Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU - dann weisser Bildschirm bei Windows Vista

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 07.09.2013, 15:55   #1
tiroler2013
 
GVU - dann weisser Bildschirm bei Windows Vista - Standard

GVU - dann weisser Bildschirm bei Windows Vista



Hi liebe Board-Gurus,
nach GVU Befall nun weissen Bilschirm beim starten.

Habe mich bereits im Board umgesehen und mit OTL und Frst files kreiert. Hier sind die Ergebnisse, vielen Dank bereits vorab für eure Hilfe.

Files zu gross-deshalb im Anhang

Die Logdateien wurden via dem abgesicherten Modus mit Eingabeanforderung erstellt.

Danke für euer feedback...
Alex

Alt 07.09.2013, 16:04   #2
aharonov
/// TB-Ausbilder
 
GVU - dann weisser Bildschirm bei Windows Vista - Standard

GVU - dann weisser Bildschirm bei Windows Vista



Hi,

startet der Rechner nach diesem Fix wieder normal?


Drücke auf einem Zweitrechner bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:
Code:
ATTFilter
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Alexander Gasser\AppData\Roaming\skype.dat [77312 2011-11-18] () <==== ATTENTION 
C:\Users\Alexander Gasser\AppData\Roaming\skype.dat
C:\Users\Alexander Gasser\AppData\Roaming\skype.ini
         
Speichere dieses dann bitte unter dem Dateinamen Fixlist.txt auf deinen USB Stick neben FRST.
  • Schliesse den USB Stick wieder an den infizierten Rechner an.
  • Starte deinen Rechner erneut in den abgesicherten Modus mit Eingabeaufforderung.
  • Starte nun wiederum FRST, aber klicke dieses Mal auf den Fix Button.
Das Tool erstellt eine Datei Fixlog.txt auf deinem USB Stick. Poste deren Inhalt bitte hier.
__________________

__________________

Alt 07.09.2013, 16:46   #3
tiroler2013
 
GVU - dann weisser Bildschirm bei Windows Vista - Standard

GVU - dann weisser Bildschirm bei Windows Vista



das geht ja Super schnell hier:

hier die Fixlogdatei:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2013 02
Ran by Alexander Gasser at 2013-09-07 17:45:30 Run:1
Running from F:\
Boot Mode: Safe Mode (minimal)

==============================================

Content of fixlist:
*****************
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Alexander Gasser\AppData\Roaming\skype.dat [77312 2011-11-18] () <==== ATTENTION 
C:\Users\Alexander Gasser\AppData\Roaming\skype.dat
C:\Users\Alexander Gasser\AppData\Roaming\skype.ini
*****************

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Alexander Gasser\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Alexander Gasser\AppData\Roaming\skype.ini => Moved successfully.

==== End of Fixlog ====
         


RESTART: huch, ja er startet normal. Great !
__________________

Alt 07.09.2013, 19:07   #4
aharonov
/// TB-Ausbilder
 
GVU - dann weisser Bildschirm bei Windows Vista - Standard

GVU - dann weisser Bildschirm bei Windows Vista



Prima, dann verschiebe die frst.exe vom USB-Stick auf den Desktop.
  • Starte dann FRST.
  • Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.



(Hänge die Logfiles bitte nicht an (das erschwert mir das Auswerten massiv), sondern füge deren Inhalt direkt innerhalb von Codetags ein: [code]Inhalt Logfile[/code]. (Anleitung))
__________________
cheers,
Leo

Alt 07.09.2013, 21:37   #5
tiroler2013
 
GVU - dann weisser Bildschirm bei Windows Vista - Standard

GVU - dann weisser Bildschirm bei Windows Vista



wie gewünscht:

Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-09-2013 02
Ran by Alexander Gasser at 2013-09-07 22:32:29
Running from C:\Users\Alexander Gasser\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Acute Email IDs Production Engine (Version: 10.3.5)
Adobe AIR (Version: 3.3.0.3650)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge CS4 (Version: 3)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Recommended Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Extra Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Fonts All (Version: 2.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS3 (Version: 1.0)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Agere Systems HDA Modem
Amazon Dominator version 1.0 (Version: 1.0)
Amazon Kindle
Atheros WLAN Client (Version: 1.00.000)
ATI Catalyst Install Manager (Version: 3.0.624.0)
AzonPin v1.2
Badoo Desktop (Version: 1.6.55.1183)
Box Shot 3D (Version: 2.13)
Buyer Arbitrage 1.0 (Version: 1.0.0)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Camtasia Studio 6 (Version: 6.0.3)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.4.0.7)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.5.0.5)
Canon Utilities EOS Utility (Version: 1.1.0.8)
Catalyst Control Center Core Implementation (Version: 2007.0730.2152.37233)
Catalyst Control Center Graphics Full Existing (Version: 2007.0730.2152.37233)
Catalyst Control Center Graphics Full New (Version: 2007.0730.2152.37233)
Catalyst Control Center Graphics Light (Version: 2007.0730.2152.37233)
Catalyst Control Center Graphics Previews Vista (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization Chinese Standard (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization Czech (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization Danish (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization Dutch (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization Finnish (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization French (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization German (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization Greek (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization Hungarian (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization Italian (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization Japanese (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization Korean (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization Norwegian (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization Polish (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization Portuguese (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization Russian (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization Spanish (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization Swedish (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization Thai (Version: 2007.0730.2152.37233)
Catalyst Control Center Localization Turkish (Version: 2007.0730.2152.37233)
CCC Help Chinese Standard (Version: 2007.0730.2151.37233)
CCC Help Chinese Traditional (Version: 2007.0730.2151.37233)
CCC Help Czech (Version: 2007.0730.2151.37233)
CCC Help Danish (Version: 2007.0730.2151.37233)
CCC Help Dutch (Version: 2007.0730.2151.37233)
CCC Help English (Version: 2007.0730.2151.37233)
CCC Help Finnish (Version: 2007.0730.2151.37233)
CCC Help French (Version: 2007.0730.2151.37233)
CCC Help German (Version: 2007.0730.2151.37233)
CCC Help Greek (Version: 2007.0730.2151.37233)
CCC Help Hungarian (Version: 2007.0730.2151.37233)
CCC Help Italian (Version: 2007.0730.2151.37233)
CCC Help Japanese (Version: 2007.0730.2151.37233)
CCC Help Korean (Version: 2007.0730.2151.37233)
CCC Help Norwegian (Version: 2007.0730.2151.37233)
CCC Help Polish (Version: 2007.0730.2151.37233)
CCC Help Portuguese (Version: 2007.0730.2151.37233)
CCC Help Russian (Version: 2007.0730.2151.37233)
CCC Help Spanish (Version: 2007.0730.2151.37233)
CCC Help Swedish (Version: 2007.0730.2151.37233)
CCC Help Thai (Version: 2007.0730.2151.37233)
CCC Help Turkish (Version: 2007.0730.2151.37233)
ccc-core-static (Version: 2007.0730.2152.37233)
ccc-utility (Version: 2007.0730.2152.37233)
CCleaner (Version: 4.01)
CINEMA 4D Release 10
Commission Activator 1.00
CommissionMultiplier (Version: 1.1.0)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Connect (Version: 1.0.0.1)
D3DX10 (Version: 15.4.2368.0902)
DivX Converter (Version: 6.6.1)
DivX-Setup (Version: 2.6.0.34)
DNA (HKCU Version: 2.2.4 (16502))
Dragon NaturallySpeaking 11 (Version: 11.0.200)
DVD Suite (Version: 5.0.1603)
Easy Battery Manager (Version: 3.2.1.1)
Easy Display Manager (Version: 2.0.0.0)
Easy Thumbnails (Remove only) (Version: 3.0)
EasyLife Updater (Version: 1.0)
Fast Blog Finder 3
FileZilla Client 3.6.0.2 (HKCU Version: 3.6.0.2)
Firebird SQL Server - MAGIX Edition (Version: 2.1.31.0)
FLV Player 2.0 (build 25) (Version: 2.0 (build 25))
FontCreator 5.6
Google Drive (Version: 1.11.4865.2530)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4413.1752)
Google Update Helper (Version: 1.3.21.153)
Google+ RegHelper (Version: 1.4.0)
GoToMeeting 5.5.0.1132 (HKCU Version: 5.5.0.1132)
HijackThis 2.0.2 (Version: 2.0.2)
imagine digital freedom - Samsung (Version: 1.0.2.0)
IrfanView (remove only)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Java(TM) 6 Update 6 (Version: 1.6.0.60)
Junk Mail filter update (Version: 15.4.3502.0922)
kuler (Version: 2.0)
Localizer Leads Tool (Version: 3.4.4)
MAGIX Screenshare (Version: 4.3.6.1987)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6)
MAGIX Video deluxe MX Plus Sonderedition (Version: 11.0.5.0)
MAGIX Web Designer 7 (Version: 7.0.4.16490)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Market Samurai (Version: 0.92.40)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2003 Web Components (Version: 11.0.8003.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office XP Professional mit FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SOAP Toolkit 2.0 SP2 (Version: 623.1)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.1.2047.00)
Microsoft SQL Server VSS Writer (Version: 9.00.2047.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 20.0.1 (x86 de) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
Mozilla Thunderbird (2.0.0.24) (Version: 2.0.0.24 (de))
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nvu 1.0 (Version: 1.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
ORF-Ski Challenge 2009
PDF Settings CS4 (Version: 9.0)
phase5 (Version: 09.09.2003)
Photoshop Camera Raw (Version: 5.0)
Pin Point Pro 1.0 (Version: 1.0.0)
Pin Point Pro 1.0.1 (Version: 1.0.0)
PinAutomation - Traffic Robot v1.2
PowerDVD (Version: 7.0.2802.0)
ProtectDisc Driver, Version 11 (Version: 11.0.0.11)
Realtek High Definition Audio Driver (Version: 6.0.1.5659)
Samsung Magic Doctor (Version: 5.00)
Samsung Recovery Solution II (Version: 2.0)
Samsung Update Plus (Version: 1.3.0.11)
Samsung Update Plus (Version: 2.0)
Segoe UI (Version: 15.4.2271.0615)
Skins (Version: 2007.0730.2152.37233)
Skype Click to Call (Version: 5.6.8442)
Skype™ 6.3 (Version: 6.3.105)
Sqirlz Water Reflections (Version: 2.4)
Suite Shared Configuration CS4 (Version: 1.0)
SWiSH Max3 (Version: 09.06.02.000)
Swishkaufen.de - Swishmax 2 Hilfe (Version: 1.3.0)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 9.1.22.0)
Traffic Travis 3.3.10
Tweet Adder 3 (Version: 3.0.51)
TweetAdder4 (Version: 4.0.130805)
Typograf 5.1d (Version: 5.1d)
Underachiever Secrets
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update or Uninstall SENukeX (HKCU Version: 3.0.0.13)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Verbindungsassistent (Version: 2.1)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (Version: 11.0.0)
Website Indexer (Version: 1.7.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR
Youtube Tsunami Robot (Version: 1.0.0)
 

==================== Restore Points  =========================


==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0387093E-4054-4442-A4FC-A6522E92BD47} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {0D09C7CC-3F1C-4D71-9EF0-295FCCE995FC} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1DB87F09-2E9E-4580-BFAF-66ED94AAC910} - System32\Tasks\schedule!1818212897 => C:\ProgramData\BetterSoft\EasyLife Updater\EasyLife Updater.exe
Task: {2E392040-9170-4FB0-AE9F-DD0E6C9DEB93} - System32\Tasks\{D1B17FF0-4A2C-488B-A8E0-B5FB165F204D} => C:\Program Files\Skype\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {35DCA63C-9A18-4A08-85E6-083453E01F7B} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe
Task: {36CC60E7-F073-45B7-92D3-2D0FCA4284BD} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-04-26] (Samsung Electronics Co., Ltd.)
Task: {3948132A-6468-4AB8-A71B-45CC87894066} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3F5E55D0-D136-49C5-A5DB-E9BFD010336A} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {567B7B61-CBAF-423E-8DEC-D87872AFDB07} - System32\Tasks\Microsoft\Windows\RestartManager\{5B746DAF-AF88-4717-98BB-3D7882D0E751} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {579D6CEB-3311-4CD1-B37D-DAF548A6A7CE} - System32\Tasks\{D1BC8492-5D36-4DDF-9096-371564FADFD9} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.3.0.120.259&amp;LastError=2
Task: {5B8CC558-E4F7-4F23-BFFB-26B9122544FA} - System32\Tasks\SupBackGroundTask => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe [2010-04-20] ()
Task: {7260AD01-5CC0-40F2-9409-5626B1DA0D85} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2008-01-19] (Microsoft Corporation)
Task: {7C8B8FD5-22C2-4840-B9C4-A4373D9281A2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-07] (Adobe Systems Incorporated)
Task: {7D1667B1-8E58-412C-A9B5-ECE6869F7CB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-08] (Google Inc.)
Task: {80AF346F-AA8E-4BBC-8A2E-87C003976B06} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2007-06-01] (SAMSUNG Electronics)
Task: {9A16F569-1834-4A7D-B89E-EF8C1FB320ED} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1535209619-677255245-1723951647-1003 => C:\Windows\System32\portabledeviceapi.dll [2009-10-01] (Microsoft Corporation)
Task: {9DBC4E1A-1A47-4365-985F-7EE43499F7AB} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2007-06-29] (SAMSUNG Electronics co., LTD.)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {D1015A44-7C66-4E56-A2FE-A3515DE94A63} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {D2DC6554-2192-43ED-872E-7EF1591754B3} - System32\Tasks\Microsoft\Windows\WindowsBackup\CheckFull => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EF275630-D1C4-497A-A2A5-792ED989E227} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {F354C1B8-5627-482D-BB4E-127F0C84276F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-08] (Google Inc.)
Task: {F8AB0A67-5173-4813-9449-BA8E98C7540D} - System32\Tasks\User_Feed_Synchronization-{BB6EB217-761D-484B-8FFB-DD8979C44960} => C:\Windows\system32\msfeedssync.exe [2013-02-25] (Microsoft Corporation)
Task: {FB16FD38-0D70-4715-8E5C-0E3EDA915C54} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\schedule!1818212897.job => C:\ProgramData\BetterSoft\EasyLife Updater\EasyLife Updater.exe
Task: C:\Windows\Tasks\SupBackGroundTask.job => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe

==================== Loaded Modules (whitelisted) =============

2013-02-07 00:04 - 2013-04-04 14:50 - 00527944 ____C (Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbam.dll
2013-02-07 00:04 - 2013-04-04 14:50 - 02191944 ____C (Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbamnet.dll
2012-11-29 23:59 - 2012-11-29 23:59 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2013-02-07 00:04 - 2012-12-14 17:49 - 00079208 ____C (Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbamext.dll
2008-04-19 17:46 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2007-08-07 07:06 - 2007-08-07 02:31 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2007-08-08 01:17 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
2007-08-08 00:50 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2007-08-08 00:50 - 2006-09-19 02:52 - 00028672 _____ () C:\Program Files\Samsung\Easy Display Manager\WinMove.dll
2007-08-08 00:54 - 2007-02-23 11:32 - 00065536 _____ () C:\Program Files\Samsung\EBM\ChkSec.dll
2007-08-07 07:06 - 2007-03-23 07:44 - 00163840 _____ (Synaptics, Inc.) C:\Windows\system32\SynCOM.dll
2007-08-07 07:06 - 2007-03-23 07:51 - 00143360 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPAPI.dll
2006-11-02 14:35 - 2006-11-02 14:35 - 00116736 _____ (Microsoft Corporation) C:\Windows\eHome\ehProxy.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 00102400 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2767.37485__90ba9c70f846762e\MOM.Implementation.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00019968 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2767.37189__90ba9c70f846762e\LOG.Foundation.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 00032768 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2767.37192__90ba9c70f846762e\LOG.Foundation.Private.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 00061440 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2767.37483__90ba9c70f846762e\LOG.Foundation.Implementation.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2767.37192__90ba9c70f846762e\MOM.Foundation.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 00020480 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2767.37192__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 00045056 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2767.37195__90ba9c70f846762e\AEM.Server.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00024576 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2767.37193__90ba9c70f846762e\NEWAEM.Foundation.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 00032768 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2767.37484__90ba9c70f846762e\CCC.Implementation.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00049152 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2767.37190__90ba9c70f846762e\CLI.Foundation.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00028672 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2767.37485__90ba9c70f846762e\CLI.Foundation.XManifest.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 00098304 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2767.37196__90ba9c70f846762e\CLI.Component.Runtime.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 00040960 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2767.37194__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 00007680 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2767.37193__90ba9c70f846762e\CLI.Foundation.Private.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00005632 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2767.37193__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 00032768 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 00006656 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2767.37194__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00024576 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2767.37190__90ba9c70f846762e\AEM.Foundation.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00005632 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2767.37194__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00006144 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2767.37195__90ba9c70f846762e\AEM.Server.Shared.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 00036864 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2767.37525__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00006656 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2767.37491__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00006656 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2767.37195__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00045056 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00016384 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00006144 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2767.37204__90ba9c70f846762e\DEM.Graphics.dll
2007-08-08 00:30 - 2007-08-08 00:30 - 00233472 _____ (Advanced Mirco Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2767.37205__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00049152 _____ (Advanced Mirco Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2767.37191__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00024576 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00007168 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2767.37203__90ba9c70f846762e\DEM.OS.I0602.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00008192 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2767.37194__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00005120 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2767.37204__90ba9c70f846762e\DEM.OS.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 00061440 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2767.37204__90ba9c70f846762e\ATIDEMOS.dll
2007-08-08 00:30 - 2007-08-08 00:30 - 00020480 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2767.37224__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00020480 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2767.37204__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
2007-08-08 00:30 - 2007-08-08 00:30 - 00065536 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2767.37420__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 00008704 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2767.37253__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00040960 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2767.37419__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00024576 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2767.37341__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
2007-08-08 00:30 - 2007-08-08 00:30 - 00032768 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2767.37355__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00028672 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2767.37223__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
2007-08-08 00:30 - 2007-08-08 00:30 - 00073728 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2767.37462__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00057344 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2767.37462__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
2007-08-08 00:30 - 2007-08-08 00:30 - 00032768 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2767.37261__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00053248 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2767.37260__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00040960 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2767.37281__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00028672 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2767.37224__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00005632 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2767.37280__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00032768 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2767.37385__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00024576 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2767.37385__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00040960 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2767.37362__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00053248 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2767.37355__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00032768 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2767.37406__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00028672 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2767.37223__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00053248 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2767.37355__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00040960 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2767.37342__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00061440 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2767.37428__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00049152 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2767.37427__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00049152 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2767.37362__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00032768 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2767.37362__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00040960 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2767.37491__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00024576 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2767.37453__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00024576 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2767.37190__90ba9c70f846762e\APM.Foundation.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 00397312 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2767.37476__90ba9c70f846762e\CLI.Component.Systemtray.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 00040960 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2767.37210__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 00466944 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2767.37233__90ba9c70f846762e\CLI.Component.Wizard.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00007680 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2767.37191__90ba9c70f846762e\CLI.Component.Client.Shared.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00020480 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2767.37191__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 00011776 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2767.37231__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
2007-08-08 00:30 - 2007-08-08 00:30 - 00040960 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2767.37239__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00016384 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2767.37238__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
2007-08-08 00:30 - 2007-08-08 00:30 - 00483328 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2767.37499__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00090112 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2767.37434__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
2007-08-08 00:30 - 2007-08-08 00:30 - 01675264 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2767.37247__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00040960 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2767.37497__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00006656 _____ ( ) C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00401408 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2767.37447__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00303104 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2767.37281__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
2007-08-08 00:30 - 2007-08-08 00:30 - 00184320 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2767.37261__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 01503232 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2767.37213__90ba9c70f846762e\CLI.Component.Dashboard.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00020480 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2767.37191__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 00010240 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2767.37210__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00073728 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2767.37218__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00016384 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2767.37217__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00135168 _____ (Advanced Mirco Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2767.37504__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00438272 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2767.37225__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00208896 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2767.37268__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00118784 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2767.37386__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00475136 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2767.37357__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00401408 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2767.37407__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00331776 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2767.37429__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00585728 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2767.37275__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
2007-08-08 00:29 - 2007-08-08 00:29 - 00667648 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2767.37365__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
2007-08-08 00:28 - 2007-08-08 00:28 - 00013312 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2767.37476_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
2013-09-07 22:22 - 2013-04-26 01:43 - 00139264 ____C () C:\Program Files\TweetAdder4\Appearance Pak.dll
2013-09-07 22:22 - 2013-04-17 11:53 - 00098304 ____C () C:\Program Files\TweetAdder4\Browser Plugin.dll
2013-09-07 22:22 - 2013-04-17 11:53 - 00073728 ____C () C:\Program Files\TweetAdder4\Internet Encodings.dll
2013-09-07 22:22 - 2013-05-24 09:01 - 00098304 ____C () C:\Program Files\TweetAdder4\MD5.dll
2013-09-07 22:22 - 2013-05-21 10:06 - 00667648 ____C () C:\Program Files\TweetAdder4\REALSQLDatabase.dll
2013-09-07 22:22 - 2013-05-24 09:01 - 00151552 ____C () C:\Program Files\TweetAdder4\RegEx.dll
2013-09-07 22:22 - 2013-04-26 01:43 - 01364599 ____C () C:\Program Files\TweetAdder4\SSLSocket.dll
2013-09-07 22:22 - 2013-04-26 01:43 - 00069632 ____C () C:\Program Files\TweetAdder4\EHObjectArray4701.dll
2013-09-07 22:22 - 2013-08-05 15:46 - 01467000 ____C (Monkeybread Software) C:\Program Files\TweetAdder4\MBS_CURLS_Plugin_17941.dll
2013-09-07 22:22 - 2013-08-05 15:46 - 00084600 ____C (Monkeybread Software) C:\Program Files\TweetAdder4\MBS_Registration_Plugin_17941.dll
2013-09-07 22:22 - 2013-08-05 15:46 - 00098936 ____C (Monkeybread Software) C:\Program Files\TweetAdder4\MBS_E4_Plugin_17941.dll
2013-09-07 22:22 - 2013-08-05 15:46 - 00119416 ____C (Monkeybread Software) C:\Program Files\TweetAdder4\MBS_JSON_Plugin_17941.dll
2013-09-07 22:22 - 2013-08-05 15:46 - 00106104 ____C (Monkeybread Software) C:\Program Files\TweetAdder4\MBS_WindowsHTMLViewer_Plugin_17941.dll
2013-09-07 22:22 - 2013-04-30 15:00 - 00069632 ____C () C:\Program Files\TweetAdder4\EHPictureButton2111.dll
2013-09-07 22:22 - 2013-04-16 18:56 - 00143872 ____C () C:\Program Files\TweetAdder4\EHStyleGrid9011.dll
2013-09-07 22:22 - 2013-04-17 11:53 - 00084992 ____C () C:\Program Files\TweetAdder4\EHTaskBar3121.DLL
2013-09-07 22:22 - 2013-04-17 11:53 - 00034816 ____C () C:\Program Files\TweetAdder4\EHTimeCtrl4221.DLL
2013-09-07 22:22 - 2013-04-16 18:56 - 00069632 ____C () C:\Program Files\TweetAdder4\EHInterfaces4701.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:20087FC5

==================== Faulty Device Manager Devices =============

Name: isatap.{1ADE5B53-F634-46D0-8B12-850C0DAB7795}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: isatap.{AC278C3D-6430-446D-99A7-31C900966782}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2013 07:40:39 PM) (Source: Application Hang) (User: )
Description: Programm thunderbird.exe, Version 1.8.20100.22820 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: d7c
Anfangszeit: 01ceabf1448161ea
Zeitpunkt der Beendigung: 16

Error: (09/07/2013 05:55:22 PM) (Source: MsiInstaller) (User: PC-Gasser)
Description: Product: Acute Email IDs Production Engine -- Error 1704.An installation for Microsoft .NET Framework 4 Client Profile is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (09/06/2013 11:53:34 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.

Error: (05/21/2013 10:00:19 PM) (Source: DragonSvc) (User: )
Description: Error: Failed to initiate execution of 'NatSpeak Periodic Language Model Optimization' task

Error: (05/21/2013 09:10:21 PM) (Source: EasyLife UpdaterUpdater) (User: )
Description: BITS download from hxxp://kosher-toolbar.info/get/?ver=1701&report_version=5&data=NP6yu5%2Bpu1Q%2FqomjlhO9bCMfkOz%2FIWK7n%2BgSeQHQMSUzW21lsueSywsCP6WD6%2F0T9JnCmkcmYWaNwscv2Vo9FGMaXiLQgNr3Z99mHEbonKSgr4BedfY05ucqjrWONPafB4hBebkRtQbf2RxXl5NALBQ8ma6UoRb47lIrmx98b2jR8rzjWvaTUt6Z8kpiug4A0jMwZkM%2BoCZfvDg3etu3qvYl35Zrnu8y18g31e6CFwV%2FVXplfm7YWZgoZEdwPrlylnd%2FUDt5RcHZZ3F8Sp%2BEniyYONTCj2%2FGBIix5bWDS6YEnthp1PWxCh71PJlNYofZIQOrJnB%2FZ3GCXOS1ipjHe3A5QfmO2sRp1P7LWOUaqWPq%2BB%2BJgsiNeAtXmpdhfXLVtwLNy8U0bYfmBxE8JVgLP6ud8rgFGkSR1X9W2n%2BOCJfduCBUHfpUV0yTvk4DrJ3QV5s44I%2BBcOFaaOZly1pD41aN%2FwobYXJAMQ4%2B failed 5:-2145386480 (null)

Error: (05/21/2013 09:09:27 PM) (Source: EasyLife UpdaterUpdater) (User: )
Description: BITS download from hxxp://nanoavi.info/get/?ver=1701&report_version=5&data=NP6yu5%2Bpu1Q%2FqomjlhO9bCMfkOz%2FIWK7n%2BgSeQHQMSUzW21lsueSywsCP6WD6%2F0T9JnCmkcmYWaNwscv2Vo9FGMaXiLQgNr3Z99mHEbonKSgr4BedfY05ucqjrWONPafB4hBebkRtQbf2RxXl5NALBQ8ma6UoRb47lIrmx98b2jR8rzjWvaTUt6Z8kpiug4A0jMwZkM%2BoCZfvDg3etu3qvYl35Zrnu8y18g31e6CFwV%2FVXplfm7YWZgoZEdwPrlylnd%2FUDt5RcHZZ3F8Sp%2BEniyYONTCj2%2FGBIix5bWDS6YEnthp1PWxCh71PJlNYofZIQOrJnB%2FZ3GCXOS1ipjHe3A5QfmO2sRp1P7LWOUaqWPq%2BB%2BJgsiNeAtXmpdhfXLVtwLNy8U0bYfmBxE8JVgLP6ud8rgFGkSR1X9W2n%2BOCJfduCBUHfpUV0yTvk4DrJ3QV5s44I%2BBcOFaaOZly1pD41aN%2FwobYXJAMQ4%2B failed 5:-2145386480 (null)

Error: (05/21/2013 08:08:01 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <D:\FIREFOXPORTABLE\DATA\PROFILE\SAFEBROWSING\TEST-MALWARE-SIMPLE.SBSTORE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/21/2013 08:08:01 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <D:\FIREFOXPORTABLE\DATA\PROFILE\SAFEBROWSING\TEST-MALWARE-SIMPLE.SBSTORE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/21/2013 08:08:01 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <D:\FIREFOXPORTABLE\DATA\PROFILE\SAFEBROWSING\TEST-MALWARE-SIMPLE.PSET> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/21/2013 08:08:01 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <D:\FIREFOXPORTABLE\DATA\PROFILE\SAFEBROWSING\TEST-MALWARE-SIMPLE.PSET> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (09/07/2013 09:21:01 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (09/07/2013 09:21:01 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (09/07/2013 09:21:01 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/07/2013 07:45:56 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/07/2013 07:44:15 PM) (Source: atikmdag) (User: )
Description: Unknown EDID version

Error: (09/07/2013 07:42:53 PM) (Source: ipnathlp) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (09/07/2013 07:37:41 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/07/2013 07:35:30 PM) (Source: atikmdag) (User: )
Description: Unknown EDID version

Error: (09/07/2013 06:23:23 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (09/07/2013 06:07:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x800736ccSicherheitsupdate für Windows Vista (KB2835361){88E5AE48-B174-40AA-86BB-66DBAB9AFE97}202


Microsoft Office Sessions:
=========================
Error: (09/07/2013 07:40:39 PM) (Source: Application Hang)(User: )
Description: thunderbird.exe1.8.20100.22820d7c01ceabf1448161ea16

Error: (09/07/2013 05:55:22 PM) (Source: MsiInstaller)(User: PC-Gasser)
Description: Product: Acute Email IDs Production Engine -- Error 1704.An installation for Microsoft .NET Framework 4 Client Profile is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)

Error: (09/06/2013 11:53:34 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.

Error: (05/21/2013 10:00:19 PM) (Source: DragonSvc)(User: )
Description: Error: Failed to initiate execution of 'NatSpeak Periodic Language Model Optimization' task

Error: (05/21/2013 09:10:21 PM) (Source: EasyLife UpdaterUpdater)(User: )
Description: BITS download from hxxp://kosher-toolbar.info/get/?ver=1701&report_version=5&data=NP6yu5%2Bpu1Q%2FqomjlhO9bCMfkOz%2FIWK7n%2BgSeQHQMSUzW21lsueSywsCP6WD6%2F0T9JnCmkcmYWaNwscv2Vo9FGMaXiLQgNr3Z99mHEbonKSgr4BedfY05ucqjrWONPafB4hBebkRtQbf2RxXl5NALBQ8ma6UoRb47lIrmx98b2jR8rzjWvaTUt6Z8kpiug4A0jMwZkM%2BoCZfvDg3etu3qvYl35Zrnu8y18g31e6CFwV%2FVXplfm7YWZgoZEdwPrlylnd%2FUDt5RcHZZ3F8Sp%2BEniyYONTCj2%2FGBIix5bWDS6YEnthp1PWxCh71PJlNYofZIQOrJnB%2FZ3GCXOS1ipjHe3A5QfmO2sRp1P7LWOUaqWPq%2BB%2BJgsiNeAtXmpdhfXLVtwLNy8U0bYfmBxE8JVgLP6ud8rgFGkSR1X9W2n%2BOCJfduCBUHfpUV0yTvk4DrJ3QV5s44I%2BBcOFaaOZly1pD41aN%2FwobYXJAMQ4%2B failed 5:-2145386480 (null)

Error: (05/21/2013 09:09:27 PM) (Source: EasyLife UpdaterUpdater)(User: )
Description: BITS download from hxxp://nanoavi.info/get/?ver=1701&report_version=5&data=NP6yu5%2Bpu1Q%2FqomjlhO9bCMfkOz%2FIWK7n%2BgSeQHQMSUzW21lsueSywsCP6WD6%2F0T9JnCmkcmYWaNwscv2Vo9FGMaXiLQgNr3Z99mHEbonKSgr4BedfY05ucqjrWONPafB4hBebkRtQbf2RxXl5NALBQ8ma6UoRb47lIrmx98b2jR8rzjWvaTUt6Z8kpiug4A0jMwZkM%2BoCZfvDg3etu3qvYl35Zrnu8y18g31e6CFwV%2FVXplfm7YWZgoZEdwPrlylnd%2FUDt5RcHZZ3F8Sp%2BEniyYONTCj2%2FGBIix5bWDS6YEnthp1PWxCh71PJlNYofZIQOrJnB%2FZ3GCXOS1ipjHe3A5QfmO2sRp1P7LWOUaqWPq%2BB%2BJgsiNeAtXmpdhfXLVtwLNy8U0bYfmBxE8JVgLP6ud8rgFGkSR1X9W2n%2BOCJfduCBUHfpUV0yTvk4DrJ3QV5s44I%2BBcOFaaOZly1pD41aN%2FwobYXJAMQ4%2B failed 5:-2145386480 (null)

Error: (05/21/2013 08:08:01 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
D:\FIREFOXPORTABLE\DATA\PROFILE\SAFEBROWSING\TEST-MALWARE-SIMPLE.SBSTORE

Error: (05/21/2013 08:08:01 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
D:\FIREFOXPORTABLE\DATA\PROFILE\SAFEBROWSING\TEST-MALWARE-SIMPLE.SBSTORE

Error: (05/21/2013 08:08:01 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
D:\FIREFOXPORTABLE\DATA\PROFILE\SAFEBROWSING\TEST-MALWARE-SIMPLE.PSET

Error: (05/21/2013 08:08:01 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
D:\FIREFOXPORTABLE\DATA\PROFILE\SAFEBROWSING\TEST-MALWARE-SIMPLE.PSET


CodeIntegrity Errors:
===================================
  Date: 2013-04-10 02:20:55.243
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-10 02:20:54.447
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-10 02:20:21.499
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-10 02:20:20.835
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-10 02:20:01.266
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-10 02:20:00.418
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-04 01:53:12.900
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-04 01:53:11.900
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-13 01:13:04.871
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-13 01:13:04.454
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\atiumdag.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 2045.45 MB
Available physical RAM: 1001.96 MB
Total Pagefile: 4340.18 MB
Available Pagefile: 3158.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:40.05 GB) (Free:0.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:99 GB) (Free:79.58 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:3.73 GB) (Free:0.11 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 6839D645)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=99 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================
         


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2013 02
Ran by Alexander Gasser (administrator) on PC-GASSER on 07-09-2013 22:31:49
Running from C:\Users\Alexander Gasser\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Windows\system32\PnkBstrA.exe
() C:\Windows\system32\PnkBstrB.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Malwarebytes' Anti-Malware\mbamgui.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TweetAdder.com) C:\Program Files\TweetAdder4\TweetAdder4.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-23] (Synaptics, Inc.)
HKLM\...\Run: [TrayServer] - F:\MAGIX\Video_deluxe_MX_Plus_Sonderedition\TrayServer_de.exe [x]
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-07-01] (Google Inc.)
MountPoints2: {0cd14230-be10-11de-8896-806e6f6e6963} - F:\AutoRun.exe
MountPoints2: {138dfab6-6053-11dc-8c56-806e6f6e6963} - E:\setup.exe
MountPoints2: {418fb1a1-37ce-11e1-928d-bed420ccc4a6} - F:\autorun.exe
MountPoints2: {43f904b2-e0c7-11e1-9332-0013773d2472} - F:\AutoRun.exe
MountPoints2: {43f904cc-e0c7-11e1-9332-0013773d2472} - F:\AutoRun.exe
MountPoints2: {46a0a791-5bb2-11df-88be-806e6f6e6963} - F:\AutoRun.exe
MountPoints2: {8cdeaf60-b31e-11de-b271-0013773d2472} - F:\AutoRun.exe
MountPoints2: {8cdeaf73-b31e-11de-b271-0013773d2472} - G:\AutoRun.exe
MountPoints2: {8f8d9be3-c81d-11dc-857d-0013773d2472} - F:\pushinst.exe
MountPoints2: {94bc0754-e096-11e1-9a46-0013773d2472} - F:\AutoRun.exe
MountPoints2: {94bc0759-e096-11e1-9a46-0013773d2472} - F:\AutoRun.exe
MountPoints2: {c1217b09-e0c1-11e1-836f-0013773d2472} - F:\AutoRun.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> D:\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Alexander Gasser\AppData\Roaming\Mozilla\Firefox\Profiles\gi1tl9dt.default
FF NewTab: user_pref("browser.newtab.url", "");
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Program Files\DNA\plugins\npbtdna.dll No File
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Alexander Gasser\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Users\Alexander Gasser\AppData\Roaming\Mozilla\Firefox\Profiles\gi1tl9dt.default\searchplugins\babylon.xml
FF Extension: Browse2save - C:\Users\Alexander Gasser\AppData\Roaming\Mozilla\Firefox\Profiles\gi1tl9dt.default\Extensions\5126b25a6135d@5126b25a61397.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Alexander Gasser\AppData\Roaming\Mozilla\Firefox\Profiles\gi1tl9dt.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Google Toolbar for Firefox - C:\Users\Alexander Gasser\AppData\Roaming\Mozilla\Firefox\Profiles\gi1tl9dt.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: AddThis - C:\Users\Alexander Gasser\AppData\Roaming\Mozilla\Firefox\Profiles\gi1tl9dt.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF Extension: firefox-extension - C:\Users\Alexander Gasser\AppData\Roaming\Mozilla\Firefox\Profiles\gi1tl9dt.default\Extensions\firefox-extension@shareaholic.com.xpi
FF Extension: toolbar - C:\Users\Alexander Gasser\AppData\Roaming\Mozilla\Firefox\Profiles\gi1tl9dt.default\Extensions\toolbar@seomoz.org.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF StartMenuInternet: FIREFOX.EXE - D:\FirefoxPortable\App\firefox\firefox.exe

========================== Services (Whitelisted) =================

R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [296808 2010-07-29] (Nuance Communications, Inc.)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2009-05-05] ()
R2 MBAMScheduler; C:\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-13] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2008-05-30] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [103736 2008-05-30] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [171040 2007-01-08] ()
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [73728 2007-06-28] ()

==================== Drivers (Whitelisted) ====================

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [277736 2008-07-30] (Protect Software GmbH)
S3 alcan5wn; C:\Windows\System32\DRIVERS\alcan5wn.sys [53600 2003-12-08] (THOMSON)
S3 alcaudsl; C:\Windows\System32\DRIVERS\alcaudsl.sys [70688 2003-12-08] (THOMSON)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2007-08-08] (SAMSUNG ELECTRONICS CO., LTD.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [495768 2009-04-30] (Logitech Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; system32\drivers\btwavdt.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 cmnsusbser; system32\DRIVERS\cmnsusbser.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-07 22:22 - 2013-09-07 22:22 - 00000800 _____ C:\Users\Public\Desktop\TweetAdder4.lnk
2013-09-07 22:22 - 2013-09-07 22:22 - 00000000 ___DC C:\Program Files\TweetAdder4
2013-09-07 19:40 - 2013-09-07 19:43 - 00000000 ___DC C:\AdwCleaner
2013-09-07 17:56 - 2013-09-07 17:56 - 00000000 ___DC C:\Program Files\Acute Email IDs Production Engine
2013-09-07 16:02 - 2013-09-07 16:02 - 00000000 ___DC C:\FRST
2013-09-07 15:48 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-07 15:48 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-09-07 15:48 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-07 15:46 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-07 15:46 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-07 15:46 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-07 15:46 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-06 22:41 - 2013-09-07 19:35 - 00002958 _____ C:\Windows\PFRO.log

==================== One Month Modified Files and Folders =======

2013-09-07 22:31 - 2007-11-11 20:08 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Google
2013-09-07 22:22 - 2013-09-07 22:22 - 00000800 _____ C:\Users\Public\Desktop\TweetAdder4.lnk
2013-09-07 22:22 - 2013-09-07 22:22 - 00000000 ___DC C:\Program Files\TweetAdder4
2013-09-07 22:22 - 2012-06-14 22:01 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-07 22:22 - 2011-10-13 23:06 - 00000000 ____D C:\Users\Alexander Gasser\AppData\Roaming\TweetAdder3
2013-09-07 21:45 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-07 21:45 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-07 21:39 - 2010-04-08 19:55 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-07 21:26 - 2012-06-07 01:50 - 01568096 _____ C:\Windows\WindowsUpdate.log
2013-09-07 20:07 - 2009-02-13 00:11 - 00000416 ____H C:\Windows\Tasks\SupBackGroundTask.job
2013-09-07 20:03 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-09-07 19:52 - 2006-11-02 12:33 - 01715134 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-07 19:48 - 2013-02-22 01:20 - 00000462 ____H C:\Windows\Tasks\schedule!1818212897.job
2013-09-07 19:48 - 2010-04-08 19:55 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-07 19:46 - 2008-01-15 21:47 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-09-07 19:45 - 2011-01-26 23:31 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-07 19:45 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-07 19:43 - 2013-09-07 19:40 - 00000000 ___DC C:\AdwCleaner
2013-09-07 19:43 - 2007-08-08 00:21 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-09-07 19:43 - 2006-11-02 15:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-07 19:40 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing
2013-09-07 19:35 - 2013-09-06 22:41 - 00002958 _____ C:\Windows\PFRO.log
2013-09-07 19:35 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\schemas
2013-09-07 19:34 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-07 18:24 - 2012-05-03 21:45 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-07 18:24 - 2011-08-02 22:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-07 18:12 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-07 17:56 - 2013-09-07 17:56 - 00000000 ___DC C:\Program Files\Acute Email IDs Production Engine
2013-09-07 17:56 - 2013-03-05 23:19 - 00001803 _____ C:\Users\Public\Desktop\Acute Email IDs Production Engine.lnk
2013-09-07 17:56 - 2013-02-07 00:04 - 00000660 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-07 17:56 - 2013-02-07 00:04 - 00000000 ___DC C:\Malwarebytes' Anti-Malware
2013-09-07 16:02 - 2013-09-07 16:02 - 00000000 ___DC C:\FRST
2013-09-07 15:55 - 2013-09-07 22:31 - 01081843 _____ (Farbar) C:\Users\Alexander Gasser\Desktop\FRST.exe
2013-09-07 15:34 - 2007-10-09 18:11 - 00168104 _____ C:\Users\ALEXAN~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-06 23:55 - 2006-11-02 14:47 - 02651464 _____ C:\Windows\system32\FNTCACHE.DAT

Files to move or delete:
====================
C:\Users\ALEXAN~1\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-07 19:51

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Alt 08.09.2013, 22:41   #6
aharonov
/// TB-Ausbilder
 
GVU - dann weisser Bildschirm bei Windows Vista - Standard

GVU - dann weisser Bildschirm bei Windows Vista



Hi,

wie läuft der Rechner jetzt?


Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
FF Extension: Browse2save - C:\Users\Alexander Gasser\AppData\Roaming\Mozilla\Firefox\Profiles\gi1tl9dt.default\Extensions\5126b25a6135d@5126b25a61397.com
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 2
  • Öffne das Programm Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.


Schritt 3


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> GVU - dann weisser Bildschirm bei Windows Vista

Alt 16.09.2013, 17:28   #7
aharonov
/// TB-Ausbilder
 
GVU - dann weisser Bildschirm bei Windows Vista - Standard

GVU - dann weisser Bildschirm bei Windows Vista



Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.
__________________
cheers,
Leo

Alt 22.09.2013, 17:01   #8
aharonov
/// TB-Ausbilder
 
GVU - dann weisser Bildschirm bei Windows Vista - Standard

GVU - dann weisser Bildschirm bei Windows Vista



Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________
cheers,
Leo

Antwort

Themen zu GVU - dann weisser Bildschirm bei Windows Vista
abgesicherte, abgesicherten, abgesicherten modus, befall, bereits, bildschirm, ergebnisse, erstell, files, gvu - trojaner - abgesicherter modus, liebe, logdateien, modus, starte, vista, weisse, weisser, weisser bildschirm, windows, windows vista



Ähnliche Themen: GVU - dann weisser Bildschirm bei Windows Vista


  1. weisser bildschirm bei windows vista 32bit
    Alles rund um Windows - 18.02.2015 (10)
  2. Windows Vista, Acer Aspire 9305AWSMI, fährt kurz hoch dann Bildschirm schwarz
    Alles rund um Windows - 19.07.2014 (1)
  3. Vista: normaler Windows-Start, dann weißer Bildschirm
    Log-Analyse und Auswertung - 04.03.2014 (7)
  4. Weisser Bildschirm bei Windows 7
    Alles rund um Windows - 26.11.2013 (1)
  5. Weisser Bildschirm beim Start Windows Vista- Abgesicherter Modus nicht möglich
    Log-Analyse und Auswertung - 27.10.2013 (28)
  6. Vista mit gesperrtem Bildschirm - zunächst weiß, dann verlaufend zu schwarz
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (9)
  7. Vista - weisser Bildschirm nach dem Hochfahren (angeblich BKA-Trojaner)
    Log-Analyse und Auswertung - 15.07.2013 (13)
  8. Weisser Bildschirm - Windows Vista
    Log-Analyse und Auswertung - 13.07.2013 (7)
  9. Weisser Bildschirm Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 13.06.2013 (3)
  10. BKA Trojaner in Win Vista 32bit, Anmeldung und dann Bildschirm weiß mit sichtbarer Maus
    Plagegeister aller Art und deren Bekämpfung - 20.05.2013 (22)
  11. weisser Bildschirm Windows Vista nach dem hochfahren
    Log-Analyse und Auswertung - 15.05.2013 (9)
  12. Windows Vista Weisser Bildschirm bei start + abgesicherter modus geht nicht
    Log-Analyse und Auswertung - 28.10.2012 (1)
  13. weisser bildschirm vista
    Plagegeister aller Art und deren Bekämpfung - 06.10.2012 (3)
  14. erst Polizeivirus, dann weisser Bildschirm
    Log-Analyse und Auswertung - 02.10.2012 (13)
  15. Weisser Bildschirm nach PC Start verbindung wird hergestellt bei Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  16. Weisser Bildschirm - Windows Vista - otl.txt
    Log-Analyse und Auswertung - 23.04.2012 (10)
  17. Weisser Bildschirm "warten sie bis die Verbindung erstellt wurde" Virus Weisser Bildschirm
    Log-Analyse und Auswertung - 15.04.2012 (1)

Zum Thema GVU - dann weisser Bildschirm bei Windows Vista - Hi liebe Board-Gurus, nach GVU Befall nun weissen Bilschirm beim starten. Habe mich bereits im Board umgesehen und mit OTL und Frst files kreiert. Hier sind die Ergebnisse, vielen Dank - GVU - dann weisser Bildschirm bei Windows Vista...
Archiv
Du betrachtest: GVU - dann weisser Bildschirm bei Windows Vista auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.