|
Plagegeister aller Art und deren Bekämpfung: Trojaner PUP.Optional.xxx eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.02.2014, 08:23 | #1 |
| Trojaner PUP.Optional.xxx eingefangen Servus, in unregelmäßigen Abständen scanne ich meinen Laptop mit Malwarebytes. Auswirkungen habe ich bislang noch keine mitbekommen, aber seit gestern Nachmittag werden unterschiedliche PUP.optional.xxx Funde erkannt. Nach dem Säubern und reboot sind diese wieder da, oder unter einem anderen Namen. Was mir aufgefallen ist: Mit QuickScan wird das nicht erkannt, erst mit vollständigem Scan. Die letzte Meldung habe ich als Screenshot beigefügt. Was kann ich denn machen, um diese Plagegeister wieder loszuwerden. Besten Dank für eure Unterstützung. LG Klaus |
23.02.2014, 10:51 | #2 |
/// the machine /// TB-Ausbilder | Trojaner PUP.Optional.xxx eingefangen hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
23.02.2014, 11:18 | #3 |
| Trojaner PUP.Optional.xxx eingefangen Hi,
__________________Danke schon mal für deine flotte Antwort: Here we go... erst die FRST.txt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2014 01 Ran by Klaus Verhoeven (administrator) on KLAUSVERHOEVEN on 23-02-2014 11:07:16 Running from C:\Users\Klaus Verhoeven\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\aestsrv.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Dell Inc.) c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files\Lexware\services\Haufe.FabricHostService.exe (Siemens AG) C:\PROGRAM FILES\COMMON FILES\SIEMENS\ALMPANELPLUGIN\ALMPANELPLUGIN.EXE (HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (Bosch Rexroth AG) C:\Program Files\Rexroth\IndraWorks\GatewayPLC\ServiceControl.exe (Bosch Rexroth AG) C:\Program Files\Rexroth\IndraWorks\GatewayPLC\GatewayService.exe (Bosch Rexroth AG) C:\Program Files\Rexroth\IndraWorks\IndraWorks.Service.exe (Intel Corporation) C:\Windows\system32\IProsetMonitor.exe (Intel Corporation) C:\Program Files\Intel\Services\IPT\jhi_service.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files\lexware\installer service\LxInstallerService.exe (iAnywhere Solutions, Inc.) C:\Program Files\SQL Anywhere 12\Bin32\dbsrv12.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files\Lexware\Update Service\Hmg.InstallationService.Service.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe () c:\Windows\system32\srvany.exe (O2Micro.) c:\Windows\system32\SDIOAssist.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\ace\bin\SCSMX.exe (Siemens AG) C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008 Runtime\SmartServer.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\SimNetCom\PNIOMGR.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\SimNetCom\pniopcac.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Bosch Rexroth AG) C:\Program Files\Rexroth\IndraWorks\IndraLogic\ENI Server\ENI.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Hewlett-Packard Company) C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Western Digital) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (SIEMENS AG) C:\Program Files\SIEMENS\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe (Apple Inc.) C:\Programme\iTunes\iTunesHelper.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubtoox.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe (iAnywhere Solutions, Inc.) C:\Program Files\Common Files\Siemens\Sqlany\dbsrv9.exe (SIEMENS AG) C:\Program Files\SIEMENS\SIMATIC WinCC flexible\WinCC flexible 2008\HmiES.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\SWS\almsrv\almsrvbubblex.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [501104 2011-04-05] (Alps Electric Co., Ltd.) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [536668 2011-01-25] (IDT, Inc.) HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1210640 2010-12-23] (Intel(R) Corporation) HKLM\...\Run: [IMSS] - C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation) HKLM\...\Run: [PDVD9LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.) HKLM\...\Run: [DBRMTray] - C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [HP LaserJet Professional CM1410 Series Fax] - C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [2459192 2010-08-24] (Hewlett-Packard Company) HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH) HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM\...\Run: [] - [X] HKLM\...\Run: [WD Drive Unlocker] - C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital) HKLM\...\Run: [WD Quick View] - C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.) HKLM\...\Run: [WinCC flexible Smart Start] - C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe [118784 2011-12-14] (SIEMENS AG) HKLM\...\Run: [S7UB Start] - C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe [102453 2010-06-03] (SIEMENS AG) HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-17] (Haufe-Lexware GmbH & Co. KG) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [iTunesHelper] - C:\Programme\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.) HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-05] (Microsoft) Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.) HKU\S-1-5-21-423341099-3081215641-531963784-1000\...\Run: [CCleaner Monitoring] - C:\Program Files\CCleaner\CCleaner.exe [4455704 2014-01-21] (Piriform Ltd) HKU\S-1-5-21-423341099-3081215641-531963784-1000\...\MountPoints2: {a6589f29-20fc-11e3-8c97-806e6f6e6963} - "E:\WD Drive Unlock.exe" autoplay=true AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll => File Not Found Lsa: [Authentication Packages] msv1_0 wvauth ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {6907B544-25A8-4F7E-A3DE-BEDA547B9CF3} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312331&CUI=UN27954907998754263&UM=2 SearchScopes: HKCU - {10A31331-F927-4097-9A1A-F550A8D56245} URL = SearchScopes: HKCU - {6907B544-25A8-4F7E-A3DE-BEDA547B9CF3} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312331&CUI=UN27954907998754263&UM=2 BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Klaus Verhoeven\AppData\Roaming\Mozilla\Firefox\Profiles\xd2hwyhq.default FF NewTab: hxxp://start.iminent.com/?ref=NewTab&appId=2447B84F-8617-4F38-BE2D-69FD37AECEA0 FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", ""); FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", ""); FF Homepage: hxxp://www.t-online.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Klaus Verhoeven\AppData\Roaming\Mozilla\Firefox\Profiles\xd2hwyhq.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Klaus Verhoeven\AppData\Roaming\Mozilla\Firefox\Profiles\xd2hwyhq.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Klaus Verhoeven\AppData\Roaming\Mozilla\Firefox\Profiles\xd2hwyhq.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Klaus Verhoeven\AppData\Roaming\Mozilla\Firefox\Profiles\xd2hwyhq.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Klaus Verhoeven\AppData\Roaming\Mozilla\Firefox\Profiles\xd2hwyhq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-09] ========================== Services (Whitelisted) ================= R2 almservice; C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe [1138312 2011-12-11] (SIEMENS AG) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG) S2 CCAgent; C:\Program Files\Common Files\Siemens\ACE\bin\CCAgent.exe [363008 2011-11-02] (SIEMENS AG) S3 CCEClient; C:\Program Files\Common Files\Siemens\ace\bin\CCEClient.exe [264704 2011-11-02] (SIEMENS AG) S2 CCEServer; C:\Program Files\Common Files\Siemens\ace\bin\CCEServer.exe [245248 2011-11-02] (SIEMENS AG) R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation) R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation) R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2011-01-20] (Dell Inc.) R2 ENI Server; C:\Program Files\Rexroth\IndraWorks\IndraLogic\ENI Server\ENI.exe [651264 2011-05-30] (Bosch Rexroth AG) R2 Haufe FabricHostService; C:\Program Files\Lexware\services\Haufe.FabricHostService.exe [14848 2013-10-10] (Haufe-Lexware GmbH & Co. KG) R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) R2 IndraLogic Service Control; C:\Program Files\Rexroth\IndraWorks\GatewayPLC\ServiceControl.exe [446567 2010-04-29] (Bosch Rexroth AG) R2 IndraLogic V11 Gateway; C:\Program Files\Rexroth\IndraWorks\GatewayPLC\GatewayService.exe [1060990 2010-10-08] (Bosch Rexroth AG) R2 IndraWorksService; C:\Program Files\Rexroth\IndraWorks\IndraWorks.Service.exe [94208 2011-06-28] (Bosch Rexroth AG) R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [110752 2010-09-22] (Intel Corporation) R2 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [212944 2011-02-24] (Intel Corporation) R2 Lexware Installations Dienst; C:\Program Files\lexware\installer service\LxInstallerService.exe [24064 2012-10-07] (Haufe-Lexware GmbH & Co. KG) R2 Lexware_Datenbank_Plus; C:\Program Files\SQL Anywhere 12\Bin32\dbsrv12.exe [141176 2012-06-01] (iAnywhere Solutions, Inc.) R2 Lexware_Update_Service; C:\Program Files\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MSSQL$WINCCFLEXEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 MSSQL$WINCCPLUSMIG; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2010-02-11] (O2Micro International) R2 O2SDIOAssist; c:\Windows\system32\srvany.exe [8192 2003-04-19] () S3 OpcEnum; C:\Windows\system32\OPCEnum.exe [225280 2011-06-28] (Bosch Rexroth AG) S3 RedundancyControl; C:\Program Files\Common Files\Siemens\ace\bin\RedundancyControl.exe [486400 2011-11-02] (SIEMENS AG) S3 RedundancyState; C:\Program Files\Common Files\Siemens\ace\bin\RedundancyState.exe [198144 2011-11-02] (SIEMENS AG) S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions) S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions) R2 s7oiehsx; C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [412808 2011-11-04] (SIEMENS AG) R2 S7TraceServiceX; C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [556168 2011-11-04] (SIEMENS AG) S3 SCSFsX; C:\Program Files\Common Files\Siemens\ACE\bin\SCSFsX.exe [101888 2011-11-02] (SIEMENS AG) R2 SCSMonitor; C:\Program Files\Common Files\Siemens\ace\bin\SCSMX.exe [163328 2011-11-02] (SIEMENS AG) S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) U2 smartserver; C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008 Runtime\SmartServer.exe [558416 2011-12-06] (Siemens AG) R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-01-25] (IDT, Inc.) S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2337136 2011-03-04] (Wave Systems Corp.) S3 U7Service; C:\Program Files\Siemens\Step7\S7bin\u7csvrax.exe [36336 2011-04-12] (SIEMENS AG) R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-11-02] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-02] (Western Digital Technologies, Inc.) R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [577536 2010-12-23] (Intel(R) Corporation) ==================== Drivers (Whitelisted) ==================== R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [43888 2010-12-13] (ST Microelectronics) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG) R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2010-08-24] (Broadcom Corporation) R1 dpmconv; C:\Windows\System32\DRIVERS\dpmconv32.sys [288256 2010-05-05] (SIEMENS AG) S3 dpmcslv; C:\Windows\system32\Drivers\dpmcslv.sys [68280 2005-07-04] (Siemens AG) R1 DPMTRCDD; C:\Windows\System32\DRIVERS\DPMTRCDD32.sys [72248 2010-04-12] (SIEMENS AG) R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [238760 2010-10-28] (Intel Corporation) R3 fwkbdrtm; C:\Windows\system32\drivers\fwkbdrtm.sys [21464 2011-12-06] (Windows (R) Win 7 DDK provider) S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [57840 2010-02-12] (Symantec Corporation) R0 hotcore3; C:\Windows\System32\drivers\hotcore3.sys [39472 2007-09-04] (Paragon Software Group) R2 iwrphmem; C:\Windows\system32\drivers\iwrphmem.sys [2816 2008-12-11] (Bosch Rexroth AG) R3 KbdBlock2; C:\Windows\system32\Drivers\KbdBlock2.sys [4608 2005-04-25] (ILLC) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation) S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30368 2010-09-17] (Intel Corporation ) S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation) R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7434240 2010-12-21] (Intel Corporation) S3 O2MDFRDR; C:\Windows\system32\drivers\O2MDFw7.sys [60904 2011-01-04] (O2Micro ) R3 O2MDRRDR; C:\Windows\System32\DRIVERS\O2MDRw7.sys [62440 2011-01-04] (O2Micro ) R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [63976 2011-03-23] (O2Micro ) R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc) R3 S7odpx2x32; C:\Windows\System32\Drivers\S7odpx2x32.sys [87552 2011-05-06] (SIEMENS AG) R2 S7opcsrtx; C:\Windows\System32\DRIVERS\s7opcsrtx.sys [31744 2011-02-22] (SIEMENS AG) R3 S7oppinx32; C:\Windows\System32\Drivers\S7oppinx32.sys [131584 2011-05-06] (SIEMENS AG) R3 s7osmcax32; C:\Windows\System32\Drivers\s7osmcax32.sys [186368 2011-09-29] (SIEMENS AG) R3 S7otranx32; C:\Windows\System32\Drivers\S7otranx32.sys [521216 2011-05-06] (SIEMENS AG) R3 s7otsadx32; C:\Windows\System32\Drivers\s7otsadx32.sys [182784 2011-09-29] (SIEMENS AG) S3 S7OUSBM32X; C:\Windows\System32\DRIVERS\s7ousbm32x.sys [39936 2011-05-06] (SIEMENS AG) R2 s7ousbu32x; C:\Windows\System32\DRIVERS\s7ousbu32x.sys [641280 2011-09-29] (SIEMENS AG) R2 s7sn2srtx; C:\Windows\System32\DRIVERS\s7sn2srtx.sys [63104 2011-06-16] (SIEMENS AG) R2 SNTIE; C:\Windows\System32\DRIVERS\sntie.sys [343888 2011-10-11] (SIEMENS AG) S3 SNTNLUSB; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [35328 2007-04-27] (SafeNet, Inc.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics) S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [32080 2007-09-04] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [131736 2007-09-04] (Paragon) R1 vsnl2ada; C:\Windows\System32\DRIVERS\vsnl2ada32.sys [98944 2010-04-12] (SIEMENS AG) U2 V2iMount; S0 vmci; system32\DRIVERS\vmci.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-23 11:07 - 2014-02-23 11:07 - 00024933 _____ () C:\Users\Klaus Verhoeven\Desktop\FRST.txt 2014-02-23 11:06 - 2014-02-23 11:07 - 00000000 ____D () C:\FRST 2014-02-23 11:04 - 2014-02-23 11:04 - 01142784 _____ (Farbar) C:\Users\Klaus Verhoeven\Desktop\FRST.exe 2014-02-23 08:25 - 2014-02-23 08:25 - 00000716 _____ () C:\Windows\PFRO.log 2014-02-23 08:12 - 2014-02-23 08:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-22 20:41 - 2014-02-23 08:32 - 00000168 _____ () C:\Windows\setupact.log 2014-02-22 20:41 - 2014-02-22 20:41 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-22 20:32 - 2014-02-22 20:33 - 04721144 _____ (Piriform Ltd) C:\Users\Klaus Verhoeven\Downloads\ccsetup410pro.exe 2014-02-22 12:26 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-22 12:26 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-22 12:26 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-22 12:26 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-22 12:26 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-22 12:26 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-22 12:26 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-22 12:26 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-22 12:26 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-22 12:26 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-22 12:26 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-22 12:26 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-22 12:26 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-22 12:26 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-22 12:26 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-22 12:26 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-22 12:26 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-22 12:26 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-22 12:26 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-22 12:26 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-22 12:26 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-22 12:16 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-22 09:00 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-22 09:00 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-22 09:00 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-22 08:59 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-22 08:59 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-22 08:59 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-22 08:59 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-22 08:59 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-22 08:59 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-22 08:59 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-22 08:59 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-22 08:59 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-22 08:59 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-22 08:59 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-22 08:55 - 2014-02-22 08:55 - 06204024 _____ (Auslogics Labs Pty Ltd ) C:\Users\Klaus Verhoeven\Downloads\disk-defrag45setup.exe 2014-02-22 08:55 - 2014-02-22 08:55 - 00001129 _____ () C:\Users\Klaus Verhoeven\Desktop\Auslogics DiskDefrag.lnk 2014-02-22 08:55 - 2014-02-22 08:55 - 00000000 ____D () C:\ProgramData\Auslogics 2014-02-22 08:55 - 2014-02-22 08:55 - 00000000 ____D () C:\Program Files\Auslogics 2014-02-21 07:51 - 2014-02-21 07:51 - 00000714 _____ () C:\protool.dmp 2014-02-05 12:20 - 2014-02-05 12:20 - 04955176 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxXtreme110.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 01340456 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxTool112.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 00129576 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxMail100.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 00106536 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxUISettingsN100.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 00065576 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxPXTree100.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 00051752 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LXCurr100.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 00028200 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxTPSW100.dll 2014-02-05 12:19 - 2014-02-05 12:19 - 00209960 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxBasics100.dll 2014-02-05 12:19 - 2014-02-05 12:19 - 00070184 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxCI12.dll 2014-01-26 09:32 - 2014-01-26 09:32 - 00001614 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-01-26 09:31 - 2014-01-26 09:32 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-01-26 09:31 - 2014-01-26 09:32 - 00000000 ____D () C:\Program Files\iTunes 2014-01-26 09:31 - 2014-01-26 09:31 - 00000000 ____D () C:\Program Files\iPod 2014-01-26 09:28 - 2014-01-26 09:28 - 00000000 ____D () C:\Program Files\Bonjour ==================== One Month Modified Files and Folders ======= 2014-02-23 11:07 - 2014-02-23 11:07 - 00024933 _____ () C:\Users\Klaus Verhoeven\Desktop\FRST.txt 2014-02-23 11:07 - 2014-02-23 11:06 - 00000000 ____D () C:\FRST 2014-02-23 11:04 - 2014-02-23 11:04 - 01142784 _____ (Farbar) C:\Users\Klaus Verhoeven\Desktop\FRST.exe 2014-02-23 10:44 - 2012-06-24 13:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-23 10:05 - 2011-07-14 15:41 - 01492119 _____ () C:\Windows\WindowsUpdate.log 2014-02-23 08:43 - 2009-07-14 05:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-23 08:43 - 2009-07-14 05:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-23 08:32 - 2014-02-22 20:41 - 00000168 _____ () C:\Windows\setupact.log 2014-02-23 08:32 - 2013-09-19 08:22 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat 2014-02-23 08:32 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-23 08:25 - 2014-02-23 08:25 - 00000716 _____ () C:\Windows\PFRO.log 2014-02-23 08:12 - 2014-02-23 08:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-22 20:41 - 2014-02-22 20:41 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-22 20:33 - 2014-02-22 20:32 - 04721144 _____ (Piriform Ltd) C:\Users\Klaus Verhoeven\Downloads\ccsetup410pro.exe 2014-02-22 20:33 - 2012-09-12 08:03 - 00000967 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-02-22 20:33 - 2012-09-12 08:03 - 00000000 ____D () C:\Program Files\CCleaner 2014-02-22 13:20 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2014-02-22 12:56 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-22 12:27 - 2011-10-19 17:03 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-02-22 12:24 - 2010-11-20 22:01 - 01910844 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-22 12:23 - 2013-07-13 02:00 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-22 12:21 - 2011-12-15 15:37 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-22 12:17 - 2009-07-14 03:04 - 00000919 _____ () C:\Windows\win.ini 2014-02-22 12:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-02-22 10:44 - 2012-06-24 13:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-22 10:44 - 2011-10-21 14:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-22 08:55 - 2014-02-22 08:55 - 06204024 _____ (Auslogics Labs Pty Ltd ) C:\Users\Klaus Verhoeven\Downloads\disk-defrag45setup.exe 2014-02-22 08:55 - 2014-02-22 08:55 - 00001129 _____ () C:\Users\Klaus Verhoeven\Desktop\Auslogics DiskDefrag.lnk 2014-02-22 08:55 - 2014-02-22 08:55 - 00000000 ____D () C:\ProgramData\Auslogics 2014-02-22 08:55 - 2014-02-22 08:55 - 00000000 ____D () C:\Program Files\Auslogics 2014-02-22 08:25 - 2012-09-03 22:29 - 00000000 ____D () C:\Users\Klaus Verhoeven\AppData\Roaming\vlc 2014-02-22 08:25 - 2012-06-02 13:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-22 08:25 - 2011-10-19 17:03 - 00000000 ____D () C:\Users\Klaus Verhoeven\AppData\Local\Microsoft Help 2014-02-22 08:25 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-02-22 08:25 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2014-02-22 08:25 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat 2014-02-22 08:24 - 2011-10-21 12:57 - 00000000 ____D () C:\ProgramData\Lexware 2014-02-22 08:24 - 2011-10-10 11:35 - 00000000 ____D () C:\Users\Klaus Verhoeven\AppData\Local\VirtualStore 2014-02-22 08:23 - 2011-10-19 17:03 - 00000000 __RHD () C:\MSOCache 2014-02-22 08:16 - 2011-07-14 16:01 - 00000000 ____D () C:\ProgramData\Sonic 2014-02-21 12:25 - 2012-09-11 08:42 - 00000000 ____D () C:\Users\Klaus Verhoeven\Documents\UseNeXT 2014-02-21 12:25 - 2012-09-11 08:42 - 00000000 ____D () C:\Users\Klaus Verhoeven\AppData\Roaming\UseNeXT 2014-02-21 07:51 - 2014-02-21 07:51 - 00000714 _____ () C:\protool.dmp 2014-02-21 07:49 - 2011-10-21 19:44 - 00001487 _____ () C:\RASETUP.LOG 2014-02-13 10:27 - 2013-11-22 16:51 - 00002107 _____ () C:\Users\Public\Desktop\Lexware plus.lnk 2014-02-11 20:14 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-06 11:38 - 2014-02-22 12:26 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-06 11:20 - 2014-02-22 12:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-06 11:19 - 2014-02-22 12:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-06 11:01 - 2014-02-22 12:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-06 11:00 - 2014-02-22 12:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-06 10:57 - 2014-02-22 12:26 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-06 10:52 - 2014-02-22 12:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-06 10:52 - 2014-02-22 12:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-06 10:49 - 2014-02-22 12:26 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-06 10:47 - 2014-02-22 12:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-06 10:47 - 2014-02-22 12:26 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-06 10:46 - 2014-02-22 12:26 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-06 10:34 - 2014-02-22 12:26 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-06 10:25 - 2014-02-22 12:26 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-06 10:25 - 2014-02-22 12:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-06 10:13 - 2014-02-22 12:26 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-06 10:09 - 2014-02-22 12:26 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-06 10:03 - 2014-02-22 12:26 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-06 09:41 - 2014-02-22 12:26 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-06 09:36 - 2014-02-22 12:26 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-06 09:34 - 2014-02-22 12:26 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 04955176 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxXtreme110.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 01340456 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxTool112.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 00129576 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxMail100.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 00106536 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxUISettingsN100.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 00065576 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxPXTree100.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 00051752 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LXCurr100.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 00028200 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxTPSW100.dll 2014-02-05 12:19 - 2014-02-05 12:19 - 00209960 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxBasics100.dll 2014-02-05 12:19 - 2014-02-05 12:19 - 00070184 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxCI12.dll 2014-01-26 09:32 - 2014-01-26 09:32 - 00001614 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-01-26 09:32 - 2014-01-26 09:31 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-01-26 09:32 - 2014-01-26 09:31 - 00000000 ____D () C:\Program Files\iTunes 2014-01-26 09:31 - 2014-01-26 09:31 - 00000000 ____D () C:\Program Files\iPod 2014-01-26 09:31 - 2011-10-18 20:41 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-01-26 09:28 - 2014-01-26 09:28 - 00000000 ____D () C:\Program Files\Bonjour 2014-01-26 09:27 - 2011-10-18 20:41 - 00000000 ____D () C:\ProgramData\Apple Some content of TEMP: ==================== C:\Users\Klaus Verhoeven\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-20 09:46 ==================== End Of Log ============================ --- --- --- und der additional scan: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-02-2014 01 Ran by Klaus Verhoeven at 2014-02-23 11:08:02 Running from C:\Users\Klaus Verhoeven\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden 32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.22 - STMicroelectronics) ACCONfigurator (HKLM\...\ACCONfigurator) (Version: 3.80.0.4 - DELTALOGIC Automatisierungstechnik GmbH) ACCON-S7-NET (HKLM\...\ACCON-S7-NET) (Version: 2.10.0.0 - DELTALOGIC Automatisierungstechnik GmbH) Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.0.0 - Auslogics Labs Pty Ltd) Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira) BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform) Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.) CyberLink PowerDVD 9.5 (Version: 9.5.1.3225 - CyberLink Corp.) Hidden D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft) Dell Backup and Recovery Manager (HKLM\...\{B7FB9195-E9FC-4316-930E-D799D5D712F7}) (Version: 1.3.1 - Dell Inc.) Dell ControlVault Host Components Installer (Version: 2.0.20.159 - Broadcom Corporation) Hidden Dell Data Protection | Access (HKLM\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00001.000 - Dell Inc.) Dell Data Protection | Access (Version: 01.00.01.000 - Wave Systems Corp) Hidden Dell Data Protection | Access | Drivers (HKLM\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.) Dell Data Protection | Access | Middleware (HKLM\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.) Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc) Dell System Manager (HKLM\...\{43CFE88C-A97B-4875-9BCC-E93EC0EEEEA4}) (Version: 1.6.00000 - Dell Inc.) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.118 - ALPS ELECTRIC CO., LTD.) DellAccess (Version: 01.00.00.078 - Wave Systems Corp.) Hidden DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden EMBASSY Security Center (Version: 04.02.00.072 - Wave Systems Corp.) Hidden ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) Flux Player (HKCU\...\Flux Player) (Version: 3.4.1.3422 - ) Free DWG Viewer 7.2 (HKLM\...\{90751489-B709-4D2F-8634-FEE00BFEC41A}) (Version: 7.2.0.51 - IGC) Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com) Free YouTube to MP3 Converter version 3.10.15.1228 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Ltd.) FreeCommander 2009.02b (HKLM\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski) Gemalto (Version: 01.01.01.0000 - Wave Systems Corp) Hidden HP FWUpdateEDO3 (HKLM\...\{A82D0C46-EBDF-4B27-A731-D06EF2056E81}) (Version: 1.0.0.0 - Hewlett-Packard Company) HP LaserJet Professional CM1410 Series (HKLM\...\{0EF0EA0D-F945-4958-85CC-60FF1E86D216}) (Version: - Hewlett-Packard) HP LJ CM1410 MFP Series HP Scan (HKLM\...\{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}) (Version: 1.0.302.0 - Hewlett-Packard Co.) HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard) HPLaserJetHelp_LearnCenter (HKLM\...\{22FE3793-5961-4ADE-AE66-69D9291C22B1}) (Version: 1.03.0000 - Hewlett-Packard) HPLJUT (Version: 1.00.0012 - HP) Hidden hppCM1410LaserJetService (Version: 001.008.00477 - Hewlett-Packard) Hidden hppFaxDrvCM1410 (Version: 003.000.00001 - Hewlett-Packard) Hidden hppFaxUtilityCM1410 (Version: 000.002.00001 - Hewlett-Packard) Hidden hppLaserJetService (Version: 002.015.00599 - Hewlett-Packard) Hidden hppSendFaxCM1410 (Version: 003.000.00001 - Hewlett-Packard) Hidden hppTLBXFXCM1410 (Version: 001.012.00948 - Hewlett-Packard) Hidden hpzTLBXFX (Version: 006.015.01163 - Hewlett-Packard) Hidden I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) IndraLogic (HKLM\...\{F50F362A-AF43-4187-A34A-984E5F2FCA26}) (Version: 1.80.239.28 #2 - Bosch Rexroth AG) IndraWorks 11.8.225.8 (HKLM\...\{44393E8C-B9D7-48C5-957E-5DB1B9978129}) (Version: 11.8.225.8 - Bosch Rexroth AG) Intel PROSet Wireless (Version: - ) Hidden Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Identity Protection Technology 1.1.2.0 (HKLM\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Network Connections 15.7.176.1 (HKLM\...\PROSetDX) (Version: 15.7.176.1 - Intel) Intel(R) Network Connections 15.7.176.1 (Version: 15.7.176.1 - Intel) Hidden Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2347 - Intel Corporation) Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}) (Version: 14.00.20110 - Intel Corporation) iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java SE Development Kit 7 Update 45 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lexware Datenbank plus 2014 (Version: 14.25.00.0056 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Info Service (Version: 4.01.00.0077 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Installations Dienst (HKLM\...\{2388A683-06AA-4A2E-96B1-65E557E53D1D}) (Version: 2.00.00.0036 - Haufe-Lexware GmbH & Co.KG) Lexware Installations Dienst (Version: 3.01.00.0011 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware online banking (HKLM\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG) Lexware reisekosten 2014 (HKLM\...\{636065ac-e221-4d84-8b21-2b5a191fef2e}) (Version: 14.0.0.81 - Haufe-Lexware GmbH & Co.KG) Lexware reisekosten plus 2014 (Version: 14.04.00.0144 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware reisekosten plus 2014 Client (HKLM\...\{0e9711de-6ec4-48b1-90a5-3bf53bede078}) (Version: 14.0.0.81 - Haufe-Lexware GmbH & Co.KG) Lexware Server Plus 2014 (Version: 14.0.0.56 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Services (Version: 2.00.00.0024 - Haufe-Lexware GmbH & Co.KG) Hidden Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Marketsplash Shortcuts (HKLM\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard) Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office Access database engine 2007 (English) (HKLM\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{0D61D68B-DF5E-4635-82C7-B0C53F0A581B}) (Version: 8.05.2312 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2005 Express Edition (WINCCFLEXEXPRESS) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Express Edition (WINCCPLUSMIG) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden O2Micro Flash Memory Card Windows Driver (HKLM\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.) O2Micro Flash Memory Card Windows Driver (Version: 3.0.07.23 - O2Micro International LTD.) Hidden OPC .NET API 2.00 Redistributables (x86) 101.0 (HKLM\...\{9D8DA9A0-67B7-44DB-A0C3-2D1DC6880B71}) (Version: 2.00.10200 - OPC Foundation) OPC Core Components Redistributable (x86) 101.2 (HKLM\...\{AD9F5DB5-ACE0-4538-A272-88B10A6C93C8}) (Version: 3.00.10102 - OPC Foundation) Paragon Festplatten Manager 2008 Suite (HKLM\...\{E9E4BB29-FA98-401B-9EDE-9906906E33DE}) (Version: - Paragon Software Group) PC-CCID (Version: 2.0.0 - Gemalto) Hidden PDF24 Creator 5.3.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PG-2000 32-Bit (HKLM\...\PG-2000 32-Bit) (Version: - ) PhotoShowExpress (Version: 2.0.063 - Sonic Solutions) Hidden PKZIP Server for Windows 12.40.0008 (HKLM\...\{134A51EB-1BBB-4249-BAF5-494C3D186A06}) (Version: 12.40.0008 - PKWARE, Inc) Preboot Manager (Version: 03.02.00.066 - Wave Systems Corp.) Hidden Private Information Manager (Version: 07.00.00.026 - Wave Systems Corp.) Hidden QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Roxio Activation Module (Version: 1.0 - Roxio) Hidden Roxio BackOnTrack (Version: 1.3.3 - Roxio) Hidden Roxio Burn (Version: 1.8 - Roxio) Hidden Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio) Roxio Creator Starter (Version: 1.0.439 - Roxio) Hidden Roxio Creator Starter (Version: 5.0.0 - Roxio) Hidden Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden Servicepack Datumsaktualisierung (Version: 1.00.00.0005 - Haufe-Lexware) Hidden Siemens Automation License Manager (Version: 05.01.0103 - Siemens AG) Hidden Siemens Automation License Manager V5.1 + SP1 + Upd3 (HKLM\...\{588DC473-0F95-42C4-BBF0-92CCE9FD6D27}LicenseManager) (Version: 05.01.0103 - Siemens AG) SIMATIC STEP 7 (Version: 05.05.0200 - Siemens AG) Hidden SIMATIC STEP 7 V5.5 + SP2 Professional 2010 SR2 (HKLM\...\{7B427E8E-F76D-4C8C-B155-7F24DF46DB67}STEP7) (Version: 05.05.0200 - Siemens AG) SIMATIC CFC (Version: 07.01.0200 - Siemens AG) Hidden SIMATIC CFC V7.1 + SP2 + Upd1 (HKLM\...\{DC791010-8199-4349-8CB4-CA0F0987DB67}CFC) (Version: 07.01.0200 - Siemens AG) SIMATIC Device Drivers (Version: 08.02.0200 - Siemens AG) Hidden SIMATIC HMI License Manager Panel Plugin (Version: 11.00.0100 - Siemens AG) Hidden SIMATIC HMI ProSave (Version: 09.00.0300 - Siemens AG) Hidden SIMATIC HMI Symbol Library (Version: 11.00.0200 - Siemens AG) Hidden SIMATIC OPC-XML-Gateway (Version: 11.00.0200 - Siemens AG) Hidden SIMATIC OPC-XML-Gateway V11.0 + SP2 (HKLM\...\{1C116921-EE11-4B18-96E5-3A3B2F14F10F}OPCXMLWrapper) (Version: 11.00.0200 - Siemens AG) SIMATIC Prosave (Version: 09.00.0300 - Siemens AG) Hidden SIMATIC Prosave V9.0 incl. SP3 (HKLM\...\{AE533A06-4655-41E8-88BB-48293AAF1FA0}Prosave) (Version: 09.00.0300 - Siemens AG) SIMATIC S7 FM 350-1/450-1 Counter V6.0 + SP1 (Version: 6.0.000 - Siemens AG) Hidden SIMATIC S7 FM 350-1/450-1 Counter V6.0 SP1 (HKLM\...\{4F36D56B-9936-4F89-8635-7B06BA177947}S7FCOUNT) (Version: - Siemens AG) SIMATIC S7 FM 350-2 Counter V6.0 + SP1 (Version: 6.0.000 - Siemens AG) Hidden SIMATIC S7 FM 350-2 Counter V6.0 SP1 (HKLM\...\{D1B07A5A-AEFE-4983-86F4-EF9689D28F70}S7FCNT2) (Version: - Siemens AG) SIMATIC S7 FM 351/451 Abs V6.0 + SP1 + HF1 (Version: 6.0.000 - Siemens AG) Hidden SIMATIC S7 FM 351/451 Abs V6.0 SP1 HF1 (HKLM\...\{4D6135D4-C334-4379-B271-4AC2CEF63057}S7FABS) (Version: - Siemens AG) SIMATIC S7 FM 352/452 Cam V6.0 + SP2 (Version: 6.0.000 - Siemens AG) Hidden SIMATIC S7 FM 352/452 Cam V6.0 SP2 (HKLM\...\{7626D907-E7CA-46F3-A89E-94F7B2E0BAC6}S7FCAM) (Version: - Siemens AG) SIMATIC S7 FM 353/FM 354/FM 453 Technology Functions V2.1 + HF1 (Version: 2.01.0001 - Siemens AG) Hidden SIMATIC S7 FM 353/FM 354/FM 453 Technology Functions V2.1 + HF1 (HKLM\...\{F7D73054-4D07-41B2-96C8-247C984C1121}S7FMSTSV_L_TF) (Version: - Siemens AG) SIMATIC S7 FM 355/455 PID Control V6.1 + SP1 (Version: 6.1.0000 - Siemens AG) Hidden SIMATIC S7 FM 355/455 PID Control V6.1 SP1 (HKLM\...\{44AD0853-F169-4B35-B6AD-C6BBEB22F589}S7FPID) (Version: - Siemens AG) SIMATIC S7 FM 355-2 Temperature Control V6.1 + SP1 (Version: 6.1.000 - Siemens AG) Hidden SIMATIC S7 FM 355-2 Temperature Control V6.1 SP1 (HKLM\...\{F7D09FCD-86D3-40BC-ABF5-2F9591CFD087}S7FTPID) (Version: - Siemens AG) SIMATIC S7 FM 453 Servo/Stepp V3.3 + HF3 (Version: 3.03.07 - Siemens AG) Hidden SIMATIC S7 FM 453 Servo/Stepp V3.3 HF3 (HKLM\...\{B086B057-CDCE-400C-AC18-D331174B69D7}S7fupos) (Version: - Siemens AG) SIMATIC S7 FM352-5 V1.2 + SP2 (Version: 01.02.0200 - Siemens AG) Hidden SIMATIC S7 FM352-5 V1.2 SP2 (HKLM\...\{BE9738CF-2C55-42F0-8BE9-3AC3D7B43A5C}FM352-5) (Version: - Siemens AG) SIMATIC S7-GRAPH (Version: 05.03.0700 - Siemens AG) Hidden SIMATIC S7-GRAPH V5.3 + SP7 Professional 2010 SR2 (HKLM\...\{4FF24C45-A4EE-4A99-B287-E3468EC41CBD}S7GRAPH) (Version: 05.03.0700 - Siemens AG) SIMATIC S7-PCT (Version: 02.03.0000 - Siemens AG) Hidden SIMATIC S7-PCT V2.3 Professional 2010 SR2 (HKLM\...\{06AF0F82-E926-48A6-8C5F-ECB195DB2CB4}S7PCT) (Version: 02.03.0000 - Siemens AG) SIMATIC S7-PLCSIM (Version: 5.4.0502 - Siemens AG) Hidden SIMATIC S7-PLCSIM V5.4 + SP5 + Upd2 Professional 2010 SR2 (HKLM\...\{1CBF27F6-24A4-488D-940A-678F1C691C49}PLCSim) (Version: 5.4.0502 - Siemens AG) SIMATIC S7-SCL (Version: 5.3.6.0 - Siemens AG) Hidden SIMATIC S7-SCL V5.3 + SP6 Professional 2010 SR2 (HKLM\...\{5B1B0682-EEC6-4EDD-BAB0-3FEC2E55090D}SCL) (Version: 5.3.6.0 - Siemens AG) SIMATIC VXM V7.1 + SP2 (Version: 07.01.0200 - Siemens AG) Hidden SIMATIC VXM V7.1 SP2 (HKLM\...\{4326566E-EE1C-4BFA-8FFC-80EC807A704D}VXM) (Version: - Siemens AG) SIMATIC WinCC flexible 2008 SP3 (HKLM\...\InstallShield_{4859C171-B826-4B74-ABCE-501B4C725EA2}) (Version: 01.04.0000 - Siemens AG) SIMATIC WinCC flexible OCX (Version: 01.04.0000 - Siemens AG) Hidden SIMATIC WinCC flexible Runtime (Version: 01.04.0000 - Siemens AG) Hidden SIMATIC WinCC flexible Runtime 2008 SP3 (HKLM\...\{BA076DAD-B2E9-4DE6-8DC3-A12C0E569EAC}HmiRTm) (Version: 01.04.0000 - Siemens AG) SIMATIC WinCC flexible Simulator (Version: 01.08.0300 - Siemens AG) Hidden SIMATIC WinCC flexible Tag Simulator (Version: 01.04.0000 - Siemens AG) Hidden Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden STARTER (Version: 04.02.0001 - Siemens AG) Hidden STARTER V4.2.0.1 (HKLM\...\{90B0B1F9-405C-4517-9F9E-AFD8C69624D5}STARTER) (Version: 04.02.0001 - Siemens AG) Studio PDF2 (novaPDF 7.2 printer) (HKLM\...\Studio PDF2_is1) (Version: - Softland) Trusted Drive Manager (Version: 4.0.5.8 - Wave Systems Corp.) Hidden Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft) Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden UseNeXT by Tangysoft (HKLM\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.) VC User 71 RTL X86 --- (Version: 1.0 - redistributed from Microsoft Corporation merge modules) Hidden Visual C++ 2008 x86 Runtime - (v9.0.30729.5578) (Version: 9.0.30729.5578 - Microsoft Corporation) Hidden Visual C++ 2008 x86 Runtime - v9.0.30729.5578 (HKLM\...\{212B6234-BBB0-397F-AB77-8AE5F2668954}.vc_x86runtime_30729_5578) (Version: 9.0.30729.5578 - Microsoft Corporation) VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN) Wave Infrastructure Installer (Version: 07.02.40.0008 - Wave Systems Corp) Hidden Wave Support Software Installer (Version: 05.12.00.012 - Wave Systems Corp) Hidden WD Drive Utilities (HKLM\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.) WD Quick View (HKLM\...\{507B1304-194A-4204-A9D9-9BAAF51EF760}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.) WD Security (HKLM\...\{83270912-15C7-4336-822E-E8F1B1BBCA60}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{FDAEE697-A659-43C5-9520-6DA298EF021E}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM\...\{ba99df5b-3e46-419e-81e2-544352772fda}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.) WinCC flexible (Version: 01.04.0000 - Siemens AG) Hidden WinCC flexible Graphics (Version: 1.04.0000 - Siemens AG) Hidden Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows-Treiberpaket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.) WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) WinStudio v7.2 Service Pack 3 (HKLM\...\{750DC0C8-19B5-4D71-9FC6-E2EC1D5726BE}) (Version: v7.2 SP3 - Rexroth) WinZip (HKLM\...\WinZip) (Version: - ) ==================== Restore Points ========================= 22-02-2014 08:57:37 Geplanter Prüfpunkt 22-02-2014 11:15:31 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {477198C3-B01A-4B8D-B1C6-262C8E388F1E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-22] (Adobe Systems Incorporated) Task: {5EDA8144-3803-4A99-A886-972F2AC451ED} - System32\Tasks\HPLJCustParticipation => C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard) Task: {648943D9-E5CC-43CD-8B3E-0D1D7F632783} - System32\Tasks\Western Digital\SmartWare\____Volume_8bce9bd7_adeb_11e0_b2c5_806e6f6e6963______Volume_e058ad5d_1dd8_11e3_9d5e_5c260a6950b6__ => C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe [2013-11-02] (Western Digital Technologies, Inc.) Task: {6C472F2F-E868-4C40-AC77-FF481925DFBC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {710F336F-28AA-4AC1-AAC6-5D3EA227F899} - System32\Tasks\Western Digital\SmartWare\____Volume_e91bc112_fa62_11e0_9ea2_5c260a6950b6______Volume_e058ad5d_1dd8_11e3_9d5e_5c260a6950b6__ => C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe [2013-11-02] (Western Digital Technologies, Inc.) Task: {83C2DE5A-5755-4616-ADB6-99578554BB09} - System32\Tasks\Western Digital\SmartWare\____Volume_e91bc119_fa62_11e0_9ea2_5c260a6950b6______Volume_e058ad5d_1dd8_11e3_9d5e_5c260a6950b6__ => C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe [2013-11-02] (Western Digital Technologies, Inc.) Task: {BE565EA5-4BF5-4E39-B9C9-1E98B1CC34A9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2012-11-04 17:05 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 2011-03-07 16:08 - 2011-03-07 16:08 - 00869376 _____ () C:\Program Files\Common Files\Siemens\SWS\PlugIns\SCP\Scpwin32.dll 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2011-10-19 20:04 - 1998-10-17 06:00 - 00034304 _____ () C:\Program Files\WinZip\WZSHLEXT.DLL 2011-10-19 18:33 - 2011-05-28 21:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll 2011-07-14 15:43 - 2003-04-19 03:06 - 00008192 _____ () c:\Windows\system32\srvany.exe 2011-06-14 18:20 - 2011-06-14 18:20 - 00405504 _____ () C:\Windows\system32\sn_regbase.dll 2011-12-06 22:11 - 2011-12-06 22:11 - 00061776 _____ () C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008 Runtime\zlib.dll 2011-07-14 17:22 - 2011-03-28 18:55 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll 2013-09-26 12:20 - 2013-09-26 12:20 - 00176168 _____ () C:\Program Files\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll 2013-09-26 12:20 - 2013-09-26 12:20 - 00043048 _____ () C:\Program Files\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll 2014-01-21 21:40 - 2014-01-21 21:40 - 00042496 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2013-12-19 17:36 - 2013-12-19 17:36 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll 2011-12-14 00:10 - 2011-12-14 00:10 - 00015872 _____ () C:\Program Files\SIEMENS\SIMATIC WinCC flexible\WinCC flexible 2008\common.base.licutil.dll 2008-11-13 12:14 - 2008-11-13 12:14 - 00036864 _____ () C:\Program Files\SIEMENS\SIMATIC WinCC flexible\WinCC flexible 2008\extern\Browser.dll 2014-02-23 08:12 - 2014-02-23 08:12 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:9A32E6D3 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Gateway Control.lnk => C:\Windows\pss\Gateway Control.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Gateway Server.lnk => C:\Windows\pss\Gateway Server.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" MSCONFIG\startupreg: ENISysTray => "C:\Program Files\Rexroth\IndraWorks\IndraLogic\ENI Server\ENISysTray.exe" MSCONFIG\startupreg: FreeFallProtection => C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui MSCONFIG\startupreg: ToolboxFX => "C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/23/2014 08:32:48 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/23/2014 08:26:29 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/23/2014 00:39:06 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/23/2014 00:39:04 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (02/22/2014 08:41:54 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/22/2014 08:21:20 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/22/2014 03:33:48 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/22/2014 00:30:14 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/22/2014 09:57:59 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/22/2014 09:57:57 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. System errors: ============= Error: (02/23/2014 08:32:14 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error: (02/23/2014 08:25:44 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error: (02/22/2014 08:41:52 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error: (02/22/2014 08:21:20 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error: (02/22/2014 03:33:48 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error: (02/22/2014 00:30:15 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error: (02/22/2014 09:09:01 AM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (02/22/2014 08:49:28 AM) (Source: Service Control Manager) (User: ) Description: Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (02/22/2014 08:48:51 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "IndraWorksService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (02/22/2014 08:48:51 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (120000 ms) wurde beim Verbindungsversuch mit dem Dienst IndraWorksService erreicht. Microsoft Office Sessions: ========================= Error: (02/23/2014 08:32:48 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/23/2014 08:26:29 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/23/2014 00:39:06 AM) (Source: SideBySide)(User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\O2Micro\Oz600\DPInst64.exe Error: (02/23/2014 00:39:04 AM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*c:\program files\freecommander\DelZip179.dllc:\program files\freecommander\DelZip179.dll8 Error: (02/22/2014 08:41:54 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/22/2014 08:21:20 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/22/2014 03:33:48 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/22/2014 00:30:14 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/22/2014 09:57:59 AM) (Source: SideBySide)(User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\O2Micro\Oz600\DPInst64.exe Error: (02/22/2014 09:57:57 AM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*c:\program files\freecommander\DelZip179.dllc:\program files\freecommander\DelZip179.dll8 ==================== Memory info =========================== Percentage of memory in use: 58% Total physical RAM: 3240.9 MB Available physical RAM: 1331.48 MB Total Pagefile: 6480.09 MB Available Pagefile: 3462.74 MB Total Virtual: 2047.88 MB Available Virtual: 1893.24 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:93.3 GB) (Free:18.86 GB) NTFS Drive d: (DATA) (Fixed) (Total:125.52 GB) (Free:19.13 GB) NTFS Drive e: (WD Unlocker) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:748.12 GB) NTFS Drive z: (Lizenz) (Fixed) (Total:1.27 GB) (Free:1.22 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 9FD14953) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=13 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=93 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=127 GB) - (Type=OF Extended) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 00023F15) Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
24.02.2014, 13:30 | #4 |
| Trojaner PUP.Optional.xxx eingefangen Servus Schrauber, kann ich sonst noch was prüfen? Greetings Klaus |
25.02.2014, 13:00 | #5 |
/// the machine /// TB-Ausbilder | Trojaner PUP.Optional.xxx eingefangen hi, Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
26.02.2014, 21:04 | #6 |
| Trojaner PUP.Optional.xxx eingefangen Danke Schrauber, leider hat mich der Job in die Schweiz verschlagen, komme erst am WE zurück und melde mich dann. Grüezi Klaus |
27.02.2014, 18:28 | #7 |
/// the machine /// TB-Ausbilder | Trojaner PUP.Optional.xxx eingefangen ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.03.2014, 08:57 | #8 |
| Trojaner PUP.Optional.xxx eingefangen Servus, jetzt aber, here we go: 1. AdwCleaner AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.020 - Bericht erstellt am 03/03/2014 um 08:02:09 # Aktualisiert 27/02/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzername : Klaus Verhoeven - KLAUSVERHOEVEN # Gestartet von : C:\Users\Klaus Verhoeven\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE} Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v27.0.1 (de) [ Datei : C:\Users\Klaus Verhoeven\AppData\Roaming\Mozilla\Firefox\Profiles\xd2hwyhq.default\prefs.js ] Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://start.iminent.com/?ref=NewTab&appId=2447B84F-8617-4F38-BE2D-69FD37AECEA0"); Zeile gelöscht : user_pref("extensions.iminent.admin", false); Zeile gelöscht : user_pref("extensions.iminent.aflt", "orgnl"); Zeile gelöscht : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}"); Zeile gelöscht : user_pref("extensions.iminent.autoRvrt", "false"); Zeile gelöscht : user_pref("extensions.iminent.dfltLng", ""); Zeile gelöscht : user_pref("extensions.iminent.excTlbr", false); Zeile gelöscht : user_pref("extensions.iminent.ffxUnstlRst", false); Zeile gelöscht : user_pref("extensions.iminent.id", "d00adcbc000000000000a088b46e19e9"); Zeile gelöscht : user_pref("extensions.iminent.instlDay", "15986"); Zeile gelöscht : user_pref("extensions.iminent.instlRef", ""); Zeile gelöscht : user_pref("extensions.iminent.newTab", false); Zeile gelöscht : user_pref("extensions.iminent.prdct", "iminent"); Zeile gelöscht : user_pref("extensions.iminent.prtnrId", "iminent"); Zeile gelöscht : user_pref("extensions.iminent.rvrt", "false"); Zeile gelöscht : user_pref("extensions.iminent.smplGrp", "none"); Zeile gelöscht : user_pref("extensions.iminent.tlbrId", "base"); Zeile gelöscht : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q="); Zeile gelöscht : user_pref("extensions.iminent.vrsn", "1.8.25.0"); Zeile gelöscht : user_pref("extensions.iminent.vrsnTs", "1.8.25.015:06:03"); Zeile gelöscht : user_pref("extensions.iminent.vrsni", "1.8.25.0"); Zeile gelöscht : user_pref("iminent.LayoutId", "1"); Zeile gelöscht : user_pref("iminent.ShowThankyouPixel", "0"); Zeile gelöscht : user_pref("iminent.registerToolbarEvent102", "1381304780059"); Zeile gelöscht : user_pref("iminent.version", "7.36.1.1"); Zeile gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.36.1.1\",\"InstallEventCTime\":1381154648967,\"InstallEvent\":\"True\"}"); ************************* AdwCleaner[R1].txt - [4085 octets] - [03/03/2014 08:00:04] AdwCleaner[S1].txt - [4006 octets] - [03/03/2014 08:02:09] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4066 octets] ########## [/CODE] 2. JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 7 Professional x86 Ran by Klaus Verhoeven on 03.03.2014 at 8:12:28,14 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3312331 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6907B544-25A8-4F7E-A3DE-BEDA547B9CF3} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn" Successfully deleted: [Folder] "C:\Users\Klaus Verhoeven\appdata\locallow\datamngr" Successfully deleted: [Folder] "C:\Program Files\free video converter" Successfully deleted: [Empty Folder] C:\Users\Klaus Verhoeven\appdata\local\{31C0DE9B-7F13-4C75-AEE5-6CF4EA733D62} Successfully deleted: [Empty Folder] C:\Users\Klaus Verhoeven\appdata\local\{5C257029-0486-477C-AA28-8F2BCCA1063D} Successfully deleted: [Empty Folder] C:\Users\Klaus Verhoeven\appdata\local\{F6F62842-841C-4F74-8717-0B80B64740ED} ~~~ FireFox Emptied folder: C:\Users\Klaus Verhoeven\AppData\Roaming\mozilla\firefox\profiles\xd2hwyhq.default\minidumps [380 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 03.03.2014 at 8:15:27,17 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter FRST Logfile: Besten Dank Klaus |
04.03.2014, 09:07 | #9 |
/// the machine /// TB-Ausbilder | Trojaner PUP.Optional.xxx eingefangenESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.03.2014, 12:31 | #10 |
| Trojaner PUP.Optional.xxx eingefangen Servus, der Online-Scan lief ja ewig und gestern zwang mich der Job auch noch on tour Hier das log file des ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=349015d3b84de54b8454a929b01f63ae # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-01-22 09:44:58 # local_time=2012-01-22 10:44:58 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 4666847 4666847 0 0 # compatibility_mode=5893 16776573 100 94 127405 78891232 0 0 # compatibility_mode=8192 67108863 100 0 3827 3827 0 0 # scanned=311989 # found=4 # cleaned=4 # scan_time=8656 C:\Users\Klaus Verhoeven\AppData\Local\Babylon\Setup\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Klaus Verhoeven\AppData\Local\Temp\F35A75CF-BAB0-7891-8251-14C8070EB049\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Klaus Verhoeven\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe a variant of Win32/SweetIM.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Klaus Verhoeven\Downloads\SweetImSetup.exe a variant of Win32/SweetIM.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=349015d3b84de54b8454a929b01f63ae # engine=17304 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-03-05 10:35:06 # local_time=2014-03-05 11:35:06 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 97 101843 259435396 94618 0 # compatibility_mode=5893 16776574 100 94 19587865 145646897 0 0 # scanned=837105 # found=0 # cleaned=0 # scan_time=6563 Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED! Danke und Gruß Klaus Wer lesen kann, ist klar im Vorteil ... hab das FRST log vergessen Here we go: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-03-2014 Ran by Klaus Verhoeven (administrator) on KLAUSVERHOEVEN on 06-03-2014 12:29:20 Running from C:\Users\Klaus Verhoeven\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\aestsrv.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dell Inc.) c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe (Siemens AG) C:\PROGRAM FILES\COMMON FILES\SIEMENS\ALMPANELPLUGIN\ALMPANELPLUGIN.EXE (HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Bosch Rexroth AG) C:\Program Files\Rexroth\IndraWorks\GatewayPLC\ServiceControl.exe (Bosch Rexroth AG) C:\Program Files\Rexroth\IndraWorks\GatewayPLC\GatewayService.exe (Bosch Rexroth AG) C:\Program Files\Rexroth\IndraWorks\IndraWorks.Service.exe (Intel Corporation) C:\Windows\system32\IProsetMonitor.exe (Intel Corporation) C:\Program Files\Intel\Services\IPT\jhi_service.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files\lexware\installer service\LxInstallerService.exe (iAnywhere Solutions, Inc.) C:\Program Files\SQL Anywhere 12\Bin32\dbsrv12.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files\Lexware\Update Service\Hmg.InstallationService.Service.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe () c:\Windows\system32\srvany.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (O2Micro.) c:\Windows\system32\SDIOAssist.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\ace\bin\SCSMX.exe (Siemens AG) C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008 Runtime\SmartServer.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\SimNetCom\PNIOMGR.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Bosch Rexroth AG) C:\Program Files\Rexroth\IndraWorks\IndraLogic\ENI Server\ENI.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Hewlett-Packard Company) C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Western Digital) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (SIEMENS AG) C:\Program Files\SIEMENS\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubtoox.exe (Apple Inc.) C:\Programme\iTunes\iTunesHelper.exe (SIEMENS AG) C:\Program Files\SIEMENS\SIMATIC WinCC flexible\WinCC flexible 2008\HmiES.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (iAnywhere Solutions, Inc.) C:\Program Files\Common Files\Siemens\Sqlany\dbsrv9.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\SWS\almsrv\almsrvbubblex.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe (SIEMENS AG) C:\Program Files\Common Files\Siemens\SimNetCom\pniopcac.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files\Lexware\services\Haufe.FabricHostService.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [501104 2011-04-05] (Alps Electric Co., Ltd.) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [536668 2011-01-25] (IDT, Inc.) HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1210640 2010-12-23] (Intel(R) Corporation) HKLM\...\Run: [IMSS] - C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation) HKLM\...\Run: [PDVD9LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.) HKLM\...\Run: [DBRMTray] - C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [HP LaserJet Professional CM1410 Series Fax] - C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [2459192 2010-08-24] (Hewlett-Packard Company) HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH) HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM\...\Run: [] - [X] HKLM\...\Run: [WD Drive Unlocker] - C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital) HKLM\...\Run: [WD Quick View] - C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.) HKLM\...\Run: [WinCC flexible Smart Start] - C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe [118784 2011-12-14] (SIEMENS AG) HKLM\...\Run: [S7UB Start] - C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe [102453 2010-06-03] (SIEMENS AG) HKLM\...\Run: [LexwareInfoService] - C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-17] (Haufe-Lexware GmbH & Co. KG) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [iTunesHelper] - C:\Programme\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.) HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-05] (Microsoft) Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.) HKU\S-1-5-21-423341099-3081215641-531963784-1000\...\Run: [CCleaner Monitoring] - C:\Program Files\CCleaner\CCleaner.exe [4455704 2014-01-21] (Piriform Ltd) HKU\S-1-5-21-423341099-3081215641-531963784-1000\...\MountPoints2: {a6589f29-20fc-11e3-8c97-806e6f6e6963} - "E:\WD Drive Unlock.exe" autoplay=true Lsa: [Authentication Packages] msv1_0 wvauth ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {10A31331-F927-4097-9A1A-F550A8D56245} URL = BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Klaus Verhoeven\AppData\Roaming\Mozilla\Firefox\Profiles\xd2hwyhq.default FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", ""); FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", ""); FF Homepage: hxxp://www.t-online.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Klaus Verhoeven\AppData\Roaming\Mozilla\Firefox\Profiles\xd2hwyhq.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Klaus Verhoeven\AppData\Roaming\Mozilla\Firefox\Profiles\xd2hwyhq.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Klaus Verhoeven\AppData\Roaming\Mozilla\Firefox\Profiles\xd2hwyhq.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Klaus Verhoeven\AppData\Roaming\Mozilla\Firefox\Profiles\xd2hwyhq.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Klaus Verhoeven\AppData\Roaming\Mozilla\Firefox\Profiles\xd2hwyhq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-09] ========================== Services (Whitelisted) ================= R2 almservice; C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe [1138312 2011-12-11] (SIEMENS AG) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG) S2 CCAgent; C:\Program Files\Common Files\Siemens\ACE\bin\CCAgent.exe [363008 2011-11-02] (SIEMENS AG) S3 CCEClient; C:\Program Files\Common Files\Siemens\ace\bin\CCEClient.exe [264704 2011-11-02] (SIEMENS AG) S2 CCEServer; C:\Program Files\Common Files\Siemens\ace\bin\CCEServer.exe [245248 2011-11-02] (SIEMENS AG) R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation) R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation) R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2011-01-20] (Dell Inc.) R2 ENI Server; C:\Program Files\Rexroth\IndraWorks\IndraLogic\ENI Server\ENI.exe [651264 2011-05-30] (Bosch Rexroth AG) R2 Haufe FabricHostService; C:\Program Files\Lexware\services\Haufe.FabricHostService.exe [14848 2013-10-10] (Haufe-Lexware GmbH & Co. KG) R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) R2 IndraLogic Service Control; C:\Program Files\Rexroth\IndraWorks\GatewayPLC\ServiceControl.exe [446567 2010-04-29] (Bosch Rexroth AG) R2 IndraLogic V11 Gateway; C:\Program Files\Rexroth\IndraWorks\GatewayPLC\GatewayService.exe [1060990 2010-10-08] (Bosch Rexroth AG) R2 IndraWorksService; C:\Program Files\Rexroth\IndraWorks\IndraWorks.Service.exe [94208 2011-06-28] (Bosch Rexroth AG) R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [110752 2010-09-22] (Intel Corporation) R2 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [212944 2011-02-24] (Intel Corporation) R2 Lexware Installations Dienst; C:\Program Files\lexware\installer service\LxInstallerService.exe [24064 2012-10-07] (Haufe-Lexware GmbH & Co. KG) R2 Lexware_Datenbank_Plus; C:\Program Files\SQL Anywhere 12\Bin32\dbsrv12.exe [141176 2012-06-01] (iAnywhere Solutions, Inc.) R2 Lexware_Update_Service; C:\Program Files\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MSSQL$WINCCFLEXEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 MSSQL$WINCCPLUSMIG; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2010-02-11] (O2Micro International) R2 O2SDIOAssist; c:\Windows\system32\srvany.exe [8192 2003-04-19] () S3 OpcEnum; C:\Windows\system32\OPCEnum.exe [225280 2011-06-28] (Bosch Rexroth AG) S3 RedundancyControl; C:\Program Files\Common Files\Siemens\ace\bin\RedundancyControl.exe [486400 2011-11-02] (SIEMENS AG) S3 RedundancyState; C:\Program Files\Common Files\Siemens\ace\bin\RedundancyState.exe [198144 2011-11-02] (SIEMENS AG) S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions) S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions) R2 s7oiehsx; C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [412808 2011-11-04] (SIEMENS AG) R2 S7TraceServiceX; C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [556168 2011-11-04] (SIEMENS AG) S3 SCSFsX; C:\Program Files\Common Files\Siemens\ACE\bin\SCSFsX.exe [101888 2011-11-02] (SIEMENS AG) R2 SCSMonitor; C:\Program Files\Common Files\Siemens\ace\bin\SCSMX.exe [163328 2011-11-02] (SIEMENS AG) S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) U2 smartserver; C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008 Runtime\SmartServer.exe [558416 2011-12-06] (Siemens AG) R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-01-25] (IDT, Inc.) S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2337136 2011-03-04] (Wave Systems Corp.) S3 U7Service; C:\Program Files\Siemens\Step7\S7bin\u7csvrax.exe [36336 2011-04-12] (SIEMENS AG) R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-11-02] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-02] (Western Digital Technologies, Inc.) R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [577536 2010-12-23] (Intel(R) Corporation) ==================== Drivers (Whitelisted) ==================== R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [43888 2010-12-13] (ST Microelectronics) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG) R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2010-08-24] (Broadcom Corporation) R1 dpmconv; C:\Windows\System32\DRIVERS\dpmconv32.sys [288256 2010-05-05] (SIEMENS AG) S3 dpmcslv; C:\Windows\system32\Drivers\dpmcslv.sys [68280 2005-07-04] (Siemens AG) R1 DPMTRCDD; C:\Windows\System32\DRIVERS\DPMTRCDD32.sys [72248 2010-04-12] (SIEMENS AG) R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [238760 2010-10-28] (Intel Corporation) R3 fwkbdrtm; C:\Windows\system32\drivers\fwkbdrtm.sys [21464 2011-12-06] (Windows (R) Win 7 DDK provider) S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [57840 2010-02-12] (Symantec Corporation) R0 hotcore3; C:\Windows\System32\drivers\hotcore3.sys [39472 2007-09-04] (Paragon Software Group) R2 iwrphmem; C:\Windows\system32\drivers\iwrphmem.sys [2816 2008-12-11] (Bosch Rexroth AG) R3 KbdBlock2; C:\Windows\system32\Drivers\KbdBlock2.sys [4608 2005-04-25] (ILLC) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation) S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30368 2010-09-17] (Intel Corporation ) S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation) R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7434240 2010-12-21] (Intel Corporation) S3 O2MDFRDR; C:\Windows\system32\drivers\O2MDFw7.sys [60904 2011-01-04] (O2Micro ) R3 O2MDRRDR; C:\Windows\System32\DRIVERS\O2MDRw7.sys [62440 2011-01-04] (O2Micro ) R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [63976 2011-03-23] (O2Micro ) R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc) R3 S7odpx2x32; C:\Windows\System32\Drivers\S7odpx2x32.sys [87552 2011-05-06] (SIEMENS AG) R2 S7opcsrtx; C:\Windows\System32\DRIVERS\s7opcsrtx.sys [31744 2011-02-22] (SIEMENS AG) R3 S7oppinx32; C:\Windows\System32\Drivers\S7oppinx32.sys [131584 2011-05-06] (SIEMENS AG) R3 s7osmcax32; C:\Windows\System32\Drivers\s7osmcax32.sys [186368 2011-09-29] (SIEMENS AG) R3 S7otranx32; C:\Windows\System32\Drivers\S7otranx32.sys [521216 2011-05-06] (SIEMENS AG) R3 s7otsadx32; C:\Windows\System32\Drivers\s7otsadx32.sys [182784 2011-09-29] (SIEMENS AG) S3 S7OUSBM32X; C:\Windows\System32\DRIVERS\s7ousbm32x.sys [39936 2011-05-06] (SIEMENS AG) R2 s7ousbu32x; C:\Windows\System32\DRIVERS\s7ousbu32x.sys [641280 2011-09-29] (SIEMENS AG) R2 s7sn2srtx; C:\Windows\System32\DRIVERS\s7sn2srtx.sys [63104 2011-06-16] (SIEMENS AG) R2 SNTIE; C:\Windows\System32\DRIVERS\sntie.sys [343888 2011-10-11] (SIEMENS AG) S3 SNTNLUSB; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [35328 2007-04-27] (SafeNet, Inc.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics) S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [32080 2007-09-04] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [131736 2007-09-04] (Paragon) R1 vsnl2ada; C:\Windows\System32\DRIVERS\vsnl2ada32.sys [98944 2010-04-12] (SIEMENS AG) U2 V2iMount; S0 vmci; system32\DRIVERS\vmci.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-06 12:29 - 2014-03-06 12:29 - 00024561 _____ () C:\Users\Klaus Verhoeven\Desktop\FRST.txt 2014-03-04 09:41 - 2014-03-04 09:41 - 00987425 _____ () C:\Users\Klaus Verhoeven\Desktop\SecurityCheck.exe 2014-03-04 09:40 - 2014-03-04 09:40 - 02347384 _____ (ESET) C:\Users\Klaus Verhoeven\Downloads\esetsmartinstaller_enu(1).exe 2014-03-03 08:18 - 2014-03-03 08:18 - 00000000 ____D () C:\Users\Klaus Verhoeven\Desktop\FRST-OlderVersion 2014-03-03 08:12 - 2014-03-03 08:12 - 00000000 ____D () C:\Windows\ERUNT 2014-03-03 08:07 - 2014-03-03 08:07 - 01037734 _____ (Thisisu) C:\Users\Klaus Verhoeven\Desktop\JRT.exe 2014-03-03 07:59 - 2014-03-03 08:02 - 00000000 ____D () C:\AdwCleaner 2014-03-03 07:57 - 2014-03-03 07:57 - 01244192 _____ () C:\Users\Klaus Verhoeven\Desktop\adwcleaner.exe 2014-02-28 07:23 - 2014-02-28 07:23 - 03451392 _____ (uvnc bvba ) C:\Users\Klaus Verhoeven\Downloads\UltraVNC_1_1_9_X86_Setup.exe 2014-02-23 11:06 - 2014-03-06 12:29 - 00000000 ____D () C:\FRST 2014-02-23 11:04 - 2014-03-03 08:18 - 01145344 _____ (Farbar) C:\Users\Klaus Verhoeven\Desktop\FRST.exe 2014-02-23 08:25 - 2014-03-01 14:29 - 00135596 _____ () C:\Windows\PFRO.log 2014-02-23 08:12 - 2014-02-23 08:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-22 20:41 - 2014-03-03 08:03 - 00000392 _____ () C:\Windows\setupact.log 2014-02-22 20:41 - 2014-02-22 20:41 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-22 20:32 - 2014-02-22 20:33 - 04721144 _____ (Piriform Ltd) C:\Users\Klaus Verhoeven\Downloads\ccsetup410pro.exe 2014-02-22 12:26 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-22 12:26 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-22 12:26 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-22 12:26 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-22 12:26 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-22 12:26 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-22 12:26 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-22 12:26 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-22 12:26 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-22 12:26 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-22 12:26 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-22 12:26 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-22 12:26 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-22 12:26 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-22 12:26 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-22 12:26 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-22 12:26 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-22 12:26 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-22 12:26 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-22 12:26 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-22 12:26 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-22 12:16 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-22 09:00 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-22 09:00 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-22 09:00 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-22 08:59 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-22 08:59 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-22 08:59 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-22 08:59 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-22 08:59 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-22 08:59 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-22 08:59 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-22 08:59 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-22 08:59 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-22 08:59 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-22 08:59 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-22 08:55 - 2014-02-22 08:55 - 06204024 _____ (Auslogics Labs Pty Ltd ) C:\Users\Klaus Verhoeven\Downloads\disk-defrag45setup.exe 2014-02-22 08:55 - 2014-02-22 08:55 - 00001129 _____ () C:\Users\Klaus Verhoeven\Desktop\Auslogics DiskDefrag.lnk 2014-02-22 08:55 - 2014-02-22 08:55 - 00000000 ____D () C:\ProgramData\Auslogics 2014-02-22 08:55 - 2014-02-22 08:55 - 00000000 ____D () C:\Program Files\Auslogics 2014-02-21 07:51 - 2014-02-21 07:51 - 00000714 _____ () C:\protool.dmp 2014-02-05 12:20 - 2014-02-05 12:20 - 04955176 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxXtreme110.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 01340456 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxTool112.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 00129576 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxMail100.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 00106536 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxUISettingsN100.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 00065576 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxPXTree100.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 00051752 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LXCurr100.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 00028200 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxTPSW100.dll 2014-02-05 12:19 - 2014-02-05 12:19 - 00209960 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxBasics100.dll 2014-02-05 12:19 - 2014-02-05 12:19 - 00070184 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxCI12.dll ==================== One Month Modified Files and Folders ======= 2014-03-06 12:29 - 2014-03-06 12:29 - 00024561 _____ () C:\Users\Klaus Verhoeven\Desktop\FRST.txt 2014-03-06 12:29 - 2014-02-23 11:06 - 00000000 ____D () C:\FRST 2014-03-06 11:44 - 2012-06-24 13:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-06 10:46 - 2011-07-14 15:41 - 01739222 _____ () C:\Windows\WindowsUpdate.log 2014-03-04 09:44 - 2010-11-20 22:01 - 01896980 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-04 09:41 - 2014-03-04 09:41 - 00987425 _____ () C:\Users\Klaus Verhoeven\Desktop\SecurityCheck.exe 2014-03-04 09:40 - 2014-03-04 09:40 - 02347384 _____ (ESET) C:\Users\Klaus Verhoeven\Downloads\esetsmartinstaller_enu(1).exe 2014-03-03 13:27 - 2011-10-21 12:57 - 00000000 ____D () C:\ProgramData\Lexware 2014-03-03 08:18 - 2014-03-03 08:18 - 00000000 ____D () C:\Users\Klaus Verhoeven\Desktop\FRST-OlderVersion 2014-03-03 08:18 - 2014-02-23 11:04 - 01145344 _____ (Farbar) C:\Users\Klaus Verhoeven\Desktop\FRST.exe 2014-03-03 08:12 - 2014-03-03 08:12 - 00000000 ____D () C:\Windows\ERUNT 2014-03-03 08:12 - 2009-07-14 05:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-03 08:12 - 2009-07-14 05:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-03 08:07 - 2014-03-03 08:07 - 01037734 _____ (Thisisu) C:\Users\Klaus Verhoeven\Desktop\JRT.exe 2014-03-03 08:04 - 2013-09-19 08:22 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat 2014-03-03 08:03 - 2014-02-22 20:41 - 00000392 _____ () C:\Windows\setupact.log 2014-03-03 08:03 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-03 08:02 - 2014-03-03 07:59 - 00000000 ____D () C:\AdwCleaner 2014-03-03 07:57 - 2014-03-03 07:57 - 01244192 _____ () C:\Users\Klaus Verhoeven\Desktop\adwcleaner.exe 2014-03-02 03:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-03-01 14:29 - 2014-02-23 08:25 - 00135596 _____ () C:\Windows\PFRO.log 2014-02-28 07:23 - 2014-02-28 07:23 - 03451392 _____ (uvnc bvba ) C:\Users\Klaus Verhoeven\Downloads\UltraVNC_1_1_9_X86_Setup.exe 2014-02-24 16:14 - 2011-10-10 11:35 - 00000000 ____D () C:\Users\Klaus Verhoeven\AppData\Local\VirtualStore 2014-02-24 13:57 - 2012-09-11 08:42 - 00000000 ____D () C:\Users\Klaus Verhoeven\AppData\Roaming\UseNeXT 2014-02-24 13:54 - 2012-09-11 08:42 - 00000000 ____D () C:\Users\Klaus Verhoeven\Documents\UseNeXT 2014-02-24 07:52 - 2012-06-02 13:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-23 08:12 - 2014-02-23 08:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-22 20:41 - 2014-02-22 20:41 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-22 20:33 - 2014-02-22 20:32 - 04721144 _____ (Piriform Ltd) C:\Users\Klaus Verhoeven\Downloads\ccsetup410pro.exe 2014-02-22 20:33 - 2012-09-12 08:03 - 00000967 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-02-22 20:33 - 2012-09-12 08:03 - 00000000 ____D () C:\Program Files\CCleaner 2014-02-22 13:20 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2014-02-22 12:27 - 2011-10-19 17:03 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-02-22 12:23 - 2013-07-13 02:00 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-22 12:21 - 2011-12-15 15:37 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-22 12:17 - 2009-07-14 03:04 - 00000919 _____ () C:\Windows\win.ini 2014-02-22 12:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-02-22 10:44 - 2012-06-24 13:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-22 10:44 - 2011-10-21 14:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-22 08:55 - 2014-02-22 08:55 - 06204024 _____ (Auslogics Labs Pty Ltd ) C:\Users\Klaus Verhoeven\Downloads\disk-defrag45setup.exe 2014-02-22 08:55 - 2014-02-22 08:55 - 00001129 _____ () C:\Users\Klaus Verhoeven\Desktop\Auslogics DiskDefrag.lnk 2014-02-22 08:55 - 2014-02-22 08:55 - 00000000 ____D () C:\ProgramData\Auslogics 2014-02-22 08:55 - 2014-02-22 08:55 - 00000000 ____D () C:\Program Files\Auslogics 2014-02-22 08:25 - 2012-09-03 22:29 - 00000000 ____D () C:\Users\Klaus Verhoeven\AppData\Roaming\vlc 2014-02-22 08:25 - 2011-10-19 17:03 - 00000000 ____D () C:\Users\Klaus Verhoeven\AppData\Local\Microsoft Help 2014-02-22 08:25 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-02-22 08:25 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2014-02-22 08:25 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat 2014-02-22 08:23 - 2011-10-19 17:03 - 00000000 __RHD () C:\MSOCache 2014-02-22 08:16 - 2011-07-14 16:01 - 00000000 ____D () C:\ProgramData\Sonic 2014-02-21 07:51 - 2014-02-21 07:51 - 00000714 _____ () C:\protool.dmp 2014-02-21 07:49 - 2011-10-21 19:44 - 00001487 _____ () C:\RASETUP.LOG 2014-02-13 10:27 - 2013-11-22 16:51 - 00002107 _____ () C:\Users\Public\Desktop\Lexware plus.lnk 2014-02-11 20:14 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-06 11:38 - 2014-02-22 12:26 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-06 11:20 - 2014-02-22 12:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-06 11:19 - 2014-02-22 12:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-06 11:01 - 2014-02-22 12:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-06 11:00 - 2014-02-22 12:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-06 10:57 - 2014-02-22 12:26 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-06 10:52 - 2014-02-22 12:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-06 10:52 - 2014-02-22 12:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-06 10:49 - 2014-02-22 12:26 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-06 10:47 - 2014-02-22 12:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-06 10:47 - 2014-02-22 12:26 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-06 10:46 - 2014-02-22 12:26 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-06 10:34 - 2014-02-22 12:26 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-06 10:25 - 2014-02-22 12:26 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-06 10:25 - 2014-02-22 12:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-06 10:13 - 2014-02-22 12:26 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-06 10:09 - 2014-02-22 12:26 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-06 10:03 - 2014-02-22 12:26 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-06 09:41 - 2014-02-22 12:26 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-06 09:36 - 2014-02-22 12:26 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-06 09:34 - 2014-02-22 12:26 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 04955176 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxXtreme110.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 01340456 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxTool112.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 00129576 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxMail100.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 00106536 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxUISettingsN100.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 00065576 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxPXTree100.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 00051752 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LXCurr100.dll 2014-02-05 12:20 - 2014-02-05 12:20 - 00028200 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxTPSW100.dll 2014-02-05 12:19 - 2014-02-05 12:19 - 00209960 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxBasics100.dll 2014-02-05 12:19 - 2014-02-05 12:19 - 00070184 _____ (Haufe-Lexware GmbH & Co. KG) C:\Windows\system32\LxCI12.dll Some content of TEMP: ==================== C:\Users\Klaus Verhoeven\AppData\Local\Temp\avgnt.exe C:\Users\Klaus Verhoeven\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-01 15:11 ==================== End Of Log ============================ --- --- --- Danke und Gruß Klaus |
07.03.2014, 13:15 | #11 |
/// the machine /// TB-Ausbilder | Trojaner PUP.Optional.xxx eingefangen Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Trojaner PUP.Optional.xxx eingefangen |
abständen, andere, anderen, auswirkungen, eingefangen, funde, gefangen, gen, gestern, laptop, meldung, nicht erkannt, plagegeister, reboot, regelmäßigen, scan, scanne, screenshot, servus, säubern, troja, trojaner, unregelmäßige, unterschiedliche |