|
Log-Analyse und Auswertung: Probleme mit Firefox Add-On "Download Protect 2.2.0"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.04.2014, 19:54 | #1 |
| Probleme mit Firefox Add-On "Download Protect 2.2.0" Hallo und vielen Dank schon einmal! Ich habe seit ein paar Wochen ein Problem mit Firefox, beziehungsweise dem "Add-on" "Download Protect 2.2.0". Ich habe keine Ahnung wo ich es mir eingefangen habe, allerdings lässt es sich nicht löschen, sondern nur deaktivieren, auch in der Firefox-config bin ich nicht fündig geworden. Nach ein paar Neustarts(konnte bisher kein Muster erkennen) ist es dann aber wieder aktiv und gleichzeitig das Add-on "No Script" deinstalliert. Ich habe selbst schon (vermutlich eher dilettantisch) einiges versucht, habe "dlprotect.exe" aus dem Autostart genommen, "dlprotectsvc.exe" aus dem Windows/system32-Ordner gelöscht, in sämtlichen Firefox-Verzeichnissen nach dem Programm gesucht, Firefox Neu installiert, Malwarebytes und Avira einen Scan machen lassen (letzterer Ergebnislos) und auch in der Registry (dilettantisch, wie gesagt ;-) ) zwei Einträge in denen "dlprotectsvc.exe" vorkam gelöscht. Ich habe evtl. noch mehr versucht, aber an mehr kann ich mich gerade nicht erinnern. Leider alles erfolglos, weswegen ich mich jetzt an Euch wende. Ich habe defogger laufen lassen, es gab keine Fehlermeldung. Hier die Logfiles von FRST, GMER (MBAM und Avira kann ich ggf. nachreichen, die haben nicht mehr in den Post gepasst): Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Michel (administrator) on MICHEL-PC on 31-03-2014 19:37:47 Running from C:\Users\Michel\Downloads Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe () C:\Windows\system32\aspnet`counters.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe () C:\Program Files\2.4G Ergo Laser Device\TSR\xDaemon.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe () C:\Program Files (x86)\Opera\20.0.1387.82\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe (Opera Software) C:\Program Files (x86)\Opera\20.0.1387.82\opera.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-22] (Conexant Systems, Inc.) HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790688 2011-04-29] (Atheros Communications) HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-04-29] (Atheros Commnucations) HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-03-23] (Alps Electric Co., Ltd.) HKLM\...\Run: [Cm106Sound] - C:\Windows\Syswow64\cm106.dll [8126464 2009-05-11] (C-Media Corporation) HKLM\...\Run: [2.4G Ergo Laser Device Main Program] - C:\Program Files\2.4G Ergo Laser Device\TSR\xDaemon.exe [515584 2011-04-25] () HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {9e879b04-c92b-11e2-b78f-78843cf81918} - G:\AutoRun.exe HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {bae07a93-33bb-11e1-830e-78843cf81918} - F:\Autorun.exe HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {ed148876-c126-11e2-94a7-78843cf81918} - H:\AutoRun.exe HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {ed148890-c126-11e2-94a7-78843cf81918} - H:\AutoRun.exe HKU\S-1-5-21-2257517358-2513234212-1466731007-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 HKU\S-1-5-21-2257517358-2513234212-1466731007-1001\...\MountPoints2: {57b5004f-3347-11e1-bb76-806e6f6e6963} - E:\Autorun.exe HKU\S-1-5-21-2257517358-2513234212-1466731007-1001\...\MountPoints2: {bae07a93-33bb-11e1-830e-78843cf81918} - F:\autorun.exe AppInit_DLLs-x32: c:\progra~4\browse~1\23796~1.11\{16cdf~1\browse~1.dll => "c:\progra~4\browse~1\23796~1.11\{16cdf~1\browse~1.dll" File Not Found GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE3D12CFF78A1CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1377766448810&tguid=66920-6787-1377766448810-28C02AC9A6CBE7076E848DA2B35C7E0D&q={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1377766448810&tguid=66920-6787-1377766448810-28C02AC9A6CBE7076E848DA2B35C7E0D&q={searchTerms} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=116912&tt=4612_2&babsrc=SP_ss&mntrId=6a6c5b1a0000000000009439e5b5512d BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 09 D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24280] (National Instruments Corporation) Winsock: Catalog5-x64 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26328] (National Instruments Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.0.3824406\npmathplugin.dll (Wolfram Research, Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Michel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Michel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Michel\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2010win32.dll (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2011win32.dll (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\googletranslate.xml FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\startpage-ssl.xml FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\wolframalpha.xml FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\youtube.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: FoxyProxy Standard - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\foxyproxy@eric.h.jung [2014-03-28] FF Extension: Flashblock - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-03-28] FF Extension: All-in-One Gestures - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2014-03-28] FF Extension: NoScript - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-31] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-15] FF HKLM-x32\...\Firefox\Extensions: [{CE2E54AC-B123-497A-8CB9-46A098F416B3}] - C:\Windows\Installer\{D86E16BA-3FF7-4D63-ADC5-49891A504E1C}\{CE2E54AC-B123-497A-8CB9-46A098F416B3}.xpi FF Extension: Download Protect - C:\Windows\Installer\{D86E16BA-3FF7-4D63-ADC5-49891A504E1C}\{CE2E54AC-B123-497A-8CB9-46A098F416B3}.xpi [2014-03-31] Chrome: ======= CHR HomePage: CHR Extension: (YouTube) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-20] CHR Extension: (Google Search) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-20] CHR Extension: (Download Protect) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbonpmilncgdemeljgfkdcenidmmacm [2014-01-29] CHR Extension: (Download Protect) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkkojlgbmboapbefmilfbeakgakbgedc [2014-01-23] CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-04-20] CHR Extension: (Gmail) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-20] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Michel\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-08] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12] CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx [2011-12-12] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros) R2 fc64; C:\Windows\system32\aspnet`counters.exe [118784 2014-01-17] () S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.) S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [46192 2011-06-14] (National Instruments Corporation) S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [56952 2011-06-14] (National Instruments Corporation) S4 mxssvr; D:\Program Files (x86)\National Instruments\MAX\nimxs.exe [12696 2011-06-14] (National Instruments Corporation) S4 NIApplicationWebServer; D:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [50336 2011-11-17] (National Instruments Corporation) S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [68256 2011-11-17] (National Instruments Corporation) S4 NIDomainService; D:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [362104 2011-06-14] (National Instruments Corporation) S3 NILM License Manager; D:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation) S4 nimDNSResponder; D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [194224 2011-06-01] (National Instruments Corporation) S4 NINetworkDiscovery; D:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [121032 2011-11-30] (National Instruments Corporation) S4 NiRioRpc; C:\Windows\SysWOW64\NiRioRpc.exe [30344 2012-01-07] (National Instruments Corporation) S4 niSvcLoc; D:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [50328 2011-11-17] (National Instruments Corporation) S4 NITaggerService; D:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [676528 2011-10-24] (National Instruments Corporation) S4 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-29] (soft Xpansion) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-31] (DT Soft Ltd) S3 ni1006k; C:\Windows\system32\drivers\ni1006k.sys [30800 2011-04-08] (National Instruments Corporation) S3 ni1045k; C:\Windows\system32\drivers\ni1045kl.sys [11856 2011-04-08] (National Instruments Corporation) S3 ni1065k; C:\Windows\system32\drivers\ni1065k.sys [26704 2011-04-08] (National Instruments Corporation) S2 nicanpk; C:\Windows\System32\DRIVERS\nicanpkl.sys [11920 2011-06-01] (National Instruments Corporation) R0 nipxibaf; C:\Windows\System32\drivers\nipxibaf.sys [82568 2011-04-08] (National Instruments Corporation) R0 nipxibrc; C:\Windows\System32\drivers\nipxibrc.sys [54424 2011-04-08] (National Instruments Corporation) S3 niswdk; C:\Windows\system32\drivers\niswdkl.sys [12936 2011-03-23] (National Instruments Corporation) S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1306624 2009-05-14] (C-Media Electronics Inc) S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 vpnva; system32\DRIVERS\vpnva64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-31 19:37 - 2014-03-31 19:39 - 00021346 _____ () C:\Users\Michel\Downloads\FRST.txt 2014-03-31 19:37 - 2014-03-31 19:37 - 00000474 _____ () C:\Users\Michel\Downloads\defogger_disable.log 2014-03-31 19:37 - 2014-03-31 19:37 - 00000000 ____D () C:\FRST 2014-03-31 19:37 - 2014-03-31 19:37 - 00000000 _____ () C:\Users\Michel\defogger_reenable 2014-03-31 19:36 - 2014-03-31 19:36 - 00000000 ____D () C:\Users\Michel\Desktop\help 2014-03-31 19:34 - 2014-03-31 19:34 - 02157056 _____ (Farbar) C:\Users\Michel\Downloads\FRST64.exe 2014-03-31 19:34 - 2014-03-31 19:34 - 00380416 _____ () C:\Users\Michel\Downloads\Gmer-19357.exe 2014-03-31 19:33 - 2014-03-31 19:33 - 00050477 _____ () C:\Users\Michel\Downloads\Defogger.exe 2014-03-31 18:38 - 2014-03-31 18:38 - 00000000 ___RD () C:\Users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-03-30 23:32 - 2014-03-30 23:32 - 00000000 ____D () C:\Windows\system32\IO 2014-03-30 21:44 - 2014-03-31 19:35 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-30 21:44 - 2014-03-30 21:46 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-03-30 21:44 - 2014-03-30 21:44 - 04095448 _____ (BrightFort LLC ) C:\Users\Michel\Downloads\spywareblastersetup50.exe 2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Licenses 2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-30 21:44 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-30 21:44 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-30 21:44 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-30 21:44 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL 2014-03-30 21:43 - 2014-03-30 21:43 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Michel\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-29 21:13 - 2014-03-29 21:13 - 00000000 ____D () C:\Users\Michel\Desktop\Musik 2014-03-28 13:10 - 2014-03-28 13:11 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Mozilla 2014-03-28 13:07 - 2014-03-28 13:07 - 00283192 _____ (Mozilla) C:\Users\Michel\Downloads\Firefox Setup Stub 28.0.exe 2014-03-26 18:33 - 2014-03-31 18:39 - 00000728 __RSH () C:\ProgramData\ntuser.pol 2014-03-26 18:31 - 2014-03-26 18:31 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-03-25 13:13 - 2014-03-25 13:13 - 10575008 _____ () C:\Users\Michel\Downloads\FreeFileSync_6.3_Windows_Setup.exe 2014-03-22 11:43 - 2014-03-22 11:44 - 00000890 _____ () C:\Users\Michel\Desktop\Thesis.lnk 2014-03-21 14:19 - 2014-03-21 14:19 - 00550371 _____ () C:\Users\Michel\Downloads\Autoruns.zip 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iTunes 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iPod 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-03-21 14:04 - 2014-03-21 14:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-03-21 01:26 - 2014-03-21 01:26 - 00000000 ____D () C:\Users\Michel\Documents\geschenke 2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ____D () C:\Users\Michel\AppData\Local\Skype 2014-03-19 14:00 - 2014-03-20 13:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-18 14:42 - 2014-03-18 14:42 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-03-18 12:19 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-18 12:19 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-18 12:19 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-18 12:19 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-18 12:19 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-18 12:19 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-18 12:19 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-18 12:19 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-18 12:19 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-18 12:19 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-18 12:19 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-18 12:19 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-18 12:19 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-18 12:19 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-18 12:19 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-18 12:19 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-18 12:19 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-18 12:19 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-18 12:19 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-18 12:18 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-18 12:18 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-18 12:18 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-18 12:18 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-18 12:18 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-18 12:18 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-18 12:18 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-18 12:18 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-18 12:18 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-18 12:18 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-18 12:18 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-18 12:18 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-18 12:18 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-18 12:18 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-18 12:18 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-18 12:18 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-18 12:18 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-18 12:18 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-18 12:18 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-18 12:18 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-18 12:18 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-18 12:18 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-18 12:18 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-18 12:18 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-18 12:18 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-18 12:18 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-18 12:18 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-18 12:18 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-18 12:18 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-18 12:15 - 2014-03-18 12:15 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Avira 2014-03-18 12:11 - 2014-03-18 12:11 - 00000000 ____D () C:\Users\Gast\AppData\Local\Macromedia 2014-03-18 12:10 - 2014-03-18 12:10 - 00000000 ____D () C:\Users\Gast\Documents\PDF Files 2014-03-05 11:29 - 2014-03-05 11:30 - 00012547 _____ () C:\Users\Michel\Documents\kündigung szl.odt ==================== One Month Modified Files and Folders ======= 2014-03-31 19:39 - 2014-03-31 19:37 - 00021346 _____ () C:\Users\Michel\Downloads\FRST.txt 2014-03-31 19:37 - 2014-03-31 19:37 - 00000474 _____ () C:\Users\Michel\Downloads\defogger_disable.log 2014-03-31 19:37 - 2014-03-31 19:37 - 00000000 ____D () C:\FRST 2014-03-31 19:37 - 2014-03-31 19:37 - 00000000 _____ () C:\Users\Michel\defogger_reenable 2014-03-31 19:37 - 2011-12-31 02:09 - 00000000 ____D () C:\Users\Michel 2014-03-31 19:36 - 2014-03-31 19:36 - 00000000 ____D () C:\Users\Michel\Desktop\help 2014-03-31 19:35 - 2014-03-30 21:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-31 19:34 - 2014-03-31 19:34 - 02157056 _____ (Farbar) C:\Users\Michel\Downloads\FRST64.exe 2014-03-31 19:34 - 2014-03-31 19:34 - 00380416 _____ () C:\Users\Michel\Downloads\Gmer-19357.exe 2014-03-31 19:33 - 2014-03-31 19:33 - 00050477 _____ () C:\Users\Michel\Downloads\Defogger.exe 2014-03-31 18:54 - 2013-01-13 11:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-31 18:45 - 2009-07-14 06:45 - 00022032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-31 18:45 - 2009-07-14 06:45 - 00022032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-31 18:41 - 2011-12-31 02:00 - 01365017 _____ () C:\Windows\WindowsUpdate.log 2014-03-31 18:41 - 2011-04-12 09:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-03-31 18:41 - 2011-04-12 09:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-03-31 18:41 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-31 18:39 - 2014-03-26 18:33 - 00000728 __RSH () C:\ProgramData\ntuser.pol 2014-03-31 18:38 - 2014-03-31 18:38 - 00000000 ___RD () C:\Users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-03-31 18:37 - 2011-12-31 12:17 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-03-31 18:37 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-31 18:37 - 2009-07-14 06:51 - 00167976 _____ () C:\Windows\setupact.log 2014-03-31 15:41 - 2012-12-06 02:01 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Dropbox 2014-03-30 23:34 - 2010-11-21 05:47 - 00351584 _____ () C:\Windows\PFRO.log 2014-03-30 23:32 - 2014-03-30 23:32 - 00000000 ____D () C:\Windows\system32\IO 2014-03-30 23:29 - 2013-08-29 10:57 - 00000000 ____D () C:\ProgramData\Freemium 2014-03-30 23:28 - 2012-10-19 19:56 - 00000000 ____D () C:\ProgramData\Corel 2014-03-30 23:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-03-30 23:24 - 2012-06-08 12:22 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\DesktopIconForAmazon 2014-03-30 23:01 - 2014-02-15 13:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-30 22:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Speech 2014-03-30 21:46 - 2014-03-30 21:44 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-03-30 21:44 - 2014-03-30 21:44 - 04095448 _____ (BrightFort LLC ) C:\Users\Michel\Downloads\spywareblastersetup50.exe 2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Licenses 2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-30 21:43 - 2014-03-30 21:43 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Michel\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-30 19:28 - 2011-12-31 02:41 - 00000000 ____D () C:\Users\Michel\Documents\Bluetooth Folder 2014-03-29 21:13 - 2014-03-29 21:13 - 00000000 ____D () C:\Users\Michel\Desktop\Musik 2014-03-28 17:47 - 2012-05-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-28 13:11 - 2014-03-28 13:10 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Mozilla 2014-03-28 13:07 - 2014-03-28 13:07 - 00283192 _____ (Mozilla) C:\Users\Michel\Downloads\Firefox Setup Stub 28.0.exe 2014-03-28 13:00 - 2012-03-03 11:34 - 00000000 ____D () C:\Users\Michel\AppData\Local\Paint.NET 2014-03-28 12:58 - 2013-05-22 16:53 - 00000000 ____D () C:\Users\Michel\Documents\Rezepte 2014-03-28 00:30 - 2012-01-02 16:14 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Skype 2014-03-26 18:32 - 2012-12-01 20:45 - 00102624 _____ () C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-26 18:32 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-03-26 18:31 - 2014-03-26 18:31 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-03-26 18:30 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-25 17:02 - 2011-12-31 16:43 - 00000000 ____D () C:\Users\Michel\Desktop\Uni 2014-03-25 17:00 - 2013-02-13 23:42 - 00001766 _____ () C:\Users\Michel\Desktop\unidropbox.ffs_batch 2014-03-25 13:39 - 2013-04-23 18:20 - 00004828 _____ () C:\Users\Michel\Desktop\SyncJob.ffs_gui 2014-03-25 13:15 - 2012-05-10 17:25 - 00000000 ____D () C:\Users\Michel\Documents\Kontoauszüge 2014-03-25 13:13 - 2014-03-25 13:13 - 10575008 _____ () C:\Users\Michel\Downloads\FreeFileSync_6.3_Windows_Setup.exe 2014-03-25 12:54 - 2013-04-23 13:28 - 00000000 ____D () C:\Users\Michel\MP3s 2014-03-24 14:13 - 2013-08-29 11:04 - 00000000 ____D () C:\Users\Michel\Documents\WG Ludwigstr 2014-03-24 01:51 - 2011-12-31 18:39 - 00000000 ____D () C:\Users\Michel\AppData\Local\CrashDumps 2014-03-23 17:00 - 2013-10-06 23:14 - 00000000 ____D () C:\Users\Michel\Desktop\Misc 2014-03-22 11:44 - 2014-03-22 11:43 - 00000890 _____ () C:\Users\Michel\Desktop\Thesis.lnk 2014-03-21 14:35 - 2012-04-11 15:56 - 02732392 _____ () C:\Users\Michel\Documents\AutoRuns.arn 2014-03-21 14:22 - 2011-12-31 02:10 - 00000000 ___RD () C:\Users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-21 14:19 - 2014-03-21 14:19 - 00550371 _____ () C:\Users\Michel\Downloads\Autoruns.zip 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iTunes 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iPod 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-03-21 14:05 - 2011-12-31 16:42 - 00000000 ____D () C:\ProgramData\Apple 2014-03-21 14:04 - 2014-03-21 14:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-03-21 01:26 - 2014-03-21 01:26 - 00000000 ____D () C:\Users\Michel\Documents\geschenke 2014-03-21 01:09 - 2013-07-17 09:45 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ____D () C:\Users\Michel\AppData\Local\Skype 2014-03-20 17:24 - 2012-01-02 16:14 - 00000000 ____D () C:\ProgramData\Skype 2014-03-20 13:55 - 2014-03-19 14:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-19 02:09 - 2009-07-14 06:45 - 00424552 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-18 21:05 - 2013-08-10 19:49 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-18 21:04 - 2011-12-31 02:57 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-18 14:42 - 2014-03-18 14:42 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-03-18 14:42 - 2013-01-13 11:06 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-18 14:42 - 2012-04-15 08:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-18 14:42 - 2012-01-02 01:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-18 12:15 - 2014-03-18 12:15 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Avira 2014-03-18 12:11 - 2014-03-18 12:11 - 00000000 ____D () C:\Users\Gast\AppData\Local\Macromedia 2014-03-18 12:10 - 2014-03-18 12:10 - 00000000 ____D () C:\Users\Gast\Documents\PDF Files 2014-03-18 12:10 - 2013-07-10 16:30 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla 2014-03-18 12:09 - 2012-12-01 20:44 - 00001421 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-18 12:09 - 2012-12-01 20:44 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-18 12:09 - 2012-12-01 20:44 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-18 12:09 - 2012-12-01 20:44 - 00000000 ____D () C:\Users\Gast\Documents\Bluetooth Folder 2014-03-08 23:32 - 2012-03-17 17:25 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\vlc 2014-03-05 11:30 - 2014-03-05 11:29 - 00012547 _____ () C:\Users\Michel\Documents\kündigung szl.odt 2014-03-05 09:26 - 2014-03-30 21:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-05 09:26 - 2014-03-30 21:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-05 09:26 - 2014-03-30 21:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-01 08:05 - 2014-03-18 12:18 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 07:17 - 2014-03-18 12:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-01 07:16 - 2014-03-18 12:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-01 06:58 - 2014-03-18 12:19 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 06:52 - 2014-03-18 12:18 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-01 06:51 - 2014-03-18 12:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-01 06:42 - 2014-03-18 12:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-01 06:40 - 2014-03-18 12:19 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-01 06:37 - 2014-03-18 12:18 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-01 06:33 - 2014-03-18 12:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-01 06:33 - 2014-03-18 12:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-01 06:32 - 2014-03-18 12:18 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-01 06:30 - 2014-03-18 12:19 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-01 06:23 - 2014-03-18 12:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-01 06:17 - 2014-03-18 12:18 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 06:11 - 2014-03-18 12:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-01 06:02 - 2014-03-18 12:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-01 05:54 - 2014-03-18 12:18 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 05:52 - 2014-03-18 12:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-01 05:51 - 2014-03-18 12:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-01 05:47 - 2014-03-18 12:19 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-01 05:43 - 2014-03-18 12:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-01 05:43 - 2014-03-18 12:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-01 05:42 - 2014-03-18 12:18 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 05:40 - 2014-03-18 12:18 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-01 05:38 - 2014-03-18 12:18 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-01 05:37 - 2014-03-18 12:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-01 05:35 - 2014-03-18 12:18 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-01 05:18 - 2014-03-18 12:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 05:16 - 2014-03-18 12:18 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-01 05:14 - 2014-03-18 12:18 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-01 05:10 - 2014-03-18 12:18 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 05:03 - 2014-03-18 12:19 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-01 05:00 - 2014-03-18 12:19 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-01 04:57 - 2014-03-18 12:18 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-01 04:38 - 2014-03-18 12:19 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 04:32 - 2014-03-18 12:18 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-01 04:27 - 2014-03-18 12:19 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-01 04:25 - 2014-03-18 12:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-01 04:25 - 2014-03-18 12:18 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\avgnt.exe C:\Users\Michel\AppData\Local\Temp\avgnt.exe C:\Users\Michel\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\Michel\AppData\Local\Temp\expertpdf_v5.exe C:\Users\Michel\AppData\Local\Temp\ResetDevice.exe C:\Users\Michel\AppData\Local\Temp\SpotifyUninstall.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-31 11:27 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Michel at 2014-03-31 19:40:33 Running from C:\Users\Michel\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - ) Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.) Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.) Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC) Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC) Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ArcSoft PhotoStudio Darkroom 2 (HKLM-x32\...\{40DA94AF-34B7-4BA7-A37F-26F899C031FF}) (Version: 2.0.0.174 - ArcSoft) ArcSoft WebCam Companion 3 (HKLM-x32\...\{7B937101-FD85-4CA9-9176-ADA6492314AF}) (Version: 3.0.0.117 - ArcSoft) Ashampoo Burning Studio 6 FREE v.6.80 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.0 - ashampoo GmbH & Co. KG) Ashampoo Burning Studio Elements 10.0.9 (HKLM-x32\...\Ashampoo Burning Studio Elements_is1) (Version: 3.1.1 - Ashampoo GmbH & Co. KG) Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber) Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG) Autostart-Manager (HKLM-x32\...\{0C6DA7D3-EA2A-428B-8F8A-28EB811F57B2}) (Version: 6.01.0000 - Wirth IT Design ) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira) Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.100 - Atheros Communications) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software) calibre (HKLM-x32\...\{1733BD75-088D-40E1-96B4-BAE75F559961}) (Version: 0.9.27 - Kovid Goyal) Command & Conquer The First Decade (HKLM-x32\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}) (Version: 1.00.0000 - Electronic Arts) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.0.53 - Conexant) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd) Diablo II (HKLM-x32\...\Diablo II) (Version: - ) DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.5 - DivX, LLC) DjVuLibre+DjView (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.25.3+4.9 - DjVuZone) Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.) Easy2Convert GIF to PNG 1.4 (HKLM-x32\...\{90AFB3B8-13CD-44F1-BB0E-A22ADC5566F7}_is1) (Version: 1.4 - Easy2Convert Software) EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - ) Erweiterte DSC-Deployment-Unterstützung für LabVIEW 2011 SP1 (x32 Version: 11.0.412.0 - National Instruments) Hidden Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff) eXPert PDF 5 (HKLM-x32\...\{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}) (Version: 5.1.170.0 - Visage Software) Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation) Free Pascal 2.4.4 (HKLM-x32\...\FreePascal_is1) (Version: - Free Pascal Team) Free YouTube Download version 3.2.18.1128 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.18.1128 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.) FreeFileSync 6.3 (HKLM-x32\...\FreeFileSync) (Version: 6.3 - Zenju) GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team) Google Chrome (HKCU\...\Google Chrome) (Version: 18.0.1025.168 - Google Inc.) Gwyddion (HKLM\...\Gwyddion) (Version: 2.34.win64 - Gwyddion developers) HFSExplorer 0.21 (HKLM-x32\...\HFSExplorer) (Version: 0.21 - Catacombae Software) Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation) HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.) ICQ 7.7 Build #6547 Banner Remover 1.0 (HKLM-x32\...\{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1) (Version: - murb.com) ICQ7.7 (HKLM-x32\...\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}) (Version: 7.7 - ICQ) Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation) iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) IVI Shared Component 64-bit (Version: 2.21.49152 - IVI Foundation Inc.) Hidden IVI Shared Components 2.2.1 (HKLM-x32\...\IviSharedComponent) (Version: 2.21.49152 - IVI Foundation) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle) JPG to PDF Converter 1.0 (HKLM-x32\...\JPG to PDF Converter) (Version: 1.0 - ) LibreOffice 4.0.4.2 (HKLM-x32\...\{FE88323B-9F0E-4596-8F56-37757C6918E9}) (Version: 4.0.4.2 - The Document Foundation) Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation) Mathematica Extras 9.0 (3824406) (HKLM\...\A-WIN-Extras 9.0.0 3824406_is1) (Version: 9.0.0 - Wolfram Research, Inc.) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation) MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org) Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) National Instruments - Software (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments) NI AFW UI Assemblies (x32 Version: 7.2.8.0 - National Instruments) Hidden NI Assistant Framework (x32 Version: 7.5.126.0 - National Instruments) Hidden NI Assistant Framework 64-bit (Version: 7.5.127.0 - National Instruments) Hidden NI Assistant Framework LabVIEW 2011 Support (x32 Version: 7.5.69.0 - National Instruments) Hidden NI Assistant Framework LabVIEW Code Generator 2009 (64-bit) (Version: 7.5.35.0 - National Instruments) Hidden NI Assistant Framework LabVIEW Code Generator 2009 (x32 Version: 7.5.35.0 - National Instruments) Hidden NI Assistant Framework LabVIEW Code Generator 2010 (64-bit) (Version: 7.5.40.0 - National Instruments) Hidden NI Assistant Framework LabVIEW Code Generator 2010 (x32 Version: 7.5.39.0 - National Instruments) Hidden NI Assistant Framework LabVIEW Code Generator 2011 (64-bit) (Version: 7.5.59.0 - National Instruments) Hidden NI Assistant Framework LabVIEW Code Generator 2011 (x32 Version: 7.5.69.0 - National Instruments) Hidden NI Assistant Framework LabVIEW Code Generator 8.6 (x32 Version: 7.5.35.0 - National Instruments) Hidden NI Authentication 2011 SP1 (64-bit) (Version: 2.0.296.0 - National Instruments) Hidden NI Authentication 2011 SP1 (x32 Version: 2.0.296.0 - National Instruments) Hidden NI BIOS Updater (x32 Version: 8.0.390.0 - National Instruments) Hidden NI Calibration Provider for MAX 5.0.0 (x32 Version: 5.00.49152 - National Instruments) Hidden NI Calibration Provider Help for 64 Bit Windows (Version: 5.00.49152 - National Instruments) Hidden NI Certificates Deployment Support (x32 Version: 1.02.49152 - National Instruments) Hidden NI CodeSignAPI (x32 Version: 2.70.346 - National Instruments) Hidden NI CompactRIO 4.1 (x32 Version: 4.10.49156 - National Instruments) Hidden NI CompactRIO 4.1 for LabVIEW Real-Time (x32 Version: 4.10.49154 - National Instruments) Hidden NI CompactRIO LabVIEW 2009 Module Support (x32 Version: 3.5.10004 - National Instruments) Hidden NI CompactRIO LabVIEW 8.6 Module Support (x32 Version: 3.3.00089 - National Instruments) Hidden NI CompactRIO MAX Provider 4.1 (x32 Version: 4.10.49156 - National Instruments) Hidden NI CompactRIO Module Config API Runtime 4.1 (x32 Version: 4.10.49156 - National Instruments) Hidden NI CompactRIO Module Support for LabVIEW 2010 SP1 (x32 Version: 3.6.1020.0 - National Instruments) Hidden NI Curl 1.5 (64-bit) (Version: 1.1.290.0 - National Instruments) Hidden NI Curl 11.5 (x32 Version: 1.1.290.0 - National Instruments) Hidden NI CVS-1450 Series Remote Provider (x32 Version: 9.1.5.0 - National Instruments) Hidden NI DAQ Assistant 2.0.0 (x32 Version: 2.00.49152 - National Instruments) Hidden NI DAQ Assistant 64-bit 2.0.0 (Version: 2.00.49152 - National Instruments) Hidden NI DataSocket 4.9.1 (64 Bit) (Version: 4.9.218.0 - National Instruments) Hidden NI DataSocket 4.9.1 (x32 Version: 4.9.230.0 - National Instruments) Hidden NI DECoM 4.0 Driver for Real-Time Embedded Targets (x32 Version: 4.00.49153 - National Instruments) Hidden NI DN 2.0 SP1 installer (x32 Version: 2.11.49152 - National Instruments) Hidden NI Error Reporting 2011 SP1 (x32 Version: 11.0.191.0 - National Instruments) Hidden NI EulaDepot (x32 Version: 3.0.408 - National Instruments) Hidden NI EVS-1460 Series Remote Provider (x32 Version: 9.2.5.0 - National Instruments) Hidden NI Example Finder 11.0 (x32 Version: 11.0.309.0 - National Instruments) Hidden NI FieldPoint Host 6.0.10 (x32 Version: 6.0.10025.0 - National Instruments) Hidden NI FieldPoint MAX Provider 6.0.10 (x32 Version: 6.0.10025.0 - National Instruments) Hidden NI FlexRIO 2.2 (x32 Version: 2.20.49154 - National Instruments) Hidden NI FlexRIO 2.2 for LabVIEW Real-Time (x32 Version: 2.20.49152 - National Instruments) Hidden NI FlexRIO Adapter Module Support 2.2.1 (x32 Version: 2.2.57.0 - National Instruments) Hidden NI FlexRIO Adapter Module Support for NI-RIO 2009 (x32 Version: 2.2.56.0 - National Instruments) Hidden NI FlexRIO Adapter Module Support for NI-RIO 8.6 (x32 Version: 2.2.56.0 - National Instruments) Hidden NI FlexRIO Adapter Module Support LabVIEW 2009 Analog Examples (x32 Version: 2.2.53.0 - National Instruments) Hidden NI FlexRIO Adapter Module Support LabVIEW 2009 Digital Examples (x32 Version: 2.2.55.0 - National Instruments) Hidden NI FlexRIO Adapter Module Support LabVIEW 2009 Support (x32 Version: 2.2.57.0 - National Instruments) Hidden NI FlexRIO Adapter Module Support LabVIEW 2010 Analog Examples (x32 Version: 2.2.55.0 - National Instruments) Hidden NI FlexRIO Adapter Module Support LabVIEW 2010 Digital Examples (x32 Version: 2.2.56.0 - National Instruments) Hidden NI FlexRIO Adapter Module Support LabVIEW 2010 Support (x32 Version: 2.2.56.0 - National Instruments) Hidden NI FlexRIO Adapter Module Support LabVIEW 2011 Analog Examples (x32 Version: 2.2.40.0 - National Instruments) Hidden NI FlexRIO Adapter Module Support LabVIEW 2011 Digital Examples (x32 Version: 2.2.40.0 - National Instruments) Hidden NI FlexRIO Adapter Module Support LabVIEW 2011 Support (x32 Version: 2.2.40.0 - National Instruments) Hidden NI FlexRIO Adapter Module Support LabVIEW 8.6 Analog Examples (x32 Version: 2.2.55.0 - National Instruments) Hidden NI FlexRIO Adapter Module Support LabVIEW 8.6 Digital Examples (x32 Version: 2.2.56.0 - National Instruments) Hidden NI FlexRIO Adapter Module Support LabVIEW 8.6 Support (x32 Version: 2.2.57.0 - National Instruments) Hidden NI FlexRIO LabVIEW 2009 Support (x32 Version: 1.5.00235 - National Instruments) Hidden NI FlexRIO LabVIEW 2010 Support (x32 Version: 1.6.00211 - National Instruments) Hidden NI FlexRIO LabVIEW 2011 Support (x32 Version: 2.20.49154 - National Instruments) Hidden NI FlexRIO LabVIEW 8.6 Support (x32 Version: 1.3.00089 - National Instruments) Hidden NI FPGA Wizard for LabVIEW FPGA 2009 (x32 Version: 3.3.00089 - National Instruments) Hidden NI FPGA Wizard for LabVIEW FPGA 2010 SP1 (x32 Version: 3.6.00211 - National Instruments) Hidden NI FPGA Wizard for LabVIEW FPGA 2011 (x32 Version: 4.10.49153 - National Instruments) Hidden NI FPGA Wizard for LabVIEW FPGA 8.6 (x32 Version: 3.1.00102 - National Instruments) Hidden NI GMP Windows 32-bit Installer 11.0.0 (x32 Version: 11.0.22.0 - National Instruments) Hidden NI GMP Windows 64-bit Installer 11.0.0 (Version: 11.0.22.0 - National Instruments) Hidden NI Help Assistant (64bit) (Version: 1.0.11 - National Instruments) Hidden NI Help Assistant (x32 Version: 1.0.11 - National Instruments) Hidden NI I/O Trace API LV2010 (x32 Version: 3.0.36.0 - National Instruments) Hidden NI I/O Trace API LV201064 (Version: 3.0.36.0 - National Instruments) Hidden NI I/O Trace API LV2011 (x32 Version: 3.0.36.0 - National Instruments) Hidden NI I/O Trace API LV201164 (Version: 3.0.36.0 - National Instruments) Hidden NI I/O Trace API LV86 (x32 Version: 3.0.36.0 - National Instruments) Hidden NI I/O Trace API LV90 (x32 Version: 3.0.36.0 - National Instruments) Hidden NI I/O Trace API LV9064 (Version: 3.0.36.0 - National Instruments) Hidden NI Instrument IO Assistant for LabVIEW 2011 32-bit (x32 Version: 1.0.13.0 - National Instruments) Hidden NI IVI Class Driver CVI Support (x32 Version: 4.40.49155 - National Instruments) Hidden NI IVI Class Driver LabVIEW 2009 64-bit Support (Version: 4.40.49155 - National Instruments) Hidden NI IVI Class Driver LabVIEW 2009 Support (x32 Version: 4.40.49155 - National Instruments) Hidden NI IVI Class Driver LabVIEW 2010 64-bit Support (Version: 4.40.49155 - National Instruments) Hidden NI IVI Class Driver LabVIEW 2010 Support (x32 Version: 4.40.49155 - National Instruments) Hidden NI IVI Class Driver LabVIEW 2011 64-bit Support (Version: 4.40.49155 - National Instruments) Hidden NI IVI Class Driver LabVIEW 2011 Support (x32 Version: 4.40.49155 - National Instruments) Hidden NI IVI Class Driver LabVIEW 8.6 Support (x32 Version: 4.40.49155 - National Instruments) Hidden NI IVI Class Drivers (64-bit) (Version: 6.40.49155 - National Instruments) Hidden NI IVI Class Drivers (x32 Version: 6.40.49155 - National Instruments) Hidden NI IVI Class Simulation Drivers (64-bit) (Version: 4.40.49155 - National Instruments) Hidden NI IVI Class Simulation Drivers (x32 Version: 4.40.49155 - National Instruments) Hidden NI IVI COM Adapters (x32 Version: 4.40.49155 - National Instruments) Hidden NI IVI Compliance Package 4.4 (64-bit) (Version: 4.40.49155 - National Instruments) Hidden NI IVI Compliance Package 4.4 (x32 Version: 4.40.49155 - National Instruments) Hidden NI IVI Engine (64-bit) (Version: 134.40.49155 - National Instruments) Hidden NI IVI Engine (x32 Version: 134.40.49155 - National Instruments) Hidden NI IVI Online Help (x32 Version: 4.40.49155 - National Instruments) Hidden NI IVI Provider for MAX (x32 Version: 5.50.49155 - National Instruments) Hidden NI LabVIEW 2009 Integer Math and Analysis (x32 Version: 9.0.137.0 - National Instruments) Hidden NI LabVIEW 2009 Real-Time MSVS71 Support (x32 Version: 9.0.188.0 - National Instruments) Hidden NI LabVIEW 2009 SP1 FPGA Elemental IO Common (x32 Version: 9.0.144.0 - National Instruments) Hidden NI LabVIEW 2009 SP1 FPGA Support for Host Communication (x32 Version: 9.0.143.0 - National Instruments) Hidden NI LabVIEW 2009 SP1 Run-Time Engine Web Services (x32 Version: 9.0.234.0 - National Instruments) Hidden NI LabVIEW 2010 Real-Time NBFifo (x32 Version: 10.0.214.0 - National Instruments) Hidden NI LabVIEW 2010 SP1 FPGA Elemental IO Common (x32 Version: 10.0.205.0 - National Instruments) Hidden NI LabVIEW 2010 SP1 FPGA Support for Host Analysis (x32 Version: 10.0.132.0 - National Instruments) Hidden NI LabVIEW 2010 SP1 FPGA Support for Host Communication (x32 Version: 10.0.213.0 - National Instruments) Hidden NI LabVIEW 2010 SP1 Integer Math and Analysis (x32 Version: 10.0.207.0 - National Instruments) Hidden NI LabVIEW 2011 Deployment Framework (x32 Version: 11.0.64.0 - National Instruments) Hidden NI LabVIEW 2011 FPGA Realtime Support (x32 Version: 11.0.225.0 - National Instruments) Hidden NI LabVIEW 2011 MeasAppChm File (x32 Version: 11.0.303.0 - National Instruments) Hidden NI LabVIEW 2011 Real-Time Error Dialog (x32 Version: 11.0.296.0 - National Instruments) Hidden NI LabVIEW 2011 Real-Time LabVIEW (x32 Version: 11.0.249.0 - National Instruments) Hidden NI LabVIEW 2011 Real-Time NBFifo (x32 Version: 11.0.250.0 - National Instruments) Hidden NI LabVIEW 2011 Real-Time Pharlap Base (x32 Version: 11.0.250.0 - National Instruments) Hidden NI LabVIEW 2011 Real-Time VxWorks Base (x32 Version: 11.0.250.0 - National Instruments) Hidden NI LabVIEW 2011 Real-Time VxWorks LabVIEW (x32 Version: 11.0.205.0 - National Instruments) Hidden NI LabVIEW 2011 Search (x32 Version: 11.0.36.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 (x32 Version: 11.0.113.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 (x32 Version: 11.0.411.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 Deployable License (x32 Version: 11.0.399.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 FPGA Elemental IO Common (x32 Version: 11.0.154.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 FPGA Elemental IO Common (x32 Version: 11.0.318.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 FPGA Support for Host Analysis (x32 Version: 11.0.153.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 FPGA Support for Host Analysis (x32 Version: 11.0.311.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 FPGA Support for Host Communication (x32 Version: 11.0.156.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 FPGA Support for Host Communication (x32 Version: 11.0.311.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 Help (x32 Version: 11.0.141.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 Help File (x32 Version: 11.0.388.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 Integer Math and Analysis (x32 Version: 11.0.154.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 Integer Math and Analysis (x32 Version: 11.0.311.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 License (x32 Version: 11.0.396.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 Manuals (x32 Version: 11.0.139.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 Real-Time Pharlap Base (x32 Version: 11.1.79.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 Real-Time Support for cRIO (x32 Version: 11.1.80.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 Real-Time Support for Desktop (x32 Version: 11.1.80.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 Real-Time Support for FieldPoint (x32 Version: 11.1.80.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 Real-Time Support for IMAQ (x32 Version: 11.1.80.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 Real-Time Support for PXI (x32 Version: 11.1.80.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 Real-Time VxWorks Base (x32 Version: 11.1.80.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 Simulation (x32 Version: 11.0.397.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 Web Server (x32 Version: 11.0.375.0 - National Instruments) Hidden NI LabVIEW 2011 SP1 Web Services Runtime (x32 Version: 11.0.381.0 - National Instruments) Hidden NI LabVIEW 2011 VIPM Helper (x32 Version: 11.0.114.0 - National Instruments) Hidden NI LabVIEW 7.1.1 Real-Time Update (x32 Version: 7.1.2 - National Instruments) Hidden NI LabVIEW 8.6 FPGA Elemental I_O Common (x32 Version: 8.6.159.0 - National Instruments) Hidden NI LabVIEW 8.6 Real-Time LabVIEW (x32 Version: 8.6.80.0 - National Instruments) Hidden NI LabVIEW 8.6 Real-Time Pharlap Base (x32 Version: 8.6.73.0 - National Instruments) Hidden NI LabVIEW 8.6.1 FPGA Support for Host Communication (x32 Version: 8.6.197.0 - National Instruments) Hidden NI LabVIEW 8.6.1 Integer Math and Analysis (x32 Version: 8.6.199.0 - National Instruments) Hidden NI LabVIEW 8.6.1 Real-Time Support for Industrial Controllers (x32 Version: 8.6.3.0 - National Instruments) Hidden NI LabVIEW 8.6.1f1 Real-Time Pharlap LabVIEW (x32 Version: 8.6.94.0 - National Instruments) Hidden NI LabVIEW Broker (64 bit) (Version: 6.8.10.0 - National Instruments) Hidden NI LabVIEW Broker (x32 Version: 6.8.10.0 - National Instruments) Hidden NI LabVIEW C Interface (x32 Version: 1.0.1 - National Instruments) Hidden NI LabVIEW Compare Utility 11.0.0 (x32 Version: 11.0.54.0 - National Instruments) Hidden NI LabVIEW MAX XML (x32 Version: 9.0.6.0 - National Instruments) Hidden NI LabVIEW Merge Utility 11.0.0 (x32 Version: 11.0.359.0 - National Instruments) Hidden NI LabVIEW Real-Time FIFO for Runtime (x32 Version: 8.2.74.0 - National Instruments) Hidden NI LabVIEW Real-Time FIFO for Runtime (x32 Version: 8.5.264.0 - National Instruments) Hidden NI LabVIEW Real-Time NBFifo (x32 Version: 9.0.319.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine 2009 (x32 Version: 9.0.1089.0 - National Instruments) Hidden NI LabVIEW Runtime Engine 2010 SP1 (x32 Version: 10.1.114.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine 2011 SP1 (x32 Version: 11.0.442.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine Interop 2009 (x32 Version: 9.0.160.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine Interop 2010 (x32 Version: 10.1.115.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine Interop 2011 (x32 Version: 11.0.443.0 - National Instruments) Hidden NI LabVIEW Web Server for Run-Time Engine (x32 Version: 10.0.235.0 - National Instruments) Hidden NI LabVIEW Web Server for Run-Time Engine (x32 Version: 11.0.375.0 - National Instruments) Hidden NI LabVIEW Web Server for Run-Time Engine (x32 Version: 9.0.185.0 - National Instruments) Hidden NI LabWindows/CVI 2010 Code Generator (x32 Version: 10.0.0360 - National Instruments) Hidden NI LabWindows/CVI 2010 LabVIEW DLL Builder (x32 Version: 10.0.0360 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Analysis Library (x32 Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (x32 Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Network Variable Library (x32 Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit) (Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 TDM Streaming Library (x32 Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI Run-Time Engine 2010 SP1 (x32 Version: 10.0.1434 - National Instruments) Hidden NI LibiConv 2011 (x32 Version: 11.0.173.0 - National Instruments) Hidden NI LibiConv 2011 SP1 (x32 Version: 11.1.56.0 - National Instruments) Hidden NI License Manager (x32 Version: 3.6.85 - National Instruments) Hidden NI Logos 5.3.0 (x32 Version: 5.3.223.0 - National Instruments) Hidden NI Logos LabVIEW 2011 SP1 Support (x32 Version: 11.0.139.0 - National Instruments) Hidden NI Logos XT Support (x32 Version: 5.3.222.0 - National Instruments) Hidden NI Logos64 5.3.0 (Version: 5.3.223.0 - National Instruments) Hidden NI Logos64 XT Support (Version: 5.3.222.0 - National Instruments) Hidden NI LVBrokerAux 8.2.1 (x32 Version: 8.2.303.0 - National Instruments) Hidden NI Math Kernel Libraries (64-bit) (Version: 1.0.10.0 - National Instruments) Hidden NI Math Kernel Libraries (64-bit) (Version: 1.0.14.0 - National Instruments) Hidden NI Math Kernel Libraries (64-bit) (Version: 1.0.15.0 - National Instruments) Hidden NI Math Kernel Libraries (x32 Version: 1.0.10.0 - National Instruments) Hidden NI Math Kernel Libraries (x32 Version: 1.0.25.0 - National Instruments) Hidden NI Math Kernel Libraries (x32 Version: 1.0.28.0 - National Instruments) Hidden NI MAX CVI Support 5.1.0 (x32 Version: 5.10.49152 - National Instruments) Hidden NI MAX CVI Support Help for 64 Bit Windows (Version: 5.10.49152 - National Instruments) Hidden NI MAX Remote Configuration 64-bit Installer 5.1 (Version: 5.10.49152 - National Instruments) Hidden NI MAX Remote Configuration Installer 5.1 (x32 Version: 5.10.49152 - National Instruments) Hidden NI MAX Support for 64 Bit Windows (Version: 5.10.49152 - National Instruments) Hidden NI MDF Support (x32 Version: 3.0.408 - National Instruments) Hidden NI mDNS Responder 1.6 for Windows 64-bit (Version: 1.60.49155 - National Instruments) Hidden NI mDNS Responder 1.6.0 (x32 Version: 1.60.49155 - National Instruments) Hidden NI Measurement & Automation Explorer 5.1.0 (x32 Version: 5.10.49152 - National Instruments) Hidden NI Measurement Studio 8.6 Enterprise RunTime for VS2005 (x32 Version: 8.6.10466 - National Instruments) Hidden NI Measurement Studio Common .NET Assemblies (x64) for .NET 3.5 (Version: 9.1.00159 - National Instruments) Hidden NI Measurement Studio Common .NET Assemblies for .NET 2.0 (x32 Version: 9.1.00159 - National Instruments) Hidden NI Measurement Studio Common .NET Assemblies for .NET 3.5 (x32 Version: 9.1.00159 - National Instruments) Hidden NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 1.1 (x32 Version: 8.1.20417 - National Instruments) Hidden NI Measurement Studio GPIB Support for VS2005 (x32 Version: 9.0.00157 - National Instruments) Hidden NI Measurement Studio GPIB Support for VS2008 (x32 Version: 9.0.00157 - National Instruments) Hidden NI Measurement Studio MAX Configuration Support for VS2003 (x32 Version: 8.9.00111 - National Instruments) Hidden NI Measurement Studio MAX Configuration Support for VS2005 (x32 Version: 8.9.00111 - National Instruments) Hidden NI Measurement Studio MAX Configuration Support for VS2008 (x32 Version: 8.9.00111 - National Instruments) Hidden NI Measurement Studio Recipe Processor (x32 Version: 8.0.0101 - National Instruments) Hidden NI MetaSuite Installer (x32 Version: 3.0.408 - National Instruments) Hidden NI Microsoft Silverlight Wrapper (x32 Version: 4.0.307 - National Instruments) Hidden NI MXS 5.0.0 (x32 Version: 5.00.49153 - National Instruments) Hidden NI MXS 5.0.0 for 64 Bit Windows (Version: 5.00.49153 - National Instruments) Hidden NI Network Discovery 5.1 (x32 Version: 5.10.49152 - National Instruments) Hidden NI Network Discovery 5.1 for LabVIEW Real-Time (x32 Version: 5.10.49152 - National Instruments) Hidden NI Network Discovery 5.1 for Windows 64-bit (Version: 5.10.49152 - National Instruments) Hidden NI Network Variable Engine for LabVIEW Real-Time (x32 Version: 8.6.21.0 - National Instruments) Hidden NI OPC Support (x32 Version: 11.0.294.0 - National Instruments) Hidden NI Portable Configuration 5.0.0 (x32 Version: 5.00.49152 - National Instruments) Hidden NI Portable Configuration for 64 Bit Windows 5.0.0 (Version: 5.00.49152 - National Instruments) Hidden NI PXI Hardware 64-bit Support 2.6.2 (Version: 2.62.49152 - National Instruments) Hidden NI PXI Platform Services 2.6.2 (x32 Version: 2.62.49152 - National Instruments) Hidden NI PXI Platform Services 2.6.2 Configuration Support (x32 Version: 2.62.49152 - National Instruments) Hidden NI PXI Platform Services 2.6.2 Expert (x32 Version: 2.62.49152 - National Instruments) Hidden NI PXI Platform Services 2.6.2 Expert for LabVIEW Real-Time (x32 Version: 2.62.49152 - National Instruments) Hidden NI PXI Platform Services 2.6.2 for LabVIEW Real-Time (x32 Version: 2.62.49152 - National Instruments) Hidden NI PXI SystemAPI Expert 2.6.2 (x32 Version: 2.62.49152 - National Instruments) Hidden NI PXI SystemAPI Expert 64-bit 2.6.2 (Version: 2.62.49152 - National Instruments) Hidden NI R Series 4.1 (x32 Version: 4.10.49154 - National Instruments) Hidden NI R Series 4.1 for LabVIEW Real-Time (x32 Version: 4.10.49153 - National Instruments) Hidden NI R Series LabVIEW 2009 Support (x32 Version: 3.3.00089 - National Instruments) Hidden NI R Series LabVIEW 2010 Support (x32 Version: 3.6.01031 - National Instruments) Hidden NI R Series LabVIEW 2011 Support (x32 Version: 4.10.49154 - National Instruments) Hidden NI R Series LabVIEW 8.6 Support (x32 Version: 3.1.00102 - National Instruments) Hidden NI Registration Wizard (x32 Version: 1.3.87.0 - National Instruments) Hidden NI Remote Provider for MAX 5.1.0 (x32 Version: 5.10.49152 - National Instruments) Hidden NI Remote PXI Provider for MAX 5.1.0 (x32 Version: 5.10.49152 - National Instruments) Hidden NI Search Shared (x32 Version: 11.0.28.0 - National Instruments) Hidden NI Severra Smart Camera support for LV2010 (x32 Version: 11.10.8.0 - National Instruments) Hidden NI Software Provider for MAX 5.0.0 (x32 Version: 5.00.49152 - National Instruments) Hidden NI SSL LabVIEW 2011 SP1 Support (x32 Version: 11.0.351.0 - National Instruments) Hidden NI SSL Support (64-bit) (Version: 11.0.75.0 - National Instruments) Hidden NI SSL Support (x32 Version: 11.0.295.0 - National Instruments) Hidden NI System API Client for WIF 5.1.0 (x32 Version: 5.10.25.0 - National Instruments) Hidden NI System API Web-Servce 32-bit 5.0.0 (x32 Version: 5.0.310.0 - National Instruments) Hidden NI System API Windows 32-bit 5.1.0 (x32 Version: 5.10.24.0 - National Instruments) Hidden NI System API Windows 64-bit 5.1.0 (Version: 5.10.24.0 - National Instruments) Hidden NI System Configuration Runtime 5.1.0 for Windows 64-bit (Version: 5.10.35.0 - National Instruments) Hidden NI System State Publisher (64-bit) (Version: 11.0.306.0 - National Instruments) Hidden NI System State Publisher (x32 Version: 11.0.306.0 - National Instruments) Hidden NI System Web Server 11.5 (x32 Version: 11.0.288.0 - National Instruments) Hidden NI System Web Server Base 11.5 (64-bit) (Version: 2.0.291.0 - National Instruments) Hidden NI System Web Server Base 11.5 (x32 Version: 2.0.291.0 - National Instruments) Hidden NI TDM Excel Add-In 3.3 (x32 Version: 3.3.35.0 - National Instruments) Hidden NI TDM Excel Add-In 3.3 64-bit (Version: 3.3.28.0 - National Instruments) Hidden NI TDMS (64-bit) (Version: 2.3.175.0 - National Instruments) Hidden NI TDMS (x32 Version: 2.3.175.0 - National Instruments) Hidden NI Trace Engine (64-bit) (Version: 11.0.213.0 - National Instruments) Hidden NI Trace Engine (x32 Version: 11.0.213.0 - National Instruments) Hidden NI Uninstaller (x32 Version: 3.0.408 - National Instruments) Hidden NI Unterstützung für nicht englische Versionen der Runtime-Engine von LabVIEW 2011 SP1 (x32 Version: 11.0.299.0 - National Instruments) Hidden NI USI 1.9.1 (x32 Version: 1.9.14681 - National Instruments) Hidden NI USI 1.9.1 64-Bit (Version: 1.9.14681 - National Instruments) Hidden NI Variable Engine (64-bit) (Version: 2.5.291.0 - National Instruments) Hidden NI Variable Engine 2.5.1 (x32 Version: 2.5.296.0 - National Instruments) Hidden NI Variable Engine LabVIEW 2011 SP1 Support (x32 Version: 11.0.139.0 - National Instruments) Hidden NI VC2005MSMs x64 (Version: 8.04.0 - National Instruments) Hidden NI VC2005MSMs x86 (x32 Version: 8.04.0 - National Instruments) Hidden NI VC2008MSMs x64 (Version: 9.0.301 - National Instruments) Hidden NI VC2008MSMs x86 (x32 Version: 9.0.301 - National Instruments) Hidden NI Web Application Server 11.5 (64-bit) (Version: 1.1.343.0 - National Instruments) Hidden NI Web Application Server 11.5 (x32 Version: 2.0.286.0 - National Instruments) Hidden NI Web Interface Framework 11.5 (x32 Version: 2.0.288.0 - National Instruments) Hidden NI Web Pipeline 2.0.1 (x32 Version: 2.0.128.0 - National Instruments) Hidden NI Web Pipeline 2.0.1 64-bit support (Version: 2.0.122.0 - National Instruments) Hidden NI Xalan Delay Load 1.10.2 (x32 Version: 1.10.72.0 - National Instruments) Hidden NI Xalan Delay Load 1.10.2 64-bit (Version: 1.10.73.0 - National Instruments) Hidden NI Xerces Delay Load 2.7.3 (x32 Version: 2.7.180.0 - National Instruments) Hidden NI Xerces Delay Load 2.7.3 64-bit (Version: 2.7.190.0 - National Instruments) Hidden NI-1588 Configuration 1.1.2 (x32 Version: 1.12.18.0 - National Instruments) Hidden NI-1588 Configuration 1.1.2 LabVIEW 2009 (64-bit) Support (Version: 1.12.17.0 - National Instruments) Hidden NI-1588 Configuration 1.1.2 LabVIEW 2009 Support (x32 Version: 1.12.17.0 - National Instruments) Hidden NI-1588 Configuration 1.1.2 LabVIEW 2010 (64-bit) Support (Version: 1.12.16.0 - National Instruments) Hidden NI-1588 Configuration 1.1.2 LabVIEW 2010 Support (x32 Version: 1.12.17.0 - National Instruments) Hidden NI-1588 Configuration 1.1.2 LabVIEW 2011 (64-bit) Support (Version: 1.12.16.0 - National Instruments) Hidden NI-1588 Configuration 1.1.2 LabVIEW 2011 Support (x32 Version: 1.12.16.0 - National Instruments) Hidden NI-1588 Configuration 1.1.2 LabVIEW 8.6 Support (x32 Version: 1.12.17.0 - National Instruments) Hidden NI-1588 Configuration 1.1.2 LabVIEW API Core (x32 Version: 1.12.17.0 - National Instruments) Hidden NI-1588 Configuration 1.1.2 LabVIEW Real-Time Support (x32 Version: 1.12.16.0 - National Instruments) Hidden NI-CAN Driver Files (x32 Version: 2.7.15360 - National Instruments) Hidden NI-CAN Driver Files 64-bit (Version: 2.7.15360 - National Instruments) Hidden NI-DAQmx Switch Core 2.2.0 (x32 Version: 2.20.49152 - National Instruments) Hidden NI-DAQmx Switch Core for 64 Bit Windows 2.2.0 (Version: 2.20.49152 - National Instruments) Hidden NI-DAQmx/LabVIEW shared documentation 1.9.5 (x32 Version: 1.95.49152 - National Instruments) Hidden NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 1.9.5 (Version: 1.95.49152 - National Instruments) Hidden NI-DNET 1.6.6 (x32 Version: 1.6.27649 - National Instruments) Hidden NI-DSM 2011 SP1 (x32 Version: 11.0.344.0 - National Instruments) Hidden NI-Mesa (Version: 11.0.11.0 - National Instruments) Hidden NI-Mesa (x32 Version: 11.0.11.0 - National Instruments) Hidden NI-RIO 4.1 (x32 Version: 4.10.49153 - National Instruments) Hidden NI-RIO 4.1 for LabVIEW Real-Time (x32 Version: 4.10.49153 - National Instruments) Hidden NI-RIO 4.1 FPGA Driver (64-bit) (Version: 4.10.49153 - National Instruments) Hidden NI-RIO 951x 2.0 for LabVIEW Real-Time (x32 Version: 2.00.49153 - National Instruments) Hidden NI-RIO Chinch 4.1 (64-bit) (Version: 4.10.49153 - National Instruments) Hidden NI-RIO Chinch 4.1 (x32 Version: 4.10.49153 - National Instruments) Hidden NI-RIO Chinch 4.1 for LabVIEW Real-Time (x32 Version: 4.10.49153 - National Instruments) Hidden NI-RIO Common Files for LabVIEW 2009 (x32 Version: 3.5.00235 - National Instruments) Hidden NI-RIO Common Files for LabVIEW 2010 (x32 Version: 3.6.01029 - National Instruments) Hidden NI-RIO Common Files for LabVIEW 2011 (x32 Version: 4.10.49153 - National Instruments) Hidden NI-RIO Common Files for LabVIEW 8.6 (x32 Version: 3.1.00214 - National Instruments) Hidden NI-RIO I/O Control for LabVIEW 2009 (x32 Version: 3.3.00089 - National Instruments) Hidden NI-RIO I/O Control for LabVIEW 2010 (x32 Version: 3.6.00213 - National Instruments) Hidden NI-RIO I/O Control for LabVIEW 2011 (x32 Version: 4.10.49153 - National Instruments) Hidden NI-RIO I/O Control for LabVIEW 8.5 (x32 Version: 2.4.00126 - National Instruments) Hidden NI-RIO I/O Control for LabVIEW 8.6 (x32 Version: 3.1.00214 - National Instruments) Hidden NI-RIO Mite 4.1 (64-bit) (Version: 4.10.49153 - National Instruments) Hidden NI-RIO Mite 4.1 (x32 Version: 4.10.49153 - National Instruments) Hidden NI-RIO Mite 4.1 for LabVIEW Real-Time (x32 Version: 4.10.49153 - National Instruments) Hidden NI-RIO Scan Interface 1.1.4 for Real-Time Embedded Targets (x32 Version: 1.14.49153 - National Instruments) Hidden NI-RIO Scan Interface 1.4.2 for Real-Time Embedded Targets (x32 Version: 1.42.49153 - National Instruments) Hidden NI-RIO Scan Interface 1.6.1.1 for Real-Time Embedded Targets (x32 Version: 1.61.49253 - National Instruments) Hidden NI-RIO Scan Interface 2.0.1 for Real-Time Embedded Targets (x32 Version: 2.00.53000 - National Instruments) Hidden NI-RIO Utilities 4.1 (x32 Version: 4.10.49153 - National Instruments) Hidden NI-RPC 4.2.2f0 (x32 Version: 4.22.49152 - National Instruments) Hidden NI-RPC 4.2.2f0 for 64 Bit Windows (Version: 4.22.49152 - National Instruments) Hidden NI-RPC 4.2.2f0 for Phar Lap ETS (x32 Version: 4.22.49152 - National Instruments) Hidden NI-Serial 3.8.1 (x32 Version: 3.81.49153 - National Instruments) Hidden NI-Serial 3.8.1 64-bit driver (Version: 3.81.49153 - National Instruments) Hidden NI-Update-Dienst 2.0 (x32 Version: 2.1.30.0 - National Instruments) Hidden NI-VISA 5.1.0 for LabVIEW Real-Time (x32 Version: 5.10.49152 - National Instruments) Hidden NVIDIA 3D Vision Treiber 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 285.62 - NVIDIA Corporation) NVIDIA Grafiktreiber 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.62 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.46.235 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.11.0621 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.8562 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 285.62 (Version: 285.62 - NVIDIA Corporation) Hidden NVIDIA Update 1.5.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.5.20 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.5.20 - NVIDIA Corporation) Hidden OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org) Opera Stable 20.0.1387.82 (HKLM-x32\...\Opera 20.0.1387.82) (Version: 20.0.1387.82 - Opera Software ASA) Origin86 (HKLM-x32\...\{96700F76-C4C8-4D76-9A1C-0065F8CF36BA}) (Version: 8.60.00 - OriginLab Corporation) Origin86 (x32 Version: 8.60.00 - OriginLab) Hidden Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC) PDF24 Creator 5.0.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Rampant Logic Postscript Viewer version 1.2 (HKLM-x32\...\{39C4C6DE-641B-483F-B875-2AEDF0FB85CA}_is1) (Version: 1.2 - Rampant Logic, LLC) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.) Reset NI Config 5.0.0 (x32 Version: 5.0.146.0 - National Instruments) Hidden Runtime für den NI-Systemkonfigurator 5.1.0 (x32 Version: 5.10.35.0 - National Instruments) Hidden SecureW2 Personal Client - Distribution Edition 2.0.6 for Windows (HKLM-x32\...\SecureW2 Personal Client - Distribution Edition) (Version: - ) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Star Wars Jedi Knight Jedi Academy (HKLM-x32\...\{0D994CC5-819F-4657-84DD-397B8FE1EA80}) (Version: - ) Star Wars JK II Jedi Outcast (HKLM-x32\...\{8681B1E6-CD96-46EF-9065-CE0D1085ED99}) (Version: - ) Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Steuer 2012 (HKCU\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab for Intel (HKLM-x32\...\{EFE3D683-903C-4B58-AB8F-C68C69F33758}) (Version: 4.5.3.0 - Husdawg, LLC) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH) TeXnicCenter Version 1.0 Stable RC1 (HKLM-x32\...\TeXnicCenter_is1) (Version: Version 1.0 Stable RC1 - TeXnicCenter.org) TeXstudio 2.3 (HKLM-x32\...\TeXstudio_is1) (Version: 2.3.0 - Benito van der Zander) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) Trust USB Audio (HKLM\...\C-Media CM106 Like Sound Driver) (Version: - ) Unknown Device Identifier 7.00 (HKLM-x32\...\Unknown Device Identifier_is1) (Version: - Huntersoft) VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.4.5.3 - Sony Corporation) VAIO Quick Web Access (x32 Version: 1.4.5.3 - Sony Corporation) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN) VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN) WIF Core Dependencies Windows 5.1.0 (x32 Version: 5.10.14.0 - National Instruments) Hidden Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Utils (HKLM-x32\...\Windows Utils) (Version: - ) WinHTTrack Website Copier 3.47-27 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.47.27 - HTTrack) Wolfram Mathematica 8 for Students (M-WIN-G 8.0.1 2063988) (HKLM\...\M-WIN-G 8.0.1 2063988_is1) (Version: 8.0.1 - Wolfram Research, Inc.) Wolfram Mathematica 9 (M-WIN-L 9.0.0 3868239) (HKLM\...\M-WIN-L 9.0.0 3868239_is1) (Version: 9.0.0 - Wolfram Research, Inc.) World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net) ==================== Restore Points ========================= 18-03-2014 13:21:08 Geplanter Prüfpunkt 18-03-2014 19:02:55 Windows Update 28-03-2014 10:09:59 Geplanter Prüfpunkt 30-03-2014 21:12:55 Free Pdf Perfect Prereq 30-03-2014 21:31:23 Removed Quake Live Mozilla Plugin ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {237FEE4F-16D5-40E0-9FC1-D750F91BCBB3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2257517358-2513234212-1466731007-1000Core => C:\Users\Michel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.) Task: {2A001984-B12D-4EFD-BFF9-C94B5815176A} - System32\Tasks\{8C5CCD90-B44D-4F03-B92F-2A1C7D543B4F} => D:\Program Files (x86)\Steam\SteamApps\common\swkotor\swconfig.exe [2012-02-01] () Task: {7BB1BF6F-DF82-400D-8855-0467EAECFD7C} - System32\Tasks\{E85643FE-48D1-4793-9109-C8A776618E1A} => D:\Program Files (x86)\Steam\SteamApps\common\swkotor\swconfig.exe [2012-02-01] () Task: {86788C98-03BA-4F30-8507-B3E84C281991} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-18] (Adobe Systems Incorporated) Task: {99542CCB-F90C-402C-9446-B98843D10F49} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {BC589345-7497-46B4-839F-06C854FE3B75} - System32\Tasks\{C671A1F0-FA55-4276-A1FC-1DB27A88BF4B} => C:\Users\Michel\Desktop\Installer\SecureW2_Personal_Client_206_UniGi_20091021.exe Task: {C37D8FCD-8B56-4842-9130-3DEC2319D0DB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2257517358-2513234212-1466731007-1000UA => C:\Users\Michel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.) Task: {C3FCCED8-653C-4A46-AC64-F0B65BD27F8B} - System32\Tasks\{D72130C0-DF13-48FE-94C4-9B7CD362FB36} => D:\Program Files (x86)\Steam\Steam.exe [2012-08-25] (Valve Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2257517358-2513234212-1466731007-1000Core.job => C:\Users\Michel\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2257517358-2513234212-1466731007-1000UA.job => C:\Users\Michel\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-01-17 18:19 - 2014-01-17 18:19 - 00118784 _____ () C:\Windows\system32\aspnet`counters.exe 2012-11-19 19:49 - 2011-04-25 21:16 - 00515584 ____N () C:\Program Files\2.4G Ergo Laser Device\TSR\xDaemon.exe 2012-11-19 19:49 - 2011-05-05 22:15 - 00553472 ____N () C:\Program Files\2.4G Ergo Laser Device\UI\xManager\xTools.dll 2014-03-21 01:09 - 2014-03-19 12:00 - 01380704 _____ () C:\Program Files (x86)\Opera\20.0.1387.82\opera_crashreporter.exe 2012-12-17 18:07 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-02-13 15:54 - 2014-02-13 15:54 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\aa739380ca2b2fc7366d464d2f2301ac\IsdiInterop.ni.dll 2011-12-31 02:27 - 2010-09-13 19:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-03-21 01:09 - 2014-03-19 12:00 - 00908640 _____ () C:\Program Files (x86)\Opera\20.0.1387.82\libglesv2.dll 2014-03-21 01:09 - 2014-03-19 12:00 - 00108896 _____ () C:\Program Files (x86)\Opera\20.0.1387.82\libegl.dll 2014-03-21 01:09 - 2014-03-19 12:00 - 00895328 _____ () C:\Program Files (x86)\Opera\20.0.1387.82\ffmpegsumo.dll 2014-03-18 14:42 - 2014-03-18 14:42 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll 2014-03-28 13:10 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2011-10-15 01:54 - 2011-10-15 01:54 - 00265536 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/31/2014 06:39:10 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/31/2014 01:16:47 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/31/2014 09:26:44 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/30/2014 11:36:48 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/30/2014 11:31:23 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2257517358-2513234212-1466731007-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. . Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {69c0c1cd-e986-4479-8446-c2721cb0c88c} Error: (03/30/2014 11:12:55 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2257517358-2513234212-1466731007-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. . Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {891ec023-d96d-4ab3-a006-dc4aaf4dabe3} Error: (03/30/2014 10:54:45 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Michel-PC) Description: Sie konnten nicht angemeldet werden, da das lokal gespeicherte Profil nicht geladen werden konnte. Überprüfen Sie, ob eine Netzwerkverbindung besteht und das Netzwerk ordnungsgemäß funktioniert. Details - Nur ein Teil der ReadProcessMemory- oder WriteProcessMemory-Anforderung wurde abgeschlossen. Error: (03/30/2014 10:54:45 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Michel-PC) Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren. Error: (03/30/2014 10:54:45 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Michel-PC) Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden. Error: (03/30/2014 10:54:45 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Michel-PC) Description: Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigtes lokales Profil. Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. System errors: ============= Error: (03/31/2014 06:38:54 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (03/31/2014 06:37:34 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nicanpk" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (03/31/2014 01:16:17 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (03/31/2014 01:15:12 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nicanpk" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (03/31/2014 09:26:26 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (03/31/2014 09:25:10 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nicanpk" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (03/30/2014 11:36:18 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (03/30/2014 11:35:15 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nicanpk" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (03/30/2014 10:54:45 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "LoadUserProfile" ist aufgrund folgenden Fehlers fehlgeschlagen: %%299 Error: (03/30/2014 10:53:22 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Microsoft Office Sessions: ========================= Error: (03/31/2014 06:39:10 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/31/2014 01:16:47 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/31/2014 09:26:44 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/30/2014 11:36:48 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/30/2014 11:31:23 PM) (Source: VSS)(User: ) Description: ConvertStringSidToSid(S-1-5-21-2257517358-2513234212-1466731007-1001.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {69c0c1cd-e986-4479-8446-c2721cb0c88c} Error: (03/30/2014 11:12:55 PM) (Source: VSS)(User: ) Description: ConvertStringSidToSid(S-1-5-21-2257517358-2513234212-1466731007-1001.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {891ec023-d96d-4ab3-a006-dc4aaf4dabe3} Error: (03/30/2014 10:54:45 PM) (Source: Microsoft-Windows-User Profiles Service)(User: Michel-PC) Description: Nur ein Teil der ReadProcessMemory- oder WriteProcessMemory-Anforderung wurde abgeschlossen. Error: (03/30/2014 10:54:45 PM) (Source: Microsoft-Windows-User Profiles Service)(User: Michel-PC) Description: Error: (03/30/2014 10:54:45 PM) (Source: Microsoft-Windows-User Profiles Service)(User: Michel-PC) Description: Error: (03/30/2014 10:54:45 PM) (Source: Microsoft-Windows-User Profiles Service)(User: Michel-PC) Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. CodeIntegrity Errors: =================================== Date: 2011-12-31 17:40:02.993 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Michel\Downloads\PCIUtil.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-12-31 17:40:02.993 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Michel\Downloads\PCIUtil.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-12-31 17:40:02.913 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Michel\AppData\Local\Temp\PCIUtil.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-12-31 17:40:02.913 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Michel\AppData\Local\Temp\PCIUtil.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-12-31 17:39:39.419 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Michel\Downloads\PCIUtil.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-12-31 17:39:39.409 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Michel\Downloads\PCIUtil.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-12-31 17:39:39.289 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Michel\AppData\Local\Temp\PCIUtil.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-12-31 17:39:39.279 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Michel\AppData\Local\Temp\PCIUtil.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-12-31 17:39:28.577 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Michel\Downloads\PCIUtil.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-12-31 17:39:28.567 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Michel\Downloads\PCIUtil.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 60% Total physical RAM: 4077.86 MB Available physical RAM: 1618.39 MB Total Pagefile: 8153.9 MB Available Pagefile: 5260.07 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:195.31 GB) (Free:71.67 GB) NTFS Drive d: () (Fixed) (Total:256.34 GB) (Free:53.65 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8C2078A1) Partition 1: (Not Active) - (Size=14 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=195 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=256 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-04-01 20:28:45 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0006 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\Michel\AppData\Local\Temp\uwdiypow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 666 fffff800033af08a 7 bytes [00, 00, 00, 00, 00, 00, 03] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 674 fffff800033af092 4 bytes [00, 00, 00, 00] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768a1465 2 bytes [8A, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768a14bb 2 bytes [8A, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\ntdll.dll [1736:1740] 000000000108d1f6 Thread C:\Windows\SysWOW64\ntdll.dll [1736:1780] 00000000721f8c90 Thread C:\Windows\SysWOW64\ntdll.dll [1736:2496] 000000006fc78960 Thread C:\Windows\SysWOW64\ntdll.dll [1736:2436] 000000006fc78960 Thread C:\Windows\SysWOW64\ntdll.dll [1736:2228] 000000006fc78960 Thread C:\Windows\SysWOW64\ntdll.dll [1736:2224] 000000006fc74090 Thread C:\Windows\SysWOW64\ntdll.dll [1736:692] 000000007261e2cb Thread C:\Windows\SysWOW64\ntdll.dll [580:2680] 00000000011553d3 Thread C:\Windows\SysWOW64\ntdll.dll [580:3596] 00000000732fb89c Thread C:\Windows\SysWOW64\ntdll.dll [580:3600] 00000000732fbaf3 Thread C:\Windows\SysWOW64\ntdll.dll [580:3604] 00000000732fb3c2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5b5512e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5b5512e@40a6d90ba5af 0x10 0x32 0x98 0x57 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5b5512e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5b5512e@40a6d90ba5af 0x10 0x32 0x98 0x57 ... ---- EOF - GMER 2.1 ---- |
02.04.2014, 07:10 | #2 |
/// the machine /// TB-Ausbilder | Probleme mit Firefox Add-On "Download Protect 2.2.0" hi,
__________________Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
02.04.2014, 15:33 | #3 |
| Probleme mit Firefox Add-On "Download Protect 2.2.0" Hi, vielen Dank für deine Hilfe, hier die Logfiles:
__________________Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Michel at 2014-04-02 15:37:27 Run:1 Running from C:\Users\Michel\Desktop\help Boot Mode: Normal ============================================== Content of fixlist: ***************** GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ***************** C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. The system needed a reboot. ==== End of Fixlog ==== Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 02.04.2014 Suchlauf-Zeit: 16:14:40 Logdatei: mbamlog.txt Administrator: Ja Version: 2.00.0.1000 Malware Datenbank: v2014.04.02.05 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Michel Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 342826 Verstrichene Zeit: 29 Min, 47 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 02/04/2014 um 16:19:35 # Aktualisiert 01/04/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Michel - MICHEL-PC # Gestartet von : C:\Users\Michel\Desktop\help\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\SoftwareUpdater Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\Users\Michel\AppData\Local\TempDir Ordner Gelöscht : C:\Users\Michel\AppData\LocalLow\boost_interprocess Ordner Gelöscht : C:\Users\Michel\AppData\LocalLow\SimplyTech Ordner Gelöscht : C:\Users\Michel\AppData\Roaming\DesktopIconForAmazon Ordner Gelöscht : C:\Users\Michel\AppData\Roaming\OCS Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\SimplyTech Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\fqdayykf.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947} Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\fqdayykf.default\user.js Datei Gelöscht : C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Schlüssel Gelöscht : HKCU\Software\5d57d88ab16eed10 Schlüssel Gelöscht : HKLM\SOFTWARE\5d57d88ab16eed10 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gelöscht : HKCU\Software\APN PIP Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\PIP Schlüssel Gelöscht : HKCU\Software\powerpack Schlüssel Gelöscht : HKCU\Software\simplytech Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Show-Password Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\Software\DeviceVM Schlüssel Gelöscht : HKLM\Software\PIP Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16521 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)] -\\ Mozilla Firefox v28.0 (de) [ Datei : C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\prefs.js ] [ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\fqdayykf.default\prefs.js ] Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search"); Zeile gelöscht : user_pref("browser.search.order.1", "Web Search"); -\\ Google Chrome v [ Datei : C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht : homepage ************************* AdwCleaner[R0].txt - [13997 octets] - [02/04/2014 16:17:12] AdwCleaner[S0].txt - [12594 octets] - [02/04/2014 16:19:35] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12655 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.3 (03.23.2014:1) OS: Windows 7 Professional x64 Ran by Michel on 02.04.2014 at 16:23:57,13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2257517358-2513234212-1466731007-1000\Software\sweetim ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Michel\AppData\Roaming\mozilla\firefox\profiles\m50yugco.default\minidumps [5 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 02.04.2014 at 16:28:19,58 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Michel (administrator) on MICHEL-PC on 02-04-2014 16:29:25 Running from C:\Users\Michel\Desktop\help Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe () C:\Windows\system32\aspnet`counters.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe () C:\Program Files\2.4G Ergo Laser Device\TSR\xDaemon.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-22] (Conexant Systems, Inc.) HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790688 2011-04-29] (Atheros Communications) HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-04-29] (Atheros Commnucations) HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-03-23] (Alps Electric Co., Ltd.) HKLM\...\Run: [Cm106Sound] - C:\Windows\Syswow64\cm106.dll [8126464 2009-05-11] (C-Media Corporation) HKLM\...\Run: [2.4G Ergo Laser Device Main Program] - C:\Program Files\2.4G Ergo Laser Device\TSR\xDaemon.exe [515584 2011-04-25] () HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {9e879b04-c92b-11e2-b78f-78843cf81918} - G:\AutoRun.exe HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {bae07a93-33bb-11e1-830e-78843cf81918} - F:\Autorun.exe HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {ed148876-c126-11e2-94a7-78843cf81918} - H:\AutoRun.exe HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {ed148890-c126-11e2-94a7-78843cf81918} - H:\AutoRun.exe HKU\S-1-5-21-2257517358-2513234212-1466731007-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 HKU\S-1-5-21-2257517358-2513234212-1466731007-1001\...\MountPoints2: {57b5004f-3347-11e1-bb76-806e6f6e6963} - E:\Autorun.exe HKU\S-1-5-21-2257517358-2513234212-1466731007-1001\...\MountPoints2: {bae07a93-33bb-11e1-830e-78843cf81918} - F:\autorun.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE3D12CFF78A1CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 09 D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24280] (National Instruments Corporation) Winsock: Catalog5-x64 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26328] (National Instruments Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.0.3824406\npmathplugin.dll (Wolfram Research, Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Michel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Michel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Michel\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2010win32.dll (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2011win32.dll (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\googletranslate.xml FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\startpage-ssl.xml FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\wolframalpha.xml FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\youtube.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: FoxyProxy Standard - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\foxyproxy@eric.h.jung [2014-03-28] FF Extension: Flashblock - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-03-28] FF Extension: All-in-One Gestures - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2014-03-28] FF Extension: NoScript - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-02] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-15] FF HKLM-x32\...\Firefox\Extensions: [{9942E1EE-D102-4E37-812F-1AF320DCE933}] - C:\Windows\Installer\{6EE70575-8D13-49B9-A1E4-69AC565AFEAB}\{9942E1EE-D102-4E37-812F-1AF320DCE933}.xpi FF Extension: Download Protect - C:\Windows\Installer\{6EE70575-8D13-49B9-A1E4-69AC565AFEAB}\{9942E1EE-D102-4E37-812F-1AF320DCE933}.xpi [2014-04-02] Chrome: ======= CHR HomePage: CHR Extension: (YouTube) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-20] CHR Extension: (Google Search) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-20] CHR Extension: (Download Protect) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbonpmilncgdemeljgfkdcenidmmacm [2014-01-29] CHR Extension: (Download Protect) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkkojlgbmboapbefmilfbeakgakbgedc [2014-01-23] CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-04-20] CHR Extension: (Gmail) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-20] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Michel\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-08] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros) R2 fc64; C:\Windows\system32\aspnet`counters.exe [118784 2014-01-17] () S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.) S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [46192 2011-06-14] (National Instruments Corporation) S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [56952 2011-06-14] (National Instruments Corporation) S4 mxssvr; D:\Program Files (x86)\National Instruments\MAX\nimxs.exe [12696 2011-06-14] (National Instruments Corporation) S4 NIApplicationWebServer; D:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [50336 2011-11-17] (National Instruments Corporation) S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [68256 2011-11-17] (National Instruments Corporation) S4 NIDomainService; D:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [362104 2011-06-14] (National Instruments Corporation) S3 NILM License Manager; D:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation) S4 nimDNSResponder; D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [194224 2011-06-01] (National Instruments Corporation) S4 NINetworkDiscovery; D:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [121032 2011-11-30] (National Instruments Corporation) S4 NiRioRpc; C:\Windows\SysWOW64\NiRioRpc.exe [30344 2012-01-07] (National Instruments Corporation) S4 niSvcLoc; D:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [50328 2011-11-17] (National Instruments Corporation) S4 NITaggerService; D:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [676528 2011-10-24] (National Instruments Corporation) S4 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-29] (soft Xpansion) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-31] (DT Soft Ltd) S3 ni1006k; C:\Windows\system32\drivers\ni1006k.sys [30800 2011-04-08] (National Instruments Corporation) S3 ni1045k; C:\Windows\system32\drivers\ni1045kl.sys [11856 2011-04-08] (National Instruments Corporation) S3 ni1065k; C:\Windows\system32\drivers\ni1065k.sys [26704 2011-04-08] (National Instruments Corporation) S2 nicanpk; C:\Windows\System32\DRIVERS\nicanpkl.sys [11920 2011-06-01] (National Instruments Corporation) R0 nipxibaf; C:\Windows\System32\drivers\nipxibaf.sys [82568 2011-04-08] (National Instruments Corporation) R0 nipxibrc; C:\Windows\System32\drivers\nipxibrc.sys [54424 2011-04-08] (National Instruments Corporation) S3 niswdk; C:\Windows\system32\drivers\niswdkl.sys [12936 2011-03-23] (National Instruments Corporation) S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1306624 2009-05-14] (C-Media Electronics Inc) S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 vpnva; system32\DRIVERS\vpnva64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-02 16:28 - 2014-04-02 16:28 - 00001077 _____ () C:\Users\Michel\Desktop\JRT.txt 2014-04-02 16:28 - 2014-04-02 16:28 - 00000000 ___RD () C:\Users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-04-02 16:23 - 2014-04-02 16:23 - 00000000 ____D () C:\Windows\ERUNT 2014-04-02 16:17 - 2014-04-02 16:19 - 00000000 ____D () C:\AdwCleaner 2014-04-01 20:28 - 2014-04-01 20:28 - 00003750 _____ () C:\Users\Michel\Documents\gmer.log 2014-03-31 19:37 - 2014-04-02 16:29 - 00000000 ____D () C:\FRST 2014-03-31 19:37 - 2014-03-31 19:37 - 00000000 _____ () C:\Users\Michel\defogger_reenable 2014-03-31 19:36 - 2014-04-02 16:29 - 00000000 ____D () C:\Users\Michel\Desktop\help 2014-03-30 23:32 - 2014-03-30 23:32 - 00000000 ____D () C:\Windows\system32\IO 2014-03-30 21:44 - 2014-04-02 15:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-30 21:44 - 2014-03-30 21:46 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-03-30 21:44 - 2014-03-30 21:44 - 04095448 _____ (BrightFort LLC ) C:\Users\Michel\Downloads\spywareblastersetup50.exe 2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Licenses 2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-30 21:44 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-30 21:44 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-30 21:44 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-30 21:44 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL 2014-03-30 21:43 - 2014-03-30 21:43 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Michel\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-29 21:13 - 2014-03-29 21:13 - 00000000 ____D () C:\Users\Michel\Desktop\Musik 2014-03-28 13:10 - 2014-03-28 13:11 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Mozilla 2014-03-28 13:07 - 2014-03-28 13:07 - 00283192 _____ (Mozilla) C:\Users\Michel\Downloads\Firefox Setup Stub 28.0.exe 2014-03-26 18:33 - 2014-04-02 15:40 - 00000728 __RSH () C:\ProgramData\ntuser.pol 2014-03-26 18:31 - 2014-03-26 18:31 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-03-25 13:13 - 2014-03-25 13:13 - 10575008 _____ () C:\Users\Michel\Downloads\FreeFileSync_6.3_Windows_Setup.exe 2014-03-22 11:43 - 2014-03-22 11:44 - 00000890 _____ () C:\Users\Michel\Desktop\Thesis.lnk 2014-03-21 14:19 - 2014-03-21 14:19 - 00550371 _____ () C:\Users\Michel\Downloads\Autoruns.zip 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iTunes 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iPod 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-03-21 14:04 - 2014-03-21 14:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-03-21 01:26 - 2014-03-21 01:26 - 00000000 ____D () C:\Users\Michel\Documents\geschenke 2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ____D () C:\Users\Michel\AppData\Local\Skype 2014-03-19 14:00 - 2014-03-20 13:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-18 14:42 - 2014-03-18 14:42 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-03-18 12:19 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-18 12:19 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-18 12:19 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-18 12:19 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-18 12:19 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-18 12:19 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-18 12:19 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-18 12:19 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-18 12:19 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-18 12:19 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-18 12:19 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-18 12:19 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-18 12:19 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-18 12:19 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-18 12:19 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-18 12:19 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-18 12:19 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-18 12:19 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-18 12:19 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-18 12:18 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-18 12:18 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-18 12:18 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-18 12:18 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-18 12:18 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-18 12:18 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-18 12:18 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-18 12:18 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-18 12:18 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-18 12:18 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-18 12:18 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-18 12:18 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-18 12:18 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-18 12:18 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-18 12:18 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-18 12:18 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-18 12:18 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-18 12:18 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-18 12:18 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-18 12:18 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-18 12:18 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-18 12:18 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-18 12:18 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-18 12:18 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-18 12:18 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-18 12:18 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-18 12:18 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-18 12:18 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-18 12:18 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-18 12:15 - 2014-03-18 12:15 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Avira 2014-03-18 12:11 - 2014-03-18 12:11 - 00000000 ____D () C:\Users\Gast\AppData\Local\Macromedia 2014-03-18 12:10 - 2014-03-18 12:10 - 00000000 ____D () C:\Users\Gast\Documents\PDF Files 2014-03-05 11:29 - 2014-03-05 11:30 - 00012547 _____ () C:\Users\Michel\Documents\kündigung szl.odt ==================== One Month Modified Files and Folders ======= 2014-04-02 16:29 - 2014-03-31 19:37 - 00000000 ____D () C:\FRST 2014-04-02 16:29 - 2014-03-31 19:36 - 00000000 ____D () C:\Users\Michel\Desktop\help 2014-04-02 16:28 - 2014-04-02 16:28 - 00001077 _____ () C:\Users\Michel\Desktop\JRT.txt 2014-04-02 16:28 - 2014-04-02 16:28 - 00000000 ___RD () C:\Users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-04-02 16:28 - 2011-12-31 02:41 - 00000000 ____D () C:\Users\Michel\Documents\Bluetooth Folder 2014-04-02 16:28 - 2011-04-12 09:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-04-02 16:28 - 2011-04-12 09:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-04-02 16:28 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-02 16:28 - 2009-07-14 06:45 - 00022032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-02 16:28 - 2009-07-14 06:45 - 00022032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-02 16:23 - 2014-04-02 16:23 - 00000000 ____D () C:\Windows\ERUNT 2014-04-02 16:20 - 2011-12-31 12:17 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-02 16:20 - 2011-12-31 02:00 - 01409740 _____ () C:\Windows\WindowsUpdate.log 2014-04-02 16:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-02 16:20 - 2009-07-14 06:51 - 00168424 _____ () C:\Windows\setupact.log 2014-04-02 16:19 - 2014-04-02 16:17 - 00000000 ____D () C:\AdwCleaner 2014-04-02 15:54 - 2013-01-13 11:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-02 15:44 - 2014-03-30 21:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-02 15:40 - 2014-03-26 18:33 - 00000728 __RSH () C:\ProgramData\ntuser.pol 2014-04-02 15:40 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-04-01 20:28 - 2014-04-01 20:28 - 00003750 _____ () C:\Users\Michel\Documents\gmer.log 2014-04-01 20:16 - 2012-01-02 16:14 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Skype 2014-04-01 15:42 - 2012-12-06 02:01 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Dropbox 2014-04-01 15:42 - 2011-12-31 16:43 - 00000000 ____D () C:\Users\Michel\Desktop\Uni 2014-03-31 19:59 - 2014-02-11 13:23 - 00001165 _____ () C:\Users\Michel\Desktop\Neues Textdokument.txt 2014-03-31 19:37 - 2014-03-31 19:37 - 00000000 _____ () C:\Users\Michel\defogger_reenable 2014-03-31 19:37 - 2011-12-31 02:09 - 00000000 ____D () C:\Users\Michel 2014-03-30 23:34 - 2010-11-21 05:47 - 00351584 _____ () C:\Windows\PFRO.log 2014-03-30 23:32 - 2014-03-30 23:32 - 00000000 ____D () C:\Windows\system32\IO 2014-03-30 23:29 - 2013-08-29 10:57 - 00000000 ____D () C:\ProgramData\Freemium 2014-03-30 23:28 - 2012-10-19 19:56 - 00000000 ____D () C:\ProgramData\Corel 2014-03-30 23:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-03-30 23:01 - 2014-02-15 13:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-30 22:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Speech 2014-03-30 21:46 - 2014-03-30 21:44 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-03-30 21:44 - 2014-03-30 21:44 - 04095448 _____ (BrightFort LLC ) C:\Users\Michel\Downloads\spywareblastersetup50.exe 2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Licenses 2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-30 21:43 - 2014-03-30 21:43 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Michel\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-29 21:13 - 2014-03-29 21:13 - 00000000 ____D () C:\Users\Michel\Desktop\Musik 2014-03-28 17:47 - 2012-05-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-28 13:11 - 2014-03-28 13:10 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Mozilla 2014-03-28 13:07 - 2014-03-28 13:07 - 00283192 _____ (Mozilla) C:\Users\Michel\Downloads\Firefox Setup Stub 28.0.exe 2014-03-28 13:00 - 2012-03-03 11:34 - 00000000 ____D () C:\Users\Michel\AppData\Local\Paint.NET 2014-03-28 12:58 - 2013-05-22 16:53 - 00000000 ____D () C:\Users\Michel\Documents\Rezepte 2014-03-26 18:32 - 2012-12-01 20:45 - 00102624 _____ () C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-26 18:31 - 2014-03-26 18:31 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-03-26 18:30 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-25 17:00 - 2013-02-13 23:42 - 00001766 _____ () C:\Users\Michel\Desktop\unidropbox.ffs_batch 2014-03-25 13:39 - 2013-04-23 18:20 - 00004828 _____ () C:\Users\Michel\Desktop\SyncJob.ffs_gui 2014-03-25 13:15 - 2012-05-10 17:25 - 00000000 ____D () C:\Users\Michel\Documents\Kontoauszüge 2014-03-25 13:13 - 2014-03-25 13:13 - 10575008 _____ () C:\Users\Michel\Downloads\FreeFileSync_6.3_Windows_Setup.exe 2014-03-25 12:54 - 2013-04-23 13:28 - 00000000 ____D () C:\Users\Michel\MP3s 2014-03-24 14:13 - 2013-08-29 11:04 - 00000000 ____D () C:\Users\Michel\Documents\WG Ludwigstr 2014-03-24 01:51 - 2011-12-31 18:39 - 00000000 ____D () C:\Users\Michel\AppData\Local\CrashDumps 2014-03-23 17:00 - 2013-10-06 23:14 - 00000000 ____D () C:\Users\Michel\Desktop\Misc 2014-03-22 11:44 - 2014-03-22 11:43 - 00000890 _____ () C:\Users\Michel\Desktop\Thesis.lnk 2014-03-21 14:35 - 2012-04-11 15:56 - 02732392 _____ () C:\Users\Michel\Documents\AutoRuns.arn 2014-03-21 14:22 - 2011-12-31 02:10 - 00000000 ___RD () C:\Users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-21 14:19 - 2014-03-21 14:19 - 00550371 _____ () C:\Users\Michel\Downloads\Autoruns.zip 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iTunes 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iPod 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-03-21 14:05 - 2011-12-31 16:42 - 00000000 ____D () C:\ProgramData\Apple 2014-03-21 14:04 - 2014-03-21 14:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-03-21 01:26 - 2014-03-21 01:26 - 00000000 ____D () C:\Users\Michel\Documents\geschenke 2014-03-21 01:09 - 2013-07-17 09:45 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ____D () C:\Users\Michel\AppData\Local\Skype 2014-03-20 17:24 - 2012-01-02 16:14 - 00000000 ____D () C:\ProgramData\Skype 2014-03-20 13:55 - 2014-03-19 14:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-19 02:09 - 2009-07-14 06:45 - 00424552 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-18 21:05 - 2013-08-10 19:49 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-18 21:04 - 2011-12-31 02:57 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-18 14:42 - 2014-03-18 14:42 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-03-18 14:42 - 2013-01-13 11:06 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-18 14:42 - 2012-04-15 08:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-18 14:42 - 2012-01-02 01:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-18 12:15 - 2014-03-18 12:15 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Avira 2014-03-18 12:11 - 2014-03-18 12:11 - 00000000 ____D () C:\Users\Gast\AppData\Local\Macromedia 2014-03-18 12:10 - 2014-03-18 12:10 - 00000000 ____D () C:\Users\Gast\Documents\PDF Files 2014-03-18 12:10 - 2013-07-10 16:30 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla 2014-03-18 12:09 - 2012-12-01 20:44 - 00001421 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-18 12:09 - 2012-12-01 20:44 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-18 12:09 - 2012-12-01 20:44 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-18 12:09 - 2012-12-01 20:44 - 00000000 ____D () C:\Users\Gast\Documents\Bluetooth Folder 2014-03-08 23:32 - 2012-03-17 17:25 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\vlc 2014-03-05 11:30 - 2014-03-05 11:29 - 00012547 _____ () C:\Users\Michel\Documents\kündigung szl.odt 2014-03-05 09:26 - 2014-03-30 21:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-05 09:26 - 2014-03-30 21:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-05 09:26 - 2014-03-30 21:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\avgnt.exe C:\Users\Michel\AppData\Local\Temp\avgnt.exe C:\Users\Michel\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\Michel\AppData\Local\Temp\expertpdf_v5.exe C:\Users\Michel\AppData\Local\Temp\Quarantine.exe C:\Users\Michel\AppData\Local\Temp\ResetDevice.exe C:\Users\Michel\AppData\Local\Temp\SpotifyUninstall.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-31 11:27 ==================== End Of Log ============================ --- --- --- |
03.04.2014, 10:42 | #4 |
/// the machine /// TB-Ausbilder | Probleme mit Firefox Add-On "Download Protect 2.2.0"ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
04.04.2014, 09:55 | #5 |
| Probleme mit Firefox Add-On "Download Protect 2.2.0" Hey ein kleines Problem: Hab den ESET-Scanner beim ersten mal abbrechen müssen, weil mir die Zeit ausgegangen ist. Anscheinend hat er aber nur die Logdatei vom ersten run gespeichert. Ich habe mal das log zu den Dateien die er beim zweiten Mal gefunden hat gespeichert. Das waren allerdings allesamt Kopien(außer die Datei wurde irgendwie überschrieben) eines kleinen Pascal-Programms, dass testet ob die Zahlen von 1-2000 abundant, vollkommen oder defizient sind. Musste ich im Rahmen meines Studiums selbst schreiben. Nun also die Frage, soll ich das Programm nochmal laufen lassen wegen des Logs? Das Addon "Download Protect 2.2.0" wird immer noch in der Liste der Add-ons bei Firefox angezeigt, hat sich aber bisher noch nicht wieder selbst aktiviert. Müsste mal ein paar Tage abwarten, um definitiv sagen zu könne ob das Problem gelöst ist oder nicht, da das ganze ist wie gesagt immer in unregelmäßigen Abständen passiert. ESET log Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=aa36766c210eee4b91728742d31debd7 # engine=17736 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-03 10:43:51 # local_time=2014-04-03 12:43:51 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 96 10589 261945121 3359 0 # compatibility_mode=5893 16776574 100 94 22985033 148151681 0 0 # scanned=66889 # found=0 # cleaned=0 # scan_time=1406 Code:
ATTFilter C:\Users\Michel\Desktop\Uni\Sonstiges\Archiv\1. Semester WS 11-12\i386-win32\test.exe probably unknown NewHeur_PE virus deleted - quarantined D:\Dropbox\Uni Physik\Sonstiges\Archiv\1. Semester WS 11-12\i386-win32\test.exe probably unknown NewHeur_PE virus deleted - quarantined D:\Uni Physik\i386-win32\test.exe probably unknown NewHeur_PE virus deleted - quarantined G:\Uni Physik\Sonstiges\Archiv\1. Semester WS 11-12\i386-win32\test.exe probably unknown NewHeur_PE virus deleted - quarantined J:\$RECYCLE.BIN\S-1-5-21-2257517358-2513234212-1466731007-1000\$RFM9ETP\i386-win32\test.exe probably unknown NewHeur_PE virus deleted - quarantined J:\Sync\Uni Physik\Archiv\WS 11-12\i386-win32\test.exe probably unknown NewHeur_PE virus deleted - quarantined Code:
ATTFilter Results of screen317's Security Check version 0.99.80 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.0 Java(TM) 6 Update 33 Java 7 Update 51 Adobe Flash Player 12.0.0.77 Adobe Reader 10.1.9 Adobe Reader out of Date! Mozilla Firefox (28.0) Mozilla Thunderbird (24.4.0) Google Chrome 18.0.1025.162 Google Chrome 18.0.1025.168 Google Chrome wtsapi32.dll.. ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Michel (administrator) on MICHEL-PC on 04-04-2014 10:43:52 Running from C:\Users\Michel\Desktop\help Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe () C:\Windows\system32\aspnet`counters.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe () C:\Program Files\2.4G Ergo Laser Device\TSR\xDaemon.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-22] (Conexant Systems, Inc.) HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790688 2011-04-29] (Atheros Communications) HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-04-29] (Atheros Commnucations) HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-03-23] (Alps Electric Co., Ltd.) HKLM\...\Run: [Cm106Sound] - C:\Windows\Syswow64\cm106.dll [8126464 2009-05-11] (C-Media Corporation) HKLM\...\Run: [2.4G Ergo Laser Device Main Program] - C:\Program Files\2.4G Ergo Laser Device\TSR\xDaemon.exe [515584 2011-04-25] () HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {9e879b04-c92b-11e2-b78f-78843cf81918} - G:\AutoRun.exe HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {bae07a93-33bb-11e1-830e-78843cf81918} - F:\Autorun.exe HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {ed148876-c126-11e2-94a7-78843cf81918} - H:\AutoRun.exe HKU\S-1-5-21-2257517358-2513234212-1466731007-1000\...\MountPoints2: {ed148890-c126-11e2-94a7-78843cf81918} - H:\AutoRun.exe HKU\S-1-5-21-2257517358-2513234212-1466731007-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 HKU\S-1-5-21-2257517358-2513234212-1466731007-1001\...\MountPoints2: {57b5004f-3347-11e1-bb76-806e6f6e6963} - E:\Autorun.exe HKU\S-1-5-21-2257517358-2513234212-1466731007-1001\...\MountPoints2: {bae07a93-33bb-11e1-830e-78843cf81918} - F:\autorun.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE3D12CFF78A1CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 09 D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24280] (National Instruments Corporation) Winsock: Catalog5-x64 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26328] (National Instruments Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default FF DefaultSearchEngine: dict.cc FF SelectedSearchEngine: dict.cc FF NetworkProxy: "socks_remote_dns", true FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.0.3824406\npmathplugin.dll (Wolfram Research, Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Michel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Michel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Michel\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2010win32.dll (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2011win32.dll (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\dictcc.xml FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\googletranslate.xml FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\startpage-ssl.xml FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\wolframalpha.xml FF SearchPlugin: C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\searchplugins\youtube.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: FoxyProxy Standard - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\foxyproxy@eric.h.jung [2014-03-28] FF Extension: Flashblock - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-03-28] FF Extension: All-in-One Gestures - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2014-03-28] FF Extension: NoScript - C:\Users\Michel\AppData\Roaming\Mozilla\Firefox\Profiles\m50yugco.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-02] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-15] FF HKLM-x32\...\Firefox\Extensions: [{9942E1EE-D102-4E37-812F-1AF320DCE933}] - C:\Windows\Installer\{6EE70575-8D13-49B9-A1E4-69AC565AFEAB}\{9942E1EE-D102-4E37-812F-1AF320DCE933}.xpi FF Extension: Download Protect - C:\Windows\Installer\{6EE70575-8D13-49B9-A1E4-69AC565AFEAB}\{9942E1EE-D102-4E37-812F-1AF320DCE933}.xpi [2014-04-02] Chrome: ======= CHR HomePage: CHR Extension: (YouTube) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-20] CHR Extension: (Google Search) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-20] CHR Extension: (Download Protect) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbonpmilncgdemeljgfkdcenidmmacm [2014-01-29] CHR Extension: (Download Protect) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkkojlgbmboapbefmilfbeakgakbgedc [2014-01-23] CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-04-20] CHR Extension: (Gmail) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-20] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Michel\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-08] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros) R2 fc64; C:\Windows\system32\aspnet`counters.exe [118784 2014-01-17] () S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.) S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [46192 2011-06-14] (National Instruments Corporation) S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [56952 2011-06-14] (National Instruments Corporation) S4 mxssvr; D:\Program Files (x86)\National Instruments\MAX\nimxs.exe [12696 2011-06-14] (National Instruments Corporation) S4 NIApplicationWebServer; D:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [50336 2011-11-17] (National Instruments Corporation) S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [68256 2011-11-17] (National Instruments Corporation) S4 NIDomainService; D:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [362104 2011-06-14] (National Instruments Corporation) S3 NILM License Manager; D:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation) S4 nimDNSResponder; D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [194224 2011-06-01] (National Instruments Corporation) S4 NINetworkDiscovery; D:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [121032 2011-11-30] (National Instruments Corporation) S4 NiRioRpc; C:\Windows\SysWOW64\NiRioRpc.exe [30344 2012-01-07] (National Instruments Corporation) S4 niSvcLoc; D:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [50328 2011-11-17] (National Instruments Corporation) S4 NITaggerService; D:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [676528 2011-10-24] (National Instruments Corporation) S4 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-08-29] (soft Xpansion) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-31] (DT Soft Ltd) S3 ni1006k; C:\Windows\system32\drivers\ni1006k.sys [30800 2011-04-08] (National Instruments Corporation) S3 ni1045k; C:\Windows\system32\drivers\ni1045kl.sys [11856 2011-04-08] (National Instruments Corporation) S3 ni1065k; C:\Windows\system32\drivers\ni1065k.sys [26704 2011-04-08] (National Instruments Corporation) S2 nicanpk; C:\Windows\System32\DRIVERS\nicanpkl.sys [11920 2011-06-01] (National Instruments Corporation) R0 nipxibaf; C:\Windows\System32\drivers\nipxibaf.sys [82568 2011-04-08] (National Instruments Corporation) R0 nipxibrc; C:\Windows\System32\drivers\nipxibrc.sys [54424 2011-04-08] (National Instruments Corporation) S3 niswdk; C:\Windows\system32\drivers\niswdkl.sys [12936 2011-03-23] (National Instruments Corporation) S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1306624 2009-05-14] (C-Media Electronics Inc) S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 vpnva; system32\DRIVERS\vpnva64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-03 15:30 - 2014-04-03 15:30 - 00000000 ___RD () C:\Users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-04-03 11:56 - 2014-04-03 11:56 - 00987442 _____ () C:\Users\Michel\Desktop\SecurityCheck.exe 2014-04-03 11:55 - 2014-04-03 11:56 - 02347384 _____ (ESET) C:\Users\Michel\Downloads\esetsmartinstaller_enu.exe 2014-04-02 23:15 - 2014-04-02 23:15 - 00000000 ____H () C:\Users\Michel\Documents\Default.rdp 2014-04-02 22:18 - 2014-04-02 22:44 - 00000000 ____D () C:\Users\Michel\Desktop\blub 2014-04-02 16:23 - 2014-04-02 16:23 - 00000000 ____D () C:\Windows\ERUNT 2014-04-02 16:17 - 2014-04-02 16:19 - 00000000 ____D () C:\AdwCleaner 2014-04-01 20:28 - 2014-04-01 20:28 - 00003750 _____ () C:\Users\Michel\Documents\gmer.log 2014-03-31 19:37 - 2014-04-04 10:43 - 00000000 ____D () C:\FRST 2014-03-31 19:37 - 2014-03-31 19:37 - 00000000 _____ () C:\Users\Michel\defogger_reenable 2014-03-31 19:36 - 2014-04-04 10:43 - 00000000 ____D () C:\Users\Michel\Desktop\help 2014-03-30 23:32 - 2014-03-30 23:32 - 00000000 ____D () C:\Windows\system32\IO 2014-03-30 21:44 - 2014-04-02 15:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-30 21:44 - 2014-03-30 21:46 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-03-30 21:44 - 2014-03-30 21:44 - 04095448 _____ (BrightFort LLC ) C:\Users\Michel\Downloads\spywareblastersetup50.exe 2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Licenses 2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-30 21:44 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-30 21:44 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-30 21:44 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-30 21:44 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL 2014-03-30 21:43 - 2014-03-30 21:43 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Michel\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-29 21:13 - 2014-03-29 21:13 - 00000000 ____D () C:\Users\Michel\Desktop\Musik 2014-03-28 13:10 - 2014-03-28 13:11 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Mozilla 2014-03-28 13:07 - 2014-03-28 13:07 - 00283192 _____ (Mozilla) C:\Users\Michel\Downloads\Firefox Setup Stub 28.0.exe 2014-03-26 18:33 - 2014-04-02 15:40 - 00000728 __RSH () C:\ProgramData\ntuser.pol 2014-03-26 18:31 - 2014-03-26 18:31 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-03-25 13:13 - 2014-03-25 13:13 - 10575008 _____ () C:\Users\Michel\Downloads\FreeFileSync_6.3_Windows_Setup.exe 2014-03-22 11:43 - 2014-03-22 11:44 - 00000890 _____ () C:\Users\Michel\Desktop\Thesis.lnk 2014-03-21 14:19 - 2014-03-21 14:19 - 00550371 _____ () C:\Users\Michel\Downloads\Autoruns.zip 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iTunes 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iPod 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-03-21 14:04 - 2014-03-21 14:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-03-21 01:26 - 2014-03-21 01:26 - 00000000 ____D () C:\Users\Michel\Documents\geschenke 2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ____D () C:\Users\Michel\AppData\Local\Skype 2014-03-19 14:00 - 2014-03-20 13:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-18 14:42 - 2014-03-18 14:42 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-03-18 12:19 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-18 12:19 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-18 12:19 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-18 12:19 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-18 12:19 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-18 12:19 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-18 12:19 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-18 12:19 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-18 12:19 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-18 12:19 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-18 12:19 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-18 12:19 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-18 12:19 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-18 12:19 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-18 12:19 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-18 12:19 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-18 12:19 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-18 12:19 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-18 12:19 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-18 12:18 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-18 12:18 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-18 12:18 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-18 12:18 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-18 12:18 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-18 12:18 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-18 12:18 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-18 12:18 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-18 12:18 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-18 12:18 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-18 12:18 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-18 12:18 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-18 12:18 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-18 12:18 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-18 12:18 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-18 12:18 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-18 12:18 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-18 12:18 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-18 12:18 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-18 12:18 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-18 12:18 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-18 12:18 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-18 12:18 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-18 12:18 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-18 12:18 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-18 12:18 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-18 12:18 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-18 12:18 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-18 12:18 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-18 12:15 - 2014-03-18 12:15 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Avira 2014-03-18 12:11 - 2014-03-18 12:11 - 00000000 ____D () C:\Users\Gast\AppData\Local\Macromedia 2014-03-18 12:10 - 2014-03-18 12:10 - 00000000 ____D () C:\Users\Gast\Documents\PDF Files 2014-03-05 11:29 - 2014-03-05 11:30 - 00012547 _____ () C:\Users\Michel\Documents\kündigung szl.odt ==================== One Month Modified Files and Folders ======= 2014-04-04 10:43 - 2014-03-31 19:37 - 00000000 ____D () C:\FRST 2014-04-04 10:43 - 2014-03-31 19:36 - 00000000 ____D () C:\Users\Michel\Desktop\help 2014-04-04 09:54 - 2013-01-13 11:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-04 04:58 - 2011-12-31 02:00 - 01441429 _____ () C:\Windows\WindowsUpdate.log 2014-04-03 21:54 - 2011-04-12 09:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-04-03 21:54 - 2011-04-12 09:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-04-03 21:54 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-03 15:37 - 2009-07-14 06:45 - 00022032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-03 15:37 - 2009-07-14 06:45 - 00022032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-03 15:30 - 2014-04-03 15:30 - 00000000 ___RD () C:\Users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-04-03 15:30 - 2011-12-31 12:17 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-03 15:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-03 15:30 - 2009-07-14 06:51 - 00169445 _____ () C:\Windows\setupact.log 2014-04-03 11:56 - 2014-04-03 11:56 - 00987442 _____ () C:\Users\Michel\Desktop\SecurityCheck.exe 2014-04-03 11:56 - 2014-04-03 11:55 - 02347384 _____ (ESET) C:\Users\Michel\Downloads\esetsmartinstaller_enu.exe 2014-04-02 23:15 - 2014-04-02 23:15 - 00000000 ____H () C:\Users\Michel\Documents\Default.rdp 2014-04-02 23:14 - 2012-05-10 17:25 - 00000000 ____D () C:\Users\Michel\Documents\Kontoauszüge 2014-04-02 23:14 - 2011-12-31 16:43 - 00000000 ____D () C:\Users\Michel\Desktop\Uni 2014-04-02 22:44 - 2014-04-02 22:18 - 00000000 ____D () C:\Users\Michel\Desktop\blub 2014-04-02 22:21 - 2012-03-03 11:34 - 00000000 ____D () C:\Users\Michel\AppData\Local\Paint.NET 2014-04-02 20:50 - 2013-04-23 18:20 - 00005266 _____ () C:\Users\Michel\Desktop\SyncJob.ffs_gui 2014-04-02 18:58 - 2011-12-31 18:39 - 00000000 ____D () C:\Users\Michel\AppData\Local\CrashDumps 2014-04-02 16:28 - 2011-12-31 02:41 - 00000000 ____D () C:\Users\Michel\Documents\Bluetooth Folder 2014-04-02 16:23 - 2014-04-02 16:23 - 00000000 ____D () C:\Windows\ERUNT 2014-04-02 16:19 - 2014-04-02 16:17 - 00000000 ____D () C:\AdwCleaner 2014-04-02 15:44 - 2014-03-30 21:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-02 15:40 - 2014-03-26 18:33 - 00000728 __RSH () C:\ProgramData\ntuser.pol 2014-04-02 15:40 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-04-01 20:28 - 2014-04-01 20:28 - 00003750 _____ () C:\Users\Michel\Documents\gmer.log 2014-04-01 20:16 - 2012-01-02 16:14 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Skype 2014-04-01 15:42 - 2012-12-06 02:01 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Dropbox 2014-03-31 19:59 - 2014-02-11 13:23 - 00001165 _____ () C:\Users\Michel\Desktop\Neues Textdokument.txt 2014-03-31 19:37 - 2014-03-31 19:37 - 00000000 _____ () C:\Users\Michel\defogger_reenable 2014-03-31 19:37 - 2011-12-31 02:09 - 00000000 ____D () C:\Users\Michel 2014-03-30 23:34 - 2010-11-21 05:47 - 00351584 _____ () C:\Windows\PFRO.log 2014-03-30 23:32 - 2014-03-30 23:32 - 00000000 ____D () C:\Windows\system32\IO 2014-03-30 23:29 - 2013-08-29 10:57 - 00000000 ____D () C:\ProgramData\Freemium 2014-03-30 23:28 - 2012-10-19 19:56 - 00000000 ____D () C:\ProgramData\Corel 2014-03-30 23:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-03-30 23:01 - 2014-02-15 13:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-30 22:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Speech 2014-03-30 21:46 - 2014-03-30 21:44 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-03-30 21:44 - 2014-03-30 21:44 - 04095448 _____ (BrightFort LLC ) C:\Users\Michel\Downloads\spywareblastersetup50.exe 2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\ProgramData\Licenses 2014-03-30 21:44 - 2014-03-30 21:44 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-30 21:43 - 2014-03-30 21:43 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Michel\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-29 21:13 - 2014-03-29 21:13 - 00000000 ____D () C:\Users\Michel\Desktop\Musik 2014-03-28 17:47 - 2012-05-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-28 13:11 - 2014-03-28 13:10 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Mozilla 2014-03-28 13:07 - 2014-03-28 13:07 - 00283192 _____ (Mozilla) C:\Users\Michel\Downloads\Firefox Setup Stub 28.0.exe 2014-03-28 12:58 - 2013-05-22 16:53 - 00000000 ____D () C:\Users\Michel\Documents\Rezepte 2014-03-26 18:32 - 2012-12-01 20:45 - 00102624 _____ () C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-26 18:31 - 2014-03-26 18:31 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-03-26 18:30 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-25 17:00 - 2013-02-13 23:42 - 00001766 _____ () C:\Users\Michel\Desktop\unidropbox.ffs_batch 2014-03-25 13:13 - 2014-03-25 13:13 - 10575008 _____ () C:\Users\Michel\Downloads\FreeFileSync_6.3_Windows_Setup.exe 2014-03-25 12:54 - 2013-04-23 13:28 - 00000000 ____D () C:\Users\Michel\MP3s 2014-03-24 14:13 - 2013-08-29 11:04 - 00000000 ____D () C:\Users\Michel\Documents\WG Ludwigstr 2014-03-23 17:00 - 2013-10-06 23:14 - 00000000 ____D () C:\Users\Michel\Desktop\Misc 2014-03-22 11:44 - 2014-03-22 11:43 - 00000890 _____ () C:\Users\Michel\Desktop\Thesis.lnk 2014-03-21 14:35 - 2012-04-11 15:56 - 02732392 _____ () C:\Users\Michel\Documents\AutoRuns.arn 2014-03-21 14:22 - 2011-12-31 02:10 - 00000000 ___RD () C:\Users\Michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-21 14:19 - 2014-03-21 14:19 - 00550371 _____ () C:\Users\Michel\Downloads\Autoruns.zip 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iTunes 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files\iPod 2014-03-21 14:08 - 2014-03-21 14:08 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-03-21 14:05 - 2011-12-31 16:42 - 00000000 ____D () C:\ProgramData\Apple 2014-03-21 14:04 - 2014-03-21 14:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-03-21 01:26 - 2014-03-21 01:26 - 00000000 ____D () C:\Users\Michel\Documents\geschenke 2014-03-21 01:09 - 2013-07-17 09:45 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-20 17:24 - 2014-03-20 17:24 - 00000000 ____D () C:\Users\Michel\AppData\Local\Skype 2014-03-20 17:24 - 2012-01-02 16:14 - 00000000 ____D () C:\ProgramData\Skype 2014-03-20 13:55 - 2014-03-19 14:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-19 02:09 - 2009-07-14 06:45 - 00424552 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-18 21:05 - 2013-08-10 19:49 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-18 21:04 - 2011-12-31 02:57 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-18 14:42 - 2014-03-18 14:42 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-03-18 14:42 - 2013-01-13 11:06 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-18 14:42 - 2012-04-15 08:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-18 14:42 - 2012-01-02 01:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-18 12:15 - 2014-03-18 12:15 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Avira 2014-03-18 12:11 - 2014-03-18 12:11 - 00000000 ____D () C:\Users\Gast\AppData\Local\Macromedia 2014-03-18 12:10 - 2014-03-18 12:10 - 00000000 ____D () C:\Users\Gast\Documents\PDF Files 2014-03-18 12:10 - 2013-07-10 16:30 - 00000000 ____D () C:\Users\Gast\AppData\Local\Mozilla 2014-03-18 12:09 - 2012-12-01 20:44 - 00001421 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-03-18 12:09 - 2012-12-01 20:44 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-18 12:09 - 2012-12-01 20:44 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-18 12:09 - 2012-12-01 20:44 - 00000000 ____D () C:\Users\Gast\Documents\Bluetooth Folder 2014-03-08 23:32 - 2012-03-17 17:25 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\vlc 2014-03-05 11:30 - 2014-03-05 11:29 - 00012547 _____ () C:\Users\Michel\Documents\kündigung szl.odt 2014-03-05 09:26 - 2014-03-30 21:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-05 09:26 - 2014-03-30 21:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-05 09:26 - 2014-03-30 21:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\avgnt.exe C:\Users\Michel\AppData\Local\Temp\avgnt.exe C:\Users\Michel\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\Michel\AppData\Local\Temp\expertpdf_v5.exe C:\Users\Michel\AppData\Local\Temp\Quarantine.exe C:\Users\Michel\AppData\Local\Temp\ResetDevice.exe C:\Users\Michel\AppData\Local\Temp\SpotifyUninstall.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-31 11:27 ==================== End Of Log ============================ |
05.04.2014, 10:29 | #6 |
/// the machine /// TB-Ausbilder | Probleme mit Firefox Add-On "Download Protect 2.2.0" Nee passt schon. Adobe updaten. Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Probleme mit Firefox Add-On "Download Protect 2.2.0" |
05.04.2014, 14:24 | #7 |
| Probleme mit Firefox Add-On "Download Protect 2.2.0" Hey, super 1000 Dank. Das Ding ist jetzt endgültig verschwunden Vielen Dank für deine Mühe und die Tips! Hier noch das Log: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Michel at 2014-04-05 15:01:22 Run:2 Running from C:\Users\Michel\Desktop\help Boot Mode: Normal ============================================== Content of fixlist: ***************** GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ***************** C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. The system needed a reboot. ==== End of Fixlog ==== |
06.04.2014, 12:16 | #8 |
/// the machine /// TB-Ausbilder | Probleme mit Firefox Add-On "Download Protect 2.2.0" Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Probleme mit Firefox Add-On "Download Protect 2.2.0" |
antivir, antivirus, avira, browser, converter, defender, desktop, download protect, dvdvideosoft ltd., error, excel, firefox, firefox 28.0, flash player, helper, homepage, mozilla, national, ntdll.dll, officejet, problem, programm, protect 2.2.0, prozess, realtek, registry, scan, security, services.exe, software, svchost.exe, wlan, wrapper |