Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Virus.MSWORD.Marker.r oder auch W97M/Marker.BR

Virus.MSWORD.Marker.r oder auch W97M/Marker.BR


Log-Analyse und Auswertung: Virus.MSWORD.Marker.r oder auch W97M/Marker.BR

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 3 von 3 12 3
Alt 10.07.2013, 08:45   #31
miki60
 
Virus.MSWORD.Marker.r oder auch W97M/Marker.BR - Standard

Virus.MSWORD.Marker.r oder auch W97M/Marker.BR


ich häng nochmal das defender-log mit an, da sieht man genauer, was er da gefunden hat
zur Info: Platte G war die Partition D auf dem gestern bereinigten Rechner..

Alt 10.07.2013, 09:14   #32
schrauber
/// the machine
/// TB-Ausbilder
 
Virus.MSWORD.Marker.r oder auch W97M/Marker.BR - Standard

Virus.MSWORD.Marker.r oder auch W97M/Marker.BR


aber eine der WMA haste jetzt nicht angehängt?

schick mir heut abend ne PM mit Erinnerung, auf der Arbeit kann ich die Anhänge nicht laden.
__________________

__________________
Alt 10.07.2013, 09:40   #33
miki60
 
Virus.MSWORD.Marker.r oder auch W97M/Marker.BR - Standard

Virus.MSWORD.Marker.r oder auch W97M/Marker.BR


Hallo!
schade, kann man nichts machen
heut abend muß ich den Rechner abgeben
danke trotzdem für die Mühe
die wma sind nirgends zu finden auf dem Rechner...
hab sie nun von Defender löschen lassen
soll ich noch einen Scan auf dem neuen Rechner anwerfen?
Gruß von miki60
__________________
Alt 10.07.2013, 10:53   #34
schrauber
/// the machine
/// TB-Ausbilder
 
Virus.MSWORD.Marker.r oder auch W97M/Marker.BR - Standard

Virus.MSWORD.Marker.r oder auch W97M/Marker.BR


Ja mach das mal. Ich schau auf jeden Fall heut abend noch in das angehängte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.07.2013, 11:08   #35
miki60
 
Virus.MSWORD.Marker.r oder auch W97M/Marker.BR - Standard

Virus.MSWORD.Marker.r oder auch W97M/Marker.BR


du meinst nochmal den eset online scan laufen lassen, richtig?


Alt 10.07.2013, 11:51   #36
schrauber
/// the machine
/// TB-Ausbilder
 
Virus.MSWORD.Marker.r oder auch W97M/Marker.BR - Standard

Virus.MSWORD.Marker.r oder auch W97M/Marker.BR


Defender, und poste ein frisches FRST Log, ich schau mal rein.
__________________
--> Virus.MSWORD.Marker.r oder auch W97M/Marker.BR

Alt 10.07.2013, 12:43   #37
miki60
 
Virus.MSWORD.Marker.r oder auch W97M/Marker.BR - Standard

Virus.MSWORD.Marker.r oder auch W97M/Marker.BR


Hallo!
also, Defender hat nicht mehr gefunden...
hier noch mal die frichen logs vom FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2013 01
Ran by henrik (administrator) on 10-07-2013 13:40:45
Running from C:\Users\henrik\Downloads
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AMD) C:\Windows\system32\atieclxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer] - "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2012-04-02] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] - "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0" [223096 2012-04-17] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2012-04-09] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.13.13

FireFox:
========
FF ProfilePath: C:\Users\henrik\AppData\Roaming\Mozilla\Firefox\Profiles\c540sffe.default
FF Homepage: hxxp://www.google.de/
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\henrik\AppData\Roaming\Mozilla\Firefox\Profiles\c540sffe.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: No Name - C:\Users\henrik\AppData\Roaming\Mozilla\Firefox\Profiles\c540sffe.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\henrik\AppData\Roaming\Mozilla\Firefox\Profiles\c540sffe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2012-04-02] (CyberLink)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2010-08-19] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21600 2013-03-29] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-10 13:40 - 2013-07-10 13:40 - 00000000 ____D C:\FRST
2013-07-10 13:39 - 2013-07-10 13:39 - 01776221 ____A (Farbar) C:\Users\henrik\Downloads\FRST64(1).exe
2013-07-10 13:38 - 2013-07-10 13:38 - 01776221 ____A (Farbar) C:\Users\henrik\Downloads\FRST64.exe
2013-07-10 12:48 - 2013-07-10 12:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 12:47 - 2013-07-10 12:47 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-10 12:47 - 2013-07-10 12:47 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-10 11:27 - 2013-06-12 01:43 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 11:27 - 2013-06-12 01:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 11:27 - 2013-06-12 01:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 11:27 - 2013-06-12 01:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 11:27 - 2013-06-12 01:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 11:27 - 2013-06-12 01:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 11:27 - 2013-06-12 01:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 11:27 - 2013-06-12 01:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 11:27 - 2013-06-12 01:26 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 11:27 - 2013-06-12 01:26 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 11:27 - 2013-06-12 01:26 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 11:27 - 2013-06-12 01:25 - 19238912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 11:27 - 2013-06-12 01:25 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 11:27 - 2013-06-12 01:25 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 11:27 - 2013-06-12 01:25 - 02648576 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 11:27 - 2013-06-12 01:25 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 11:27 - 2013-06-12 01:25 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 11:26 - 2013-06-01 11:25 - 00496640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 11:26 - 2013-06-01 11:21 - 00595968 ____A (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-10 11:26 - 2013-05-31 01:14 - 04036096 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 11:26 - 2013-05-04 08:59 - 02842112 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-10 11:26 - 2013-05-04 06:57 - 02620928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 11:26 - 2013-04-12 00:30 - 01421312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 11:26 - 2013-04-12 00:22 - 01838080 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-10 11:22 - 2013-07-10 11:22 - 00001031 ____A C:\Users\Public\Desktop\PDFCreator.lnk
2013-07-10 11:22 - 2013-07-10 11:22 - 00000000 ____D C:\Users\henrik\AppData\Roaming\pdfforge
2013-07-10 11:22 - 2013-07-10 11:22 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-07-10 11:22 - 2013-04-09 15:13 - 00110264 ____A (pdfforge GmbH) C:\Windows\System32\pdfcmon.dll
2013-07-10 11:22 - 2012-05-05 11:54 - 00662288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2013-07-10 11:22 - 2012-05-05 11:54 - 00137000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-07-10 11:22 - 2012-05-05 11:54 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-07-10 11:22 - 1998-07-06 18:56 - 00125712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2013-07-10 11:22 - 1998-07-06 18:55 - 00158208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2013-07-10 11:22 - 1998-07-06 18:55 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2013-07-10 11:19 - 2013-07-10 11:21 - 17502040 ____A (pdfforge GbR) C:\Users\henrik\Downloads\PDFCreator-1_7_0_setup.exe
2013-07-10 11:18 - 2013-07-10 11:18 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-07-10 11:15 - 2013-07-10 11:18 - 29011992 ____A (Microsoft Corporation) C:\Users\henrik\Downloads\FileFormatConverters4.exe
2013-07-10 10:54 - 2013-07-10 11:14 - 00000000 ____D C:\ProgramData\Adobe
2013-07-10 10:54 - 2013-07-10 10:54 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-07-10 10:54 - 2013-07-10 10:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-10 10:50 - 2013-07-10 11:13 - 00000000 ____D C:\Users\henrik\AppData\Local\Adobe
2013-07-10 10:46 - 2013-07-10 10:46 - 00000000 ____D C:\Program Files\Classic Shell
2013-07-10 10:45 - 2013-07-10 10:46 - 08437760 ____A (IvoSoft) C:\Users\henrik\Downloads\ClassicShellSetup_3_6_8.exe
2013-07-10 07:44 - 2013-07-10 07:44 - 00000000 ____D C:\Program Files\7-Zip
2013-07-10 07:40 - 2013-07-10 07:40 - 01376768 ____A C:\Users\henrik\Downloads\7z920-x64.msi
2013-07-09 15:55 - 2013-07-09 15:55 - 00000000 ____D C:\Users\henrik\AppData\Roaming\Macromedia
2013-07-09 15:53 - 2013-07-09 15:53 - 00000000 ____D C:\Users\henrik\AppData\Local\Thunderbird
2013-07-09 15:53 - 2013-05-31 01:24 - 01257472 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-07-09 15:53 - 2013-05-31 01:08 - 00974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-07-09 15:53 - 2013-05-24 01:01 - 01300992 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-07-09 15:53 - 2013-05-24 00:27 - 01022464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-07-09 15:53 - 2013-05-15 04:25 - 00888320 ____A (Microsoft Corporation) C:\Windows\System32\autochk.exe
2013-07-09 15:53 - 2013-05-15 04:25 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\untfs.dll
2013-07-09 15:53 - 2013-05-15 04:24 - 00793088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2013-07-09 15:53 - 2013-05-15 04:24 - 00482816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2013-07-09 15:53 - 2013-05-04 09:58 - 00120736 ____A (Microsoft Corporation) C:\Windows\System32\AuthHost.exe
2013-07-09 15:53 - 2013-05-04 09:34 - 00446720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2013-07-09 15:53 - 2013-05-04 09:34 - 00284416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-07-09 15:53 - 2013-05-04 09:34 - 00213248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\UCX01000.SYS
2013-07-09 15:53 - 2013-05-04 09:30 - 00058312 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-07-09 15:53 - 2013-05-04 08:59 - 13644288 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-07-09 15:53 - 2013-05-04 08:59 - 03241472 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-07-09 15:53 - 2013-05-04 08:59 - 01619968 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-07-09 15:53 - 2013-05-04 08:59 - 01483776 ____A (Microsoft Corporation) C:\Windows\System32\VSSVC.exe
2013-07-09 15:53 - 2013-05-04 08:59 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\Magnify.exe
2013-07-09 15:53 - 2013-05-04 08:59 - 00760320 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-07-09 15:53 - 2013-05-04 08:59 - 00251904 ____A (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2013-07-09 15:53 - 2013-05-04 08:59 - 00141824 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-07-09 15:53 - 2013-05-04 08:59 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-07-09 15:53 - 2013-05-04 08:59 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-07-09 15:53 - 2013-05-04 08:58 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-07-09 15:53 - 2013-05-04 08:58 - 01332736 ____A (Microsoft Corporation) C:\Windows\System32\sysmain.dll
2013-07-09 15:53 - 2013-05-04 08:58 - 00470528 ____A (Microsoft Corporation) C:\Windows\System32\netprofmsvc.dll
2013-07-09 15:53 - 2013-05-04 08:58 - 00330240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2013-07-09 15:53 - 2013-05-04 08:58 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2013-07-09 15:53 - 2013-05-04 08:58 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
2013-07-09 15:53 - 2013-05-04 08:58 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\netplwiz.dll
2013-07-09 15:53 - 2013-05-04 08:58 - 00151552 ____A (Microsoft Corporation) C:\Windows\System32\netprofm.dll
2013-07-09 15:53 - 2013-05-04 08:58 - 00093696 ____A (Microsoft Corporation) C:\Windows\System32\psmsrv.dll
2013-07-09 15:53 - 2013-05-04 08:57 - 02305024 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-07-09 15:53 - 2013-05-04 08:57 - 01131520 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2013-07-09 15:53 - 2013-05-04 08:57 - 00820736 ____A (Microsoft Corporation) C:\Windows\System32\gpprefcl.dll
2013-07-09 15:53 - 2013-05-04 08:57 - 00708096 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.dll
2013-07-09 15:53 - 2013-05-04 08:57 - 00560640 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll
2013-07-09 15:53 - 2013-05-04 08:57 - 00501760 ____A (Microsoft Corporation) C:\Windows\System32\DevicePairing.dll
2013-07-09 15:53 - 2013-05-04 08:57 - 00389120 ____A (Microsoft Corporation) C:\Windows\System32\BCP47Langs.dll
2013-07-09 15:53 - 2013-05-04 08:57 - 00179712 ____A (Microsoft Corporation) C:\Windows\System32\bisrv.dll
2013-07-09 15:53 - 2013-05-04 08:57 - 00122368 ____A (Microsoft Corporation) C:\Windows\System32\biwinrt.dll
2013-07-09 15:53 - 2013-05-04 08:57 - 00017408 ____A (Microsoft Corporation) C:\Windows\System32\muifontsetup.dll
2013-07-09 15:53 - 2013-05-04 08:56 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
2013-07-09 15:53 - 2013-05-04 06:58 - 00758784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2013-07-09 15:53 - 2013-05-04 06:58 - 00621056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-07-09 15:53 - 2013-05-04 06:58 - 00125952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-07-09 15:53 - 2013-05-04 06:58 - 00083968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-07-09 15:53 - 2013-05-04 06:58 - 00034304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-07-09 15:53 - 2013-05-04 06:57 - 10788864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-07-09 15:53 - 2013-05-04 06:57 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-07-09 15:53 - 2013-05-04 06:57 - 00303616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2013-07-09 15:53 - 2013-05-04 06:57 - 00247296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-07-09 15:53 - 2013-05-04 06:57 - 00151040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2013-07-09 15:53 - 2013-05-04 06:57 - 00115712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2013-07-09 15:53 - 2013-05-04 06:57 - 00018432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2013-07-09 15:53 - 2013-05-04 06:57 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2013-07-09 15:53 - 2013-05-04 06:56 - 02035712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-07-09 15:53 - 2013-05-04 06:56 - 00582144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2013-07-09 15:53 - 2013-05-04 06:56 - 00449536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2013-07-09 15:53 - 2013-05-04 06:56 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2013-07-09 15:53 - 2013-05-04 06:56 - 00309760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2013-07-09 15:53 - 2013-05-04 06:56 - 00092160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll
2013-07-09 15:53 - 2013-05-04 06:55 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-07-09 15:53 - 2013-05-04 06:51 - 00014848 ____A (Microsoft) C:\Windows\System32\rars.rs
2013-07-09 15:53 - 2013-05-04 06:48 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-07-09 15:53 - 2013-05-04 06:48 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2013-07-09 15:53 - 2013-05-04 06:47 - 00427520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2013-07-09 15:53 - 2013-05-04 06:10 - 00014848 ____A (Microsoft) C:\Windows\SysWOW64\rars.rs
2013-07-09 15:53 - 2013-05-03 00:04 - 00386646 ____A C:\Windows\System32\ApnDatabase.xml
2013-07-09 15:53 - 2013-04-09 07:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2013-07-09 15:53 - 2013-04-09 07:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2013-07-09 15:53 - 2013-04-09 07:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2013-07-09 15:53 - 2013-04-09 07:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll
2013-07-09 15:53 - 2013-04-09 07:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll
2013-07-09 15:53 - 2013-04-09 07:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll
2013-07-09 15:53 - 2013-04-09 07:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-07-09 15:53 - 2013-04-09 06:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2013-07-09 15:53 - 2013-04-09 06:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe
2013-07-09 15:53 - 2013-04-09 06:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2013-07-09 15:53 - 2013-04-09 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2013-07-09 15:53 - 2013-04-09 06:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe
2013-07-09 15:53 - 2013-04-09 06:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-07-09 15:53 - 2013-04-09 06:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2013-07-09 15:53 - 2013-04-09 06:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
2013-07-09 15:53 - 2013-04-09 06:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-07-09 15:53 - 2013-04-09 06:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll
2013-07-09 15:53 - 2013-04-09 06:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-07-09 15:53 - 2013-04-09 06:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-07-09 15:53 - 2013-04-09 06:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2013-07-09 15:53 - 2013-04-09 06:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2013-07-09 15:53 - 2013-04-09 06:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2013-07-09 15:53 - 2013-04-09 06:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2013-07-09 15:53 - 2013-04-09 06:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2013-07-09 15:53 - 2013-04-09 06:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-07-09 15:53 - 2013-04-09 06:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll
2013-07-09 15:53 - 2013-04-09 06:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2013-07-09 15:53 - 2013-04-09 06:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2013-07-09 15:53 - 2013-04-09 06:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2013-07-09 15:53 - 2013-04-09 06:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll
2013-07-09 15:53 - 2013-04-09 06:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-07-09 15:53 - 2013-04-09 06:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2013-07-09 15:53 - 2013-04-09 06:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2013-07-09 15:53 - 2013-04-09 06:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll
2013-07-09 15:53 - 2013-04-09 06:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll
2013-07-09 15:53 - 2013-04-09 06:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll
2013-07-09 15:53 - 2013-04-09 06:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
2013-07-09 15:53 - 2013-04-09 06:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll
2013-07-09 15:53 - 2013-04-09 06:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2013-07-09 15:53 - 2013-04-09 06:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2013-07-09 15:53 - 2013-04-09 04:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2013-07-09 15:53 - 2013-04-09 04:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-07-09 15:53 - 2013-04-09 04:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2013-07-09 15:53 - 2013-04-09 04:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2013-07-09 15:53 - 2013-04-09 04:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-07-09 15:53 - 2013-04-09 04:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2013-07-09 15:53 - 2013-04-09 01:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-07-09 15:53 - 2013-04-09 01:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-07-09 15:53 - 2013-04-09 01:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-07-09 15:53 - 2013-04-09 01:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-07-09 15:53 - 2013-04-08 23:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-07-09 15:53 - 2013-04-08 23:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-07-09 15:53 - 2013-04-08 23:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-09 15:53 - 2013-04-08 23:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-07-09 15:53 - 2013-04-08 23:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-07-09 15:53 - 2013-04-08 23:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-07-09 15:53 - 2013-04-08 23:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-07-09 15:53 - 2013-04-08 23:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-07-09 15:53 - 2013-04-08 23:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-07-09 15:53 - 2013-04-08 23:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-07-09 15:53 - 2013-04-08 23:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-07-09 15:53 - 2013-04-08 23:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-07-09 15:53 - 2013-04-08 23:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-07-09 15:53 - 2013-04-08 23:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-07-09 15:53 - 2013-04-08 23:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-07-09 15:53 - 2013-04-08 23:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-07-09 15:53 - 2013-04-08 23:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-07-09 15:53 - 2013-04-08 23:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-07-09 15:53 - 2013-04-08 23:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-07-09 15:53 - 2013-04-08 23:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-07-09 15:53 - 2013-04-08 23:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-07-09 15:53 - 2013-04-08 23:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-07-09 15:53 - 2013-04-05 01:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
2013-07-09 15:53 - 2013-03-30 20:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-07-09 15:53 - 2013-03-30 20:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-07-09 15:53 - 2013-03-29 00:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-07-09 15:53 - 2013-03-29 00:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-07-09 15:53 - 2013-03-16 00:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll
2013-07-09 15:53 - 2013-03-16 00:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-07-09 15:53 - 2012-12-13 06:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-07-09 15:53 - 2012-12-13 05:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-07-09 15:50 - 2013-04-16 04:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-07-09 15:49 - 2013-05-04 09:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-07-09 15:49 - 2013-04-24 01:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-07-09 15:49 - 2013-04-24 01:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-07-09 15:49 - 2013-04-24 01:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-07-09 15:49 - 2013-04-24 00:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-07-09 15:49 - 2013-04-24 00:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-07-09 15:49 - 2013-04-24 00:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-07-09 15:49 - 2013-04-24 00:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-07-09 15:49 - 2013-03-06 09:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-07-09 15:49 - 2013-03-06 08:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-07-09 15:49 - 2013-03-06 08:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-07-09 15:49 - 2013-03-06 08:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-07-09 15:49 - 2013-03-06 07:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-07-09 15:49 - 2013-03-06 07:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-07-09 15:48 - 2013-07-09 15:48 - 00000000 ____D C:\Users\henrik\AppData\Roaming\Thunderbird
2013-07-09 15:43 - 2013-05-16 00:35 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll
2013-07-09 15:43 - 2013-04-27 07:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-07-09 15:43 - 2013-03-22 05:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-07-09 15:43 - 2013-03-22 00:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2013-07-09 15:43 - 2013-03-15 02:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-07-09 15:42 - 2013-05-16 00:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-07-09 15:42 - 2013-05-16 00:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-07-09 15:42 - 2013-05-14 15:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-09 15:42 - 2013-05-14 11:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-09 15:42 - 2013-04-29 00:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-07-09 15:42 - 2013-04-11 08:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-07-09 15:42 - 2013-04-03 01:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-07-09 15:42 - 2013-04-03 01:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-07-09 15:41 - 2013-07-09 15:42 - 00000000 ____D C:\Users\henrik\AppData\Roaming\Mozilla
2013-07-09 15:41 - 2013-07-09 15:41 - 00001168 ____A C:\Users\Public\Desktop\zebNet® Thunderbird Backup 2012.lnk
2013-07-09 15:41 - 2013-07-09 15:41 - 00000000 ____D C:\Users\henrik\AppData\Roaming\zebNet
2013-07-09 15:41 - 2013-07-09 15:41 - 00000000 ____D C:\Users\henrik\AppData\Local\Mozilla
2013-07-09 15:41 - 2013-07-09 15:41 - 00000000 ____D C:\ProgramData\InstallMate
2013-07-09 15:41 - 2013-07-09 15:41 - 00000000 ____D C:\Program Files (x86)\zebNet® Thunderbird Backup 2012
2013-07-09 15:41 - 2012-02-22 15:41 - 00069632 ____A (S.A.Dittrich) C:\Windows\SysWOW64\cXPIBrowser.ocx
2013-07-09 15:41 - 2011-12-07 21:38 - 00126976 ____N (S.A.Dittrich) C:\Windows\SysWOW64\cXPINET.ocx
2013-07-09 15:41 - 2011-09-25 23:24 - 00061440 ____N (ASX) C:\Windows\SysWOW64\cXPIInternet.ocx
2013-07-09 15:41 - 2011-09-25 23:22 - 00196608 ____N (ASX) C:\Windows\SysWOW64\CXPICOMCTL.OCX
2013-07-09 15:41 - 2005-04-15 20:58 - 01351392 ____N (Microsoft Corporation) C:\Windows\SysWOW64\COMCTL32.OCX
2013-07-09 15:41 - 2004-03-09 02:00 - 00152848 ____N (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx
2013-07-09 15:33 - 2013-07-09 15:33 - 00000000 ____D C:\Users\henrik\AppData\Roaming\ATI
2013-07-09 15:33 - 2013-07-09 15:33 - 00000000 ____D C:\Users\henrik\AppData\Local\Power2Go
2013-07-09 15:33 - 2013-07-09 15:33 - 00000000 ____D C:\Users\henrik\AppData\Local\ATI
2013-07-09 15:32 - 2013-07-10 11:13 - 00000000 ____D C:\Users\henrik\AppData\Roaming\Adobe
2013-07-09 15:32 - 2013-07-09 15:33 - 00001235 ____A C:\Users\henrik\Desktop\Blu-ray Disc Suite.lnk
2013-07-09 15:32 - 2013-07-09 15:32 - 00000020 ___SH C:\Users\henrik\ntuser.ini
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\Vorlagen
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\Startmenü
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\Netzwerkumgebung
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\Lokale Einstellungen
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\Eigene Dateien
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\Druckumgebung
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\Documents\Eigene Musik
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\Documents\Eigene Bilder
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\AppData\Local\Verlauf
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\AppData\Local\Anwendungsdaten
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\Anwendungsdaten
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 ____D C:\Users\henrik\AppData\Local\VirtualStore
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 ____D C:\Users\henrik\AppData\Local\Packages
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 ____D C:\users\henrik

==================== One Month Modified Files and Folders =======

2013-07-10 13:40 - 2013-07-10 13:40 - 00000000 ____D C:\FRST
2013-07-10 13:39 - 2013-07-10 13:39 - 01776221 ____A (Farbar) C:\Users\henrik\Downloads\FRST64(1).exe
2013-07-10 13:38 - 2013-07-10 13:38 - 01776221 ____A (Farbar) C:\Users\henrik\Downloads\FRST64.exe
2013-07-10 13:35 - 2013-04-25 10:44 - 01838758 ____A C:\Windows\WindowsUpdate.log
2013-07-10 13:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru
2013-07-10 12:48 - 2013-07-10 12:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 12:48 - 2013-04-30 11:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 12:47 - 2013-07-10 12:47 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-10 12:47 - 2013-07-10 12:47 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-10 12:47 - 2013-04-30 11:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-07-10 12:47 - 2012-07-26 07:26 - 00000167 ____A C:\Windows\win.ini
2013-07-10 11:56 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-07-10 11:34 - 2012-07-26 12:27 - 00751892 ____A C:\Windows\System32\perfh007.dat
2013-07-10 11:34 - 2012-07-26 12:27 - 00155620 ____A C:\Windows\System32\perfc007.dat
2013-07-10 11:34 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-10 11:30 - 2013-04-25 10:33 - 00005464 ____A C:\Windows\PFRO.log
2013-07-10 11:30 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-10 11:29 - 2012-07-26 12:29 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 11:29 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\System32\oobe
2013-07-10 11:22 - 2013-07-10 11:22 - 00001031 ____A C:\Users\Public\Desktop\PDFCreator.lnk
2013-07-10 11:22 - 2013-07-10 11:22 - 00000000 ____D C:\Users\henrik\AppData\Roaming\pdfforge
2013-07-10 11:22 - 2013-07-10 11:22 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-07-10 11:21 - 2013-07-10 11:19 - 17502040 ____A (pdfforge GbR) C:\Users\henrik\Downloads\PDFCreator-1_7_0_setup.exe
2013-07-10 11:18 - 2013-07-10 11:18 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-07-10 11:18 - 2013-07-10 11:15 - 29011992 ____A (Microsoft Corporation) C:\Users\henrik\Downloads\FileFormatConverters4.exe
2013-07-10 11:14 - 2013-07-10 10:54 - 00000000 ____D C:\ProgramData\Adobe
2013-07-10 11:13 - 2013-07-10 10:50 - 00000000 ____D C:\Users\henrik\AppData\Local\Adobe
2013-07-10 11:13 - 2013-07-09 15:32 - 00000000 ____D C:\Users\henrik\AppData\Roaming\Adobe
2013-07-10 10:56 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-07-10 10:56 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-07-10 10:56 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-10 10:56 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-10 10:56 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-07-10 10:56 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\System32\Dism
2013-07-10 10:56 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing
2013-07-10 10:56 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-07-10 10:54 - 2013-07-10 10:54 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-07-10 10:54 - 2013-07-10 10:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-10 10:46 - 2013-07-10 10:46 - 00000000 ____D C:\Program Files\Classic Shell
2013-07-10 10:46 - 2013-07-10 10:45 - 08437760 ____A (IvoSoft) C:\Users\henrik\Downloads\ClassicShellSetup_3_6_8.exe
2013-07-10 07:44 - 2013-07-10 07:44 - 00000000 ____D C:\Program Files\7-Zip
2013-07-10 07:40 - 2013-07-10 07:40 - 01376768 ____A C:\Users\henrik\Downloads\7z920-x64.msi
2013-07-09 16:31 - 2013-04-30 11:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-09 16:03 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-07-09 15:55 - 2013-07-09 15:55 - 00000000 ____D C:\Users\henrik\AppData\Roaming\Macromedia
2013-07-09 15:53 - 2013-07-09 15:53 - 00000000 ____D C:\Users\henrik\AppData\Local\Thunderbird
2013-07-09 15:48 - 2013-07-09 15:48 - 00000000 ____D C:\Users\henrik\AppData\Roaming\Thunderbird
2013-07-09 15:42 - 2013-07-09 15:41 - 00000000 ____D C:\Users\henrik\AppData\Roaming\Mozilla
2013-07-09 15:41 - 2013-07-09 15:41 - 00001168 ____A C:\Users\Public\Desktop\zebNet® Thunderbird Backup 2012.lnk
2013-07-09 15:41 - 2013-07-09 15:41 - 00000000 ____D C:\Users\henrik\AppData\Roaming\zebNet
2013-07-09 15:41 - 2013-07-09 15:41 - 00000000 ____D C:\Users\henrik\AppData\Local\Mozilla
2013-07-09 15:41 - 2013-07-09 15:41 - 00000000 ____D C:\ProgramData\InstallMate
2013-07-09 15:41 - 2013-07-09 15:41 - 00000000 ____D C:\Program Files (x86)\zebNet® Thunderbird Backup 2012
2013-07-09 15:36 - 2012-07-26 09:21 - 00016146 ____A C:\Windows\setupact.log
2013-07-09 15:33 - 2013-07-09 15:33 - 00000000 ____D C:\Users\henrik\AppData\Roaming\ATI
2013-07-09 15:33 - 2013-07-09 15:33 - 00000000 ____D C:\Users\henrik\AppData\Local\Power2Go
2013-07-09 15:33 - 2013-07-09 15:33 - 00000000 ____D C:\Users\henrik\AppData\Local\ATI
2013-07-09 15:33 - 2013-07-09 15:32 - 00001235 ____A C:\Users\henrik\Desktop\Blu-ray Disc Suite.lnk
2013-07-09 15:32 - 2013-07-09 15:32 - 00000020 ___SH C:\Users\henrik\ntuser.ini
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\Vorlagen
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\Startmenü
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\Netzwerkumgebung
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\Lokale Einstellungen
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\Eigene Dateien
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\Druckumgebung
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\Documents\Eigene Musik
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\Documents\Eigene Bilder
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\AppData\Local\Verlauf
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\AppData\Local\Anwendungsdaten
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 __SHD C:\Users\henrik\Anwendungsdaten
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 ____D C:\Users\henrik\AppData\Local\VirtualStore
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 ____D C:\Users\henrik\AppData\Local\Packages
2013-07-09 15:32 - 2013-07-09 15:32 - 00000000 ____D C:\users\henrik
2013-06-28 00:04 - 2012-07-26 10:14 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-28 00:04 - 2012-07-26 10:14 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 01:43 - 2013-07-10 11:27 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 01:43 - 2013-07-10 11:27 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 01:43 - 2013-07-10 11:27 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 01:43 - 2013-07-10 11:27 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 01:43 - 2013-07-10 11:27 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 01:43 - 2013-07-10 11:27 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 01:42 - 2013-07-10 11:27 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 01:42 - 2013-07-10 11:27 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 01:26 - 2013-07-10 11:27 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 01:26 - 2013-07-10 11:27 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 01:26 - 2013-07-10 11:27 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 01:25 - 2013-07-10 11:27 - 19238912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 01:25 - 2013-07-10 11:27 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 01:25 - 2013-07-10 11:27 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 01:25 - 2013-07-10 11:27 - 02648576 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 01:25 - 2013-07-10 11:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 01:25 - 2013-07-10 11:27 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-04 14:18

==================== End Of Log ============================
--- --- ---


und

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2013 01
Ran by henrik at 2013-07-10 13:40:57
Running from C:\Users\henrik\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
 Accelerated Video Transcoding (Version: 12.10.100.30328)
2007 Microsoft Office system (x32 Version: 12.0.6612.1000)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
AMD Catalyst Install Manager (Version: 8.0.911.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225)
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225)
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225)
CCC Help Czech (x32 Version: 2013.0328.2217.38225)
CCC Help Danish (x32 Version: 2013.0328.2217.38225)
CCC Help Dutch (x32 Version: 2013.0328.2217.38225)
CCC Help English (x32 Version: 2013.0328.2217.38225)
CCC Help Finnish (x32 Version: 2013.0328.2217.38225)
CCC Help French (x32 Version: 2013.0328.2217.38225)
CCC Help German (x32 Version: 2013.0328.2217.38225)
CCC Help Greek (x32 Version: 2013.0328.2217.38225)
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225)
CCC Help Italian (x32 Version: 2013.0328.2217.38225)
CCC Help Japanese (x32 Version: 2013.0328.2217.38225)
CCC Help Korean (x32 Version: 2013.0328.2217.38225)
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225)
CCC Help Polish (x32 Version: 2013.0328.2217.38225)
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225)
CCC Help Russian (x32 Version: 2013.0328.2217.38225)
CCC Help Spanish (x32 Version: 2013.0328.2217.38225)
CCC Help Swedish (x32 Version: 2013.0328.2217.38225)
CCC Help Thai (x32 Version: 2013.0328.2217.38225)
CCC Help Turkish (x32 Version: 2013.0328.2217.38225)
ccc-utility64 (Version: 2013.0328.2218.38225)
Classic Shell (Version: 3.6.8)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
CyberLink Blu-ray Disc Suite (x32 Version: 6.0.5024)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5114)
CyberLink Power2Go (x32 Version: 6.1.6320)
CyberLink PowerBackup (x32 Version: 2.5.8720)
CyberLink PowerDirector (x32 Version: 9.0.0.3815a)
CyberLink PowerDVD 10 (x32 Version: 10.0.4002.52)
CyberLink PowerProducer 5.5 (x32 Version: 5.5.3.3915a)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (x32 Version: 4.1.10111.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mozilla Thunderbird 17.0.5 (x86 de) (x32 Version: 17.0.5)
PDFCreator (x32 Version: 1.7.0)
Realtek Ethernet Controller Driver (x32 Version: 8.12.304.2013)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6602)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
zebNet® Thunderbird Backup 2012 3.4.14 (Version: 3.4.14)

==================== Restore Points  =========================

30-04-2013 09:15:36 Windows Modules Installer
04-07-2013 12:30:12 Geplanter Prüfpunkt
09-07-2013 15:22:50 Windows Update

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0FD63278-186D-4445-9979-2DC6319BBC12} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {29431A51-3734-465F-A630-CDED59806753} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {432494C3-1704-4B7B-AFCB-C2E3B7700880} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-26] (Microsoft Corporation)
Task: {4A29CC94-62AE-4418-8EDE-AAEC94911A39} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {560C124A-C81D-491E-9DF0-B14038648E31} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1288182465-454053974-3302173726-1004
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6C431E48-F68B-4EB3-B8C3-529EE28D560E} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1288182465-454053974-3302173726-1001
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9232A75B-EF43-4112-83C9-36785888C95C} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {9BA6AB8B-1D0C-42C3-9FFE-E6729BCA3382} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {A8CF5AA7-9A33-43D0-8D14-C0D2DA4AEF64} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation)
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BD8ADB2B-09BD-4680-86B0-26F971DCBBA4} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1288182465-454053974-3302173726-1004 => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C391A8D1-7229-4E06-A074-47DE6094FE89} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation)
Task: {C3C22889-18E2-4138-92F7-A5CCCFDD60D7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation)
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F89A1388-7A7B-496B-B730-9507F5C7A9B2} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {FFE3FD50-646E-4A64-913B-23C4187E6025} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/30/2013 10:54:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: )
Description: Die App „DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.

Error: (04/30/2013 10:54:12 AM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16537 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 11f8

Startzeit: 01ce45803644ae68

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID: 869a6a12-b173-11e2-be6a-80ee7343c607

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/30/2013 10:53:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: )
Description: Bei der Aktivierung der App „DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/30/2013 10:53:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: )
Description: Die App „DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.

Error: (04/30/2013 10:53:37 AM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16537 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 101c

Startzeit: 01ce45802a80a847

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID: 71c7bbc8-b173-11e2-be6a-80ee7343c607

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/25/2013 01:04:07 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5154efc9
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x5154efc9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002ea19
ID des fehlerhaften Prozesses: 0xa04
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3
Vollständiger Name des fehlerhaften Pakets: atieclxx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: atieclxx.exe5

Error: (04/25/2013 01:04:05 PM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (04/25/2013 01:03:59 PM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (04/25/2013 00:30:59 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/25/2013 11:57:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: )
Description: Die App „BrowserChoice_cw5n1h2txyewy!App“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.


System errors:
=============
Error: (07/10/2013 11:29:49 AM) (Source: DCOM) (User: WundS)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (07/10/2013 10:56:51 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (User: NT-AUTORITÄT)
Description: Das SAM-Modul konnte den TCP/IP- bzw. SPX/IPX-Listening-Thread nicht starten.

Error: (07/09/2013 03:35:02 PM) (Source: DCOM) (User: WundS)
Description: Microsoft.WindowsLive.Platform.Service.RemoteProcess

Error: (04/30/2013 10:53:37 AM) (Source: DCOM) (User: )
Description: DefaultBrowser.DefaultBrowserActivatableClass

Error: (04/25/2013 11:56:57 AM) (Source: DCOM) (User: )
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}WundSW&SS-1-5-21-1288182465-454053974-3302173726-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/25/2013 11:56:57 AM) (Source: DCOM) (User: )
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}WundSW&SS-1-5-21-1288182465-454053974-3302173726-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/25/2013 11:56:57 AM) (Source: DCOM) (User: )
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}WundSW&SS-1-5-21-1288182465-454053974-3302173726-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/25/2013 11:56:57 AM) (Source: DCOM) (User: )
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}WundSW&SS-1-5-21-1288182465-454053974-3302173726-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/25/2013 10:46:47 AM) (Source: DCOM) (User: )
Description: Microsoft.WindowsLive.Platform.Service.RemoteProcess

Error: (04/25/2013 10:33:26 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" wurde mit folgendem Fehler beendet: 
%%21


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 8156.68 MB
Available physical RAM: 6615.73 MB
Total Pagefile: 9372.68 MB
Available Pagefile: 7812.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.23 GB) (Free:182.14 GB) NTFS (Disk=0 Partition=2)
Drive d: () (Fixed) (Total:1863.01 GB) (Free:1714.42 GB) NTFS (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 224 GB) (Disk ID: 792FA7B4)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E0C8B0D0)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

==================== End Of Log ============================
und was sagst du?
sind wir durch?

Alt 10.07.2013, 13:36   #38
schrauber
/// the machine
/// TB-Ausbilder
 
Virus.MSWORD.Marker.r oder auch W97M/Marker.BR - Standard

Virus.MSWORD.Marker.r oder auch W97M/Marker.BR


schaut gut aus
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.07.2013, 13:46   #39
miki60
 
Virus.MSWORD.Marker.r oder auch W97M/Marker.BR - Standard

Virus.MSWORD.Marker.r oder auch W97M/Marker.BR


gut!
denn lassen wir das mal so..
besten Dank nochmals!
machs gut
Gruß von miki60

Alt 10.07.2013, 13:48   #40
schrauber
/// the machine
/// TB-Ausbilder
 
Virus.MSWORD.Marker.r oder auch W97M/Marker.BR - Standard

Virus.MSWORD.Marker.r oder auch W97M/Marker.BR


Null Problemo
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort
Seite 3 von 3 12 3

Themen zu Virus.MSWORD.Marker.r oder auch W97M/Marker.BR
.dll, adobe, adobe reader xi, avira, eigenartig, einstellungen, error, explorer, fehler, firefox, flash player, format, kaspersky, microsoft office 2003, object, performance, plug-in, realtek, registry, rundll, scan, security, server, software, sweetpacks, sweetpacks bundle uninstaller, symantec, udp, virus.msword.marker.r, windows internet


« Ist der GVU Trojaner vollständig entfernt worden? (Windows7) | bizcoaching problem »


Ähnliche Themen: Virus.MSWORD.Marker.r oder auch W97M/Marker.BR


  1. W97M.Downloader / -Dropper bei Virenscan entdeckt
    Plagegeister aller Art und deren Bekämpfung - 25.05.2015 (8)
  2. Yontoo verdacht auch Virus oder Trojaner
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (8)
  3. GUV-/GEMA- Trojaner oder auch RANSOMWARE.Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (41)
  4. I am my own boss try it out for yourself oder auch http://curingtenniselbow.com
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (1)
  5. Exploit MSWord.a - Trojaner gefährlich?
    Plagegeister aller Art und deren Bekämpfung - 02.12.2011 (1)
  6. Internetseiten oder YT-Videos werden mit Mozilla Firefox sehr langsam oder auch gar nicht geladen
    Log-Analyse und Auswertung - 17.08.2010 (5)
  7. Problem mit Trojaner oder so auch nach neu Installation von XP
    Log-Analyse und Auswertung - 03.10.2008 (1)
  8. problem mit nem Trojaner oder auch nicht...
    Plagegeister aller Art und deren Bekämpfung - 17.11.2007 (6)
  9. Msn Wurm, Trojaner oder was auch immer.
    Plagegeister aller Art und deren Bekämpfung - 13.08.2007 (7)
  10. Ich hab folgende trojaner oder adware oder was auch immer gefunden!
    Log-Analyse und Auswertung - 23.07.2006 (15)
  11. Trojaner, Virus oder wie auch immer?!?! Geänderte Registrierung :-(
    Log-Analyse und Auswertung - 21.03.2006 (9)
  12. CWS oder was auch immer..
    Plagegeister aller Art und deren Bekämpfung - 19.03.2006 (12)
  13. Virus, Trojaner, oder was auch immer
    Log-Analyse und Auswertung - 03.01.2006 (27)
  14. Trojaner oder was auch immer
    Plagegeister aller Art und deren Bekämpfung - 13.06.2005 (3)
  15. Ratlos mit se.dll (oder auch noch was anderes?)
    Log-Analyse und Auswertung - 05.05.2005 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus.MSWORD.Marker.r oder auch W97M/Marker.BR - ich häng nochmal das defender-log mit an, da sieht man genauer, was er da gefunden hat zur Info: Platte G war die Partition D auf dem gestern bereinigten Rechner.. - Virus.MSWORD.Marker.r oder auch W97M/Marker.BR...
Archiv
Du betrachtest: Virus.MSWORD.Marker.r oder auch W97M/Marker.BR auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129