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:55
XBV00245.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:55
XBV00246.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:55
XBV00247.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:56
XBV00248.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:56
XBV00249.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:56
XBV00250.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:56
XBV00251.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:57
XBV00252.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:57
XBV00253.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:57
XBV00254.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:57
XBV00255.VDF : 8.11.159.102 2048 Bytes 08.07.2014 22:12:58
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 10:06:47
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 10:06:47
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 10:06:47
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 10:06:47
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 10:06:47
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 10:06:47
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 10:06:47
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 10:06:47
XBV00042.VDF : 8.11.153.142 710656 Bytes 06.06.2014 10:06:47
XBV00043.VDF : 8.11.155.44 1013760 Bytes 16.06.2014 10:06:47
XBV00044.VDF : 8.11.159.102 1662976 Bytes 08.07.2014 22:11:51
XBV00045.VDF : 8.11.159.104 13824 Bytes 08.07.2014 22:11:52
XBV00046.VDF : 8.11.159.108 13312 Bytes 08.07.2014 22:11:52
XBV00047.VDF : 8.11.159.112 30720 Bytes 09.07.2014 22:11:52
XBV00048.VDF : 8.11.159.114 6144 Bytes 09.07.2014 22:11:53
XBV00049.VDF : 8.11.159.116 10240 Bytes 09.07.2014 22:11:53
XBV00050.VDF : 8.11.159.118 5632 Bytes 09.07.2014 22:11:53
XBV00051.VDF : 8.11.159.122 7168 Bytes 09.07.2014 22:11:54
XBV00052.VDF : 8.11.159.126 180736 Bytes 09.07.2014 22:11:56
XBV00053.VDF : 8.11.159.148 174080 Bytes 09.07.2014 22:11:57
XBV00054.VDF : 8.11.159.168 2560 Bytes 09.07.2014 22:11:58
XBV00055.VDF : 8.11.159.188 15360 Bytes 09.07.2014 22:11:58
LOCAL000.VDF : 8.11.159.188 107699200 Bytes 09.07.2014 22:21:49
Engineversion : 8.3.20.30
AEVDF.DLL : 8.3.0.4 118976 Bytes 02.07.2014 10:06:41
AESCRIPT.DLL : 8.1.4.218 532680 Bytes 09.07.2014 22:11:33
AESCN.DLL : 8.3.1.2 135360 Bytes 02.07.2014 10:06:41
AESBX.DLL : 8.2.20.24 1409224 Bytes 02.07.2014 10:06:41
AERDL.DLL : 8.2.0.138 704888 Bytes 02.07.2014 10:06:41
AEPACK.DLL : 8.4.0.42 786632 Bytes 09.07.2014 22:11:32
AEOFFICE.DLL : 8.3.0.8 205000 Bytes 09.07.2014 22:11:28
AEHEUR.DLL : 8.1.4.1132 6820040 Bytes 02.07.2014 10:06:41
AEHELP.DLL : 8.3.1.0 278728 Bytes 02.07.2014 10:06:41
AEGEN.DLL : 8.1.7.28 450752 Bytes 02.07.2014 10:06:41
AEEXP.DLL : 8.4.2.6 237760 Bytes 02.07.2014 10:06:41
AEEMU.DLL : 8.1.3.2 393587 Bytes 02.07.2014 10:06:41
AEDROID.DLL : 8.4.2.24 442568 Bytes 02.07.2014 10:06:41
AECORE.DLL : 8.3.1.4 241864 Bytes 02.07.2014 10:06:41
AEBB.DLL : 8.1.1.4 53619 Bytes 02.07.2014 10:06:41
AVWINLL.DLL : 14.0.5.320 24144 Bytes 02.07.2014 10:06:44
AVPREF.DLL : 14.0.5.320 50256 Bytes 02.07.2014 10:06:43
AVREP.DLL : 14.0.5.320 219216 Bytes 02.07.2014 10:06:43
AVARKT.DLL : 14.0.5.368 226384 Bytes 02.07.2014 10:06:42
AVEVTLOG.DLL : 14.0.5.320 182352 Bytes 02.07.2014 10:06:42
SQLITE3.DLL : 14.0.5.320 452176 Bytes 02.07.2014 10:06:47
AVSMTP.DLL : 14.0.5.320 76368 Bytes 02.07.2014 10:06:44
NETNT.DLL : 14.0.5.320 13392 Bytes 02.07.2014 10:06:46
RCIMAGE.DLL : 14.0.5.320 4998224 Bytes 02.07.2014 10:06:46
RCTEXT.DLL : 14.0.5.322 73808 Bytes 02.07.2014 10:06:46
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Donnerstag, 10. Juli 2014 11:29
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'wmiprvse.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'FacebookUpdate.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'EasySpeedUpManager.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUPBackground.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'ymsgr_tray.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSCKbdHk.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'MovieColorEnhancer.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SRSPremiumPanel.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'FNPLicensingService.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '143' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrlHelper.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'SmartRestarter.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'MobileMonitor.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'WCScheduler.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrl.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'dmhkcore.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'airtel mobile broadband.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCSHelper.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCSHelper.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '173' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'HWDeviceService.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'ouc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\windows\system32\svchost.exe'
Signiert -> 'C:\windows\system32\winlogon.exe'
Signiert -> 'C:\windows\explorer.exe'
Signiert -> 'C:\windows\system32\smss.exe'
Signiert -> 'C:\windows\system32\wininet.DLL'
Signiert -> 'C:\windows\system32\wsock32.DLL'
Signiert -> 'C:\windows\system32\ws2_32.DLL'
Signiert -> 'C:\windows\system32\services.exe'
Signiert -> 'C:\windows\system32\lsass.exe'
Signiert -> 'C:\windows\system32\csrss.exe'
Signiert -> 'C:\windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\windows\system32\spoolsv.exe'
Signiert -> 'C:\windows\system32\alg.exe'
Signiert -> 'C:\windows\system32\wuauclt.exe'
Signiert -> 'C:\windows\system32\advapi32.DLL'
Signiert -> 'C:\windows\system32\user32.DLL'
Signiert -> 'C:\windows\system32\gdi32.DLL'
Signiert -> 'C:\windows\system32\kernel32.DLL'
Signiert -> 'C:\windows\system32\ntdll.DLL'
Signiert -> 'C:\windows\system32\ntoskrnl.exe'
Signiert -> 'C:\windows\system32\drivers\beep.sys'
Signiert -> 'C:\windows\system32\ctfmon.exe'
Signiert -> 'C:\windows\system32\imm32.dll'
Signiert -> 'C:\windows\system32\dsound.dll'
Signiert -> 'C:\windows\system32\aclui.dll'
Signiert -> 'C:\windows\system32\msvcrt.dll'
Signiert -> 'C:\windows\system32\d3d9.dll'
Signiert -> 'C:\windows\system32\dnsapi.dll'
Signiert -> 'C:\windows\system32\mshtml.dll'
Signiert -> 'C:\windows\system32\regsvr32.exe'
Signiert -> 'C:\windows\system32\rundll32.exe'
Signiert -> 'C:\windows\system32\userinit.exe'
Signiert -> 'C:\windows\system32\reg.exe'
Signiert -> 'C:\windows\system32\ntvdm.exe'
Signiert -> 'C:\windows\regedit.exe'
Die Systemdateien wurden durchsucht ('35' Dateien)
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2682' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Users\*****\AppData\Roaming\rining\rining.exe
[FUND] Ist das Trojanische Pferd TR/Rogue.1123358
Beginne mit der Suche in 'D:\'
Beginne mit der Desinfektion:
C:\Users\*****\AppData\Roaming\rining\rining.exe
[FUND] Ist das Trojanische Pferd TR/Rogue.1123358
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50527802.qua' verschoben!
Ende des Suchlaufs: Donnerstag, 10. Juli 2014 21:07
Benötigte Zeit: 7:48:03 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
31816 Verzeichnisse wurden überprüft
1630538 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1630537 Dateien ohne Befall
23262 Archive wurden durchsucht
0 Warnungen
1 Hinweise
786866 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:02 on 10/07/2014 (*****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
|
11.07.2014, 07:11
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 / TR/Rogue.1123358 / VBS/Kryptik.N / Kopien auf USb Stick nur als Verknüpfung HI,
__________________Addition.txt fehlt noch.
__________________ |
|
11.07.2014, 07:48
| #3 |
| | Windows 7 / TR/Rogue.1123358 / VBS/Kryptik.N / Kopien auf USb Stick nur als VerknüpfungCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-07-2014
Ran by ***** at 2014-07-10 11:10:32
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
„Windows Live Essentials“ (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
1-More Watermarker (HKLM\...\1-More Watermarker) (Version: - EXPOMEDIA GmbH)
Add or Remove Adobe Creative Suite 3 Design Premium (HKLM\...\Adobe_498b43b77cac072081a5692bfc52804) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat 8 Professional (Version: 8.0.0 - Adobe Systems) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Premium (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS3 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Flash CS3 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Flash Player 9 Plugin (HKLM\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Flash Video Encoder (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 Icon Handler (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop 5.0 Limited Edition (HKLM\...\Adobe Photoshop 5.0 Limited Edition) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Adobe SING CS3 (Version: 0.1 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Server (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
airtel mobile broadband (HKLM\...\airtel mobile broadband) (Version: 21.003.28.13.846 - Huawei Technologies Co.,Ltd)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Avira (HKLM\...\{68e29fba-92b1-4f6f-a604-1d8679da3a9f}) (Version: 1.1.13.24161 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.13.24161 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
BatteryLifeExtender (HKLM\...\{EA257ECF-5F72-4461-B890-959394DCD087}) (Version: 1.0.10 - Samsung)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
Browser-Plug-In für BlackBerry World (HKLM\...\{5C02D7F0-68DB-4D27-9603-1C96EF01C8D8}) (Version: 10.2.172.7 - Research In Motion Limited)
Bullzip PDF Printer 7.2.0.1320 (HKLM\...\Bullzip PDF Printer_is1) (Version: 7.2.0.1320 - Bullzip)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.3911 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Easy Content Share (HKLM\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
Easy Resolution Manager (HKLM\...\{18AA278D-E0B9-4F99-ACCC-070978A38453}) (Version: 1.0.9 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM\...\{EA76E65F-6679-495A-A8A6-42AD6602ED4C}) (Version: 1.0.11 - Samsung)
ETDWare PS/2-X86 8.0.7.2_WHQL (HKLM\...\Elantech) (Version: 8.0.7.2 - ELAN Microelectronic Corp.)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Fast Start (HKLM\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.1 - SAMSUNG)
FileZilla Client 3.5.2 (HKLM\...\FileZilla Client) (Version: 3.5.2 - FileZilla Project)
FlashLAB (HKLM\...\{B354AAC3-0A0A-4AE3-8F09-3142648F602E}) (Version: 1.1.1 - NETGUI)
FLVPlayer4Free Free FLV Player 4.0.0.0 (HKLM\...\FLVPlayer4Free Free FLV Player_is1) (Version: - Sakysoft s.r.l. uninominale) <==== ATTENTION
Fotogalerija Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
F-Secure (HKLM\...\F-Secure ServiceEnabler 666) (Version: 2.06.303.0 - F-Secure Corporation)
F-Secure (Version: 2.06.303.0 - F-Secure Corporation) Hidden
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
In A Flash 3 (HKLM\...\{E5B22400-DAB4-4121-941D-E2665E2F5F6A}) (Version: 3.2.0 - NETGUI)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.29.1.3 - Marvell)
MediaHuman YouTube to MP3 Converter version 2.6.8 (HKLM\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 2.6.8 - )
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2000 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Genie (HKLM\...\{CB5B32BF-550C-4663-BBB0-20E29EB200B5}) (Version: 1.004.044 - COMPANY)
Movie Color Enhancer (HKLM\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 en-GB)) (Version: 24.6.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Poczta usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Raccolta foto di Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6156 - Realtek Semiconductor Corp.)
REALTEK PCIE Wireless LAN Software (HKLM\...\{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}) (Version: 0136.10.0325 - REALTEK Semiconductor Corp.)
Samsung AnyWeb Print (HKLM\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.7 - Samsung)
Samsung Support Center (HKLM\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.24 - Samsung)
Samsung Universal Print Driver (HKLM\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
SaveSense (HKCU\...\SaveSense) (Version: 6.4.0.0 - SaveSense) <==== ATTENTION
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.7300 - SRS Labs, Inc.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Ulead PhotoImpact 5 (HKLM\...\Ulead PhotoImpact 5.0) (Version: - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live 程式集 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Συλλογή φωτογραφιών του Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
10-07-2014 00:09:05 Windows Update
==================== Hosts content: ==========================
2009-07-14 05:04 - 2009-06-11 00:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {08F509A7-7198-4FDE-A6B1-18712E3D9671} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [2014-02-11] (SaveSense) <==== ATTENTION
Task: {1BF1BB4E-FA21-4335-A44F-E38A2236393E} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-08-04] (Samsung Electronics Co., Ltd.)
Task: {1D2E39AA-771C-4178-99E1-DCF5A80826DB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-06] (Google Inc.)
Task: {1E611F8F-37C8-44C7-8D85-92D9CA9BB94B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-315344296-3706468742-1252009507-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {2399E217-CC60-48B6-961A-4AA1CC1729F5} - System32\Tasks\EasySpeedUpManager => C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-23] (Samsung Electronics)
Task: {31CE0C4C-C7ED-4875-85F0-C8BC1D571548} - System32\Tasks\{DCDB4942-D94B-4A7F-A9C4-E20776448176} => Chrome.exe hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {3AA13704-2BFC-4035-A2DB-BC60039D9285} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {40C6D4E3-B5E8-429D-80FA-1638C263A11C} - System32\Tasks\IdlePowerSave => C:\windows\Idle\DetectIdleTask.exe [2010-07-31] (TODO: <회사 이름>)
Task: {40E8D568-807E-406B-AFB6-69CD745FB53D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-05] (Google Inc.)
Task: {434FA958-E414-45DC-BC99-E0EAB173D732} - System32\Tasks\SaveSense => C:\Users\*****\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {49D2147A-174B-4F01-BEB5-534369444F71} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [2014-02-11] (SaveSense) <==== ATTENTION
Task: {4F361514-2701-4011-A95C-E860518D2198} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-315344296-3706468742-1252009507-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {62EE0C8D-FF5B-4F8F-A2EA-D3335DB39D8F} - System32\Tasks\MovieColorEnhancer => C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-08-19] (Samsung Electronics Co., Ltd.)
Task: {6FC6AB6C-E944-465F-B1AC-A8ED4605D20B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-05] (Google Inc.)
Task: {7A75BA1D-9BB9-4EF2-A3EF-890B5B9BADE3} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-11-15] (Samsung Electronics. Co. Ltd.)
Task: {87022426-61BF-488A-AB91-00EBD75A8F53} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-315344296-3706468742-1252009507-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {8CE81AB8-6699-46BF-9A86-D7BB1E6EFD66} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {9A5D7990-92BF-4345-BBFC-41829C8B2E40} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-06] (Google Inc.)
Task: {9EFFB94F-E657-44E0-B553-D8FE30FA5CA5} - System32\Tasks\advSRS5 => C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-08-11] (SEC)
Task: {A5F05414-0E0D-4B4E-AC75-69A5A502A003} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {AEF0BCC4-01F0-4C4A-89F9-172DACF2EBAD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {B4697AE4-D307-4DB1-8792-109FD541A612} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-315344296-3706468742-1252009507-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {C0D1C4B2-AF2C-4E48-89C0-A2A055142868} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-315344296-3706468742-1252009507-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {C115FD4B-B9A0-4BD1-A6E4-8F040B6D1134} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000Core => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-01] (Facebook Inc.)
Task: {C29A30BD-5FDB-4F6D-BBD3-9004D428049B} - System32\Tasks\{BBC19A0C-0A14-45BC-A0A1-2AB011DD1E94} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.16.0.105&LastError=12002
Task: {DD3C5400-5FB7-4429-8A28-9CEEFD5828B9} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-02-07] (SAMSUNG Electronics)
Task: {E0C3514B-6713-4F54-87E8-057CD979AA2F} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {F63CF9F8-8EC8-46AF-921A-EC6262D010C1} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-315344296-3706468742-1252009507-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {F80399E4-6FFD-4909-9A63-FEF2447D3BD9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000UA => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-01] (Facebook Inc.)
Task: {FC769F86-B88A-4ABA-82B1-FFD49203459C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-315344296-3706468742-1252009507-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000Core.job => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000UA.job => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\SaveSense.job => C:\Users\*****\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2011-03-31 04:54 - 2008-06-05 02:53 - 00026624 _____ () C:\windows\System32\spd__l.dll
2012-05-19 11:52 - 2013-12-17 17:27 - 00246112 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\ouc.exe
2012-05-19 11:52 - 2012-05-19 11:50 - 00011362 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\mingwm10.dll
2012-05-19 11:52 - 2012-05-19 11:50 - 00043008 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\libgcc_s_dw2-1.dll
2012-05-19 11:52 - 2012-05-19 11:50 - 02415104 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\QtCore4.dll
2012-05-19 11:52 - 2012-05-19 11:50 - 01148416 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\QtNetwork4.dll
2013-01-08 19:07 - 2013-01-08 19:05 - 00384512 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\QueryStrategy.dll
2012-05-19 11:52 - 2012-05-19 11:50 - 00398336 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\QtXml4.dll
2011-03-14 18:27 - 2011-03-14 18:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2011-03-31 04:54 - 2010-10-21 21:24 - 00557056 _____ () C:\windows\system32\SnMinDrv.dll
2011-03-30 15:06 - 2010-07-05 13:42 - 00203776 _____ () C:\Program Files\Samsung\Movie Color Enhancer\WinCRT.dll
2011-11-08 23:46 - 2011-11-08 23:46 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
1997-01-13 02:00 - 1997-01-13 02:00 - 00022016 _____ () C:\windows\system32\docobj.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00514048 _____ () C:\Program Files\airtel mobile broadband\airtel mobile broadband.exe
2013-12-17 17:27 - 2013-12-17 17:27 - 00352256 _____ () C:\Program Files\airtel mobile broadband\core.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00258560 _____ () C:\Program Files\airtel mobile broadband\sdk.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00011362 _____ () C:\Program Files\airtel mobile broadband\mingwm10.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00043008 _____ () C:\Program Files\airtel mobile broadband\libgcc_s_dw2-1.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 02415104 _____ () C:\Program Files\airtel mobile broadband\QtCore4.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 09515520 _____ () C:\Program Files\airtel mobile broadband\QtGui4.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00379392 _____ () C:\Program Files\airtel mobile broadband\Proxy.DLL
2013-12-17 17:27 - 2013-12-17 17:27 - 00218112 _____ () C:\Program Files\airtel mobile broadband\Common.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00135168 _____ () C:\Program Files\airtel mobile broadband\Trace.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00545280 _____ () C:\Program Files\airtel mobile broadband\PluginContainer.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00238592 _____ () C:\Program Files\airtel mobile broadband\AtCodec.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00300544 _____ () C:\Program Files\airtel mobile broadband\DeviceSrvPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00225280 _____ () C:\Program Files\airtel mobile broadband\NetSrvPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00133120 _____ () C:\Program Files\airtel mobile broadband\OSDialup.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00159232 _____ () C:\Program Files\airtel mobile broadband\XCodec.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00157184 _____ () C:\Program Files\airtel mobile broadband\DataServicePlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00175104 _____ () C:\Program Files\airtel mobile broadband\CallSrvPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00264704 _____ () C:\Program Files\airtel mobile broadband\AddrBookSrvPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00217600 _____ () C:\Program Files\airtel mobile broadband\SmsSrvPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00142336 _____ () C:\Program Files\airtel mobile broadband\USSDSrvPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00156672 _____ () C:\Program Files\airtel mobile broadband\STKSrvPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00154624 _____ () C:\Program Files\airtel mobile broadband\GpsSrvPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00337408 _____ () C:\Program Files\airtel mobile broadband\DeviceAppPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00065536 _____ () C:\Program Files\airtel mobile broadband\OSPowerMgr.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00106496 _____ () C:\Program Files\airtel mobile broadband\Win7Support.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 01077248 _____ () C:\Program Files\airtel mobile broadband\AddrBookPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00670720 _____ () C:\Program Files\airtel mobile broadband\SmsAppPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00550400 _____ () C:\Program Files\airtel mobile broadband\CallAppPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00547840 _____ () C:\Program Files\airtel mobile broadband\CallLogSrvPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00158720 _____ () C:\Program Files\airtel mobile broadband\NetConnectSrvPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00211456 _____ () C:\Program Files\airtel mobile broadband\DialUpPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00101376 _____ () C:\Program Files\airtel mobile broadband\OSAdapt.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00179712 _____ () C:\Program Files\airtel mobile broadband\NDISPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00131072 _____ () C:\Program Files\airtel mobile broadband\OSNDIS.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 01101824 _____ () C:\Program Files\airtel mobile broadband\NDISAPI.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00275456 _____ () C:\Program Files\airtel mobile broadband\NetInfoSrvPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00062976 _____ () C:\Program Files\airtel mobile broadband\OSCall.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00495104 _____ () C:\Program Files\airtel mobile broadband\DeviceMgrUIPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00123392 _____ () C:\Program Files\airtel mobile broadband\ATR2SMgr.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00185856 _____ () C:\Program Files\airtel mobile broadband\XFramePlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00314368 _____ () C:\Program Files\airtel mobile broadband\StatusBarMgrPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00117760 _____ () C:\Program Files\airtel mobile broadband\LayoutPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00415232 _____ () C:\Program Files\airtel mobile broadband\DialupUIPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00093184 _____ () C:\Program Files\airtel mobile broadband\NotifyServicePlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00328704 _____ () C:\Program Files\airtel mobile broadband\NetConnectPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00245760 _____ () C:\Program Files\airtel mobile broadband\MenuMgrPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00449536 _____ () C:\Program Files\airtel mobile broadband\NetInfoUIExPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00777728 _____ () C:\Program Files\airtel mobile broadband\SMSUIPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00739840 _____ () C:\Program Files\airtel mobile broadband\AddrBookUIPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00333824 _____ () C:\Program Files\airtel mobile broadband\USSDUIPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00269824 _____ () C:\Program Files\airtel mobile broadband\LiveUpdateInterface.DLL
2013-12-17 17:27 - 2013-12-17 17:27 - 01148416 _____ () C:\Program Files\airtel mobile broadband\QtNetwork4.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00229376 _____ () C:\Program Files\airtel mobile broadband\ToolBarMgrPlugin.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00082944 _____ () C:\Program Files\airtel mobile broadband\plugins\imageformats\qgif4.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00081920 _____ () C:\Program Files\airtel mobile broadband\plugins\imageformats\qico4.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00192000 _____ () C:\Program Files\airtel mobile broadband\plugins\imageformats\qjpeg4.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00350720 _____ () C:\Program Files\airtel mobile broadband\plugins\imageformats\qmng4.dll
2013-12-17 17:27 - 2013-12-17 17:27 - 00370176 _____ () C:\Program Files\airtel mobile broadband\plugins\imageformats\qtiff4.dll
2011-03-30 15:09 - 2006-08-12 06:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2014-05-14 14:27 - 2014-05-14 14:27 - 00137296 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-14 14:27 - 2014-05-14 14:27 - 00065616 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2011-03-30 15:12 - 2010-05-07 17:22 - 01636864 _____ () C:\Program Files\Samsung\Samsung Recovery Solution 5\Resdll.dll
2014-02-11 18:48 - 2013-03-19 19:00 - 00372736 _____ () C:\Program Files\Mobile Genie\MobileMonitor.exe
2014-07-10 01:10 - 2014-05-14 14:27 - 00049744 _____ () C:\Users\*****\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-07-10 01:56 - 2014-07-10 01:56 - 00592936 _____ () C:\windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.79_none_b59ec33311fcd586\QtMultimediaKit1.dll
2011-12-29 00:50 - 2011-11-24 01:05 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll
2014-04-13 21:02 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\*****\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-13 21:02 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\*****\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-06-11 20:30 - 2014-06-05 16:58 - 04217672 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-11 20:30 - 2014-06-05 16:58 - 00414536 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-11 20:30 - 2014-06-05 16:58 - 01732424 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2006-10-01 23:49 - 2006-10-01 23:49 - 00389120 _____ () C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobexmp.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/10/2014 10:28:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.OE.ServiceHost.exe, version: 1.1.13.24161, time stamp: 0x537360b2
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0003224d
Faulting process id: 0x414
Faulting application start time: 0xAvira.OE.ServiceHost.exe0
Faulting application path: Avira.OE.ServiceHost.exe1
Faulting module path: Avira.OE.ServiceHost.exe2
Report Id: Avira.OE.ServiceHost.exe3
Error: (07/10/2014 10:28:46 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
at Avira.OE.AvConnector.Interface.IGeneralPlugin.GetGeneralInfo()
at Avira.OE.AvConnector.AvStatusReporter.GetGeneralInfo(Avira.OE.AvConnector.Interface.IGeneralPlugin)
at Avira.OE.AvConnector.AvStatusReporter.GetStatus()
at Avira.OE.AvConnector.AvConnector.GetAvStatusData()
at Avira.OE.AvConnector.AvConnector.RefreshDeviceState()
at Avira.OE.AvConnector.AvConnector.StatusChangedTimerOnElapsed(System.Object, System.Timers.ElapsedEventArgs)
at System.Timers.Timer.MyTimerCallback(System.Object)
at System.Threading._TimerCallback.TimerCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading._TimerCallback.PerformTimerCallback(System.Object)
Error: (07/10/2014 10:23:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/10/2014 02:45:10 AM) (Source: Google Update) (EventID: 20) (User: *****-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
Error: (07/10/2014 02:25:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/09/2014 11:36:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/09/2014 09:07:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/09/2014 09:06:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/09/2014 09:05:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/09/2014 09:05:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
System errors:
=============
Error: (07/10/2014 10:52:46 AM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.
Error: (07/10/2014 10:30:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (07/10/2014 10:30:04 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Avira.OE.ServiceHost service.
Error: (07/10/2014 10:27:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
Error: (07/10/2014 10:25:59 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
Error: (07/10/2014 10:22:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The airtel mobile broadband. OUC service failed to start due to the following error:
%%1053
Error: (07/10/2014 10:22:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the airtel mobile broadband. OUC service to connect.
Error: (07/10/2014 03:13:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7.
Error: (07/10/2014 02:50:13 AM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.
Error: (07/10/2014 02:26:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.
Microsoft Office Sessions:
=========================
Error: (07/10/2014 10:28:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.13.24161537360b2ntdll.dll6.1.7601.18247521ea91cc00000050003224d41401cf9c0fc729f7a5C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exeC:\windows\SYSTEM32\ntdll.dlld56b1688-0803-11e4-a2f5-e8113275d9e0
Error: (07/10/2014 10:28:46 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
at Avira.OE.AvConnector.Interface.IGeneralPlugin.GetGeneralInfo()
at Avira.OE.AvConnector.AvStatusReporter.GetGeneralInfo(Avira.OE.AvConnector.Interface.IGeneralPlugin)
at Avira.OE.AvConnector.AvStatusReporter.GetStatus()
at Avira.OE.AvConnector.AvConnector.GetAvStatusData()
at Avira.OE.AvConnector.AvConnector.RefreshDeviceState()
at Avira.OE.AvConnector.AvConnector.StatusChangedTimerOnElapsed(System.Object, System.Timers.ElapsedEventArgs)
at System.Timers.Timer.MyTimerCallback(System.Object)
at System.Threading._TimerCallback.TimerCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading._TimerCallback.PerformTimerCallback(System.Object)
Error: (07/10/2014 10:23:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/10/2014 02:45:10 AM) (Source: Google Update) (EventID: 20) (User: *****-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
Error: (07/10/2014 02:25:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/09/2014 11:36:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/09/2014 09:07:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\easy display manager\RunGfxUI64.exe
Error: (07/09/2014 09:06:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest
Error: (07/09/2014 09:05:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest
Error: (07/09/2014 09:05:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest
==================== Memory info ===========================
Percentage of memory in use: 86%
Total physical RAM: 1013.3 MB
Available physical RAM: 136.58 MB
Total Pagefile: 2430.8 MB
Available Pagefile: 901.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.1 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:87 GB) (Free:57.87 GB) NTFS
Drive d: () (Fixed) (Total:129.17 GB) (Free:20.83 GB) NTFS
Drive e: (airtel) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 1F659477)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=87 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=129 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=17 GB) - (Type=27)
==================== End Of Log ============================
|
|
11.07.2014, 13:54
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7 / TR/Rogue.1123358 / VBS/Kryptik.N / Kopien auf USb Stick nur als Verknüpfung Panda USB Vaccine - Download - Filepony Das laufen lassen zum Absichern des Sticks. Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.07.2014, 16:04
| #5 |
| | Windows 7 / TR/Rogue.1123358 / VBS/Kryptik.N / Kopien auf USb Stick nur als Verknüpfung Vielen dank schon einmal für die schnelle Hilfe. Ich habe alle meine USB Sticks und Datenträger bereits entsorgt. Soll ich trotzdem folgendes machen ? Panda USB Vaccine - Download - Filepony Das laufen lassen zum Absichern des Sticks Meinen Internetzugang bekomme ich über 2 UBS Sticks meines Providers, also mobiles internet, weiss nicht genau wie die richtige Bezeichnung lautet. Könnten die auch befallen sein ? Ich habe REVO durchgeführt nach Anweisung Da ich nicht wusste wie ich AVIRA antivirus deaktiviere habe ich es erstmal deinstaliert Dann habe ich COMBO laufen lassen Hier das Ergebnis: Code:
ATTFilter ComboFix 14-07-11.04 - ***** 11.07.2014 17:18:32.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1033.18.1013.213 [GMT 3:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Java\jre7\bin\jp2ssv.dll
c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut6_96BE12D997374F89986526ECCB660D4F.exe
c:\windows\IsUn0407.exe
c:\windows\system32\DEBUG.log
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_savesenselive
-------\Service_savesenselivem
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-06-11 bis 2014-07-11 ))))))))))))))))))))))))))))))
.
.
2014-07-11 14:37 . 2014-07-11 14:43 -------- d-----w- c:\users\*****\AppData\Local\temp
2014-07-11 13:13 . 2014-07-11 13:13 -------- d-----w- c:\program files\VS Revo Group
2014-07-10 08:07 . 2014-07-10 08:13 -------- d-----w- C:\FRST
2014-07-10 00:58 . 2014-07-10 00:58 -------- d-s---w- c:\windows\system32\CompatTel
2014-07-10 00:15 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-07-10 00:15 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-07-10 00:08 . 2014-01-29 02:06 381440 ----a-w- c:\windows\system32\wer.dll
2014-07-10 00:08 . 2014-06-30 01:40 404480 ----a-w- c:\windows\system32\aepdu.dll
2014-07-10 00:08 . 2014-06-30 01:36 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-07-10 00:08 . 2014-06-18 00:52 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-07-10 00:08 . 2014-06-18 01:52 399360 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-10 00:08 . 2014-06-18 01:51 646144 ----a-w- c:\windows\system32\osk.exe
2014-07-10 00:08 . 2013-11-12 02:07 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-10 00:01 . 2014-04-25 02:06 626688 ----a-w- c:\windows\system32\usp10.dll
2014-07-09 23:50 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-07-09 23:50 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-07-09 23:50 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-07-09 23:50 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-07-09 23:50 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-07-09 23:50 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll
2014-07-09 23:50 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-07-09 23:50 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-07-09 23:50 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-07-09 22:50 . 2014-07-10 08:23 -------- d-----w- c:\programdata\F-Secure
2014-06-28 15:21 . 2014-07-01 08:42 -------- d-----w- c:\program files\Mozilla Thunderbird
2014-06-21 11:11 . 2014-06-21 11:11 -------- d-----w- c:\program files\Common Files\Skype
2014-06-21 11:11 . 2014-06-21 11:11 -------- d-----r- c:\program files\Skype
2014-06-20 18:28 . 2014-06-20 18:32 -------- d-----w- c:\users\*****\AppData\Roaming\Lavasoft
2014-06-20 18:21 . 2014-06-20 18:21 -------- d-----w- c:\program files\Lavasoft
2014-06-20 18:13 . 2014-06-20 18:13 -------- d-----w- c:\programdata\Lavasoft
2014-06-17 19:22 . 2014-06-17 19:22 -------- d-----w- c:\users\*****\AppData\Roaming\OpenCandy
2014-06-17 19:22 . 2014-06-17 19:22 -------- d-----w- c:\program files\MediaHuman
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-11 14:22 . 2014-07-11 14:22 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3EE9A01-B3F8-4FCE-ACD0-A552A3848C57}\offreg.dll
2014-04-14 17:13 . 2014-04-19 23:06 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-11-23 6497592]
"HW_OPENEYE_OUC_airtel mobile broadband"="c:\program files\airtel mobile broadband\UpdateDog\ouc.exe" [2013-12-17 246112]
"IDM confirmer"="wscript.exe" [2013-10-12 141824]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-08 21444224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-14 9378408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-19 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-19 150552]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2010-11-12 1812264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"MobileMonitor"="c:\program files\Mobile Genie\MobileMonitor.exe" [2013-03-19 372736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2013-11-19 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 airtel mobile broadband. RunOuc;airtel mobile broadband. OUC;c:\program files\airtel mobile broadband\UpdateDog\ouc.exe [2013-12-17 246112]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2012-08-30 25088]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2013-12-17 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2013-12-17 11136]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2013-12-17 95616]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2013-12-17 27520]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2013-12-17 202752]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 qciusbnet;Quanta USB-NDIS miniport 9K generic_v12;c:\windows\system32\DRIVERS\qciusbnet.sys [2012-09-05 133120]
R3 qciusbser;Quanta USB Device for Legacy Serial Communication 9K generic_v12;c:\windows\system32\DRIVERS\qciusbser.sys [2012-09-05 107776]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 131888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 116008]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2013-12-17 76544]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-08-30 315680]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000Core.job
- c:\users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-01 10:40]
.
2014-07-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000UA.job
- c:\users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-01 10:40]
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-05 15:01]
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-05 15:01]
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000Core.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-06 18:51]
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000UA.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-06 18:51]
.
2014-07-11 c:\windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
- c:\program files\SaveSenseLive\Update\SaveSenseLive.exe [2014-02-11 16:45]
.
2014-07-11 c:\windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
- c:\program files\SaveSenseLive\Update\SaveSenseLive.exe [2014-02-11 16:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://translate.google.de/#
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Free YouTube to MP3 Converter - c:\users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: Interfaces\{600755AA-D652-4DB7-B218-33E6D00923FB}: NameServer = 197.239.0.249 8.8.8.8
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-RealTray - c:\program files\Real\RealPlayer\RealPlay.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut6_96BE12D997374F89986526ECCB660D4F.exe /f=srs_premium_sound_noext_nogame.zip /h
AddRemove-Adobe Photoshop 5.0 Limited Edition - c:\windows\UNIN0407.EXE
AddRemove-Ulead PhotoImpact 5.0 - c:\windows\ISUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3748)
c:\program files\Samsung\Movie Color Enhancer\WinCRT.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programdata\airtel mobile broadband\OnlineUpdate\ouc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Samsung\Easy Display Manager\dmhkcore.exe
c:\windows\System32\LocationNotifications.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\windows\system32\sppsvc.exe
c:\program files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files\Samsung\SamsungFastStart\SmartRestarter.exe
c:\program files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
c:\program files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-07-11 17:51:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-07-11 14:51
.
Vor Suchlauf: 62.085.296.128 bytes free
Nach Suchlauf: 61.489.889.280 bytes free
.
- - End Of File - - 73A018EC8FB7A9518418FC773E295119
2E5DEBB2116B3417023E0D6562D7ED07
|
|
12.07.2014, 15:41
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7 / TR/Rogue.1123358 / VBS/Kryptik.N / Kopien auf USb Stick nur als Verknüpfung Der Internet Stick wird ja mit gecheckt. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7 / TR/Rogue.1123358 / VBS/Kryptik.N / Kopien auf USb Stick nur als Verknüpfung |
|
16.07.2014, 13:04
| #7 |
| | Windows 7 / TR/Rogue.1123358 / VBS/Kryptik.N / Kopien auf USb Stick nur als Verknüpfung Seit 3 Tagen habe ich auch diesen Folder auf dem Laufwerk D welchen ich nicht löschen kann: $RECYCLE.BIN Mbam habe ich laufen lassen und es wurden 4 Dateien in die Quarantaene verschoben danach gelöscht - allerdings war ich nicht in der Lage den Logfile zu speichern da sich das Programm geschlossen hat und ich den Logfile nicht weidergefunden habe Code:
ATTFilter # AdwCleaner v3.215 - Report created 16/07/2014 at 13:36:39
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : ***** - *****-PC
# Running from : C:\Users\*****\Desktop\adwcleaner_3.215.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\*****\AppData\Local\Conduit
Folder Deleted : C:\Users\*****\AppData\Local\SaveSense
Folder Deleted : C:\Users\*****\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
[!] Folder Deleted : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16520
-\\ Google Chrome v
[ File : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Extension] : plmlpkfpkijnlijgalnjaacllnjmoamo
*************************
AdwCleaner[R0].txt - [3234 octets] - [16/07/2014 13:34:54]
AdwCleaner[S0].txt - [3004 octets] - [16/07/2014 13:36:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3064 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Starter x86
Ran by ***** on 16.07.2014 at 14:14:10,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\*****\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\*****\Local Settings\Application Data\cre"
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{113EFE33-54ED-4D7E-B862-981B11749D71}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{2486BF1D-9517-48D6-BB9B-6256B2AD6C0B}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{46946E93-85E9-4D91-B2DA-4B7BE21CB953}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{4B4107BC-614E-481F-9491-71E6D7294491}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{58707559-0446-4A34-B242-F96FC045C15B}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{6F0AB9A3-A85F-475E-BCED-BEA5F8E8D40B}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{86C532E7-F3B0-4357-A0CD-215CAD3B7A32}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{979D1608-92A5-4CC7-A895-4248B3F5A99B}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{AE6CBF36-639E-4AF1-B35F-0946CA3CBD99}
Successfully deleted: [Empty Folder] C:\Users\*****\appdata\local\{F076FFBC-D0AD-4B5A-B20A-140ECF465364}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.07.2014 at 14:27:53,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-07-2014 Ran by ***** (administrator) on *****-PC on 16-07-2014 14:43:04 Running from C:\Users\*****\Desktop Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= () C:\ProgramData\airtel mobile broadband\OnlineUpdate\ouc.exe (Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe () C:\Program Files\Mobile Genie\MobileMonitor.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Microsoft Corporation) C:\Windows\System32\LocationNotifications.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9378408 2010-07-14] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1812264 2010-11-13] (ELAN Microelectronics Corp.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.) HKLM\...\Run: [Adobe_ID0EYTHM] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated) HKLM\...\Run: [MobileMonitor] => C:\Program Files\Mobile Genie\MobileMonitor.exe [372736 2013-03-19] () HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2014-07-16] (RealNetworks, Inc.) HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6497592 2011-11-24] (Yahoo! Inc.) HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\Run: [HW_OPENEYE_OUC_airtel mobile broadband] => C:\Program Files\airtel mobile broadband\UpdateDog\ouc.exe [246112 2013-12-17] () HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\Run: [IDM confirmer] => wscript.exe //B "C:\ProgramData\IDM confirmer.vbs" HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://translate.google.de/# SearchScopes: HKLM - DefaultScope value is missing. BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Samsung BHO Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.) Tcpip\..\Interfaces\{600755AA-D652-4DB7-B218-33E6D00923FB}: [NameServer]197.239.0.249 8.8.8.8 Tcpip\..\Interfaces\{88844D40-CFC7-4910-BFE0-628EA6BD3F47}: [NameServer] Tcpip\..\Interfaces\{A93D9F56-8E83-4BE1-8770-D45859EE753A}: [NameServer] FireFox: ======== FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @rim.com/npappworld - C:\Program Files\Research In Motion Limited\Browser-Plug-In für BlackBerry World\npappworld.dll () FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\*****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-16] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR HomePage: CHR Extension: (RealDownloader) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-16] CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-24] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR StartMenuInternet: Google Chrome - C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated) S2 airtel mobile broadband. RunOuc; C:\Program Files\airtel mobile broadband\UpdateDog\ouc.exe [246112 2013-12-17] () R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-11-19] (Macrovision Europe Ltd.) [File not signed] R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.) ==================== Drivers (Whitelisted) ==================== R3 androidusb; C:\windows\System32\Drivers\androidusb.sys [25088 2012-08-30] (Google Inc) R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [116008 2010-11-13] (ELAN Microelectronics Corp.) R3 huawei_cdcacm; C:\windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2013-12-17] (Huawei Technologies Co., Ltd.) R3 huawei_ext_ctrl; C:\windows\System32\DRIVERS\ew_juextctrl.sys [27520 2013-12-17] (Huawei Technologies Co., Ltd.) R3 huawei_wwanecm; C:\windows\System32\DRIVERS\ew_juwwanecm.sys [202752 2013-12-17] (Huawei Technologies Co., Ltd.) S3 ivusb; C:\windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R3 qciusbnet; C:\windows\System32\DRIVERS\qciusbnet.sys [133120 2012-09-05] (Quanta Computer Inc.) R3 qciusbser; C:\windows\System32\DRIVERS\qciusbser.sys [107776 2012-09-05] (Quanta Computer Inc.) S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2011-08-10] (Windows (R) 2003 DDK 3790 provider) U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\*****\AppData\Local\Temp\catchme.sys [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-16 14:43 - 2014-07-16 14:43 - 00015512 _____ () C:\Users\*****\Desktop\FRST.txt 2014-07-16 14:34 - 2014-07-16 14:34 - 00001858 _____ () C:\Users\*****\Desktop\JRTtext.txt 2014-07-16 14:27 - 2014-07-16 14:27 - 00001858 _____ () C:\Users\*****\Desktop\JRT.txt 2014-07-16 14:05 - 2014-07-16 14:05 - 00000000 ____D () C:\windows\ERUNT 2014-07-16 14:03 - 2014-07-16 14:04 - 01016261 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe 2014-07-16 13:41 - 2014-07-16 13:41 - 00003144 _____ () C:\Users\*****\Desktop\AdwCleaner[S0].txt 2014-07-16 13:34 - 2014-07-16 13:36 - 00000000 ____D () C:\AdwCleaner 2014-07-16 13:32 - 2014-07-16 13:33 - 01348263 _____ () C:\Users\*****\Desktop\adwcleaner_3.215.exe 2014-07-16 12:40 - 2014-07-16 13:40 - 00000374 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_*****.job 2014-07-16 12:40 - 2014-07-16 13:40 - 00000370 _____ () C:\windows\Tasks\ReclaimerUpdateXML_*****.job 2014-07-16 11:52 - 2014-07-16 14:41 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-16 11:52 - 2014-07-16 11:52 - 00001020 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-16 11:52 - 2014-07-16 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-16 11:51 - 2014-07-16 11:52 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-07-16 11:51 - 2014-07-16 11:51 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-16 11:51 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-07-16 11:51 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-07-16 11:51 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-07-16 11:47 - 2014-07-16 11:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\*****\Desktop\mbam-setup-2.0.2.1012.exe 2014-07-16 01:14 - 2014-07-16 01:14 - 00000000 ____D () C:\Users\*****\AppData\Roaming\RealNetworks 2014-07-16 01:13 - 2014-07-16 01:13 - 00000000 ____D () C:\ProgramData\RealNetworks 2014-07-16 01:13 - 2014-07-16 01:13 - 00000000 ____D () C:\Program Files\RealNetworks 2014-07-16 01:12 - 2014-07-16 01:12 - 00000000 ____D () C:\Program Files\Common Files\xing shared 2014-07-16 01:11 - 2014-07-16 01:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks 2014-07-15 18:01 - 2014-07-15 18:10 - 00000977 _____ () C:\Users\*****\Desktop\NewsLetter Pro.lnk 2014-07-15 18:01 - 2014-07-15 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewsLetter Pro 2014-07-15 18:01 - 2014-07-15 18:10 - 00000000 ____D () C:\Program Files\NewsLetter Pro 2014-07-15 18:01 - 2014-07-15 18:01 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Bouncer 2014-07-15 12:52 - 2014-07-15 17:14 - 00083456 _____ () C:\Users\*****\Desktop\linked contacts tw.xls 2014-07-14 18:07 - 2014-07-16 00:06 - 00124416 _____ () C:\Users\*****\Desktop\DEUTSCH ENGLISH.xls 2014-07-11 17:51 - 2014-07-11 17:51 - 00015521 _____ () C:\ComboFix.txt 2014-07-11 17:41 - 2014-07-16 14:37 - 00001064 _____ () C:\windows\setupact.log 2014-07-11 17:41 - 2014-07-11 17:41 - 00000000 _____ () C:\windows\setuperr.log 2014-07-11 17:39 - 2014-07-16 13:38 - 00027012 _____ () C:\windows\PFRO.log 2014-07-11 17:13 - 2011-06-26 09:45 - 00256000 _____ () C:\windows\PEV.exe 2014-07-11 17:13 - 2010-11-07 20:20 - 00208896 _____ () C:\windows\MBR.exe 2014-07-11 17:13 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2014-07-11 17:13 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2014-07-11 17:13 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2014-07-11 17:13 - 2000-08-31 03:00 - 00098816 _____ () C:\windows\sed.exe 2014-07-11 17:13 - 2000-08-31 03:00 - 00080412 _____ () C:\windows\grep.exe 2014-07-11 17:13 - 2000-08-31 03:00 - 00068096 _____ () C:\windows\zip.exe 2014-07-11 17:12 - 2014-07-11 17:51 - 00000000 ____D () C:\ComboFix 2014-07-11 17:03 - 2014-07-11 17:51 - 00000000 ____D () C:\Qoobox 2014-07-11 17:02 - 2014-07-11 17:47 - 00000000 ____D () C:\windows\erdnt 2014-07-11 16:13 - 2014-07-11 16:13 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-07-11 12:58 - 2014-07-15 11:17 - 00018432 _____ () C:\Users\*****\Desktop\messebauer.xls 2014-07-11 12:26 - 2014-07-11 12:26 - 00014336 _____ () C:\Users\*****\Documents\Mappe1.xls 2014-07-11 00:43 - 2014-07-16 13:57 - 00000000 ____D () C:\Users\*****\Desktop\virus problem 10 july 2014 2014-07-10 23:23 - 2014-07-11 17:06 - 00000000 ____D () C:\windows\Minidump 2014-07-10 11:07 - 2014-07-16 14:43 - 00000000 ____D () C:\FRST 2014-07-10 11:05 - 2014-07-10 11:05 - 01074688 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe 2014-07-10 11:02 - 2014-07-10 11:02 - 00000000 _____ () C:\Users\*****\defogger_reenable 2014-07-10 03:58 - 2014-07-10 03:58 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-07-10 03:15 - 2013-05-10 07:56 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL 2014-07-10 03:15 - 2013-05-10 07:56 - 11410432 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll 2014-07-10 03:08 - 2014-06-30 04:40 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-07-10 03:08 - 2014-06-30 04:36 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-07-10 03:08 - 2014-06-18 04:51 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe 2014-07-10 03:08 - 2014-06-18 03:52 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-07-10 03:08 - 2014-03-25 05:09 - 12874240 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2014-07-10 03:08 - 2014-03-04 12:17 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2014-07-10 03:08 - 2014-01-29 05:06 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\wer.dll 2014-07-10 03:08 - 2013-11-12 05:07 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2014-07-10 03:07 - 2014-06-06 12:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2014-07-10 03:07 - 2014-05-30 09:36 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys 2014-07-10 03:07 - 2014-04-05 05:25 - 01294272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2014-07-10 03:07 - 2014-04-05 05:24 - 00187840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS 2014-07-10 03:07 - 2014-03-26 17:27 - 01389056 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll 2014-07-10 03:07 - 2014-03-26 17:27 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2014-07-10 03:07 - 2014-03-26 17:25 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll 2014-07-10 03:07 - 2014-03-26 17:25 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll 2014-07-10 03:07 - 2014-01-28 05:07 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll 2014-07-10 03:07 - 2014-01-24 05:18 - 01212352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys 2014-07-10 03:07 - 2014-01-01 02:05 - 00420008 _____ () C:\windows\system32\locale.nls 2014-07-10 03:07 - 2013-11-26 14:11 - 00240576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys 2014-07-10 03:07 - 2013-10-30 05:19 - 00301568 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll 2014-07-10 03:07 - 2013-10-12 05:04 - 00121856 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx 2014-07-10 03:07 - 2013-10-12 05:03 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll 2014-07-10 03:07 - 2013-10-12 04:15 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe 2014-07-10 03:07 - 2013-10-12 04:15 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe 2014-07-10 03:07 - 2013-10-04 04:49 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys 2014-07-10 03:07 - 2013-10-04 04:17 - 00177152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys 2014-07-10 03:01 - 2014-04-25 05:06 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll 2014-07-10 02:50 - 2013-12-04 05:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll 2014-07-10 02:50 - 2013-12-04 05:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll 2014-07-10 02:50 - 2013-12-04 05:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll 2014-07-10 02:50 - 2013-12-04 05:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll 2014-07-10 02:50 - 2013-12-04 05:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll 2014-07-10 02:50 - 2013-12-04 04:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe 2014-07-10 02:50 - 2013-12-04 04:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe 2014-07-10 02:50 - 2013-12-04 04:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe 2014-07-10 02:50 - 2013-12-04 04:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe 2014-07-10 02:08 - 2014-06-05 17:26 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-07-10 02:08 - 2014-04-12 05:15 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2014-07-10 02:08 - 2014-04-12 05:15 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2014-07-10 02:08 - 2014-04-12 05:12 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2014-07-10 02:08 - 2014-04-12 05:12 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2014-07-10 02:08 - 2014-04-12 05:12 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2014-07-10 02:08 - 2014-04-12 05:11 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2014-07-10 02:08 - 2014-03-04 12:17 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-07-10 02:08 - 2014-03-04 12:17 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2014-07-10 02:08 - 2014-03-04 12:17 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2014-07-10 02:08 - 2014-03-04 12:17 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2014-07-10 02:08 - 2014-03-04 12:17 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-07-10 02:08 - 2014-03-04 12:17 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-07-10 02:08 - 2013-11-27 04:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2014-07-10 02:08 - 2013-11-27 04:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2014-07-10 02:08 - 2013-11-27 04:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2014-07-10 02:08 - 2013-11-27 04:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2014-07-10 02:08 - 2013-11-27 04:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2014-07-10 02:08 - 2013-11-27 04:13 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys 2014-07-10 02:08 - 2013-11-27 04:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2014-07-10 01:50 - 2014-07-10 11:23 - 00000000 ____D () C:\ProgramData\F-Secure 2014-07-04 16:14 - 2014-07-04 16:18 - 00000000 ____D () C:\Users\*****\Desktop\Reisen Hamburg 2014-07-04 16:10 - 2014-07-04 16:15 - 00000000 ____D () C:\Users\*****\Desktop\free 2015 2014-07-04 16:07 - 2014-07-07 13:38 - 00000000 ____D () C:\Users\*****\Desktop\CMT 2014 2014-07-03 19:09 - 2014-07-05 13:34 - 00000000 ____D () C:\Users\*****\Desktop\Reiselust 2014 2014-07-03 17:33 - 2014-07-04 16:03 - 00014848 _____ () C:\Users\*****\Desktop\Road To Germany Part 2.xls 2014-07-03 09:59 - 2014-07-03 13:16 - 00014848 _____ () C:\Users\*****\Desktop\Road To Germany Part 1.xls 2014-07-02 13:04 - 2014-07-02 13:21 - 00000000 ____D () C:\Users\*****\Desktop\anti virus 2014-07-01 17:21 - 2014-07-16 11:43 - 00000000 ____D () C:\Users\*****\Desktop\LinkedIn Kontakte 2014-06-29 19:00 - 2014-07-04 11:55 - 00000000 ____D () C:\Users\*****\Desktop\AUTO 2014-06-29 11:32 - 2014-06-30 13:34 - 00000000 ____D () C:\Users\*****\Desktop\KATO 2014-06-28 22:07 - 2014-06-28 22:34 - 00000675 _____ () C:\Users\*****\Desktop\dubai events.txt 2014-06-28 18:21 - 2014-07-01 11:42 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-06-22 14:59 - 2014-06-22 18:02 - 00028160 _____ () C:\Users\*****\Desktop\countries of the world.xls 2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ___RD () C:\Program Files\Skype 2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-06-21 13:35 - 2014-07-16 14:35 - 01373804 _____ () C:\windows\WindowsUpdate.log 2014-06-20 21:28 - 2014-06-20 21:32 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Lavasoft 2014-06-20 21:25 - 2014-06-20 21:33 - 00000000 ____D () C:\Users\*****\AppData\Roaming\LavasoftStatistics 2014-06-20 21:21 - 2014-06-20 21:21 - 00000000 ____D () C:\Program Files\Lavasoft 2014-06-20 21:13 - 2014-06-20 21:13 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-06-16 12:38 - 2014-06-16 12:56 - 00120320 _____ () C:\Users\*****\Desktop\EXHI UGX Contacts.xls 2014-06-16 11:01 - 2014-06-16 11:33 - 00606208 _____ () C:\Users\*****\Desktop\WA Tourism Contacts.xls 2014-06-16 10:24 - 2014-06-16 11:00 - 01070592 _____ () C:\Users\*****\Desktop\EA Tourism Contacts.xls ==================== One Month Modified Files and Folders ======= 2014-07-16 14:48 - 2013-01-01 13:40 - 00000932 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000UA.job 2014-07-16 14:44 - 2014-07-16 14:43 - 00015512 _____ () C:\Users\*****\Desktop\FRST.txt 2014-07-16 14:44 - 2012-01-05 18:02 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-16 14:43 - 2014-07-10 11:07 - 00000000 ____D () C:\FRST 2014-07-16 14:43 - 2014-06-21 13:35 - 01373804 _____ () C:\windows\WindowsUpdate.log 2014-07-16 14:41 - 2014-07-16 11:52 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-16 14:38 - 2012-01-05 18:02 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-16 14:37 - 2014-07-11 17:41 - 00001064 _____ () C:\windows\setupact.log 2014-07-16 14:37 - 2009-07-14 07:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-07-16 14:34 - 2014-07-16 14:34 - 00001858 _____ () C:\Users\*****\Desktop\JRTtext.txt 2014-07-16 14:27 - 2014-07-16 14:27 - 00001858 _____ () C:\Users\*****\Desktop\JRT.txt 2014-07-16 14:23 - 2011-12-06 21:51 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000UA.job 2014-07-16 14:19 - 2009-07-14 07:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-16 14:19 - 2009-07-14 07:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-16 14:05 - 2014-07-16 14:05 - 00000000 ____D () C:\windows\ERUNT 2014-07-16 14:04 - 2014-07-16 14:03 - 01016261 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe 2014-07-16 14:01 - 2012-01-09 19:30 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype 2014-07-16 13:57 - 2014-07-11 00:43 - 00000000 ____D () C:\Users\*****\Desktop\virus problem 10 july 2014 2014-07-16 13:41 - 2014-07-16 13:41 - 00003144 _____ () C:\Users\*****\Desktop\AdwCleaner[S0].txt 2014-07-16 13:40 - 2014-07-16 12:40 - 00000374 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_*****.job 2014-07-16 13:40 - 2014-07-16 12:40 - 00000370 _____ () C:\windows\Tasks\ReclaimerUpdateXML_*****.job 2014-07-16 13:38 - 2014-07-11 17:39 - 00027012 _____ () C:\windows\PFRO.log 2014-07-16 13:36 - 2014-07-16 13:34 - 00000000 ____D () C:\AdwCleaner 2014-07-16 13:33 - 2014-07-16 13:32 - 01348263 _____ () C:\Users\*****\Desktop\adwcleaner_3.215.exe 2014-07-16 12:31 - 2011-03-30 14:12 - 00000000 ____D () C:\windows\es 2014-07-16 11:52 - 2014-07-16 11:52 - 00001020 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-16 11:52 - 2014-07-16 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-16 11:52 - 2014-07-16 11:51 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-07-16 11:51 - 2014-07-16 11:51 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-16 11:48 - 2014-07-16 11:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\*****\Desktop\mbam-setup-2.0.2.1012.exe 2014-07-16 11:45 - 2013-01-01 13:40 - 00000910 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000Core.job 2014-07-16 11:43 - 2014-07-01 17:21 - 00000000 ____D () C:\Users\*****\Desktop\LinkedIn Kontakte 2014-07-16 09:55 - 2011-12-07 00:33 - 00000000 ____D () C:\ProgramData\Real 2014-07-16 09:55 - 2011-12-07 00:32 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Real 2014-07-16 09:46 - 2013-10-13 02:57 - 00000000 ____D () C:\Users\*****\AppData\Local\CrashDumps 2014-07-16 01:16 - 2014-02-11 18:48 - 00000000 ____D () C:\Users\*****\Documents\Mobile Genie 2014-07-16 01:14 - 2014-07-16 01:14 - 00000000 ____D () C:\Users\*****\AppData\Roaming\RealNetworks 2014-07-16 01:13 - 2014-07-16 01:13 - 00000000 ____D () C:\ProgramData\RealNetworks 2014-07-16 01:13 - 2014-07-16 01:13 - 00000000 ____D () C:\Program Files\RealNetworks 2014-07-16 01:13 - 2014-07-16 01:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks 2014-07-16 01:12 - 2014-07-16 01:12 - 00000000 ____D () C:\Program Files\Common Files\xing shared 2014-07-16 01:12 - 2011-12-07 00:18 - 00201872 _____ (RealNetworks, Inc.) C:\windows\system32\rmoc3260.dll 2014-07-16 01:12 - 2011-12-07 00:18 - 00000000 ____D () C:\Program Files\Real 2014-07-16 01:11 - 2012-12-13 07:20 - 00499712 _____ (Microsoft Corporation) C:\windows\system32\msvcp71.dll 2014-07-16 01:11 - 2012-12-13 07:20 - 00348160 _____ (Microsoft Corporation) C:\windows\system32\msvcr71.dll 2014-07-16 01:11 - 2011-12-07 00:18 - 00006656 _____ (RealNetworks, Inc.) C:\windows\system32\pndx5016.dll 2014-07-16 01:11 - 2011-12-07 00:18 - 00005632 _____ (RealNetworks, Inc.) C:\windows\system32\pndx5032.dll 2014-07-16 00:06 - 2014-07-14 18:07 - 00124416 _____ () C:\Users\*****\Desktop\DEUTSCH ENGLISH.xls 2014-07-15 19:09 - 2009-07-14 07:33 - 01792080 _____ () C:\windows\system32\FNTCACHE.DAT 2014-07-15 18:10 - 2014-07-15 18:01 - 00000977 _____ () C:\Users\*****\Desktop\NewsLetter Pro.lnk 2014-07-15 18:10 - 2014-07-15 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewsLetter Pro 2014-07-15 18:10 - 2014-07-15 18:01 - 00000000 ____D () C:\Program Files\NewsLetter Pro 2014-07-15 18:01 - 2014-07-15 18:01 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Bouncer 2014-07-15 18:01 - 2014-02-11 19:46 - 00000000 ____D () C:\Users\*****\AppData\Roaming\NewsLetter Pro 2014-07-15 17:14 - 2014-07-15 12:52 - 00083456 _____ () C:\Users\*****\Desktop\linked contacts tw.xls 2014-07-15 16:25 - 2011-12-06 21:51 - 00001072 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000Core.job 2014-07-15 13:15 - 2010-11-21 00:01 - 00726316 _____ () C:\windows\system32\PerfStringBackup.INI 2014-07-15 11:17 - 2014-07-11 12:58 - 00018432 _____ () C:\Users\*****\Desktop\messebauer.xls 2014-07-12 10:10 - 2009-07-14 07:53 - 00032608 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2014-07-11 21:57 - 2009-07-14 05:37 - 00000000 ____D () C:\windows\rescache 2014-07-11 17:51 - 2014-07-11 17:51 - 00015521 _____ () C:\ComboFix.txt 2014-07-11 17:51 - 2014-07-11 17:12 - 00000000 ____D () C:\ComboFix 2014-07-11 17:51 - 2014-07-11 17:03 - 00000000 ____D () C:\Qoobox 2014-07-11 17:51 - 2009-07-14 05:37 - 00000000 __RHD () C:\Users\Default 2014-07-11 17:51 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\Public 2014-07-11 17:47 - 2014-07-11 17:02 - 00000000 ____D () C:\windows\erdnt 2014-07-11 17:42 - 2009-07-14 05:04 - 00000215 _____ () C:\windows\system.ini 2014-07-11 17:41 - 2014-07-11 17:41 - 00000000 _____ () C:\windows\setuperr.log 2014-07-11 17:38 - 2009-07-14 05:03 - 49807360 _____ () C:\windows\system32\config\SOFTWARE.bak 2014-07-11 17:38 - 2009-07-14 05:03 - 19922944 _____ () C:\windows\system32\config\SYSTEM.bak 2014-07-11 17:38 - 2009-07-14 05:03 - 01048576 _____ () C:\windows\system32\config\DEFAULT.bak 2014-07-11 17:38 - 2009-07-14 05:03 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak 2014-07-11 17:38 - 2009-07-14 05:03 - 00262144 _____ () C:\windows\system32\config\SAM.bak 2014-07-11 17:09 - 2011-12-20 15:20 - 00000000 ____D () C:\Users\*****\AppData\Roaming\FileZilla 2014-07-11 17:06 - 2014-07-10 23:23 - 00000000 ____D () C:\windows\Minidump 2014-07-11 16:13 - 2014-07-11 16:13 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-07-11 14:06 - 2014-05-27 13:41 - 00000000 ____D () C:\Users\*****\Desktop\Messe infos 2014-07-11 14:06 - 2011-12-09 20:27 - 00005141 _____ () C:\windows\ULEAD32.INI 2014-07-11 12:26 - 2014-07-11 12:26 - 00014336 _____ () C:\Users\*****\Documents\Mappe1.xls 2014-07-10 23:07 - 2009-07-14 05:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-07-10 21:07 - 2013-07-28 23:23 - 00000000 ____D () C:\Users\*****\AppData\Roaming\rining 2014-07-10 11:23 - 2014-07-10 01:50 - 00000000 ____D () C:\ProgramData\F-Secure 2014-07-10 11:05 - 2014-07-10 11:05 - 01074688 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe 2014-07-10 11:02 - 2014-07-10 11:02 - 00000000 _____ () C:\Users\*****\defogger_reenable 2014-07-10 11:02 - 2011-12-06 21:21 - 00000000 ____D () C:\Users\***** 2014-07-10 10:20 - 2011-03-30 13:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-10 03:58 - 2014-07-10 03:58 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-07-10 03:15 - 2011-03-30 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-07 13:38 - 2014-07-04 16:07 - 00000000 ____D () C:\Users\*****\Desktop\CMT 2014 2014-07-06 12:04 - 2011-12-09 22:31 - 00000030 _____ () C:\windows\Iedit.INI 2014-07-05 13:34 - 2014-07-03 19:09 - 00000000 ____D () C:\Users\*****\Desktop\Reiselust 2014 2014-07-04 16:18 - 2014-07-04 16:14 - 00000000 ____D () C:\Users\*****\Desktop\Reisen Hamburg 2014-07-04 16:15 - 2014-07-04 16:10 - 00000000 ____D () C:\Users\*****\Desktop\free 2015 2014-07-04 16:03 - 2014-07-03 17:33 - 00014848 _____ () C:\Users\*****\Desktop\Road To Germany Part 2.xls 2014-07-04 12:11 - 2014-05-16 11:28 - 00000000 ____D () C:\Users\*****\Desktop\TW Project 2014-07-04 11:55 - 2014-06-29 19:00 - 00000000 ____D () C:\Users\*****\Desktop\AUTO 2014-07-03 13:16 - 2014-07-03 09:59 - 00014848 _____ () C:\Users\*****\Desktop\Road To Germany Part 1.xls 2014-07-02 13:21 - 2014-07-02 13:04 - 00000000 ____D () C:\Users\*****\Desktop\anti virus 2014-07-01 18:26 - 2012-10-13 23:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-01 11:42 - 2014-06-28 18:21 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-06-30 13:34 - 2014-06-29 11:32 - 00000000 ____D () C:\Users\*****\Desktop\KATO 2014-06-30 04:40 - 2014-07-10 03:08 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-06-30 04:36 - 2014-07-10 03:08 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-06-28 22:34 - 2014-06-28 22:07 - 00000675 _____ () C:\Users\*****\Desktop\dubai events.txt 2014-06-27 21:26 - 2014-05-27 12:47 - 00000000 ____D () C:\Users\*****\Desktop\EATTM 2014-06-25 20:28 - 2014-06-11 13:23 - 00000698 _____ () C:\Users\*****\Desktop\east africa contacts.txt 2014-06-22 18:02 - 2014-06-22 14:59 - 00028160 _____ () C:\Users\*****\Desktop\countries of the world.xls 2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ___RD () C:\Program Files\Skype 2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-06-21 14:11 - 2011-12-06 21:26 - 00000000 ____D () C:\ProgramData\Skype 2014-06-20 21:33 - 2014-06-20 21:25 - 00000000 ____D () C:\Users\*****\AppData\Roaming\LavasoftStatistics 2014-06-20 21:32 - 2014-06-20 21:28 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Lavasoft 2014-06-20 21:21 - 2014-06-20 21:21 - 00000000 ____D () C:\Program Files\Lavasoft 2014-06-20 21:13 - 2014-06-20 21:13 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-06-18 04:51 - 2014-07-10 03:08 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe 2014-06-18 03:52 - 2014-07-10 03:08 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-06-16 12:56 - 2014-06-16 12:38 - 00120320 _____ () C:\Users\*****\Desktop\EXHI UGX Contacts.xls 2014-06-16 11:33 - 2014-06-16 11:01 - 00606208 _____ () C:\Users\*****\Desktop\WA Tourism Contacts.xls 2014-06-16 11:00 - 2014-06-16 10:24 - 01070592 _____ () C:\Users\*****\Desktop\EA Tourism Contacts.xls Some content of TEMP: ==================== C:\Users\*****\AppData\Local\temp\Quarantine.exe C:\Users\*****\AppData\Local\temp\stubhelper.dll ==================== Bamital & volsnap Check ================= C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-08 13:45 ==================== End Of Log ============================ |
|
16.07.2014, 20:30
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7 / TR/Rogue.1123358 / VBS/Kryptik.N / Kopien auf USb Stick nur als Verknüpfung Der Ordner is ganz normal, das ist der Papierkorb des Laufwerks. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.07.2014, 23:20
| #9 |
| | Windows 7 / TR/Rogue.1123358 / VBS/Kryptik.N / Kopien auf USb Stick nur als Verknüpfung naja, wenn schon die Frage nach Problemen kommt :-) seit ca. 30 Minuten steht rechts unten auf meinem Desktop Windows 7 Build 7601 This copy of Windows is not genuine Nun führe ich erstmal die angegebenen Schritte durch, Vielen Dank. Beim Laden des Eset Scanners, genauer gesagt nach herunterladen der Signaturdatenbank kommt die Meldung unerwarteter Fehler und ich kann nur zurück gehen und es neu versuchen. Das habe ich 2 x gemacht immer mit der selben Fehlermeldung Code:
ATTFilter Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` CCleaner Java(TM) 6 Update 31 Java 7 Update 55 Java version out of Date! Adobe Flash Player 9 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Thunderbird (24.6.0) Google Chrome 35.0.1916.114 Google Chrome 35.0.1916.153 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe airtel mobile broadband OnlineUpdate ouc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01 Ran by ***** (administrator) on *****-PC on 17-07-2014 01:16:04 Running from C:\Users\*****\Desktop Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= () C:\ProgramData\airtel mobile broadband\OnlineUpdate\ouc.exe (Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live \WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live \WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe () C:\Program Files\Mobile Genie\MobileMonitor.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared \FLEXnet Publisher\FNPLicensingService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager \dmhkcore.exe (Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart \SmartRestarter.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center \SSCKbdHk.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Movie Color Enhancer \MovieColorEnhancer.exe (Samsung Electronics) C:\Program Files\Samsung\Samsung Update Plus \SUPBackground.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager \EasySpeedUpManager.exe () C:\Program Files\airtel mobile broadband\airtel mobile broadband.exe (Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9378408 2010-07-14] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [1812264 2010- 11-13] (ELAN Microelectronics Corp.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer \MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.) HKLM\...\Run: [Adobe_ID0EYTHM] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated) HKLM\...\Run: [MobileMonitor] => C:\Program Files\Mobile Genie\MobileMonitor.exe [372736 2013-03-19] () HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update \realsched.exe [295512 2014-07-16] (RealNetworks, Inc.) HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6497592 2011-11-24] (Yahoo! Inc.) HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\Run: [HW_OPENEYE_OUC_airtel mobile broadband] => C:\Program Files\airtel mobile broadband\UpdateDog\ouc.exe [246112 2013-12-17] () HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\Run: [IDM confirmer] => wscript.exe //B "C:\ProgramData\IDM confirmer.vbs" HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer \{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office \OSA9.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://translate.google.de/# SearchScopes: HKLM - DefaultScope value is missing. BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C: \Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9- B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader \BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C: \Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273- 0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files \Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.) Tcpip\..\Interfaces\{600755AA-D652-4DB7-B218-33E6D00923FB}: [NameServer] 197.239.0.249 8.8.8.8 Tcpip\..\Interfaces\{88844D40-CFC7-4910-BFE0-628EA6BD3F47}: [NameServer] Tcpip\..\Interfaces\{A93D9F56-8E83-4BE1-8770-D45859EE753A}: [NameServer] 197.239.0.249 8.8.8.8 FireFox: ======== FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director \np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin \dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin \plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C: \Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real \RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData \RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins \nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData \RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins \nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData \RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins \nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real \RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks \RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @rim.com/npappworld - C:\Program Files\Research In Motion Limited \Browser-Plug-In für BlackBerry World\npappworld.dll () FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google \Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google \Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users \*****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\***** \AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\***** \AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C: \ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader \BrowserPlugins\Firefox\Ext [2014-07-16] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C: \ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR HomePage: CHR Extension: (RealDownloader) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-16] CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-24] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C: \ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext \realdownloader.crx [2013-08-14] CHR StartMenuInternet: Google Chrome - C:\Users\*****\AppData\Local\Google \Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated) S2 airtel mobile broadband. RunOuc; C:\Program Files\airtel mobile broadband \UpdateDog\ouc.exe [246112 2013-12-17] () R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02- 28] (Apple Computer, Inc.) [File not signed] R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared \FLEXnet Publisher\FNPLicensingService.exe [654848 2013-11-19] (Macrovision Europe Ltd.) [File not signed] R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks \RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.) ==================== Drivers (Whitelisted) ==================== R3 androidusb; C:\windows\System32\Drivers\androidusb.sys [25088 2012-08-30] (Google Inc) R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [116008 2010-11-13] (ELAN Microelectronics Corp.) R3 huawei_cdcacm; C:\windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2013-12-17] (Huawei Technologies Co., Ltd.) R3 huawei_ext_ctrl; C:\windows\System32\DRIVERS\ew_juextctrl.sys [27520 2013-12- 17] (Huawei Technologies Co., Ltd.) R3 huawei_wwanecm; C:\windows\System32\DRIVERS\ew_juwwanecm.sys [202752 2013-12- 17] (Huawei Technologies Co., Ltd.) S3 ivusb; C:\windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07- 17] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R3 qciusbnet; C:\windows\System32\DRIVERS\qciusbnet.sys [133120 2012-09-05] (Quanta Computer Inc.) R3 qciusbser; C:\windows\System32\DRIVERS\qciusbser.sys [107776 2012-09-05] (Quanta Computer Inc.) S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2011-08-10] (Windows (R) 2003 DDK 3790 provider) U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\*****\AppData\Local\Temp\catchme.sys [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-17 01:16 - 2014-07-17 01:17 - 00015767 _____ () C:\Users\*****\Desktop \FRST.txt 2014-07-17 01:15 - 2014-07-17 01:15 - 00000000 ____D () C:\Users\*****\Desktop \FRST-OlderVersion 2014-07-17 01:13 - 2014-07-17 01:13 - 00001210 _____ () C:\Users\*****\Desktop \checkup.txt 2014-07-17 00:59 - 2014-07-17 00:59 - 00854390 _____ () C:\Users\*****\Desktop \SecurityCheck.exe 2014-07-17 00:31 - 2014-07-17 00:31 - 00000000 ____D () C:\Program Files\ESET 2014-07-17 00:29 - 2014-07-17 00:30 - 02347384 _____ (ESET) C:\Users\***** \Desktop\esetsmartinstaller_deu.exe 2014-07-16 16:46 - 2014-07-16 16:56 - 00016384 _____ () C:\Users\*****\Desktop\EA Attraction.xls 2014-07-16 14:56 - 2014-07-16 20:39 - 00000380 _____ () C:\windows\Tasks \RNUpgradeHelperLogonPrompt_*****.job 2014-07-16 14:05 - 2014-07-16 14:05 - 00000000 ____D () C:\windows\ERUNT 2014-07-16 13:34 - 2014-07-16 13:36 - 00000000 ____D () C:\AdwCleaner 2014-07-16 12:40 - 2014-07-16 20:37 - 00000374 _____ () C:\windows\Tasks \ReclaimerUpdateFiles_*****.job 2014-07-16 12:40 - 2014-07-16 14:56 - 00000370 _____ () C:\windows\Tasks \ReclaimerUpdateXML_*****.job 2014-07-16 11:52 - 2014-07-17 00:10 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-16 11:52 - 2014-07-16 11:52 - 00000000 ____D () C:\ProgramData\Microsoft \Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-16 11:51 - 2014-07-16 11:52 - 00000000 ____D () C:\Program Files \ Malwarebytes Anti-Malware 2014-07-16 11:51 - 2014-07-16 11:51 - 00000000 ____D () C:\ProgramData \Malwarebytes 2014-07-16 11:51 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-07-16 11:51 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-07-16 11:51 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-07-16 01:14 - 2014-07-16 01:14 - 00000000 ____D () C:\Users\*****\AppData \Roaming\RealNetworks 2014-07-16 01:13 - 2014-07-16 01:13 - 00000000 ____D () C:\ProgramData \RealNetworks 2014-07-16 01:13 - 2014-07-16 01:13 - 00000000 ____D () C:\Program Files \RealNetworks 2014-07-16 01:12 - 2014-07-16 01:12 - 00000000 ____D () C:\Program Files\Common Files\xing shared 2014-07-16 01:11 - 2014-07-16 01:13 - 00000000 ____D () C:\ProgramData\Microsoft \Windows\Start Menu\Programs\RealNetworks 2014-07-15 18:01 - 2014-07-15 18:10 - 00000977 _____ () C:\Users\*****\Desktop \NewsLetter Pro.lnk 2014-07-15 18:01 - 2014-07-15 18:10 - 00000000 ____D () C:\ProgramData\Microsoft \Windows\Start Menu\Programs\NewsLetter Pro 2014-07-15 18:01 - 2014-07-15 18:10 - 00000000 ____D () C:\Program Files \NewsLetter Pro 2014-07-15 18:01 - 2014-07-15 18:01 - 00000000 ____D () C:\Users\*****\AppData \Roaming\Bouncer 2014-07-15 12:52 - 2014-07-15 17:14 - 00083456 _____ () C:\Users\*****\Desktop \linked contacts tw.xls 2014-07-14 18:07 - 2014-07-16 00:06 - 00124416 _____ () C:\Users\*****\Desktop \DEUTSCH ENGLISH.xls 2014-07-11 17:51 - 2014-07-11 17:51 - 00015521 _____ () C:\ComboFix.txt 2014-07-11 17:41 - 2014-07-16 20:37 - 00001120 _____ () C:\windows\setupact.log 2014-07-11 17:41 - 2014-07-11 17:41 - 00000000 _____ () C:\windows\setuperr.log 2014-07-11 17:39 - 2014-07-16 13:38 - 00027012 _____ () C:\windows\PFRO.log 2014-07-11 17:13 - 2011-06-26 09:45 - 00256000 _____ () C:\windows\PEV.exe 2014-07-11 17:13 - 2010-11-07 20:20 - 00208896 _____ () C:\windows\MBR.exe 2014-07-11 17:13 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\windows \NIRCMD.exe 2014-07-11 17:13 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\windows \SWREG.exe 2014-07-11 17:13 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\windows \SWSC.exe 2014-07-11 17:13 - 2000-08-31 03:00 - 00098816 _____ () C:\windows\sed.exe 2014-07-11 17:13 - 2000-08-31 03:00 - 00080412 _____ () C:\windows\grep.exe 2014-07-11 17:13 - 2000-08-31 03:00 - 00068096 _____ () C:\windows\zip.exe 2014-07-11 17:12 - 2014-07-11 17:51 - 00000000 ____D () C:\ComboFix 2014-07-11 17:03 - 2014-07-11 17:51 - 00000000 ____D () C:\Qoobox 2014-07-11 17:02 - 2014-07-11 17:47 - 00000000 ____D () C:\windows\erdnt 2014-07-11 16:13 - 2014-07-11 16:13 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-07-11 12:58 - 2014-07-15 11:17 - 00018432 _____ () C:\Users\*****\Desktop \messebauer.xls 2014-07-11 12:26 - 2014-07-11 12:26 - 00014336 _____ () C:\Users\*****\Documents \Mappe1.xls 2014-07-11 00:43 - 2014-07-17 01:15 - 00000000 ____D () C:\Users\*****\Desktop \virus problem 10 july 2014 2014-07-10 23:23 - 2014-07-11 17:06 - 00000000 ____D () C:\windows\Minidump 2014-07-10 11:07 - 2014-07-17 01:16 - 00000000 ____D () C:\FRST 2014-07-10 11:05 - 2014-07-17 01:15 - 01077248 _____ (Farbar) C:\Users\***** \Desktop\FRST.exe 2014-07-10 11:02 - 2014-07-10 11:02 - 00000000 _____ () C:\Users\***** \defogger_reenable 2014-07-10 03:58 - 2014-07-10 03:58 - 00000000 ___SD () C:\windows \system32\CompatTel 2014-07-10 03:15 - 2013-05-10 07:56 - 12625408 _____ (Microsoft Corporation) C: \windows\system32\wmploc.DLL 2014-07-10 03:15 - 2013-05-10 07:56 - 11410432 _____ (Microsoft Corporation) C: \windows\system32\wmp.dll 2014-07-10 03:08 - 2014-06-30 04:40 - 00404480 _____ (Microsoft Corporation) C: \windows\system32\aepdu.dll 2014-07-10 03:08 - 2014-06-30 04:36 - 00302592 _____ (Microsoft Corporation) C: \windows\system32\aeinv.dll 2014-07-10 03:08 - 2014-06-18 04:51 - 00646144 _____ (Microsoft Corporation) C: \windows\system32\osk.exe 2014-07-10 03:08 - 2014-06-18 03:52 - 02350080 _____ (Microsoft Corporation) C: \windows\system32\win32k.sys 2014-07-10 03:08 - 2014-03-25 05:09 - 12874240 _____ (Microsoft Corporation) C: \windows\system32\shell32.dll 2014-07-10 03:08 - 2014-03-04 12:17 - 00868352 _____ (Microsoft Corporation) C: \windows\system32\kernel32.dll 2014-07-10 03:08 - 2014-01-29 05:06 - 00381440 _____ (Microsoft Corporation) C: \windows\system32\wer.dll 2014-07-10 03:08 - 2013-11-12 05:07 - 00002048 _____ (Microsoft Corporation) C: \windows\system32\tzres.dll 2014-07-10 03:07 - 2014-06-06 12:44 - 00509440 _____ (Microsoft Corporation) C: \windows\system32\qedit.dll 2014-07-10 03:07 - 2014-05-30 09:36 - 00338944 _____ (Microsoft Corporation) C: \windows\system32\Drivers\afd.sys 2014-07-10 03:07 - 2014-04-05 05:25 - 01294272 _____ (Microsoft Corporation) C: \windows\system32\Drivers\tcpip.sys 2014-07-10 03:07 - 2014-04-05 05:24 - 00187840 _____ (Microsoft Corporation) C: \windows\system32\Drivers\FWPKCLNT.SYS 2014-07-10 03:07 - 2014-03-26 17:27 - 01389056 _____ (Microsoft Corporation) C: \windows\system32\msxml6.dll 2014-07-10 03:07 - 2014-03-26 17:27 - 01237504 _____ (Microsoft Corporation) C: \windows\system32\msxml3.dll 2014-07-10 03:07 - 2014-03-26 17:25 - 00002048 _____ (Microsoft Corporation) C: \windows\system32\msxml6r.dll 2014-07-10 03:07 - 2014-03-26 17:25 - 00002048 _____ (Microsoft Corporation) C: \windows\system32\msxml3r.dll 2014-07-10 03:07 - 2014-01-28 05:07 - 00185344 _____ (Microsoft Corporation) C: \windows\system32\wwansvc.dll 2014-07-10 03:07 - 2014-01-24 05:18 - 01212352 _____ (Microsoft Corporation) C: \windows\system32\Drivers\ntfs.sys 2014-07-10 03:07 - 2014-01-01 02:05 - 00420008 _____ () C:\windows \system32\locale.nls 2014-07-10 03:07 - 2013-11-26 14:11 - 00240576 _____ (Microsoft Corporation) C: \windows\system32\Drivers\netio.sys 2014-07-10 03:07 - 2013-10-30 05:19 - 00301568 _____ (Microsoft Corporation) C: \windows\system32\msieftp.dll 2014-07-10 03:07 - 2013-10-12 05:04 - 00121856 _____ (Microsoft Corporation) C: \windows\system32\wshom.ocx 2014-07-10 03:07 - 2013-10-12 05:03 - 00163840 _____ (Microsoft Corporation) C: \windows\system32\scrrun.dll 2014-07-10 03:07 - 2013-10-12 04:15 - 00141824 _____ (Microsoft Corporation) C: \windows\system32\wscript.exe 2014-07-10 03:07 - 2013-10-12 04:15 - 00126976 _____ (Microsoft Corporation) C: \windows\system32\cscript.exe 2014-07-10 03:07 - 2013-10-04 04:49 - 00081408 _____ (Microsoft Corporation) C: \windows\system32\Drivers\drmk.sys 2014-07-10 03:07 - 2013-10-04 04:17 - 00177152 _____ (Microsoft Corporation) C: \windows\system32\Drivers\portcls.sys 2014-07-10 03:01 - 2014-04-25 05:06 - 00626688 _____ (Microsoft Corporation) C: \windows\system32\usp10.dll 2014-07-10 02:50 - 2013-12-04 05:03 - 00428032 _____ (Microsoft Corporation) C: \windows\system32\secproc.dll 2014-07-10 02:50 - 2013-12-04 05:03 - 00423936 _____ (Microsoft Corporation) C: \windows\system32\secproc_isv.dll 2014-07-10 02:50 - 2013-12-04 05:03 - 00087040 _____ (Microsoft Corporation) C: \windows\system32\secproc_ssp_isv.dll 2014-07-10 02:50 - 2013-12-04 05:03 - 00087040 _____ (Microsoft Corporation) C: \windows\system32\secproc_ssp.dll 2014-07-10 02:50 - 2013-12-04 05:02 - 00390144 _____ (Microsoft Corporation) C: \windows\system32\msdrm.dll 2014-07-10 02:50 - 2013-12-04 04:54 - 00594944 _____ (Microsoft Corporation) C: \windows\system32\RMActivate_isv.exe 2014-07-10 02:50 - 2013-12-04 04:54 - 00572416 _____ (Microsoft Corporation) C: \windows\system32\RMActivate.exe 2014-07-10 02:50 - 2013-12-04 04:54 - 00510976 _____ (Microsoft Corporation) C: \windows\system32\RMActivate_ssp.exe 2014-07-10 02:50 - 2013-12-04 04:54 - 00508928 _____ (Microsoft Corporation) C: \windows\system32\RMActivate_ssp_isv.exe 2014-07-10 02:08 - 2014-06-05 17:26 - 01059840 _____ (Microsoft Corporation) C: \windows\system32\lsasrv.dll 2014-07-10 02:08 - 2014-04-12 05:15 - 00136640 _____ (Microsoft Corporation) C: \windows\system32\Drivers\ksecpkg.sys 2014-07-10 02:08 - 2014-04-12 05:15 - 00067520 _____ (Microsoft Corporation) C: \windows\system32\Drivers\ksecdd.sys 2014-07-10 02:08 - 2014-04-12 05:12 - 00100352 _____ (Microsoft Corporation) C: \windows\system32\sspicli.dll 2014-07-10 02:08 - 2014-04-12 05:12 - 00022016 _____ (Microsoft Corporation) C: \windows\system32\secur32.dll 2014-07-10 02:08 - 2014-04-12 05:12 - 00015872 _____ (Microsoft Corporation) C: \windows\system32\sspisrv.dll 2014-07-10 02:08 - 2014-04-12 05:11 - 00022528 _____ (Microsoft Corporation) C: \windows\system32\lsass.exe 2014-07-10 02:08 - 2014-03-04 12:17 - 00550912 _____ (Microsoft Corporation) C: \windows\system32\kerberos.dll 2014-07-10 02:08 - 2014-03-04 12:17 - 00259584 _____ (Microsoft Corporation) C: \windows\system32\msv1_0.dll 2014-07-10 02:08 - 2014-03-04 12:17 - 00247808 _____ (Microsoft Corporation) C: \windows\system32\schannel.dll 2014-07-10 02:08 - 2014-03-04 12:17 - 00172032 _____ (Microsoft Corporation) C: \windows\system32\wdigest.dll 2014-07-10 02:08 - 2014-03-04 12:17 - 00065536 _____ (Microsoft Corporation) C: \windows\system32\TSpkg.dll 2014-07-10 02:08 - 2014-03-04 12:17 - 00017408 _____ (Microsoft Corporation) C: \windows\system32\credssp.dll 2014-07-10 02:08 - 2013-11-27 04:14 - 00258560 _____ (Microsoft Corporation) C: \windows\system32\Drivers\usbhub.sys 2014-07-10 02:08 - 2013-11-27 04:13 - 00284672 _____ (Microsoft Corporation) C: \windows\system32\Drivers\usbport.sys 2014-07-10 02:08 - 2013-11-27 04:13 - 00076288 _____ (Microsoft Corporation) C: \windows\system32\Drivers\usbccgp.sys 2014-07-10 02:08 - 2013-11-27 04:13 - 00043520 _____ (Microsoft Corporation) C: \windows\system32\Drivers\usbehci.sys 2014-07-10 02:08 - 2013-11-27 04:13 - 00024064 _____ (Microsoft Corporation) C: \windows\system32\Drivers\usbuhci.sys 2014-07-10 02:08 - 2013-11-27 04:13 - 00020480 _____ (Microsoft Corporation) C: \windows\system32\Drivers\usbohci.sys 2014-07-10 02:08 - 2013-11-27 04:13 - 00006016 _____ (Microsoft Corporation) C: \windows\system32\Drivers\usbd.sys 2014-07-10 01:50 - 2014-07-10 11:23 - 00000000 ____D () C:\ProgramData\F-Secure 2014-07-04 16:14 - 2014-07-04 16:18 - 00000000 ____D () C:\Users\*****\Desktop \Reisen Hamburg 2014-07-04 16:10 - 2014-07-04 16:15 - 00000000 ____D () C:\Users\*****\Desktop \free 2015 2014-07-04 16:07 - 2014-07-07 13:38 - 00000000 ____D () C:\Users\*****\Desktop \CMT 2014 2014-07-03 19:09 - 2014-07-05 13:34 - 00000000 ____D () C:\Users\*****\Desktop \Reiselust 2014 2014-07-03 17:33 - 2014-07-04 16:03 - 00014848 _____ () C:\Users\*****\Desktop \Road To Germany Part 2.xls 2014-07-03 09:59 - 2014-07-03 13:16 - 00014848 _____ () C:\Users\*****\Desktop \Road To Germany Part 1.xls 2014-07-02 13:04 - 2014-07-02 13:21 - 00000000 ____D () C:\Users\*****\Desktop \anti virus 2014-07-01 17:21 - 2014-07-17 01:19 - 00000000 ____D () C:\Users\*****\Desktop \LinkedIn Kontakte 2014-06-29 19:00 - 2014-07-04 11:55 - 00000000 ____D () C:\Users\*****\Desktop \AUTO 2014-06-29 11:32 - 2014-06-30 13:34 - 00000000 ____D () C:\Users\*****\Desktop \KATO 2014-06-28 22:07 - 2014-06-28 22:34 - 00000675 _____ () C:\Users\*****\Desktop \dubai events.txt 2014-06-28 18:21 - 2014-07-01 11:42 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-06-22 14:59 - 2014-06-22 18:02 - 00028160 _____ () C:\Users\*****\Desktop \countries of the world.xls 2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ___RD () C:\Program Files\Skype 2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ____D () C:\ProgramData\Microsoft \Windows\Start Menu\Programs\Skype 2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-06-21 13:35 - 2014-07-17 00:47 - 01387727 _____ () C:\windows \WindowsUpdate.log 2014-06-20 21:28 - 2014-06-20 21:32 - 00000000 ____D () C:\Users\*****\AppData \Roaming\Lavasoft 2014-06-20 21:25 - 2014-06-20 21:33 - 00000000 ____D () C:\Users\*****\AppData \Roaming\LavasoftStatistics 2014-06-20 21:21 - 2014-06-20 21:21 - 00000000 ____D () C:\Program Files\Lavasoft 2014-06-20 21:13 - 2014-06-20 21:13 - 00000000 ____D () C:\ProgramData\Lavasoft ==================== One Month Modified Files and Folders ======= 2014-07-17 01:19 - 2014-07-01 17:21 - 00000000 ____D () C:\Users\*****\Desktop \LinkedIn Kontakte 2014-07-17 01:17 - 2014-07-17 01:16 - 00015767 _____ () C:\Users\*****\Desktop \FRST.txt 2014-07-17 01:16 - 2014-07-10 11:07 - 00000000 ____D () C:\FRST 2014-07-17 01:15 - 2014-07-17 01:15 - 00000000 ____D () C:\Users\*****\Desktop \FRST-OlderVersion 2014-07-17 01:15 - 2014-07-11 00:43 - 00000000 ____D () C:\Users\*****\Desktop \virus problem 10 july 2014 2014-07-17 01:15 - 2014-07-10 11:05 - 01077248 _____ (Farbar) C:\Users\***** \Desktop\FRST.exe 2014-07-17 01:13 - 2014-07-17 01:13 - 00001210 _____ () C:\Users\*****\Desktop \checkup.txt 2014-07-17 00:59 - 2014-07-17 00:59 - 00854390 _____ () C:\Users\*****\Desktop \SecurityCheck.exe 2014-07-17 00:47 - 2014-06-21 13:35 - 01387727 _____ () C:\windows \WindowsUpdate.log 2014-07-17 00:47 - 2012-01-09 19:30 - 00000000 ____D () C:\Users\*****\AppData \Roaming\Skype 2014-07-17 00:47 - 2012-01-05 18:02 - 00001098 _____ () C:\windows\Tasks \GoogleUpdateTaskMachineUA.job 2014-07-17 00:31 - 2014-07-17 00:31 - 00000000 ____D () C:\Program Files\ESET 2014-07-17 00:30 - 2014-07-17 00:29 - 02347384 _____ (ESET) C:\Users\***** \Desktop\esetsmartinstaller_deu.exe 2014-07-17 00:23 - 2011-12-06 21:51 - 00001124 _____ () C:\windows\Tasks \GoogleUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000UA.job 2014-07-17 00:10 - 2014-07-16 11:52 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-16 23:45 - 2013-01-01 13:40 - 00000932 _____ () C:\windows\Tasks \FacebookUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000UA.job 2014-07-16 20:39 - 2014-07-16 14:56 - 00000380 _____ () C:\windows\Tasks \RNUpgradeHelperLogonPrompt_*****.job 2014-07-16 20:39 - 2012-01-05 18:02 - 00001094 _____ () C:\windows\Tasks \GoogleUpdateTaskMachineCore.job 2014-07-16 20:37 - 2014-07-16 12:40 - 00000374 _____ () C:\windows\Tasks \ReclaimerUpdateFiles_*****.job 2014-07-16 20:37 - 2014-07-11 17:41 - 00001120 _____ () C:\windows\setupact.log 2014-07-16 20:37 - 2009-07-14 07:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-07-16 16:56 - 2014-07-16 16:46 - 00016384 _____ () C:\Users\*****\Desktop\EA Attraction.xls 2014-07-16 16:23 - 2011-12-06 21:51 - 00001072 _____ () C:\windows\Tasks \GoogleUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000Core.job 2014-07-16 14:56 - 2014-07-16 12:40 - 00000370 _____ () C:\windows\Tasks \ReclaimerUpdateXML_*****.job 2014-07-16 14:48 - 2009-07-14 07:34 - 00016160 ____H () C:\windows \system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115- 601632D005A0 2014-07-16 14:48 - 2009-07-14 07:34 - 00016160 ____H () C:\windows \system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115- 601632D005A0 2014-07-16 14:05 - 2014-07-16 14:05 - 00000000 ____D () C:\windows\ERUNT 2014-07-16 13:38 - 2014-07-11 17:39 - 00027012 _____ () C:\windows\PFRO.log 2014-07-16 13:36 - 2014-07-16 13:34 - 00000000 ____D () C:\AdwCleaner 2014-07-16 12:34 - 2011-03-30 14:12 - 00000000 ____D () C:\windows\es 2014-07-16 11:52 - 2014-07-16 11:52 - 00000000 ____D () C:\ProgramData\Microsoft \Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-16 11:52 - 2014-07-16 11:51 - 00000000 ____D () C:\Program Files \ Malwarebytes Anti-Malware 2014-07-16 11:51 - 2014-07-16 11:51 - 00000000 ____D () C:\ProgramData \Malwarebytes 2014-07-16 11:45 - 2013-01-01 13:40 - 00000910 _____ () C:\windows\Tasks \FacebookUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000Core.job 2014-07-16 09:55 - 2011-12-07 00:33 - 00000000 ____D () C:\ProgramData\Real 2014-07-16 09:55 - 2011-12-07 00:32 - 00000000 ____D () C:\Users\*****\AppData \Roaming\Real 2014-07-16 09:46 - 2013-10-13 02:57 - 00000000 ____D () C:\Users\*****\AppData \Local\CrashDumps 2014-07-16 01:16 - 2014-02-11 18:48 - 00000000 ____D () C:\Users\*****\Documents \Mobile Genie 2014-07-16 01:14 - 2014-07-16 01:14 - 00000000 ____D () C:\Users\*****\AppData \Roaming\RealNetworks 2014-07-16 01:13 - 2014-07-16 01:13 - 00000000 ____D () C:\ProgramData \RealNetworks 2014-07-16 01:13 - 2014-07-16 01:13 - 00000000 ____D () C:\Program Files \RealNetworks 2014-07-16 01:13 - 2014-07-16 01:11 - 00000000 ____D () C:\ProgramData\Microsoft \Windows\Start Menu\Programs\RealNetworks 2014-07-16 01:12 - 2014-07-16 01:12 - 00000000 ____D () C:\Program Files\Common Files\xing shared 2014-07-16 01:12 - 2011-12-07 00:18 - 00201872 _____ (RealNetworks, Inc.) C: \windows\system32\rmoc3260.dll 2014-07-16 01:12 - 2011-12-07 00:18 - 00000000 ____D () C:\Program Files\Real 2014-07-16 01:11 - 2012-12-13 07:20 - 00499712 _____ (Microsoft Corporation) C: \windows\system32\msvcp71.dll 2014-07-16 01:11 - 2012-12-13 07:20 - 00348160 _____ (Microsoft Corporation) C: \windows\system32\msvcr71.dll 2014-07-16 01:11 - 2011-12-07 00:18 - 00006656 _____ (RealNetworks, Inc.) C: \windows\system32\pndx5016.dll 2014-07-16 01:11 - 2011-12-07 00:18 - 00005632 _____ (RealNetworks, Inc.) C: \windows\system32\pndx5032.dll 2014-07-16 00:06 - 2014-07-14 18:07 - 00124416 _____ () C:\Users\*****\Desktop \DEUTSCH ENGLISH.xls 2014-07-15 19:09 - 2009-07-14 07:33 - 01792080 _____ () C:\windows \system32\FNTCACHE.DAT 2014-07-15 18:10 - 2014-07-15 18:01 - 00000977 _____ () C:\Users\*****\Desktop \NewsLetter Pro.lnk 2014-07-15 18:10 - 2014-07-15 18:01 - 00000000 ____D () C:\ProgramData\Microsoft \Windows\Start Menu\Programs\NewsLetter Pro 2014-07-15 18:10 - 2014-07-15 18:01 - 00000000 ____D () C:\Program Files \NewsLetter Pro 2014-07-15 18:01 - 2014-07-15 18:01 - 00000000 ____D () C:\Users\*****\AppData \Roaming\Bouncer 2014-07-15 18:01 - 2014-02-11 19:46 - 00000000 ____D () C:\Users\*****\AppData \Roaming\NewsLetter Pro 2014-07-15 17:14 - 2014-07-15 12:52 - 00083456 _____ () C:\Users\*****\Desktop \linked contacts tw.xls 2014-07-15 13:15 - 2010-11-21 00:01 - 00726316 _____ () C:\windows \system32\PerfStringBackup.INI 2014-07-15 11:17 - 2014-07-11 12:58 - 00018432 _____ () C:\Users\*****\Desktop \messebauer.xls 2014-07-12 10:10 - 2009-07-14 07:53 - 00032608 _____ () C:\windows\Tasks \SCHEDLGU.TXT 2014-07-11 21:57 - 2009-07-14 05:37 - 00000000 ____D () C:\windows\rescache 2014-07-11 17:51 - 2014-07-11 17:51 - 00015521 _____ () C:\ComboFix.txt 2014-07-11 17:51 - 2014-07-11 17:12 - 00000000 ____D () C:\ComboFix 2014-07-11 17:51 - 2014-07-11 17:03 - 00000000 ____D () C:\Qoobox 2014-07-11 17:51 - 2009-07-14 05:37 - 00000000 __RHD () C:\Users\Default 2014-07-11 17:51 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\Public 2014-07-11 17:47 - 2014-07-11 17:02 - 00000000 ____D () C:\windows\erdnt 2014-07-11 17:42 - 2009-07-14 05:04 - 00000215 _____ () C:\windows\system.ini 2014-07-11 17:41 - 2014-07-11 17:41 - 00000000 _____ () C:\windows\setuperr.log 2014-07-11 17:38 - 2009-07-14 05:03 - 49807360 _____ () C:\windows \system32\config\SOFTWARE.bak 2014-07-11 17:38 - 2009-07-14 05:03 - 19922944 _____ () C:\windows \system32\config\SYSTEM.bak 2014-07-11 17:38 - 2009-07-14 05:03 - 01048576 _____ () C:\windows \system32\config\DEFAULT.bak 2014-07-11 17:38 - 2009-07-14 05:03 - 00262144 _____ () C:\windows \system32\config\SECURITY.bak 2014-07-11 17:38 - 2009-07-14 05:03 - 00262144 _____ () C:\windows \system32\config\SAM.bak 2014-07-11 17:09 - 2011-12-20 15:20 - 00000000 ____D () C:\Users\*****\AppData \Roaming\FileZilla 2014-07-11 17:06 - 2014-07-10 23:23 - 00000000 ____D () C:\windows\Minidump 2014-07-11 16:13 - 2014-07-11 16:13 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-07-11 14:06 - 2014-05-27 13:41 - 00000000 ____D () C:\Users\*****\Desktop \Messe infos 2014-07-11 14:06 - 2011-12-09 20:27 - 00005141 _____ () C:\windows\ULEAD32.INI 2014-07-11 12:26 - 2014-07-11 12:26 - 00014336 _____ () C:\Users\*****\Documents \Mappe1.xls 2014-07-10 23:07 - 2009-07-14 05:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-07-10 21:07 - 2013-07-28 23:23 - 00000000 ____D () C:\Users\*****\AppData \Roaming\rining 2014-07-10 11:23 - 2014-07-10 01:50 - 00000000 ____D () C:\ProgramData\F-Secure 2014-07-10 11:02 - 2014-07-10 11:02 - 00000000 _____ () C:\Users\***** \defogger_reenable 2014-07-10 11:02 - 2011-12-06 21:21 - 00000000 ____D () C:\Users\***** 2014-07-10 10:20 - 2011-03-30 13:53 - 00000000 ____D () C:\Program Files \Microsoft Silverlight 2014-07-10 03:58 - 2014-07-10 03:58 - 00000000 ___SD () C:\windows \system32\CompatTel 2014-07-10 03:15 - 2011-03-30 13:54 - 00000000 ____D () C:\ProgramData\Microsoft \Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-07 13:38 - 2014-07-04 16:07 - 00000000 ____D () C:\Users\*****\Desktop \CMT 2014 2014-07-06 12:04 - 2011-12-09 22:31 - 00000030 _____ () C:\windows\Iedit.INI 2014-07-05 13:34 - 2014-07-03 19:09 - 00000000 ____D () C:\Users\*****\Desktop \Reiselust 2014 2014-07-04 16:18 - 2014-07-04 16:14 - 00000000 ____D () C:\Users\*****\Desktop \Reisen Hamburg 2014-07-04 16:15 - 2014-07-04 16:10 - 00000000 ____D () C:\Users\*****\Desktop \free 2015 2014-07-04 16:03 - 2014-07-03 17:33 - 00014848 _____ () C:\Users\*****\Desktop \Road To Germany Part 2.xls 2014-07-04 12:11 - 2014-05-16 11:28 - 00000000 ____D () C:\Users\*****\Desktop\TW Project 2014-07-04 11:55 - 2014-06-29 19:00 - 00000000 ____D () C:\Users\*****\Desktop \AUTO 2014-07-03 13:16 - 2014-07-03 09:59 - 00014848 _____ () C:\Users\*****\Desktop \Road To Germany Part 1.xls 2014-07-02 13:21 - 2014-07-02 13:04 - 00000000 ____D () C:\Users\*****\Desktop \anti virus 2014-07-01 18:26 - 2012-10-13 23:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-07-01 11:42 - 2014-06-28 18:21 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-06-30 13:34 - 2014-06-29 11:32 - 00000000 ____D () C:\Users\*****\Desktop \KATO 2014-06-30 04:40 - 2014-07-10 03:08 - 00404480 _____ (Microsoft Corporation) C: \windows\system32\aepdu.dll 2014-06-30 04:36 - 2014-07-10 03:08 - 00302592 _____ (Microsoft Corporation) C: \windows\system32\aeinv.dll 2014-06-28 22:34 - 2014-06-28 22:07 - 00000675 _____ () C:\Users\*****\Desktop \dubai events.txt 2014-06-27 21:26 - 2014-05-27 12:47 - 00000000 ____D () C:\Users\*****\Desktop \EATTM 2014-06-25 20:28 - 2014-06-11 13:23 - 00000698 _____ () C:\Users\*****\Desktop \east africa contacts.txt 2014-06-22 18:02 - 2014-06-22 14:59 - 00028160 _____ () C:\Users\*****\Desktop \countries of the world.xls 2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ___RD () C:\Program Files\Skype 2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ____D () C:\ProgramData\Microsoft \Windows\Start Menu\Programs\Skype 2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-06-21 14:11 - 2011-12-06 21:26 - 00000000 ____D () C:\ProgramData\Skype 2014-06-20 21:33 - 2014-06-20 21:25 - 00000000 ____D () C:\Users\*****\AppData \Roaming\LavasoftStatistics 2014-06-20 21:32 - 2014-06-20 21:28 - 00000000 ____D () C:\Users\*****\AppData \Roaming\Lavasoft 2014-06-20 21:21 - 2014-06-20 21:21 - 00000000 ____D () C:\Program Files\Lavasoft 2014-06-20 21:13 - 2014-06-20 21:13 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-06-18 04:51 - 2014-07-10 03:08 - 00646144 _____ (Microsoft Corporation) C: \windows\system32\osk.exe 2014-06-18 03:52 - 2014-07-10 03:08 - 02350080 _____ (Microsoft Corporation) C: \windows\system32\win32k.sys Some content of TEMP: ==================== C:\Users\*****\AppData\Local\temp\Quarantine.exe C:\Users\*****\AppData\Local\temp\stubhelper.dll ==================== Bamital & volsnap Check ================= C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-08 13:45 ==================== End Of Log ============================ --- --- --- |
|
17.07.2014, 16:27
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7 / TR/Rogue.1123358 / VBS/Kryptik.N / Kopien auf USb Stick nur als Verknüpfung Was hast du gemacht bevor die Meldung unten rechts kam? Java, Flash und ADobe updaten. 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.07.2014, 09:17
| #11 |
| | Windows 7 / TR/Rogue.1123358 / VBS/Kryptik.N / Kopien auf USb Stick nur als Verknüpfung Bevor die Meldung kam hatte ich nur meine emails gecheckt und hatte 2 Excel Dateien offen. Die Meldung ist jetzt wieder verschwunden bzw. heute morgen war Sie nicht mehr da. Jave habe ich aktualisiert Adobe Reader sagt es ist kein update vorhanden Adobe Flash Player sagt es ist kein update vorhanden aber bietet mir folgendes an: Um das Adobe® Flash® Player-System-Plug-in herunterzuladen Soll oder muss ich das instalieren ? Tweaking Step 3 lief normal durch Step 4 ist bis 42 % gekommen dann wollte er nicht mehr weiterarbeiten Start repairs lief normal durch aber jetzt hat der Rechner Probleme hoch zufahren, das dauert 10 Minuten, herunterfahren geht nur noch wenn ich das Laptop vom Strom nehme Habe Step 4 dann nochmal versucht aber wieder nur bis 42 Prozent gekommen. Ich weiss schon lange nicht mehr weiter  Mein Laptop fährt jetzt wieder ganz normal runter. Nur bein starten braucht er ca. 10 Minuten bis er Betriebsbereit ist. Gestern kam dann übrigens 2 x die Meldung das das Windows Soundsystem nicht arbeitet dann hat Windows versucht sich selber zu reparieren - aber de Sound läuft ganz normal. Mit dem Internet bin ich sehr zufrieden, die Seiten laden schnell und ich kann keine Beeinträchtigung *fühlen*. Nur das Hochfahren des Rechners dauert einfach zu lange :-) Was soll ich jetzt machen ? Nochmal die ersten Schritte durchführen - Defogger, FRST & Gmer ? Grüsse aus Ostafrika |
|
18.07.2014, 18:52
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7 / TR/Rogue.1123358 / VBS/Kryptik.N / Kopien auf USb Stick nur als Verknüpfung Nur ein frisches FRST Log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.07.2014, 20:51
| #13 |
| | Windows 7 / TR/Rogue.1123358 / VBS/Kryptik.N / Kopien auf USb Stick nur als VerknüpfungCode:
ATTFilter Users shortcut scan result (x86) Version:15-07-2014 01
Ran by ***** at 2014-07-18 22:44:30
Running from C:\Users\*****\Desktop\virus problem 10 july 2014
Boot Mode: Normal
==================== Shortcuts =============================
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A91000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk -> C:\Windows\Installer\{00000407-78E1-11D2-B60F-006097C998E7}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk -> C:\Windows\Installer\{00000407-78E1-11D2-B60F-006097C998E7}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk -> C:\Windows\Installer\{00000407-78E1-11D2-B60F-006097C998E7}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk -> C:\Windows\Installer\{00000407-78E1-11D2-B60F-006097C998E7}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk -> C:\Windows\Installer\{00000407-78E1-11D2-B60F-006097C998E7}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk -> C:\Windows\Installer\{00000407-78E1-11D2-B60F-006097C998E7}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger\Yahoo! Messenger.lnk -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verwaltung\Administrator für Servererweiterungen.lnk -> C:\Program Files\Common Files\microsoft shared\Web Server Extensions\40\bin\FPMMC.MSC ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead PhotoImpact 5\PhotoImpact 5.lnk -> C:\Program Files\Ulead Systems\Ulead PhotoImpact 5\Iedit.exe (Ulead Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead PhotoImpact 5\PhotoImpact Album 5.lnk -> C:\Program Files\Ulead Systems\Ulead PhotoImpact 5\ALBUM.EXE (Ulead Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead PhotoImpact 5\Ulead GIF Animator 3.lnk -> C:\Program Files\Ulead Systems\Ulead PhotoImpact 5\anygif\GA_MAIN.EXE (Ulead Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Universal Scan Driver\Select Scanner.lnk -> C:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe (Samsung Electronics Co., Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Universal Scan Driver\View User's Guide.lnk -> C:\Program Files\Samsung\Samsung Universal Scan Driver\RunHelp.exe (Samsung Electronics Co., Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung AnyWeb Print\Samsung AnyWeb Print Help.lnk -> C:\Program Files\Samsung AnyWeb Print\English\W2PHelp.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Samsung Update Plus\Samsung Update Plus.lnk -> C:\Program Files\Samsung\Samsung Update Plus\SupClientApp.exe (Samsung Electronics)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Samsung Update Plus\Samsung Update Plust Help.lnk -> C:\Program Files\Samsung\Samsung Update Plus\SUPHelp.exe (Samsung Electronics)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Samsung Support Center\Samsung Support Center.lnk -> C:\Program Files\Samsung\Samsung Support Center\SSCMain.exe (SAMSUNG Electronics)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Samsung Recovery Solution 5\Samsung Recovery Solution 5.lnk -> C:\Program Files\Samsung\Samsung Recovery Solution 5\Manager1.exe (SEC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Movie Color Enhancer\Movie Color Enhancer.lnk -> C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Fast Start\Fast Start.lnk -> C:\Program Files\Samsung\SamsungFastStart\FastStart.exe (Samsung Electronics Co., Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Easy Resolution Manager\Easy Resolution Manager.lnk -> C:\Program Files\Samsung\Easy Resolution Manager\ERM.exe (Samsung Electronics Co.,Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Easy Network Manager\Easy Network Manager Help.lnk -> C:\Program Files\Samsung\Easy Network Manager\HelpLaunch.exe (Samsung Electronics)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Easy Network Manager\Easy Network Manager.lnk -> C:\Program Files\Samsung\Easy Network Manager\ENM.exe (Samsung Electronics Co. Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Easy File Share\EasyFileShare.lnk -> C:\Program Files\Samsung\EasyFileShare\EasyFileShare.exe (SAMSUNG Electronics)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Easy Display Manager\Easy Display Manager Option.lnk -> C:\Program Files\Samsung\Easy Display Manager\HotKeyOption.exe (Samsung Electronics Co., Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Easy Display Manager\Easy Display Manager.lnk -> C:\Program Files\Samsung\Easy Display Manager\DMLauncher_Vista.exe (SAMSUNG Electronics)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Easy Content Share\Easy Content Share.lnk -> C:\Windows\Installer\{2DDC70C1-C77A-4D08-89D2-9AB648504533}\EasyContentShare.e_CD3757002E404FD8838FE1CEF5EF202D.exe (Macrovision Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Battery Life Extender\BatteryLifeExtender.lnk -> C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe (Samsung Electronics. Co. Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealDownloader.lnk -> C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe (RealNetworks, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real\RealPlayer\Abonnement von RealPlayer.lnk -> C:\Program Files\Real\RealPlayer\subs.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real\RealPlayer\Hilfe zu RealPlayer.lnk -> C:\Program Files\Real\RealPlayer\realplay.HLP ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real\RealPlayer\Installation von RealPlayer.lnk -> C:\Program Files\Real\RealPlayer\Setup\setup.exe (RealNetworks, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real\RealPlayer\Lizenzvereinbarung zu RealPlayer.lnk -> C:\Program Files\Real\RealPlayer\playrlic.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real\RealPlayer\RealPlayer - Bitte lesen.lnk -> C:\Program Files\Real\RealPlayer\Readme.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real\RealPlayer\RealPlayer.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\PictureViewer.lnk -> C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\PictureViewer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime - Bitte lesen.lnk -> C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\RichText.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\QTPlayer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Base.lnk -> C:\Program Files\OpenOffice.org 3\program\sbase.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Calc.lnk -> C:\Program Files\OpenOffice.org 3\program\scalc.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Draw.lnk -> C:\Program Files\OpenOffice.org 3\program\sdraw.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Impress.lnk -> C:\Program Files\OpenOffice.org 3\program\simpress.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Math.lnk -> C:\Program Files\OpenOffice.org 3\program\smath.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Writer.lnk -> C:\Program Files\OpenOffice.org 3\program\swriter.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org.lnk -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewsLetter Pro\NewsLetter Pro - Handbuch.lnk -> C:\Program Files\NewsLetter Pro\Newsletter.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewsLetter Pro\NewsLetter Pro - Hilfe.lnk -> C:\Program Files\NewsLetter Pro\Newsletter.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewsLetter Pro\NewsLetter Pro - Homepage.lnk -> C:\Program Files\NewsLetter Pro\homepage.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewsLetter Pro\NewsLetter Pro - Registrierung durchführen.lnk -> C:\Program Files\NewsLetter Pro\registrieren.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewsLetter Pro\NewsLetter Pro Bouncer.lnk -> C:\Program Files\NewsLetter Pro\Bouncer.exe (aborange.de - Jochen Milchsack)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewsLetter Pro\NewsLetter Pro deinstallieren.lnk -> C:\Program Files\NewsLetter Pro\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewsLetter Pro\NewsLetter Pro.lnk -> C:\Program Files\NewsLetter Pro\Newsletter.exe (aborange.de)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Genie\Mobile Genie User Manual.lnk -> C:\Program Files\Mobile Genie\User Manual\UserManual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Genie\Mobile Genie.lnk -> C:\Program Files\Mobile Genie\Mobile Genie.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Microsoft Access Snapshot-Viewer.lnk -> C:\Windows\Installer\{00000407-78E1-11D2-B60F-006097C998E7}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Microsoft Office Spracheinstellungen.lnk -> C:\Windows\Installer\{00000407-78E1-11D2-B60F-006097C998E7}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook.lnk -> C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Photo Editor.lnk -> C:\Program Files\Common Files\microsoft shared\PhotoEd\PHOTOED.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\FileZilla.lnk -> C:\Program Files\FileZilla FTP Client\filezilla.exe (FileZilla Project)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\Uninstall.lnk -> C:\Program Files\FileZilla FTP Client\uninstall.exe (FileZilla Project)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autostart\Microsoft Office Shortcut-Leiste.lnk -> C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autostart\Microsoft-Indexerstellung.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autostart\Office-Start.lnk -> C:\Program Files\Microsoft Office\Office\OSA.EXE (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\airtel mobile broadband\airtel mobile broadband.lnk -> C:\Program Files\airtel mobile broadband\airtel mobile broadband.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\airtel mobile broadband\Uninstall.lnk -> C:\Program Files\airtel mobile broadband\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Premium CS3\Acrobat Distiller 8.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Distiller.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Premium CS3\Adobe Acrobat 8 Professional.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Premium CS3\Adobe Bridge CS3.lnk -> C:\Program Files\Adobe\Adobe Bridge CS3\Bridge.exe (Adobe Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Premium CS3\Adobe Device Central CS3.lnk -> C:\Program Files\Adobe\Adobe Device Central CS3\DeviceCentral.exe (Adobe Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Premium CS3\Adobe Dreamweaver CS3.lnk -> C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe (Adobe Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Premium CS3\Adobe ExtendScript Toolkit 2.lnk -> C:\Program Files\Adobe\Adobe Utilities\ExtendScript Toolkit 2\ExtendScript Toolkit 2.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Premium CS3\Adobe Extension Manager CS3.lnk -> C:\Program Files\Adobe\Adobe Extension Manager\Extension Manager.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Premium CS3\Adobe Flash CS3 Professional.lnk -> C:\Program Files\Adobe\Adobe Flash CS3\Flash.exe (Adobe Systems Incorporated.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Premium CS3\Adobe Flash CS3 Video Encoder.lnk -> C:\Program Files\Adobe\Adobe Flash CS3 Video Encoder\Flash Video Encoder.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Premium CS3\Adobe LiveCycle Designer 8.0.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Designer 8.0\FormDesigner.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Premium CS3\Adobe Photoshop CS3.lnk -> C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Premium CS3\Adobe Stock Photos CS3.lnk -> C:\Program Files\Adobe\Adobe Stock Photos CS3\Adobe Stock Photos CS3.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Photoshop 5.0 Limited Edition\Adobe Photoshop 5.0 Limited Edition.lnk -> C:\Program Files\Adobe\Photoshop 5.0 LE\photosle.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Photoshop 5.0 Limited Edition\Deinstallieren Photoshop 5.0 Limited Edition.lnk -> C:\Windows\unin0407.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Photoshop 5.0 Limited Edition\Registrieren Photoshop 5.0 Limited Edition.lnk -> C:\Program Files\Adobe\Photoshop 5.0 LE\RegFiles\AdobeReg32.exe (Adobe Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\CyberLink YouCam.lnk -> C:\Program Files\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\Readme.lnk -> C:\Program Files\CyberLink\YouCam\Language\YouCamDEU.htm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\YouCam Hilfe.lnk -> C:\Program Files\CyberLink\YouCam\Language\YouCamDeu.chm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\airtel.lnk -> C:\Program Files\airtel mobile broadband\airtel mobile broadband.exe ()
Shortcut: C:\Users\Public\Desktop\Mobile Genie.lnk -> C:\Program Files\Mobile Genie\Mobile Genie.exe ()
Shortcut: C:\Users\Public\Desktop\Mozilla Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Shortcut: C:\Users\*****\Links\Desktop.lnk -> C:\Users\*****\Desktop ()
Shortcut: C:\Users\*****\Links\Downloads.lnk -> C:\Users\*****\Downloads ()
Shortcut: C:\Users\*****\Documents\Alte Excel-Dokumente.lnk -> C:\Program Files\Microsoft Office\Office ()
Shortcut: C:\Users\*****\Documents\Youcam\YouCam(Webcam).lnk -> C:\Program Files\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\Users\*****\Documents\MAGIX\Video deluxe 2014\Fotoshow-Musik.lnk -> C:\ProgramData\MAGIX\Video deluxe 2014\Slideshow music (No File)
Shortcut: C:\Users\*****\Documents\MAGIX\Video deluxe 2014\_Sichtbares TV Bild.LNK -> C:\ProgramData\MAGIX\Video deluxe 2014\_Sichtbares TV Bild (No File)
Shortcut: C:\Users\*****\Desktop\NewsLetter Pro.lnk -> C:\Program Files\NewsLetter Pro\Newsletter.exe (aborange.de)
Shortcut: C:\Users\*****\Desktop\virus problem 10 july 2014\Revo Uninstaller.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NETGUI\In A Flash 3\In A Flash 3.lnk -> C:\Users\*****\AppData\Roaming\Microsoft\Installer\{E5B22400-DAB4-4121-941D-E2665E2F5F6A}\_4ae13d6c.exe ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NETGUI\FlashLAB\FlashLAB.lnk -> C:\Users\*****\AppData\Roaming\Microsoft\Installer\{B354AAC3-0A0A-4AE3-8F09-3142648F602E}\_7a5a767d.exe ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\CyberLink YouCam.lnk -> C:\Program Files\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\Readme.lnk -> C:\Program Files\CyberLink\YouCam\Language\YouCamENU.htm ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\YouCam Online Help.lnk -> C:\Program Files\CyberLink\YouCam\Language\YouCamEnu.chm ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Vorlagen\Office 97-Vorlagen.lnk -> C:\Program Files\Microsoft Office\Vorlagen ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\0 08513 Middle East.LNK -> C:\Users\*****\Desktop\CONTACTS FIRST SENDING\0 08513 Middle East (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\0 37388 Diverse.LNK -> D:\Kontakte Tourism 2013 total_135582\0 37388 Diverse ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\0 44876 Europe.LNK -> D:\Kontakte Tourism 2013 total_135582\0 44876 Europe ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\0 EATTM Inbound Service.LNK -> D:\EastAfricanTravelTourismMarketing\0 EATTM Inbound Service.doc ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\0 EATTM Outbound Service - Hotel.LNK -> D:\EastAfricanTravelTourismMarketing\0 EATTM Outbound Service - Hotel.doc ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\0 EATTM Outbound Service.LNK -> D:\EastAfricanTravelTourismMarketing\0 EATTM Outbound Service.doc ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\0 EATTM Road to Germany Part 2.LNK -> D:\EastAfricanTravelTourismMarketing\0 EATTM Road to Germany Part 2.doc ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\0 EATTM Road to Germany Part 3.LNK -> D:\EastAfricanTravelTourismMarketing\0 EATTM Road to Germany Part 3.doc ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\0 EATTM Road to Germany Part 4.LNK -> D:\EastAfricanTravelTourismMarketing\0 EATTM Road to Germany Part 4.doc ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\0 EATTM Road to Germany Part 5.LNK -> D:\EastAfricanTravelTourismMarketing\0 EATTM Road to Germany Part 5.doc ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\0 EATTM Company Profile.LNK -> D:\EastAfricanTravelTourismMarketing\0 EATTM Company Profile.doc ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\0 header.LNK -> D:\EastAfricanTravelTourismMarketing\Pics\0 header.jpg ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00000 BCD.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\BCD LIST\00000 BCD.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00000 Middle East 00114 outbound.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08513 Middle East\00000 Middle East 00114 outbound.xls ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00000 UAE 1437 contacts total.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08513 Middle East\00000 UAE 1437 contacts total.xls ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00000 UAE Hotels.LNK -> D:\Kontakte Tourism 2013 total_135582\0 08513 Middle East\00000 UAE Hotels.xls ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00000 UAE outboud.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08513 Middle East\00000 UAE outboud.xls ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00002 Yemen.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08513 Middle East\00002 Yemen.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00003 Irak.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08513 Middle East\00003 Irak.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00007 Iran.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08513 Middle East\00007 Iran.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00009 Island.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 44876 Europe\00009 Island.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00009 Lebanon.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08513 Middle East\00009 Lebanon.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00020 Syria.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08513 Middle East\00020 Syria.xls ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00021 Belarus.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08156 East Europe\00021 Belarus.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00027 Luxemburg.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 44876 Europe\00027 Luxemburg.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00028 Bahrain.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08513 Middle East\00028 Bahrain.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00030 FCM.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\xxx MICE\00030 FCM.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00033 Iran.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08513 Middle East\00033 Iran.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00033 Slovakia.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08156 East Europe\00033 Slovakia.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00042 Andora.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 44876 Europe\00042 Andora.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00050 Monaco.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 44876 Europe\00050 Monaco.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00051 Irland.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 44876 Europe\00051 Irland.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00052 Malta.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 44876 Europe\00052 Malta.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00059 Kuwait.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08513 Middle East\00059 Kuwait.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00060 Lettland.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08156 East Europe\00060 Lettland.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00067 Oman.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08513 Middle East\00067 Oman.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00070 Litthauen.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08156 East Europe\00070 Litthauen.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00077 Armenien.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08156 East Europe\00077 Armenien.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00078 Uzbekistan.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08156 East Europe\00078 Uzbekistan.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00097 Iisrael.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08513 Middle East\00097 Iisrael.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00099 Romania.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08156 East Europe\00099 Romania.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00114 Slovenia.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08156 East Europe\00114 Slovenia.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00115 Jordan.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08513 Middle East\00115 Jordan.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00115 Norway.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 44876 Europe\00115 Norway.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00135 Qatar.LNK -> C:\Users\*****\Desktop\CONTACTS FIRST SENDING\0 08513 Middle East\00135 Qatar.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00207 Denmark.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 44876 Europe\00207 Denmark.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00225 Sweden.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\00225 Sweden.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00232 Croatia.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\00232 Croatia.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00236 Aserbaidchan.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08156 East Europe\00236 Aserbaidchan.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00272 Czech.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\00272 Czech.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00313 Finland.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\00313 Finland.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00682 Polen.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\00682 Polen.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00718 Canada.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\00718 Canada.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00739 Netherlands.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\00739 Netherlands.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\00786 Greek.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\00786 Greek.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\01264 Austria.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\01264 Austria.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\01346 Portugal.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\01346 Portugal.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\01523 UK.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\01523 UK.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\01678 Bulgaria.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\01678 Bulgaria.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\01690 Hungary.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\01690 Hungary.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\01841 Mexico.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\01841 Mexico.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\01996 Swiss.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\01996 Swiss.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\02613 Italy.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\02613 Italy.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\02731 Ukraine and Russia.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\02731 Ukraine and Russia.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\02799 Brazil.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\02799 Brazil.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\03300 Saudi.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08513 Middle East\03300 Saudi.xls ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\03887 Belgium.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\03887 Belgium.xls ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\04638 UAE.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08513 Middle East\04638 UAE.xls ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\1.LNK -> C:\Users\*****\Desktop\dtg\1.jpg (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\123 Imex2009 email.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\123 Imex2009 email.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\15015 diverse many Arab.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\0 08513 Middle East\15015 diverse many Arab.xls ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\18921 Germany.LNK -> D:\Kontakte Tourism 2013 total_135582\0 44876 Europe\18921 Germany.xls ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\2012 walter, ***** (small).LNK -> D:\Laptop 2014\x 2013 CV 2013\photos cv\2012 walter, ***** (small).jpg ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\37388 Diverse.LNK -> D:\Kontakte Tourism 2013 total_135582\0 37388 Diverse\37388 Diverse.xls ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\6d72ab9d10a7da4cb4765839866f1815.LNK -> D:\Laptop 2014\x 2013 SNTTA Oct 2013\marketing\6d72ab9d10a7da4cb4765839866f1815.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\a.LNK -> C:\Users\*****\Desktop\a.csv (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\aa.LNK -> C:\Users\*****\Desktop\aa.csv (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\adressliste_ihk.LNK -> D:\Kontakte Tourism 2013 total_135582\adressliste_ihk.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\B-Fit_Deckblatt_***** Walter.LNK -> C:\Users\*****\Desktop\B-Fit_Deckblatt_***** Walter.docm (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\BCD LIST.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\BCD LIST (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\brd_theleela_abfra.LNK -> D:\Laptop 2014\y 2012 old business 2010\Mumbai Marathon\brd_theleela_abfra.ppt (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\CIRRICULUM VITAE.LNK -> D:\zxy\zyx\dont open\Mak\CIRRICULUM VITAE.docx (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Contacts.LNK -> D:\Laptop 2014\x 2013 L G T 31 AUG 2013\y 2012 LETS GO TRAVEL 1st_Dec_2012\LGTR\Contacts.docx (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\correction.LNK -> D:\EastAfricanTravelTourismMarketing\Offer\correction.doc ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\ddd.LNK -> C:\Users\*****\Desktop\ddd.txt (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Dein_Schokoladenalter_im_Jahr_2010.LNK -> C:\Users\*****\AppData\Local\Temp\Dein_Schokoladenalter_im_Jahr_2010.pps (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Desktop.LNK -> C:\Users\*****\Desktop ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\DEUTSCH ENGLISH.LNK -> C:\Users\*****\Desktop\DEUTSCH ENGLISH.xls ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\dienstfahrzeug.LNK -> C:\Users\*****\AppData\Local\Temp\dienstfahrzeug.pps (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Document.LNK -> C:\Users\*****\Desktop\Document.rtf (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Dok1.LNK -> D:\Software\NEWSLETTER PRO FULL VERSION\Dok1.doc ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Downloads.LNK -> C:\Users\*****\Downloads ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\DTCM-Inbound-TO_Jun12_0024.LNK -> D:\Laptop 2014\y 2012 DXB INFOS\DTCM-Inbound-TO_Jun12_0024.csv (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\dubai marketing plan.LNK -> D:\Laptop 2014\y 2012 dxb business plan 2012\dubai marketing plan.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Dubai.LNK -> D:\Laptop 2014\y 2012 dxb business facts\Dubai.ppt (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\dxb hotels.LNK -> C:\Users\*****\Desktop\dxb hotels.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\dxb.LNK -> C:\Users\*****\Desktop\dxb.csv (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\EA Attraction.LNK -> C:\Users\*****\Desktop\EA Attraction.xls ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\EAC-Tourism-Press-Brief.LNK -> C:\Users\*****\Desktop\EAC-Tourism-Press-Brief.ppt (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\EastAfricanTravelTourismMarketing.LNK -> D:\EastAfricanTravelTourismMarketing ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Ecotourism_Kenya_2014.LNK -> C:\Users\*****\Desktop\Ecotourism_Kenya_2014.rtf (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Erotik-Tanz.LNK -> C:\Users\*****\AppData\Local\Temp\Erotik-Tanz.pps (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\European Market.LNK -> D:\Laptop 2014\x 2013 SNTTA Oct 2013\European Market.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\EUROTOOL.LNK -> C:\Program Files\Microsoft Office\Office\Makro\EUROTOOL.XLA ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Ex-Directory-OTM-Mumbai-Delhi-2014.LNK -> C:\Users\*****\Desktop\Ex-Directory-OTM-Mumbai-Delhi-2014.txt (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\facts and forecast German market.LNK -> D:\Laptop 2014\y 2012 dxb business facts\facts and forecast German market.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\FactsFiguresSep2012.LNK -> D:\Laptop 2014\x 2013 marketing ostafrika\FactsFiguresSep2012.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\familie brueel.LNK -> D:\Laptop 2014\y 2012 old business 2010\familie brueel.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\FINA WM.LNK -> D:\Laptop 2014\y 2012 old business 2010\copy of all business\FINA WM (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\FIT Market Manager.LNK -> C:\Users\*****\Desktop\FIT Market Manager.docx (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\flyer_english.LNK -> C:\Users\*****\Desktop\Laptop 2012\tom solar\Solar Homepage\flyer_english.ppt (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Ford Fleet APM Initial Report 2012.LNK -> D:\Kontakte Tourism 2013 total_135582\Ford Fleet APM Initial Report 2012.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\frau.LNK -> C:\Users\*****\Desktop\T W J O B S\frau.png (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\from tanzania hp brd TO.LNK -> C:\*****\Kontakte Tourism 2013\new contacts done at lets go travel\from tanzania hp brd TO.docx (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\from tanzania hp.LNK -> C:\*****\Kontakte Tourism 2013\new contacts done at lets go travel\from tanzania hp.docx (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\german european tourism market updated 11th Jan 13.LNK -> D:\Laptop 2014\y 2012 dxb business plan 2012\german european tourism market updated 11th Jan 13.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\golfen_in_den_emiraten.LNK -> D:\Laptop 2012\Golfing\golfen_in_den_emiraten.ppt (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Gruppenvertrags VAE DXB 27JAN.LNK -> D:\Laptop 2014\y 2012 old business 2010\Gruppenvertrags VAE DXB 27JAN.doc ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\HI1165934_Messeorganisation_Jan_673_c0b (1).LNK -> C:\Users\*****\Downloads\HI1165934_Messeorganisation_Jan_673_c0b (1).rtf (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\HI1165934_Messeorganisation_Jan_673_c0b.LNK -> C:\Users\*****\Downloads\HI1165934_Messeorganisation_Jan_673_c0b.rtf (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Home Solar System’s fuer Uganda.LNK -> C:\Users\*****\Desktop\tom solar\Home Solar System’s fuer Uganda.ppt (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Hotels East Africa.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\x Hotels\Hotels East Africa.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Hotels putbound.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\x Hotels\Hotels putbound.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Hotels Tanzania.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\Hotels Tanzania.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\images.LNK -> C:\Users\*****\Desktop\Ocean View Hotel\images.jpeg (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\jonathan.LNK -> D:\EastAfricanTravelTourismMarketing\Pics\jonathan.jpg ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Joseph Muhereza.LNK -> C:\Users\*****\AppData\Local\Temp\Joseph Muhereza.docx (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\karon.LNK -> D:\EastAfricanTravelTourismMarketing\Pics\karon.jpg ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\key ohne komma.LNK -> E:\Festplatte AUG2008\Formulare\Dubai_HP_Vorschlaege\key ohne komma.rtf (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\keywords vae.LNK -> E:\Festplatte AUG2008\Formulare\Dubai_HP_Vorschlaege\keywords vae.rtf (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Kigali Hotels.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte\x Hotels\Kigali Hotels.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Kontakte Tourism 2013 total_135582.LNK -> D:\Kontakte Tourism 2013 total_135582 ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\KSK 13 Jun 12 bis 22 Nov 13.LNK -> D:\Laptop 2014\x 2013 K S K\KSK 13 Jun 12 bis 22 Nov 13.xls ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Laptop 2014.LNK -> D:\Laptop 2014 ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Leistungsverzeichnis NEFAS.LNK -> D:\Kontakte Tourism 2013 total_135582\Leistungsverzeichnis NEFAS.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Let's Go Travel Company profile.LNK -> D:\Laptop 2014\x 2013 L G T 31 AUG 2013\y 2012 LETS GO TRAVEL 1st_Dec_2012\Let's Go Travel Company profile.docx ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\LGTR.LNK -> D:\Laptop 2014\x 2013 L G T 31 AUG 2013\y 2012 LETS GO TRAVEL 1st_Dec_2012\LGTR ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\linked contacts tw.LNK -> C:\Users\*****\Desktop\linked contacts tw.xls ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\LinkedIn Kontakte.LNK -> C:\Users\*****\Desktop\LinkedIn Kontakte ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\linkedin_connections_export_microsoft_outlook - Copy - Copy.LNK -> C:\Users\*****\Desktop\linkedin_connections_export_microsoft_outlook - Copy - Copy.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\linkedin_connections_export_microsoft_outlook - Copy.LNK -> C:\Users\*****\Desktop\linkedin_connections_export_microsoft_outlook - Copy.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\linkedin_connections_export_microsoft_outlook tw.LNK -> C:\Users\*****\Desktop\linkedin_connections_export_microsoft_outlook tw.csv (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\linkedin_connections_export_microsoft_outlook.LNK -> C:\Users\*****\Desktop\linkedin_connections_export_microsoft_outlook.csv (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\location map.LNK -> D:\EastAfricanTravelTourismMarketing\location map.jpg (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\logo.LNK -> C:\Users\*****\Desktop\cosmos\logo.png (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\LOVE.LNK -> D:\zxy\zyx\LOVE.docx (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Makro.LNK -> C:\Program Files\Microsoft Office\Office\Makro ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\mann.LNK -> C:\Users\*****\Desktop\mann.png (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\marketing.LNK -> D:\Laptop 2014\x 2013 SNTTA Oct 2013\marketing (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\MarketingPlan.LNK -> D:\Laptop 2014\x 2013 SNTTA Oct 2013\marketing\MarketingPlan.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\markt new.LNK -> D:\Laptop 2014\y 2012 dxb business facts\markt new.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\maybe already in database Fame_Export_1(1)_1.LNK -> C:\Users\*****\Desktop\maybe already in database Fame_Export_1(1)_1.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\MCC_Codes10012010.LNK -> C:\Users\*****\Downloads\MCC_Codes10012010.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Medica 2010.LNK -> D:\Laptop 2014\y 2012 old business 2010\copy of all business\Medica 2010 (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\medica.LNK -> D:\Laptop 2014\y 2012 old business 2010\copy of all business\Medica 2010\medica.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\messebauer.LNK -> C:\Users\*****\Desktop\messebauer.xls ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Mumbai Marathon.LNK -> D:\Laptop 2014\y 2012 old business 2010\Mumbai Marathon (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\nace.LNK -> C:\Users\*****\Downloads\nace.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\namelist.LNK -> D:\Laptop 2014\y 2012 old business 2010\copy of all business\FINA WM\namelist.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\NEWSLETTER PRO FULL VERSION.LNK -> D:\Software\NEWSLETTER PRO FULL VERSION ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\NL settings.LNK -> D:\Software\NEWSLETTER PRO FULL VERSION\NL settings.doc ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Normal.LNK -> C:\Users\*****\AppData\Roaming\Microsoft\Vorlagen\Normal.dot ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\nur emails updated.LNK -> C:\Users\*****\Desktop\UMA Directory\nur emails updated.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\nur emails.LNK -> C:\Users\*****\Desktop\UMA Directory\nur emails.txt (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Offer EATTM CONTRACT - Sheraton Kampala - detailed.LNK -> D:\EastAfricanTravelTourismMarketing\Offer\Offer EATTM CONTRACT - Sheraton Kampala - detailed.doc ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Offer EATTM CONTRACT - Sheraton Kampala - modified.LNK -> D:\EastAfricanTravelTourismMarketing\Offer\Offer EATTM CONTRACT - Sheraton Kampala - modified.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Offer EATTM CONTRACT - Sheraton Kampala.LNK -> D:\EastAfricanTravelTourismMarketing\Offer\Offer EATTM CONTRACT - Sheraton Kampala.doc ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\PARTNERSHIP_AGREEMENT g.LNK -> C:\Users\*****\Desktop\PARTNERSHIP_AGREEMENT g.txt (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\PARTNERSHIP_AGREEMENT.LNK -> C:\Users\*****\Desktop\PARTNERSHIP_AGREEMENT.rtf (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\PC-Gruss.LNK -> C:\Users\*****\AppData\Local\Temp\PC-Gruss.pps (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\PHPList Export on Rotarians from 2010-05-24 to 2013-05-24 (2013-May-24).LNK -> D:\Kontakte Tourism 2013\00000 unbearbeitet\PHPList Export on Rotarians from 2010-05-24 to 2013-05-24 (2013-May-24).csv (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\pm_no1_wetex_2012_dt_25302777 (1).LNK -> D:\Laptop 2014\y 2012 old business 2010\wetex\pm_no1_wetex_2012_dt_25302777 (1).doc ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\pppppppppppppppppp.LNK -> C:\Users\*****\Desktop\pppppppppppppppppp.txt (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Ppt0000000.LNK -> C:\Users\*****\AppData\Local\Temp\Ppt0000000.pps (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Ppt0000001.LNK -> C:\Users\*****\AppData\Local\Temp\Ppt0000001.ppt (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Presentation1.LNK -> D:\Software\CS3 Adobe LGT\Presentation1.ppt ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Private Document.LNK -> D:\Laptop 2014\Private Document ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Ridar Rates.LNK -> C:\*****\Laptop 2013\x Laptop 2012\Ridar Rates.docx (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\SAM_0912.LNK -> D:\EastAfricanTravelTourismMarketing\SAM_0912.JPG (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\sapimed.LNK -> D:\Laptop 2014\y 2012 old business 2010\sapimed.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\search.LNK -> C:\Users\*****\Desktop\search.xml (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\SFS_troy.LNK -> C:\Users\*****\Desktop\SFS_troy.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Sheraton attachment.LNK -> D:\EastAfricanTravelTourismMarketing\Offer\Sheraton attachment.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\tafeln_aktionsnetzwerk.LNK -> D:\Kontakte Tourism 2013 total_135582\tafeln_aktionsnetzwerk.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\test Fahrschule Siewert.LNK -> C:\Users\*****\Desktop\test Fahrschule Siewert.htm (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\tg319tourteach.LNK -> D:\Laptop 2014\tg319tourteach.doc ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\*****.LNK -> D:\Laptop 2014\y 2012 passport\*****.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\tooa.LNK -> C:\Users\*****\Desktop\tooa.txt (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\TW Vision.LNK -> C:\Users\*****\Desktop\TW Project\TW Vision.htm ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\TWINKLE MODELS.LNK -> D:\zxy\zyx\dont open\Mak\TWINKLE MODELS.docx (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\uga.LNK -> C:\Users\*****\Desktop\uga.csv (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Uganda Training Manual.LNK -> F:\Uganda Training Manual.ppt (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Uganda_districts_2010.LNK -> C:\Users\*****\Desktop\tom solar\Uganda_districts_2010.png (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\UMA Directory.LNK -> C:\Users\*****\Desktop\UMA Directory (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\uma emails only.LNK -> C:\Users\*****\Desktop\UMA Directory\uma emails only.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\umaaaaaaaaaaaaaaaaaaaaaa.LNK -> C:\Users\*****\Desktop\UMA Directory\umaaaaaaaaaaaaaaaaaaaaaa.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\umwelttechnologie_firmenverzeichnis.LNK -> D:\Kontakte Tourism 2013 total_135582\umwelttechnologie_firmenverzeichnis.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\uuuuuuuuuuuuuuuuuuuuuu.LNK -> C:\Users\*****\Desktop\uuuuuuuuuuuuuuuuuuuuuu.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\vivian.LNK -> D:\EastAfricanTravelTourismMarketing\Pics\vivian.jpg ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\wetex.LNK -> D:\Laptop 2014\y 2012 old business 2010\wetex ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\www.LNK -> C:\Users\*****\Desktop\www.csv (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\x 2013 marketing ostafrika.LNK -> D:\Laptop 2014\x 2013 marketing ostafrika (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\x 2013 SNTTA Oct 2013.LNK -> D:\Laptop 2014\x 2013 SNTTA Oct 2013 (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\x pics (2).LNK -> D:\EastAfricanTravelTourismMarketing\x pics (2).jpg (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\x pics (3).LNK -> D:\EastAfricanTravelTourismMarketing\x pics (3).jpg (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\xxxxxxxxxxxxxxxxxxxxxxxxx.LNK -> C:\Users\*****\Desktop\UMA Directory\xxxxxxxxxxxxxxxxxxxxxxxxx.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\y 2012 dxb business facts.LNK -> D:\Laptop 2014\y 2012 dxb business facts (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\y 2012 dxb business plan 2012.LNK -> D:\Laptop 2014\y 2012 dxb business plan 2012 (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\y 2012 old business 2010.LNK -> D:\Laptop 2014\y 2012 old business 2010 ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\y 2012 passport.LNK -> D:\Laptop 2014\y 2012 passport (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\z Dok1 solar.LNK -> D:\Laptop 2014\z Dok1 solar.doc ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\z JACK update 22 feb 2012.LNK -> D:\Laptop 2014\z JACK update 22 feb 2012.xls (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\zati.LNK -> C:\Users\*****\Desktop\zati.txt (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\zeugnisII.LNK -> D:\Laptop 2014\Private Document\zeugnisII.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Zoar Tours and Safaris.LNK -> C:\Users\*****\Desktop\KATO\Zoar Tours and Safaris.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\_CV_*****Walter.LNK -> C:\Users\*****\Desktop\_CV_*****Walter.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\_____ Raylenne Tours.LNK -> C:\Users\*****\Desktop\KATO\_____ Raylenne Tours.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\_____ Tamarind.LNK -> C:\Users\*****\Desktop\KATO - XXL\_____ Tamarind.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\_____ Tamim EA.LNK -> C:\Users\*****\Desktop\KATO\_____ Tamim EA.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\_____ Tano Safaris.LNK -> C:\Users\*****\Desktop\KATO\_____ Tano Safaris.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\_____ the exclusive portofolio ky.LNK -> C:\Users\*****\Desktop\KATO\_____ the exclusive portofolio ky.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\_____ The SAFARI Company.LNK -> C:\Users\*****\Desktop\KATO\_____ The SAFARI Company.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\_____ Top Cats Africa.LNK -> C:\Users\*****\Desktop\KATO\_____ Top Cats Africa.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\_____ Top Notch Safaris.LNK -> C:\Users\*****\Desktop\KATO\_____ Top Notch Safaris.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\_____ Tourist Maps Kenya.LNK -> C:\Users\*****\Desktop\KATO\_____ Tourist Maps Kenya.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\_____ Trevaron Travel.LNK -> C:\Users\*****\Desktop\KATO\_____ Trevaron Travel.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\_____ Wild Waters Ltd.LNK -> C:\Users\*****\Desktop\KATO\_____ Wild Waters Ltd.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\_____ Wildebeest Travels ltd.LNK -> C:\Users\*****\Desktop\KATO\_____ Wildebeest Travels ltd.doc (No File)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\FileZilla.lnk -> C:\Program Files\FileZilla FTP Client\filezilla.exe (FileZilla Project)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Excel.lnk -> C:\Windows\Installer\{00000407-78E1-11D2-B60F-006097C998E7}\xlicons.exe ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word.lnk -> C:\Windows\Installer\{00000407-78E1-11D2-B60F-006097C998E7}\wordicon.exe ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\RealNetworks.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> hxxp://rp.de.real.com/guide/?sw_target=tab_video&cd=home&CB=client&PT=FREE&OS=WinNT%25206.1.7601&LP=de&RGN=35678&OC=R81DED&PV=16.0.3.51&PBR=10485800&CO=DE&LI=de&PN=RealPlayer&DC=R81DED&DT=160714&u=54039d16f20b4c4aa7d307435b3741f8
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Neues Office-Dokument.lnk -> C:\Windows\Installer\{00000407-78E1-11D2-B60F-006097C998E7}\misc.exe () -> -n
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Office-Dokument öffnen.lnk -> C:\Windows\Installer\{00000407-78E1-11D2-B60F-006097C998E7}\misc.exe () -> -f
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) -> -b -l
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Labs\SRS Premium Sound Control Panel.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut7_C4EA3717ABDC41F79360B03A45D2E8A7.exe (Acresso Software Inc.) -> /f=srs_premium_sound_noext_nogame.zip
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Universal Scan Driver\Uninstall.lnk -> C:\Program Files\Samsung\Samsung Universal Scan Driver\SEInstall\Setup.exe (Samsung Electronics Co., Ltd.) -> /U
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Universal Print Driver\Select Printer.lnk -> C:\Windows\SUPDRun.exe () -> /Driver "Samsung Universal Print Driver"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Universal Print Driver\Uninstall.lnk -> C:\Program Files\Samsung\Samsung Universal Print Driver\SEInstall\Setup.exe (Samsung Electronics Co., Ltd.) -> /U
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Universal Print Driver\View User's Guide.lnk -> C:\Windows\SUPDRun.exe () -> /Driver "Samsung Universal Print Driver" /Help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung AnyWeb Print\Uninstall Samsung AnyWeb Print.lnk -> C:\Program Files\InstallShield Installation Information\{318DBE01-1E6B-4243-84B0-210391FE789A}\setup.exe (Macrovision Corporation) -> uninstall -l0009
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Movie Color Enhancer\Movie Color Enhancer Option.lnk -> C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.) -> /OPTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Easy Content Share\Uninstall EasyContentShare.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {2DDC70C1-C77A-4D08-89D2-9AB648504533}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Converter.lnk -> C:\Program Files\Real\RealPlayer\realconverter.exe (RealNetworks, Inc.) -> /launch:start_menu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Tool zum Kürzen.lnk -> C:\Program Files\Real\RealPlayer\realtrimmer.exe (RealNetworks, Inc.) -> /launch:start_menu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /launch:start_menu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real\RealPlayer\Deinstallationsprogramm zu RealPlayer.lnk -> C:\Program Files\Common Files\Real\Update\rnuninst.exe (RealNetworks, Inc.) -> RealNetworks
RealPlayer
6.0
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime deinstallieren.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /i {B67BAFBA-4C9F-48FA-9496-933E3B255044} /qf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Genie\UnInstall.lnk -> C:\Program Files\InstallShield Installation Information\{CB5B32BF-550C-4663-BBB0-20E29EB200B5}\setup.exe (Acresso Software Inc. ) -> -runfromtemp -l0x0009 -removeonly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Microsoft Office Shortcut-Leiste.lnk -> C:\Windows\Installer\{00000407-78E1-11D2-B60F-006097C998E7}\misc.exe () -> -o
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Photoshop 5.0 Limited Edition\Photoshop 5.0 Readme.lnk -> C:\Windows\System32\write.exe (Microsoft Corporation) -> PSReadme.wri
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\Online Registrierung.lnk -> C:\Program Files\CyberLink\YouCam\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\2 Is Always Better Than 1 - xHamster.com.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/yyy.flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\Anal gang bang - Free Porn Videos - Y....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/blonde (12).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\Analsex in ripped stockings - Free Po....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/z 1a (1).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\Asian fucking in fishnet - Free Porn ....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/z 1a (29).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\blonde (8).lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/blonde (8).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\cum #1 - Free Porn Videos - YouPorn.c....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/z 1a (21).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\Ebony woman gives her co-worker a nic....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/b blow (1).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\Gorgeous brunette gets a hard dick in....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/z 1a (24).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\Hot Blonde Cumshot (Gimme more) - Fre....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/z 1a (7).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\Houston Hot Chocolate Melodee Bliss -....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/black (19).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\Jodi Bean - Total Office Slut - Free ....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/blonde (9).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\Lacey Duvalle - Hot Black Babe - xHam....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/black (20).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\Lichelle Marie - Blonde Girl Getting ....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/blonde (13).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\Lucy thai nice blow job - xHamster.com.lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/z 1a (31).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\Lucy Thai POV - Free Porn Videos - Yo....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/z 1a (30).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\Rain and Sandy munch on a lucky cock ....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/b two (3).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\Sexy Blonde With Big Tits - Free Porn....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/blonde (10).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\Shy Love Kinky Sex - Free Porn Videos....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/z 1a (26).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\The chocolate factory (OREO INTERRACI....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/b two (2).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\Tori Black Loves To Suck Cock - Free ....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/z 1a (25).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\Twins Mocha and Chocolate Love White ....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/b two (6).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\Two Smoking Hot Black Girls Lick Whit....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/b two (5).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\what a good anal - Free Porn Videos -....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/blonde (11).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\YOUNG SEXY LATINA BRUNETTE TEEN BABE ....lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/z 1a (27).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\z 1a (13).lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/z 1a (13).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\z 1a (14).lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/z 1a (14).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\z 1a (16).lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/z 1a (16).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\z 1a (18).lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/z 1a (18).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\z 1a (20).lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/z 1a (20).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\z 1a (22).lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/z 1a (22).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\z 1a (23).lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/z 1a (23).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Real\RealPlayer\History\z 1a (28).lnk -> C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://D:/zzz 696969 zzz/z 1a (28).flv
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\OnLine Registration.lnk -> C:\Program Files\CyberLink\YouCam\OLRSubmission\OLRSubmission.exe () -> /LANG:ENU
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
InternetURL: C:\Users\*****\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\*****\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\*****\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\*****\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\*****\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\*****\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\*****\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\*****\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\*****\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\*****\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\*****\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\*****\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\*****\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\*****\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\*****\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\*****\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\*****\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
==================== End of log =============================
Der Lautsprecher rechts unten zeigt an das er ausgeschaltet wäre aber Sound ist trotzdem zu hören. Das Laptop ist weiterhin extrem langsam beim hoch und runterfahren, allerdings ist der Seitenaufbau im Internet für mich wieder normal. Ich hoffe Du kannst helfen. |
|
19.07.2014, 20:34
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7 / TR/Rogue.1123358 / VBS/Kryptik.N / Kopien auf USb Stick nur als Verknüpfung Da fehlt die FRST.txt
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.07.2014, 22:16
| #15 |
| | Windows 7 / TR/Rogue.1123358 / VBS/Kryptik.N / Kopien auf USb Stick nur als VerknüpfungFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-07-2014
Ran by ***** (administrator) on *****-PC on 21-07-2014 00:10:30
Running from C:\Users\*****\Desktop\virus problem 10 july 2014
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\ProgramData\airtel mobile broadband\OnlineUpdate\ouc.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
() C:\Program Files\Mobile Genie\MobileMonitor.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files\Mobile Genie\Mobile Genie.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Samsung Electronics) C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6497592 2011-11-24] (Yahoo! Inc.)
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\Run: [HW_OPENEYE_OUC_airtel mobile broadband] => C:\Program Files\airtel mobile broadband\UpdateDog\ouc.exe [246112 2013-12-17] ()
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\Run: [IDM confirmer] => wscript.exe //B "C:\ProgramData\IDM confirmer.vbs"
HKU\S-1-5-21-315344296-3706468742-1252009507-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://translate.google.de/#
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 41.138.213.40 8.8.8.8
Tcpip\..\Interfaces\{600755AA-D652-4DB7-B218-33E6D00923FB}: [NameServer]197.239.0.249 8.8.8.8
Tcpip\..\Interfaces\{88844D40-CFC7-4910-BFE0-628EA6BD3F47}: [NameServer]
Tcpip\..\Interfaces\{A93D9F56-8E83-4BE1-8770-D45859EE753A}: [NameServer]197.239.0.249 8.8.8.8
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\*****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-16]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome:
=======
CHR HomePage:
CHR Extension: (RealDownloader) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-16]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-24]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR StartMenuInternet: Google Chrome - C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.
S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
S2 airtel mobile broadband. RunOuc; C:\Program Files\airtel mobile broadband\UpdateDog\ouc.exe [246112 2013-12-17] ()
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.)
==================== Drivers (Whitelisted) ====================
R3 androidusb; C:\windows\System32\Drivers\androidusb.sys [25088 2012-08-30] (Google Inc)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [116008 2010-11-13] (ELAN Microelectronics Corp.)
S3 huawei_cdcacm; C:\windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2013-12-17] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\windows\System32\DRIVERS\ew_juextctrl.sys [27520 2013-12-17] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\windows\System32\DRIVERS\ew_juwwanecm.sys [202752 2013-12-17] (Huawei Technologies Co., Ltd.)
S3 ivusb; C:\windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 qciusbnet; C:\windows\System32\DRIVERS\qciusbnet.sys [133120 2012-09-05] (Quanta Computer Inc.)
R3 qciusbser; C:\windows\System32\DRIVERS\qciusbser.sys [107776 2012-09-05] (Quanta Computer Inc.)
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2011-08-10] (Windows (R) 2003 DDK 3790 provider)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\*****\AppData\Local\Temp\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-18 22:04 - 2014-07-18 22:31 - 00002115 _____ () C:\windows\epplauncher.mif
2014-07-18 14:48 - 2014-07-18 14:48 - 00000000 ____D () C:\0ee6a3afa6d87e027543f9b4ba125e
2014-07-18 13:31 - 2014-07-18 22:06 - 00019749 _____ () C:\windows\IE11_main.log
2014-07-18 13:30 - 2014-03-04 12:20 - 03969984 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2014-07-18 13:30 - 2014-03-04 12:20 - 03914176 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-07-18 13:30 - 2014-03-04 12:17 - 00538112 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-07-18 13:30 - 2014-03-04 12:17 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-07-18 13:30 - 2014-03-04 12:17 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-07-18 13:30 - 2014-03-04 12:17 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-07-18 13:30 - 2014-03-04 12:17 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-07-18 13:30 - 2014-03-04 12:17 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-07-18 13:30 - 2014-03-04 12:17 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-07-18 13:30 - 2014-03-04 12:17 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-07-18 13:30 - 2014-03-04 12:17 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-07-18 13:29 - 2014-06-07 03:05 - 12353024 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-18 13:29 - 2014-06-07 02:25 - 09711616 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-18 13:29 - 2014-06-07 02:12 - 01810432 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-18 13:29 - 2014-06-07 02:04 - 01106432 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-18 13:29 - 2014-06-07 02:03 - 01427968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-18 13:29 - 2014-06-07 02:02 - 01129472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-18 13:29 - 2014-06-07 02:00 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-07-18 13:29 - 2014-06-07 01:58 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-18 13:29 - 2014-06-07 01:57 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-18 13:29 - 2014-06-07 01:56 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-07-18 13:29 - 2014-06-07 01:56 - 00421376 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-18 13:29 - 2014-06-07 01:54 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-18 13:29 - 2014-06-07 01:54 - 00353792 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-18 13:29 - 2014-06-07 01:54 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-18 13:29 - 2014-06-07 01:54 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-07-18 13:29 - 2014-06-07 01:53 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-18 13:29 - 2014-06-07 01:53 - 00073728 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-18 13:29 - 2014-06-07 01:53 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-07-18 13:29 - 2014-06-07 01:52 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-18 13:29 - 2014-06-07 01:51 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-07-18 13:29 - 2014-06-07 01:47 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-18 13:29 - 2014-05-30 10:52 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-18 13:29 - 2014-05-30 10:52 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-18 13:29 - 2014-05-30 10:52 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-18 13:29 - 2014-05-30 10:52 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-18 13:29 - 2014-05-30 10:52 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-18 13:29 - 2014-05-30 10:52 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-18 13:29 - 2014-05-30 10:52 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-18 13:29 - 2013-10-19 04:36 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2014-07-18 13:28 - 2014-02-04 05:07 - 00234432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-07-18 13:28 - 2014-02-04 05:07 - 00149440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-07-18 13:28 - 2014-02-04 05:07 - 00027072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-07-18 13:28 - 2014-02-04 05:00 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-07-18 00:08 - 2014-07-18 00:08 - 00000207 _____ () C:\windows\tweaking.com-regbackup-*****-PC-Microsoft-Windows-7-Starter-(32-bit).dat
2014-07-18 00:08 - 2014-07-18 00:08 - 00000000 ____D () C:\RegBackup
2014-07-17 22:45 - 2014-07-17 22:45 - 00009984 ____N () C:\bootsqm.dat
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-07-17 21:53 - 2014-07-17 21:53 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-17 21:53 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-07-17 21:52 - 2014-07-11 03:02 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-07-17 21:52 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-07-17 21:52 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-07-16 16:46 - 2014-07-16 16:56 - 00016384 _____ () C:\Users\*****\Desktop\EA Attraction.xls
2014-07-16 14:56 - 2014-07-20 19:09 - 00000380 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_*****.job
2014-07-16 14:05 - 2014-07-16 14:05 - 00000000 ____D () C:\windows\ERUNT
2014-07-16 13:34 - 2014-07-16 13:36 - 00000000 ____D () C:\AdwCleaner
2014-07-16 12:40 - 2014-07-20 14:58 - 00000370 _____ () C:\windows\Tasks\ReclaimerUpdateXML_*****.job
2014-07-16 12:40 - 2014-07-16 20:37 - 00000374 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_*****.job
2014-07-16 11:51 - 2014-07-16 11:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-16 01:14 - 2014-07-16 01:14 - 00000000 ____D () C:\Users\*****\AppData\Roaming\RealNetworks
2014-07-16 01:13 - 2014-07-16 01:13 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-07-16 01:13 - 2014-07-16 01:13 - 00000000 ____D () C:\Program Files\RealNetworks
2014-07-16 01:12 - 2014-07-16 01:12 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2014-07-16 01:11 - 2014-07-16 01:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-07-15 18:01 - 2014-07-15 18:10 - 00000977 _____ () C:\Users\*****\Desktop\NewsLetter Pro.lnk
2014-07-15 18:01 - 2014-07-15 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewsLetter Pro
2014-07-15 18:01 - 2014-07-15 18:10 - 00000000 ____D () C:\Program Files\NewsLetter Pro
2014-07-15 18:01 - 2014-07-15 18:01 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Bouncer
2014-07-15 12:52 - 2014-07-15 17:14 - 00083456 _____ () C:\Users\*****\Desktop\linked contacts tw.xls
2014-07-14 18:07 - 2014-07-16 00:06 - 00124416 _____ () C:\Users\*****\Desktop\DEUTSCH ENGLISH.xls
2014-07-11 17:51 - 2014-07-11 17:51 - 00015521 _____ () C:\ComboFix.txt
2014-07-11 17:41 - 2014-07-20 19:08 - 00002464 _____ () C:\windows\setupact.log
2014-07-11 17:41 - 2014-07-11 17:41 - 00000000 _____ () C:\windows\setuperr.log
2014-07-11 17:39 - 2014-07-18 14:31 - 00079552 _____ () C:\windows\PFRO.log
2014-07-11 17:13 - 2011-06-26 09:45 - 00256000 _____ () C:\windows\PEV.exe
2014-07-11 17:13 - 2010-11-07 20:20 - 00208896 _____ () C:\windows\MBR.exe
2014-07-11 17:13 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-07-11 17:13 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-07-11 17:13 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-07-11 17:13 - 2000-08-31 03:00 - 00098816 _____ () C:\windows\sed.exe
2014-07-11 17:13 - 2000-08-31 03:00 - 00080412 _____ () C:\windows\grep.exe
2014-07-11 17:13 - 2000-08-31 03:00 - 00068096 _____ () C:\windows\zip.exe
2014-07-11 17:12 - 2014-07-11 17:51 - 00000000 ____D () C:\ComboFix
2014-07-11 17:03 - 2014-07-11 17:51 - 00000000 ____D () C:\Qoobox
2014-07-11 17:02 - 2014-07-11 17:47 - 00000000 ____D () C:\windows\erdnt
2014-07-11 16:13 - 2014-07-18 13:01 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-07-11 12:58 - 2014-07-15 11:17 - 00018432 _____ () C:\Users\*****\Desktop\messebauer.xls
2014-07-11 12:26 - 2014-07-11 12:26 - 00014336 _____ () C:\Users\*****\Documents\Mappe1.xls
2014-07-11 00:43 - 2014-07-21 00:10 - 00000000 ____D () C:\Users\*****\Desktop\virus problem 10 july 2014
2014-07-10 23:23 - 2014-07-11 17:06 - 00000000 ____D () C:\windows\Minidump
2014-07-10 11:07 - 2014-07-21 00:10 - 00000000 ____D () C:\FRST
2014-07-10 11:02 - 2014-07-10 11:02 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-07-10 03:58 - 2014-07-10 03:58 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-10 03:15 - 2013-05-10 07:56 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2014-07-10 03:15 - 2013-05-10 07:56 - 11410432 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-07-10 03:08 - 2014-06-30 04:40 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-10 03:08 - 2014-06-30 04:36 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-10 03:08 - 2014-06-18 04:51 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-10 03:08 - 2014-06-18 03:52 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-10 03:08 - 2014-03-25 05:09 - 12874240 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-07-10 03:08 - 2014-03-04 12:17 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-07-10 03:08 - 2014-01-29 05:06 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-07-10 03:08 - 2013-11-12 05:07 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-07-10 03:07 - 2014-06-06 12:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-10 03:07 - 2014-05-30 09:36 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-10 03:07 - 2014-04-05 05:25 - 01294272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-07-10 03:07 - 2014-04-05 05:24 - 00187840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-07-10 03:07 - 2014-03-26 17:27 - 01389056 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-07-10 03:07 - 2014-03-26 17:27 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-07-10 03:07 - 2014-03-26 17:25 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-07-10 03:07 - 2014-03-26 17:25 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-07-10 03:07 - 2014-01-28 05:07 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-07-10 03:07 - 2014-01-24 05:18 - 01212352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-07-10 03:07 - 2014-01-01 02:05 - 00420008 _____ () C:\windows\system32\locale.nls
2014-07-10 03:07 - 2013-11-26 14:11 - 00240576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-07-10 03:07 - 2013-10-30 05:19 - 00301568 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2014-07-10 03:07 - 2013-10-12 05:04 - 00121856 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-07-10 03:07 - 2013-10-12 05:03 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-07-10 03:07 - 2013-10-12 04:15 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2014-07-10 03:07 - 2013-10-12 04:15 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-07-10 03:07 - 2013-10-04 04:49 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2014-07-10 03:07 - 2013-10-04 04:17 - 00177152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2014-07-10 03:01 - 2014-04-25 05:06 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-07-10 02:50 - 2013-12-04 05:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-07-10 02:50 - 2013-12-04 05:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-07-10 02:50 - 2013-12-04 05:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-07-10 02:50 - 2013-12-04 05:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-07-10 02:50 - 2013-12-04 05:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-07-10 02:50 - 2013-12-04 04:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-07-10 02:50 - 2013-12-04 04:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-07-10 02:50 - 2013-12-04 04:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-07-10 02:50 - 2013-12-04 04:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-07-10 02:08 - 2014-06-05 17:26 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-10 02:08 - 2014-04-12 05:15 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-07-10 02:08 - 2014-04-12 05:15 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-07-10 02:08 - 2014-04-12 05:12 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-07-10 02:08 - 2014-04-12 05:12 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-07-10 02:08 - 2014-04-12 05:12 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-07-10 02:08 - 2014-04-12 05:11 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-07-10 02:08 - 2013-11-27 04:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-07-10 02:08 - 2013-11-27 04:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-07-10 02:08 - 2013-11-27 04:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-07-10 02:08 - 2013-11-27 04:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-07-10 02:08 - 2013-11-27 04:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-07-10 02:08 - 2013-11-27 04:13 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-07-10 02:08 - 2013-11-27 04:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-07-10 01:50 - 2014-07-10 11:23 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-04 16:14 - 2014-07-04 16:18 - 00000000 ____D () C:\Users\*****\Desktop\Reisen Hamburg
2014-07-04 16:10 - 2014-07-04 16:15 - 00000000 ____D () C:\Users\*****\Desktop\free 2015
2014-07-04 16:07 - 2014-07-07 13:38 - 00000000 ____D () C:\Users\*****\Desktop\CMT 2014
2014-07-03 19:09 - 2014-07-05 13:34 - 00000000 ____D () C:\Users\*****\Desktop\Reiselust 2014
2014-07-03 17:33 - 2014-07-04 16:03 - 00014848 _____ () C:\Users\*****\Desktop\Road To Germany Part 2.xls
2014-07-03 09:59 - 2014-07-03 13:16 - 00014848 _____ () C:\Users\*****\Desktop\Road To Germany Part 1.xls
2014-07-02 13:04 - 2014-07-02 13:21 - 00000000 ____D () C:\Users\*****\Desktop\anti virus
2014-07-01 17:21 - 2014-07-20 21:09 - 00000000 ____D () C:\Users\*****\Desktop\LinkedIn Kontakte
2014-06-29 19:00 - 2014-07-04 11:55 - 00000000 ____D () C:\Users\*****\Desktop\AUTO
2014-06-29 11:32 - 2014-06-30 13:34 - 00000000 ____D () C:\Users\*****\Desktop\KATO
2014-06-28 22:07 - 2014-06-28 22:34 - 00000675 _____ () C:\Users\*****\Desktop\dubai events.txt
2014-06-28 18:21 - 2014-07-01 11:42 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-22 14:59 - 2014-06-22 18:02 - 00028160 _____ () C:\Users\*****\Desktop\countries of the world.xls
2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ___RD () C:\Program Files\Skype
2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-21 13:35 - 2014-07-20 23:47 - 02053563 _____ () C:\windows\WindowsUpdate.log
==================== One Month Modified Files and Folders =======
2014-07-21 00:10 - 2014-07-11 00:43 - 00000000 ____D () C:\Users\*****\Desktop\virus problem 10 july 2014
2014-07-21 00:10 - 2014-07-10 11:07 - 00000000 ____D () C:\FRST
2014-07-21 00:07 - 2014-06-21 13:35 - 02053563 _____ () C:\windows\WindowsUpdate.log
2014-07-21 00:07 - 2014-02-11 18:48 - 00000000 ____D () C:\Users\*****\Documents\Mobile Genie
2014-07-21 00:07 - 2012-01-09 19:30 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-07-20 23:45 - 2013-01-01 13:40 - 00000932 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000UA.job
2014-07-20 23:44 - 2012-01-05 18:02 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 23:23 - 2011-12-06 21:51 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000UA.job
2014-07-20 21:09 - 2014-07-01 17:21 - 00000000 ____D () C:\Users\*****\Desktop\LinkedIn Kontakte
2014-07-20 19:18 - 2009-07-14 07:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-20 19:18 - 2009-07-14 07:34 - 00016160 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-20 19:09 - 2014-07-16 14:56 - 00000380 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_*****.job
2014-07-20 19:08 - 2014-07-11 17:41 - 00002464 _____ () C:\windows\setupact.log
2014-07-20 19:08 - 2012-01-05 18:02 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 19:08 - 2009-07-14 07:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-20 14:58 - 2014-07-16 12:40 - 00000370 _____ () C:\windows\Tasks\ReclaimerUpdateXML_*****.job
2014-07-20 14:37 - 2009-07-14 07:33 - 01792752 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-20 11:53 - 2010-11-21 00:01 - 00781966 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-19 16:23 - 2011-12-06 21:51 - 00001072 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000Core.job
2014-07-19 16:01 - 2009-07-14 05:37 - 00000000 ____D () C:\windows\rescache
2014-07-19 11:45 - 2013-01-01 13:40 - 00000910 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-315344296-3706468742-1252009507-1000Core.job
2014-07-19 02:03 - 2009-07-14 05:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-07-18 22:31 - 2014-07-18 22:04 - 00002115 _____ () C:\windows\epplauncher.mif
2014-07-18 22:06 - 2014-07-18 13:31 - 00019749 _____ () C:\windows\IE11_main.log
2014-07-18 14:48 - 2014-07-18 14:48 - 00000000 ____D () C:\0ee6a3afa6d87e027543f9b4ba125e
2014-07-18 14:31 - 2014-07-11 17:39 - 00079552 _____ () C:\windows\PFRO.log
2014-07-18 14:03 - 2013-08-30 00:19 - 00000000 ____D () C:\windows\system32\MRT
2014-07-18 13:01 - 2014-07-11 16:13 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-07-18 10:21 - 2011-12-06 21:36 - 00134264 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-18 00:40 - 2009-07-14 05:04 - 00000855 _____ () C:\windows\system32\Drivers\etc\hosts_bak_917
2014-07-18 00:08 - 2014-07-18 00:08 - 00000207 _____ () C:\windows\tweaking.com-regbackup-*****-PC-Microsoft-Windows-7-Starter-(32-bit).dat
2014-07-18 00:08 - 2014-07-18 00:08 - 00000000 ____D () C:\RegBackup
2014-07-17 22:45 - 2014-07-17 22:45 - 00009984 ____N () C:\bootsqm.dat
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-07-17 21:54 - 2013-10-19 12:06 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 21:53 - 2014-07-17 21:53 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-17 21:52 - 2011-12-08 01:06 - 00000000 ____D () C:\Program Files\Java
2014-07-16 20:37 - 2014-07-16 12:40 - 00000374 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_*****.job
2014-07-16 16:56 - 2014-07-16 16:46 - 00016384 _____ () C:\Users\*****\Desktop\EA Attraction.xls
2014-07-16 14:05 - 2014-07-16 14:05 - 00000000 ____D () C:\windows\ERUNT
2014-07-16 13:36 - 2014-07-16 13:34 - 00000000 ____D () C:\AdwCleaner
2014-07-16 12:34 - 2011-03-30 14:12 - 00000000 ____D () C:\windows\es
2014-07-16 11:51 - 2014-07-16 11:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-16 09:55 - 2011-12-07 00:33 - 00000000 ____D () C:\ProgramData\Real
2014-07-16 09:55 - 2011-12-07 00:32 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Real
2014-07-16 09:46 - 2013-10-13 02:57 - 00000000 ____D () C:\Users\*****\AppData\Local\CrashDumps
2014-07-16 01:14 - 2014-07-16 01:14 - 00000000 ____D () C:\Users\*****\AppData\Roaming\RealNetworks
2014-07-16 01:13 - 2014-07-16 01:13 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-07-16 01:13 - 2014-07-16 01:13 - 00000000 ____D () C:\Program Files\RealNetworks
2014-07-16 01:13 - 2014-07-16 01:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-07-16 01:12 - 2014-07-16 01:12 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2014-07-16 01:12 - 2011-12-07 00:18 - 00201872 _____ (RealNetworks, Inc.) C:\windows\system32\rmoc3260.dll
2014-07-16 01:12 - 2011-12-07 00:18 - 00000000 ____D () C:\Program Files\Real
2014-07-16 01:11 - 2012-12-13 07:20 - 00499712 _____ (Microsoft Corporation) C:\windows\system32\msvcp71.dll
2014-07-16 01:11 - 2012-12-13 07:20 - 00348160 _____ (Microsoft Corporation) C:\windows\system32\msvcr71.dll
2014-07-16 01:11 - 2011-12-07 00:18 - 00006656 _____ (RealNetworks, Inc.) C:\windows\system32\pndx5016.dll
2014-07-16 01:11 - 2011-12-07 00:18 - 00005632 _____ (RealNetworks, Inc.) C:\windows\system32\pndx5032.dll
2014-07-16 00:06 - 2014-07-14 18:07 - 00124416 _____ () C:\Users\*****\Desktop\DEUTSCH ENGLISH.xls
2014-07-15 18:10 - 2014-07-15 18:01 - 00000977 _____ () C:\Users\*****\Desktop\NewsLetter Pro.lnk
2014-07-15 18:10 - 2014-07-15 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewsLetter Pro
2014-07-15 18:10 - 2014-07-15 18:01 - 00000000 ____D () C:\Program Files\NewsLetter Pro
2014-07-15 18:01 - 2014-07-15 18:01 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Bouncer
2014-07-15 18:01 - 2014-02-11 19:46 - 00000000 ____D () C:\Users\*****\AppData\Roaming\NewsLetter Pro
2014-07-15 17:14 - 2014-07-15 12:52 - 00083456 _____ () C:\Users\*****\Desktop\linked contacts tw.xls
2014-07-15 11:17 - 2014-07-11 12:58 - 00018432 _____ () C:\Users\*****\Desktop\messebauer.xls
2014-07-12 10:10 - 2009-07-14 07:53 - 00032608 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-07-11 17:51 - 2014-07-11 17:51 - 00015521 _____ () C:\ComboFix.txt
2014-07-11 17:51 - 2014-07-11 17:12 - 00000000 ____D () C:\ComboFix
2014-07-11 17:51 - 2014-07-11 17:03 - 00000000 ____D () C:\Qoobox
2014-07-11 17:51 - 2009-07-14 05:37 - 00000000 __RHD () C:\Users\Default
2014-07-11 17:51 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\Public
2014-07-11 17:47 - 2014-07-11 17:02 - 00000000 ____D () C:\windows\erdnt
2014-07-11 17:42 - 2009-07-14 05:04 - 00000215 _____ () C:\windows\system.ini
2014-07-11 17:42 - 2009-07-14 05:04 - 00000027 _____ () C:\windows\system32\Drivers\etc\hosts_bak_979
2014-07-11 17:41 - 2014-07-11 17:41 - 00000000 _____ () C:\windows\setuperr.log
2014-07-11 17:38 - 2009-07-14 05:03 - 49807360 _____ () C:\windows\system32\config\SOFTWARE.bak
2014-07-11 17:38 - 2009-07-14 05:03 - 19922944 _____ () C:\windows\system32\config\SYSTEM.bak
2014-07-11 17:38 - 2009-07-14 05:03 - 01048576 _____ () C:\windows\system32\config\DEFAULT.bak
2014-07-11 17:38 - 2009-07-14 05:03 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak
2014-07-11 17:38 - 2009-07-14 05:03 - 00262144 _____ () C:\windows\system32\config\SAM.bak
2014-07-11 17:09 - 2011-12-20 15:20 - 00000000 ____D () C:\Users\*****\AppData\Roaming\FileZilla
2014-07-11 17:06 - 2014-07-10 23:23 - 00000000 ____D () C:\windows\Minidump
2014-07-11 14:06 - 2014-05-27 13:41 - 00000000 ____D () C:\Users\*****\Desktop\Messe infos
2014-07-11 14:06 - 2011-12-09 20:27 - 00005141 _____ () C:\windows\ULEAD32.INI
2014-07-11 12:26 - 2014-07-11 12:26 - 00014336 _____ () C:\Users\*****\Documents\Mappe1.xls
2014-07-11 03:02 - 2014-07-17 21:52 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-07-11 02:56 - 2014-07-17 21:53 - 00272808 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-07-11 02:56 - 2014-07-17 21:52 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-07-11 02:55 - 2014-07-17 21:52 - 00175528 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-07-10 21:07 - 2013-07-28 23:23 - 00000000 ____D () C:\Users\*****\AppData\Roaming\rining
2014-07-10 11:23 - 2014-07-10 01:50 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-10 11:02 - 2014-07-10 11:02 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-07-10 11:02 - 2011-12-06 21:21 - 00000000 ____D () C:\Users\*****
2014-07-10 10:20 - 2011-03-30 13:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-10 03:58 - 2014-07-10 03:58 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-10 03:15 - 2011-03-30 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-07 13:38 - 2014-07-04 16:07 - 00000000 ____D () C:\Users\*****\Desktop\CMT 2014
2014-07-06 12:04 - 2011-12-09 22:31 - 00000030 _____ () C:\windows\Iedit.INI
2014-07-05 13:34 - 2014-07-03 19:09 - 00000000 ____D () C:\Users\*****\Desktop\Reiselust 2014
2014-07-04 16:18 - 2014-07-04 16:14 - 00000000 ____D () C:\Users\*****\Desktop\Reisen Hamburg
2014-07-04 16:15 - 2014-07-04 16:10 - 00000000 ____D () C:\Users\*****\Desktop\free 2015
2014-07-04 16:03 - 2014-07-03 17:33 - 00014848 _____ () C:\Users\*****\Desktop\Road To Germany Part 2.xls
2014-07-04 12:11 - 2014-05-16 11:28 - 00000000 ____D () C:\Users\*****\Desktop\TW Project
2014-07-04 11:55 - 2014-06-29 19:00 - 00000000 ____D () C:\Users\*****\Desktop\AUTO
2014-07-03 13:16 - 2014-07-03 09:59 - 00014848 _____ () C:\Users\*****\Desktop\Road To Germany Part 1.xls
2014-07-02 13:21 - 2014-07-02 13:04 - 00000000 ____D () C:\Users\*****\Desktop\anti virus
2014-07-01 18:26 - 2012-10-13 23:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-01 11:42 - 2014-06-28 18:21 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-30 13:34 - 2014-06-29 11:32 - 00000000 ____D () C:\Users\*****\Desktop\KATO
2014-06-30 04:40 - 2014-07-10 03:08 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-30 04:36 - 2014-07-10 03:08 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-28 22:34 - 2014-06-28 22:07 - 00000675 _____ () C:\Users\*****\Desktop\dubai events.txt
2014-06-27 21:26 - 2014-05-27 12:47 - 00000000 ____D () C:\Users\*****\Desktop\EATTM
2014-06-26 17:38 - 2011-12-09 22:15 - 93585272 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-25 20:28 - 2014-06-11 13:23 - 00000698 _____ () C:\Users\*****\Desktop\east africa contacts.txt
2014-06-22 18:02 - 2014-06-22 14:59 - 00028160 _____ () C:\Users\*****\Desktop\countries of the world.xls
2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ___RD () C:\Program Files\Skype
2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-21 14:11 - 2014-06-21 14:11 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-21 14:11 - 2011-12-06 21:26 - 00000000 ____D () C:\ProgramData\Skype
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\temp\Quarantine.exe
C:\Users\*****\AppData\Local\temp\stubhelper.dll
==================== Bamital & volsnap Check =================
C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-07-19 15:53
==================== End Of Log ============================
|
|
| Themen zu Windows 7 / TR/Rogue.1123358 / VBS/Kryptik.N / Kopien auf USb Stick nur als Verknüpfung |
| adobe, avg, avira, bonjour, cs3, desktop, dnsapi.dll, fehler, google, hdd0(c:, mozilla, mp3, problem, programm, prozesse, realtek, registry, rundll, server, services.exe, software, stick, svchost.exe, usb, viren, windows, wscript.exe, wuauclt.exe |
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
WARNUNG an die MITLESER: 
Linear-Darstellung
