| |
| |||||||
Log-Analyse und Auswertung: Echtzeitscanner erkennt 'TR/Patched.Ren.Gen - Outlook startet nichtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.07.2014, 18:38
| #1 |
 |  Echtzeitscanner erkennt 'TR/Patched.Ren.Gen - Outlook startet nicht EDIT: Win 7 (kann leider Thema nicht editieren) Hallo zusammen, ich lag für 10 Wochen im KH; hab mir evtl durch verzögerte Updates den Trojaner gezogen. Komischerweise stürzt auch nun Ouitlook bei der Serververbindung ab. Evtl gibt's nen Zusammenhang. Im abgesicherten + Inetverbindung, stürzte der Rechner nachdem ich RKill laufen ließ beim Scan mit Malwareantibytes ab. Hab vor paar Tagen JRT laufen lassen und Adaware. Angefangen haben die Meldungen am 25.06. nachdem TR/Crypt.XPACK.Gen2 aufgespürt wurde und nicht mehr in Erscheinung trat. Blockiert der Trojaner auch das Outlook oder ist das nur zufällig? Wie bekomm ich den weg? JRT Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:40 on 07/07/2014 (Marcel)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-07 18:13:10
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.008B000B 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Marcel\AppData\Local\Temp\uwdiypog.sys
---- System - GMER 2.1 ----
SSDT 93D9C716 ZwCreateSection
SSDT 93D9C720 ZwRequestWaitReplyPort
SSDT 93D9C71B ZwSetContextThread
SSDT 93D9C725 ZwSetSecurityObject
SSDT 93D9C72A ZwSystemDebugControl
SSDT 93D9C6B7 ZwTerminateProcess
Code 90E04BFC ZwTraceEvent
Code 90E04BFB NtTraceEvent
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1409 834389A5 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 83458512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 8345FAB4 4 Bytes [16, C7, D9, 93]
.text ntoskrnl.exe!KeRemoveQueueEx + 181B 8345FE10 4 Bytes [20, C7, D9, 93]
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 8345FE54 4 Bytes [1B, C7, D9, 93]
.text ntoskrnl.exe!KeRemoveQueueEx + 18DB 8345FED0 4 Bytes [25, C7, D9, 93]
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 8345FF24 4 Bytes [2A, C7, D9, 93]
.text ...
.text ntoskrnl.exe!NtTraceEvent 83478D9C 5 Bytes JMP 90E04C00
PAGE ntoskrnl.exe!NtRequestPort + 2 83641E61 5 Bytes JMP 90E04CA0
PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 2 8364FDDD 5 Bytes JMP 90E04DE0
---- User code sections - GMER 2.1 ----
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtClose 772A5508 5 Bytes JMP 651AF270 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtCreateFile 772A5608 5 Bytes JMP 651BA133 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtCreateKey 772A5648 5 Bytes JMP 651AFB12 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtCreateKeyTransacted 772A5668 5 Bytes JMP 651AFBB4 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtDeleteFile 772A5848 5 Bytes JMP 651BA32B c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtDeleteKey 772A5858 5 Bytes JMP 651AD785 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtDeleteValueKey 772A5888 5 Bytes JMP 651AE36B c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtDuplicateObject 772A58D8 5 Bytes JMP 651AEE45 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtEnumerateKey 772A5928 5 Bytes JMP 651AD9B1 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtEnumerateValueKey 772A5958 5 Bytes JMP 651AE00D c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtFlushKey 772A59C8 5 Bytes JMP 651AD89B c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtNotifyChangeKey 772A5CA8 5 Bytes JMP 651AE7F8 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtNotifyChangeMultipleKeys 772A5CB8 5 Bytes JMP 651AE994 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtOpenFile 772A5D18 5 Bytes JMP 651BA2EE c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtOpenKey 772A5D48 5 Bytes JMP 651AF8D2 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtOpenKeyEx 772A5D58 5 Bytes JMP 651AF95F c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtOpenKeyTransacted 772A5D78 5 Bytes JMP 651AFA82 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtOpenKeyTransactedEx 772A5D88 5 Bytes JMP 651AF9EF c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtQueryAttributesFile 772A5F78 5 Bytes JMP 651BA417 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtQueryDirectoryFile 772A5FD8 5 Bytes JMP 651BA5E9 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtQueryFullAttributesFile 772A6028 5 Bytes JMP 651BA500 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtQueryKey 772A6128 5 Bytes JMP 651ADB69 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtQueryMultipleValueKey 772A6148 5 Bytes JMP 651AE66B c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtQuerySecurityObject 772A61E8 5 Bytes JMP 651AEB58 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtQueryValueKey 772A6288 5 Bytes JMP 651ADE5A c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtRenameKey 772A6408 5 Bytes JMP 651AE4E3 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtSetInformationFile 772A6678 5 Bytes JMP 651BACCC c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtSetInformationKey 772A6698 5 Bytes JMP 651ADD12 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtSetSecurityObject 772A6798 5 Bytes JMP 651AECDA c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ntdll.dll!NtSetValueKey 772A6848 5 Bytes JMP 651AE1B5 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] kernel32.dll!CreateProcessW 75BF204D 5 Bytes JMP 651935DA c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] kernel32.dll!CreateProcessA 75BF2082 5 Bytes JMP 65193A3E c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] kernel32.dll!CreateProcessAsUserW 75C25ABF 5 Bytes JMP 651936F4 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] kernel32.dll!WinExec 75C7F22E 5 Bytes JMP 65193938 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ADVAPI32.dll!CreateProcessAsUserA 75A62642 5 Bytes JMP 65193C4B c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] USER32.dll!RegisterClipboardFormatA 75DDC091 5 Bytes JMP 5F51BBEE C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] USER32.dll!RegisterClipboardFormatW 75DDDF8D 5 Bytes JMP 5F517099 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] USER32.dll!BeginPaint 75DE5D14 5 Bytes JMP 5F52A336 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] USER32.dll!ValidateRect 75DFF089 5 Bytes JMP 5F690F1A C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] SHELL32.dll!SHParseDisplayName 764F7ED3 5 Bytes JMP 5F5E8055 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!OleLoadFromStream 757F6143 5 Bytes JMP 5FC2C9F2 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!CoResumeClassObjects + 7 757FEA09 7 Bytes JMP 651CE7F9 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!OleRun 758007DE 5 Bytes JMP 651CE338 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!CoRegisterClassObject 758021E1 5 Bytes JMP 651D1C0C c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!OleUninitialize 7580EBA1 6 Bytes JMP 651CE2AF c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!OleInitialize 7580EFD7 5 Bytes JMP 651CE267 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!CoGetClassObject 758254AD 5 Bytes JMP 651D0282 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!CoInitializeEx 758309AD 5 Bytes JMP 651CE207 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!CoUninitialize 758386D3 5 Bytes JMP 651D0C96 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!CoCreateInstance 75839D0B 5 Bytes JMP 651D19B3 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!CoCreateInstanceEx 75839D4E 5 Bytes JMP 651CF891 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!CoSuspendClassObjects + 7 7585BB09 7 Bytes JMP 651CE380 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!CoRevokeClassObject 7587EACF 5 Bytes JMP 651CFF46 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!CoGetInstanceFromFile 758B340B 5 Bytes JMP 651D0D96 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
.text c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[5088] ole32.dll!OleRegEnumFormatEtc 758FCFD9 5 Bytes JMP 651CE2F0 c:\Program Files\Microsoft Office 15\root\client\AppVIsvSubsystems32.dll
---- Devices - GMER 2.1 ----
Device \Driver\BTHUSB \Device\0000008e bthport.sys
---- Processes - GMER 2.1 ----
Library C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll (*** hidden *** ) @ c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [5088] 0x5F4F0000
Library C:\Program Files\Common Files\Microsoft Shared\Office15\adal.dll (*** hidden *** ) @ c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [5088] 0x5D5E0000
Library C:\Program Files\Common Files\Microsoft Shared\Office15\csi.dll (*** hidden *** ) @ c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [5088] 0x56970000
Library C:\Program Files\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** hidden *** ) @ c:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [5088] 0x60E80000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cf5ca37
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cf5ca37@d875336af7d5 0x5F 0x89 0x30 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cf5ca37@a8e0184c7159 0x2E 0x0B 0xDB 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cf5ca37@60a10afb4e41 0x47 0x50 0x6D 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cf5ca37@a8e018594c71 0xCF 0xD2 0x32 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cf5ca37@5479758c1ff6 0x56 0x8E 0xA4 0xD1 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cf5ca37 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cf5ca37@d875336af7d5 0x5F 0x89 0x30 0xA4 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cf5ca37@a8e0184c7159 0x2E 0x0B 0xDB 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cf5ca37@60a10afb4e41 0x47 0x50 0x6D 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cf5ca37@a8e018594c71 0xCF 0xD2 0x32 0x5C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cf5ca37@5479758c1ff6 0x56 0x8E 0xA4 0xD1 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\349837A032C1F764289D67EC2B21A8F7@\x20ac\x00b47\0003\0004\09\08\0003\0007\0A\0000\0003\0002\0C\0001\0F\0007\0006\0004\0002\08\09\0D\0006\0007\0E\0C\0002\0B\0pä\xbb\0\26ë\xb7n\r C:\Windows\Microsoft.NET\FrameworJ????@A?????P#??MZ??????????
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{B20AF9AD-76D4-11DF-A1C9-806E6F6E6963} 14209128576
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{B8412A6C-B4C8-11E0-8334-BF6E39AA4C1F} 73022936
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014 01
Ran by Marcel at 2014-07-07 16:38:50
Running from C:\Users\Marcel\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
==================== Installed Programs ======================
Ad-Aware Antivirus (HKLM\...\{CB799B5A-84B8-46A2-BEB5-4FD7D5230361}_AdAwareUpdater) (Version: 11.2.5952.0 - Lavasoft)
AdAwareInstaller (Version: 11.2.5952.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.2.5952.0 - Lavasoft) Hidden
Adblock Plus for IE (32-bit) (HKLM\...\{4653FE0D-2762-41B6-A757-8C4F00B790C3}) (Version: 1.0 - Eyeo GmbH)
Adblock Plus for IE (HKLM\...\{1ce01891-839b-4ad1-b629-2e608ba0c6ba}) (Version: 1.0 - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\{1F5E5F2E-5E61-431D-B796-58CCC6B68E28}) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\{C4B32291-F7B2-4BEC-BA4D-4195676A08CC}) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version: - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version: - )
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.2.1119 - Atheros)
Auerswald COMset 2.7.2 (HKLM\...\{B1D2A138-D53E-4D3F-B547-EA2277007746}) (Version: 2.7.2 - Auerswald GmbH & Co.KG)
Aunsoft Video Converter Ver 1.3.3.3139 (HKLM\...\{E32B6084-FF45-4649-9810-A057E1F49A9C}_is1) (Version: - )
AVI Splitter (HKLM\...\AVI Splitter_is1) (Version: - )
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
calibre (HKLM\...\{8985824A-20E6-499F-97E1-6D20D9ECD869}) (Version: 0.9.24 - Kovid Goyal)
Carcassonne CE (HKLM\...\{5B23E5AD-23E2-45C8-A24C-97D3A23FB6EE}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.00495 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495 - Cisco Systems, Inc.) Hidden
Content Manager 2 (HKLM\...\Content Manager 2) (Version: 3.1.2.13971 - NNG Llc.)
CPUID HWMonitor 1.20 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
D3DX10 (Version: 15.0.1166.623 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft)
devolo dLAN Cockpit (HKLM\...\dlancockpit) (Version: 1.0 - devolo AG)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
dLAN Cockpit (Version: 1.19.07 - devolo AG) Hidden
Dragon NaturallySpeaking 12 (HKLM\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Driver Genius Professional Edition (HKLM\...\Driver Genius Professional Edition_is1) (Version: 11.0 - Driver-Soft Inc.)
DriverAgent by eSupport.com (HKLM\...\DriverAgent.exe) (Version: - )
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}) (Version: 4.2.4 - Samsung)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 13.4.0.10136 - Landesfinanzdirektion Thüringen)
EVEREST Ultimate Edition v5.50 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - )
fotokasten comfort 4.4 (HKLM\...\fotokasten comfort_is1) (Version: - )
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Video Converter (HKLM\...\Free Video Converter) (Version: 1.0.1.4 - Extensoft)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
GonVisor 1.74 (HKLM\...\GonVisor_is1) (Version: - G.A.A.)
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Image Resizer Powertoy Clone for Windows (HKLM\...\{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}) (Version: 2.1 - Brice Lambson)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
JDownloader (HKLM\...\JDownloader) (Version: - AppWork UG (haftungsbeschränkt))
JRE 1.6.1 (HKLM\...\{B256C380-AC47-4681-8342-7F42E4F0F434}) (Version: 1.6.1 - Auerswald GmbH & Co.KG)
Langenscheidt Vokabeltrainer 4.0 Spanisch (HKLM\...\{3584FC37-0562-45AC-B430-70F8EB182EE7}) (Version: 4.0.0 - Langenscheidt)
LinuxLive USB Creator (HKLM\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.70.3.3 - Marvell)
MFC RunTime files (Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Advertising SDK for Windows Phone - ENU (HKLM\...\{656458ED-DA77-4C82-AF2F-1640C191A2A7}) (Version: 5.2.819.0 - Microsoft Corporation)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Expression Blend 3 SDK (HKLM\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (HKLM\...\Blend_4.0.30816.0) (Version: 4.0.30816.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (Version: 4.0.30816.0 - Microsoft Corporation) Hidden
Microsoft Expression Blend 4 Add-in for Adobe FXG Import (HKLM\...\{EFBBD030-48F0-43B3-A8AD-789894DAD0B5}) (Version: 1.0.20817.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for .NET 4 (HKLM\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Windows Phone 7 (HKLM\...\{69E11501-75F7-4ACE-8103-52513DDCFE26}) (Version: 2.0.20901.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Windows Phone OS 7.1 (HKLM\...\{12B8E200-99CC-4203-A8D1-4145FC4D0192}) (Version: 2.0.30816.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Configuration Analyzer Tool 1.2 (HKLM\...\{3F2A8BF0-392F-4063-80FC-7A637A45DAB9}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1166.0618 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - ENU (Version: 10.1.40219 - Microsoft Corporation) Hidden
Microsoft Word 2000 SR-1 (HKLM\...\{00170407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy) (Version: 4.0.20823.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 4.0 Refresh (ARP entry) (Version: 4.0.30901.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 4.0 Refresh (HKLM\...\XNA Game Studio 4.0) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft XNA Game Studio 4.0 Refresh (Redists) (Version: 4.0.30901.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 4.0 Refresh (Shared Components) (Version: 4.0.30901.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio 4.0 Refresh (Visual Studio) (Version: 4.0.30901.0 - Microsoft Corporation) Hidden
Microsoft XNA Game Studio Platform Tools (HKLM\...\{89690B51-2E21-4E93-914E-F9CAC5B24A84}) (Version: 1.4.0.0 - Microsoft Corporation)
mIRC (HKLM\...\mIRC) (Version: 7.19 - mIRC Co. Ltd.)
MKVtoolnix 5.0.1 (HKLM\...\MKVtoolnix) (Version: 5.0.1 - Moritz Bunkus)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 17.0 (x86 de) (HKLM\...\Mozilla Thunderbird 17.0 (x86 de)) (Version: 17.0 - Mozilla)
MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only) (HKLM\...\MPEG4E) (Version: - )
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
Nokia Connectivity Cable Driver (HKLM\...\{2D99A593-C841-43A7-B7C9-D6F3AE70B756}) (Version: 7.1.45.0 - Nokia)
Nokia Ovi Suite (HKLM\...\Nokia Ovi Suite) (Version: 3.1.1.90 - Nokia)
Nokia Ovi Suite (Version: 3.1.1.90 - Nokia) Hidden
Nokia Ovi Suite Software Updater (HKLM\...\{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}) (Version: 02.07.004.45780 - Nokia Corporation)
NVIDIA 3D Vision Controller Driver (Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 280.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 280.19 - NVIDIA Corporation)
NVIDIA Grafiktreiber 280.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 280.26 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1000.25.170 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Systemsteuerung 280.26 (Version: 280.26 - NVIDIA Corporation) Hidden
NVIDIA Update 1.4.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.4.28 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.4.28 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.3.10 (HKLM\...\{8CC64E4E-DD74-421D-B3E9-90044732D1EF}) (Version: 4.3.10 - Oracle Corporation)
Ovi Desktop Sync Engine (Version: 1.5.266.0 - Nokia) Hidden
OviMPlatform (Version: 2.7.72.0 - Nokia) Hidden
PantsOff 2.0 (HKLM\...\{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1) (Version: 2.0 - Christoph Bünger Software)
Paragon Backup & Recovery™ 11 Kompakt (HKLM\...\{1E1DFF42-2EE8-4852-A7AB-C5174321D68F}) (Version: 90.00.0003 - Paragon Software)
PC Connectivity Solution (HKLM\...\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}) (Version: 11.4.21.0 - Nokia)
PC Inspector smart recovery (HKLM\...\{C9A87D86-FDFD-418B-BF96-EF09320973B3}) (Version: 4.50 - )
PDF Blender (HKLM\...\PDF Blender) (Version: - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.211.0 - Tracker Software Products Ltd)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Sandboxie 3.64 (32-bit) (HKLM\...\Sandboxie) (Version: 3.64 - SANDBOXIE L.T.D)
ScummVM 1.4.1 (HKLM\...\ScummVM_is1) (Version: - The ScummVM Team)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Sigil 0.7.1 (HKLM\...\Sigil_is1) (Version: - John Schember)
Smart Data Recovery v4.4 (HKLM\...\Smart Data Recovery_is1) (Version: 4.4 - Smart PC Solutions)
SopCast 3.2.9 (HKLM\...\SopCast) (Version: 3.2.9 - www.sopcast.com)
SRWare Iron Version SRWare Iron 35.0.1900.0 (HKLM\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 35.0.1900.0 - SRWare)
Stellarium 0.12.4 (HKLM\...\Stellarium_is1) (Version: 0.12.4 - Stellarium team)
Studie zur Verbesserung von HP Officejet Pro 8100 Produkten (HKLM\...\{C1756136-D72A-4036-8B12-8A696462504D}) (Version: 28.0.1321.0 - Hewlett-Packard Co.)
Subtitle Workshop 2.51 (HKLM\...\SubtitleWorkshop) (Version: - )
SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 (HKLM\...\{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1) (Version: v2011.build.49 - eRightSoft)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
TeraCopy 2.2 (HKLM\...\TeraCopy_is1) (Version: - Code Sector Inc.)
TreeSize Free V2.5 (HKLM\...\TreeSize Free_is1) (Version: 2.5 - JAM Software)
Trillian (HKLM\...\Trillian) (Version: - Cerulean Studios, LLC)
TVersity Codec Pack 1.7 (HKLM\...\TVersity Codec Pack) (Version: 1.7 - TVersity Inc.)
TVersity Media Server 1.9.7 (HKLM\...\TVersity Media Server) (Version: 1.9.7 - TVersity)
UltraISO Premium V9.52 (HKLM\...\UltraISO_is1) (Version: - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
USB2.0 UVC 1.3M WebCam (HKLM\...\USB2.0 UVC 1.3M WebCam) (Version: - )
USB2.0 UVC WebCam (HKLM\...\{960C278D-E4F9-41AD-9073-1B663A7E8CAA}) (Version: 7.11.706.001 - D-MAX)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Veetle TV 0.9.18 (HKLM\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
VirtualDubMOD 1.5.10.3 US (HKLM\...\{B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1) (Version: 1.5.10.3 - Trad-Fr)
Visual C++ Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}) (Version: 10.00.200.184 - Nuance Communications Inc.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WCF Data Services SDK for Windows Phone (HKLM\...\{6F33C2E2-5E02-4344-90BC-ED55C48341D2}) (Version: 4.7.6.0 - Microsoft Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live SOXE (Version: 15.4.3001.0809 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3001.0809 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3001.0809 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3001.0809 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Windows Phone SDK 7.1 - ENU (HKLM\...\Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - ENU) (Version: 10.1.40219 - Microsoft Corporation)
Windows Phone SDK 7.1 Add-in for Visual Studio 2010 - ENU (HKLM\...\{A721BC43-E63E-3531-B1BF-6A405F9530BD}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Phone SDK 7.1 Assemblies (HKLM\...\{9E2F2BAC-A9FD-35BC-B8E0-253FEBED0F9B}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Phone SDK 7.1 Extensions for XNA Game Studio 4.0 (HKLM\...\{A4CC18F6-DB05-4B03-B724-4128322FA85F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
WT-Rate 3.76 (HKLM\...\WT-Rate) (Version: - )
Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zune (HKLM\...\Zune) (Version: 04.02.0202.00 - Microsoft Corporation)
Zune (Version: 04.02.0202.00 - Microsoft Corporation) Hidden
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DE) (Version: 04.02.0202.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ES) (Version: 04.02.0202.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FR) (Version: 04.02.0202.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IT) (Version: 04.02.0202.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0646B34F-9FBC-4CD1-BAE9-7B047A64A364} - System32\Tasks\{F9209507-77AC-4524-96B4-8035AC9CA90C} => C:\Program Files\Skype\Phone\Skype.exe
Task: {0E387D5A-A385-4DA0-BC74-59B9A9F68873} - System32\Tasks\Microsoft\Office\Office Automatic Updates => c:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {1BC78BA1-C057-4A2F-A47C-8CEC371E290A} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-12] (Samsung Electronics Co., Ltd.)
Task: {1CF38798-4488-4913-8107-D23942BFFFE7} - System32\Tasks\HPCustParticipation HP Officejet Pro 8100 => C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPCustPartic.exe [2012-11-01] (Hewlett-Packard Co.)
Task: {23BF65DE-C52B-4B0A-9A40-96D6F2BA5983} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {68853998-577D-4D75-90B4-85AB261CED08} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {8169E5D6-E186-46B5-ACAB-0EEB91C9FA49} - System32\Tasks\{4ACD39E3-F159-44B8-9E73-A8C7CEB67AC8} => D:\Nokia_Ovi_Suite_webinstaller_ALL.exe
Task: {9B0D0369-E7F8-47DD-9A9D-88AD50A73333} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {ADF53220-43A5-4B3B-BE4E-91930042AD42} - System32\Tasks\InstallShield Software online update program => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
Task: {BA1610C9-A815-4D6B-A4CD-E1D07C3CF6E4} - System32\Tasks\SUPBackground => c:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2009-05-20] ()
Task: {C26A87AE-B86A-4D8F-8F90-F9303A3FBB49} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => c:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-20] (Microsoft Corporation)
Task: {CEF26956-57FC-401E-B343-A61AF7C9498C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-04] (Adobe Systems Incorporated)
Task: {EFF3E2D4-1C04-4F44-9CB6-F47932380A08} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Marcel-PC-Marcel Marcel-PC => c:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2011-07-23 19:46 - 2010-03-15 11:28 - 00141824 _____ () D:\Program Files\WinRAR\rarext.dll
2011-10-20 14:43 - 2009-07-13 23:50 - 00325120 _____ () c:\Program Files\TeraCopy\TeraCopy.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:661DFA1C
AlternateDataStreams: C:\ProgramData\TEMP:7FFED16F
AlternateDataStreams: C:\ProgramData\TEMP:A24211BA
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\ProgramData\TEMP:E8BE05FA
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Marcel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^An OneNote senden.lnk => C:\Windows\pss\An OneNote senden.lnk.Startup
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DBHAgent => D:\Program Files\Paragon Software\Backup and Recovery 11 Kompakt\program\dbhagent.exe
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "c:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
MSCONFIG\startupreg: IntelWireless => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: NokiaMServer => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDVCPL => c:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: SandboxieControl => "c:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
MSCONFIG\startupreg: Zune Launcher => "c:\Program Files\Zune\ZuneLauncher.exe"
==================== Faulty Device Manager Devices =============
Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/07/2014 03:35:44 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1003) (User: NT-AUTORITÄT)
Description: Zertifikatdienstclient: Die Anbieter konnten nicht als Antwort auf Ereignis 256 aufgerufen werden. Fehlercode 2147942419.
Error: (07/07/2014 03:35:44 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1001) (User: NT-AUTORITÄT)
Description: Zertifikatdienstclient: der Anbieter pautoenr.dll konnte nicht geladen werden. Fehlercode 19.
Error: (07/07/2014 01:41:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ISUSPM.exe, Version: 13.0.0.43575, Zeitstempel: 0x4e9664be
Name des fehlerhaften Moduls: ISUSPM.exe, Version: 13.0.0.43575, Zeitstempel: 0x4e9664be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000ab4b
ID des fehlerhaften Prozesses: 0xf20
Startzeit der fehlerhaften Anwendung: 0xISUSPM.exe0
Pfad der fehlerhaften Anwendung: ISUSPM.exe1
Pfad des fehlerhaften Moduls: ISUSPM.exe2
Berichtskennung: ISUSPM.exe3
Error: (07/06/2014 08:07:02 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/06/2014 07:00:19 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (07/05/2014 05:52:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ssp7msm.exe, Version: 1.1.0.12, Zeitstempel: 0x4e11d0ae
Name des fehlerhaften Moduls: ssp7msm.exe, Version: 1.1.0.12, Zeitstempel: 0x4e11d0ae
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043bed
ID des fehlerhaften Prozesses: 0x1888
Startzeit der fehlerhaften Anwendung: 0xssp7msm.exe0
Pfad der fehlerhaften Anwendung: ssp7msm.exe1
Pfad des fehlerhaften Moduls: ssp7msm.exe2
Berichtskennung: ssp7msm.exe3
Error: (07/05/2014 05:52:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ssp7msm.exe, Version: 1.1.0.12, Zeitstempel: 0x4e11d0ae
Name des fehlerhaften Moduls: ssp7msm.exe, Version: 1.1.0.12, Zeitstempel: 0x4e11d0ae
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043bed
ID des fehlerhaften Prozesses: 0xc28
Startzeit der fehlerhaften Anwendung: 0xssp7msm.exe0
Pfad der fehlerhaften Anwendung: ssp7msm.exe1
Pfad des fehlerhaften Moduls: ssp7msm.exe2
Berichtskennung: ssp7msm.exe3
Error: (07/04/2014 11:55:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 15.0.4623.1000, Zeitstempel: 0x537282b1
Name des fehlerhaften Moduls: pstprx32.dll, Version: 15.0.4621.1000, Zeitstempel: 0x536874b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a8608
ID des fehlerhaften Prozesses: 0x4e4
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3
Error: (07/03/2014 07:41:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm OUTLOOK.EXE, Version 15.0.4623.1000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: fa4
Startzeit: 01cf96e5d40e66fc
Endzeit: 461
Anwendungspfad: C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
Berichts-ID: 336649ad-02d9-11e4-b6a2-001377e2cda9
Error: (07/03/2014 07:39:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 15.0.4623.1000, Zeitstempel: 0x537282b1
Name des fehlerhaften Moduls: pstprx32.dll, Version: 15.0.4621.1000, Zeitstempel: 0x536874b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a8608
ID des fehlerhaften Prozesses: 0x1e2c
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3
System errors:
=============
Error: (07/07/2014 04:38:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/07/2014 04:38:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/07/2014 04:38:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/07/2014 04:36:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/07/2014 04:36:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/07/2014 04:36:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/07/2014 04:36:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/07/2014 04:36:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/07/2014 04:36:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/07/2014 04:33:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (07/07/2014 03:35:44 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1003) (User: NT-AUTORITÄT)
Description: 2562147942419
Error: (07/07/2014 03:35:44 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1001) (User: NT-AUTORITÄT)
Description: pautoenr.dll19
Error: (07/07/2014 01:41:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISUSPM.exe13.0.0.435754e9664beISUSPM.exe13.0.0.435754e9664bec00000050000ab4bf2001cf976c976d4d96C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exeC:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe92ef86aa-05cb-11e4-a1f1-b246f61c6738
Error: (07/06/2014 08:07:02 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\Public\Documents\DriverGenius\Temp\Realtek_HD_Audio_Vista_Win7_Win8_R270\Realtek_HD_Audio_Vista_Win7_Win8_R270\Vista64\MaxxAudioControl64.exe
Error: (07/06/2014 07:00:19 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (07/05/2014 05:52:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ssp7msm.exe1.1.0.124e11d0aessp7msm.exe1.1.0.124e11d0aec000000500043bed188801cf9869223b0adbC:\windows\system32\spool\drivers\w32x86\3\ssp7msm.exeC:\windows\system32\spool\drivers\w32x86\3\ssp7msm.exe60cf2298-045c-11e4-a1f1-b246f61c6738
Error: (07/05/2014 05:52:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ssp7msm.exe1.1.0.124e11d0aessp7msm.exe1.1.0.124e11d0aec000000500043bedc2801cf98690ce1f276C:\windows\system32\spool\drivers\w32x86\3\ssp7msm.exeC:\windows\system32\spool\drivers\w32x86\3\ssp7msm.exe4cc87fc7-045c-11e4-a1f1-b246f61c6738
Error: (07/04/2014 11:55:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: OUTLOOK.EXE15.0.4623.1000537282b1pstprx32.dll15.0.4621.1000536874b6c0000005000a86084e401cf976e107ef5f8C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXEc:\Program Files\Microsoft Office 15\Root\Office15\pstprx32.dll5b9fe805-0361-11e4-a1f1-00242cf5ca37
Error: (07/03/2014 07:41:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE15.0.4623.1000fa401cf96e5d40e66fc461C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE336649ad-02d9-11e4-b6a2-001377e2cda9
Error: (07/03/2014 07:39:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OUTLOOK.EXE15.0.4623.1000537282b1pstprx32.dll15.0.4621.1000536874b6c0000005000a86081e2c01cf96e5c608cbdfC:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXEc:\Program Files\Microsoft Office 15\Root\Office15\pstprx32.dll0b8017e5-02d9-11e4-b6a2-001377e2cda9
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 3066.62 MB
Available physical RAM: 2262.7 MB
Total Pagefile: 6129.47 MB
Available Pagefile: 5447.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.39 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:151.6 GB) (Free:16.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:146.48 GB) (Free:44.13 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: DF16504F)
Partition 1: (Active) - (Size=152 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
07.07.2014, 18:39
| #2 |
| | Echtzeitscanner erkennt 'TR/Patched.Ren.Gen - Outlook startet nicht FRST log --- hier da sonst zu groß gewesen
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
Ran by Marcel (administrator) on MARCEL-PC on 07-07-2014 17:41:16
Running from C:\Users\Marcel\Downloads
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
() C:\Program Files\devolo\dlan\devolonetsvc.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Syntek America Inc.) C:\Windows\System32\StkCSrv.exe
() C:\ProgramData\TVersity\Media Server\MediaServer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
(Microsoft Corporation) C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Cerulean Studios) C:\Program Files\Trillian\trillian.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_125_ActiveX.exe
(SRWare) D:\Program Files\SRWare Iron\iron.exe
(SRWare) D:\Program Files\SRWare Iron\iron.exe
(SRWare) D:\Program Files\SRWare Iron\iron.exe
(SRWare) D:\Program Files\SRWare Iron\iron.exe
() D:\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM\...\Run: [avgnt] => c:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe [6699864 2014-06-03] ()
HKU\S-1-5-21-1547209296-3416004275-3127000392-1001\...\Run: [] => [X]
HKU\S-1-5-21-1547209296-3416004275-3127000392-1001\...\Run: [SkyDrive] => C:\Users\Marcel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251048 2014-06-24] (Microsoft Corporation)
HKU\S-1-5-21-1547209296-3416004275-3127000392-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-1547209296-3416004275-3127000392-1001\...\Run: [GoogleChromeAutoLaunch_138BD65B420CFEBE93B2B3E75256C440] => C:\Program Files\SRWare Iron\iron.exe [2278400 2014-01-31] ()
HKU\S-1-5-21-1547209296-3416004275-3127000392-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1547209296-3416004275-3127000392-1001\...\MountPoints2: {1a1c229d-ad23-11df-b5d0-00242cf5ca37} - F:\AutoRun.exe
HKU\S-1-5-21-1547209296-3416004275-3127000392-1003\...\Run: [ISUSPM Startup] => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
HKU\S-1-5-21-1547209296-3416004275-3127000392-1003\...\Run: [] => [X]
HKU\S-1-5-21-1547209296-3416004275-3127000392-1003\...\Run: [SandboxieControl] => c:\Program Files\Sandboxie\SbieCtrl.exe [451856 2012-02-06] (SANDBOXIE L.T.D)
HKU\S-1-5-21-1547209296-3416004275-3127000392-1003\...\MountPoints2: {1a1c229d-ad23-11df-b5d0-00242cf5ca37} - F:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Live Streaming Video / Watch Free Live Sport Streams - Live Matches-StreamHunter
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x01F7D7484E29CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File
Handler: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File
Handler: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File
Handler: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File
Handler: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - E:\PFiles\Common\System\OLEDB\MSDAIPP.DLL No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - c:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - d:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - c:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - c:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - d:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - d:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.1.0 - c:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - c:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: nuance.com/DragonRIAPlugin - C:\PROGRA~1\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - c:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: c:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: c:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: c:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: c:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: c:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: c:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: c:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: c:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: c:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: c:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: c:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: TVU Web Player - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\firefox@tvunetworks.com [2010-08-15]
FF Extension: FoxyProxy Standard - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\foxyproxy@eric.h.jung [2012-10-30]
FF Extension: Lavasoft Search Plugin - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-03-22]
FF Extension: YouTube to MP3 - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\youtube2mp3@mondayx.de [2011-08-28]
FF Extension: QuickShare Widget - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\{5b6a1955-80e6-4f12-5670-eae98f59190a} [2014-06-24]
FF Extension: DownloadHelper - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012-09-17]
FF Extension: Exif Viewer - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2012-07-24]
FF Extension: Embedded Objects - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\firefox@red-cog.com.xpi [2012-01-02]
FF Extension: NoScript - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-01-02]
FF Extension: Adblock Plus - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-02]
FF Extension: BetterPrivacy - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\hshw0q5o.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-03-18]
FF Extension: Skype extension for Firefox - c:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010-10-03]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2011-09-06]
FF HKLM\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: No Name - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-10-15]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-09-06]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Extension: (Cooliris) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\noocneohefmdhonidldnlhaainpiomkp [2010-06-16]
CHR HKLM\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-10-15]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; c:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; c:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; c:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1565880 2014-05-21] (Microsoft Corporation)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [2231616 2010-07-19] ()
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [311184 2013-10-15] (Nuance Communications, Inc.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [655352 2014-06-03] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [211216 2009-09-21] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 nvUpdatusService; c:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2255464 2011-08-03] (NVIDIA Corporation)
S3 Paragon System Backup Dienst; D:\Program Files\Paragon Software\Backup and Recovery 11 Kompakt\program\dbhservice.exe [150096 2010-07-14] (Paragon Software Group)
R2 SbieSvc; c:\Program Files\Sandboxie\SbieSvc.exe [74512 2012-02-06] (SANDBOXIE L.T.D)
R2 Secunia PSI Agent; c:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; c:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [31248 2009-05-03] (Syntek America Inc.)
R2 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-29] ()
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.)
S3 ZuneWlanCfgSvc; c:\Windows\system32\ZuneWlanCfgSvc.exe [447216 2010-01-07] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2910720 2012-05-07] (Qualcomm Atheros Communications, Inc.)
S3 auusb; C:\Windows\System32\DRIVERS\auusb.sys [158640 2012-02-14] (Auerswald GmbH & Co.KG )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2010-06-14] (Phoenix Technologies) [File not signed]
S3 EverestDriver; D:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [27760 2010-03-31] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-03-22] (GFI Software)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [56208 2010-07-14] (Paragon Software Group)
R1 ISODrive; c:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-07] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKslf3441b58; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9FCCE827-3733-4DC0-9B0B-C802DB376C05}\MpKslf3441b58.sys [39464 2014-07-07] (Microsoft Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies) [File not signed]
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R3 SbieDrv; c:\Program Files\Sandboxie\SbieDrv.sys [133392 2012-02-06] (SANDBOXIE L.T.D)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-26] (Avira GmbH)
R3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1436560 2009-07-03] (Syntek)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [37080 2010-07-14] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [395464 2010-07-14] (Paragon)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S4 bmqsqcmq; \??\C:\Windows\system32\drivers\bmqsqcmq.sys [X]
S4 dbctjwpj; \??\C:\Windows\system32\drivers\dbctjwpj.sys [X]
S4 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
S4 irwostzd; \??\C:\Windows\system32\drivers\irwostzd.sys [X]
S4 keybtgxh; \??\C:\Windows\system32\drivers\keybtgxh.sys [X]
S1 mekcglui; \??\C:\Windows\system32\drivers\mekcglui.sys [X]
S4 orfuvxuc; \??\C:\Windows\system32\drivers\orfuvxuc.sys [X]
S4 qsrmzjke; \??\C:\Windows\system32\drivers\qsrmzjke.sys [X]
S4 snwrexcs; \??\C:\Windows\system32\drivers\snwrexcs.sys [X]
S4 tpysywyt; \??\C:\Windows\system32\drivers\tpysywyt.sys [X]
U5 UnlockerDriver5; c:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S4 vmm; \??\C:\Windows\system32\Drivers\vmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-07 17:40 - 2014-07-07 17:40 - 00000000 _____ () C:\Users\Marcel\defogger_reenable
2014-07-07 16:38 - 2014-07-07 16:39 - 00048257 _____ () C:\Users\Marcel\Downloads\Addition.txt
2014-07-07 16:36 - 2014-07-07 17:41 - 00023832 _____ () C:\Users\Marcel\Downloads\FRST.txt
2014-07-07 16:36 - 2014-07-07 17:41 - 00000000 ____D () C:\FRST
2014-07-07 16:36 - 2014-07-07 17:08 - 01074688 _____ (Farbar) C:\Users\Marcel\Downloads\FRST.exe
2014-07-07 16:30 - 2014-07-07 16:31 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Marcel\Downloads\rkill (1).com
2014-07-07 16:05 - 2014-07-07 16:06 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Marcel\Downloads\rkill.com
2014-07-07 16:02 - 2014-07-07 16:02 - 04161050 _____ () C:\Users\Marcel\Downloads\tdsskiller.zip
2014-07-07 15:45 - 2014-07-07 15:57 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 15:44 - 2014-07-07 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-07 15:44 - 2014-07-07 15:44 - 00000000 ____D () c:\Program Files\ Malwarebytes Anti-Malware
2014-07-07 15:44 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-07 15:44 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-07 14:33 - 2014-06-05 20:39 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Marcel\Desktop\TDSSKiller.exe
2014-07-05 17:52 - 2014-07-07 13:41 - 00000000 ____D () C:\Users\Marcel\AppData\Local\CrashDumps
2014-07-05 10:45 - 2014-07-05 10:46 - 00257464 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-07-03 19:38 - 2014-07-03 19:38 - 00002717 _____ () C:\Users\Marcel\Desktop\JRT.txt
2014-07-03 19:33 - 2014-07-03 19:33 - 00000000 ____D () C:\Windows\ERUNT
2014-07-03 19:24 - 2014-07-03 19:24 - 00000000 ____D () C:\Users\Marcel\AppData\Local\graphicport.net
2014-07-03 19:03 - 2014-07-03 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-07-03 19:03 - 2014-03-26 20:24 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-07-03 19:02 - 2014-07-03 19:02 - 00000000 ____D () c:\Program Files\Oracle
2014-07-03 19:02 - 2014-03-26 20:23 - 00104736 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-07-03 18:57 - 2014-07-04 11:47 - 00002156 _____ () C:\Windows\SecuniaPackage.log
2014-07-03 18:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-03 18:28 - 2014-07-03 18:28 - 00001031 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-07-03 18:28 - 2014-07-03 18:28 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Secunia PSI
2014-07-03 18:27 - 2014-07-03 18:27 - 00000000 ____D () c:\Program Files\Secunia
2014-07-02 13:40 - 2014-07-02 13:40 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-02 13:40 - 2014-07-02 13:40 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-02 12:18 - 2014-07-02 12:18 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Lavasoft
2014-06-25 20:33 - 2014-07-07 17:06 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-06-25 20:33 - 2014-06-25 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-06-25 20:32 - 2014-06-25 20:32 - 00000000 ____D () c:\Program Files\Lavasoft
2014-06-25 20:16 - 2014-06-25 20:16 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-25 19:41 - 2014-06-25 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Configuration Analyzer Tool 1.2
2014-06-25 19:41 - 2014-06-25 19:41 - 00000000 ____D () c:\Program Files\Microsoft OffCAT
2014-06-24 23:23 - 2014-06-24 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-24 23:23 - 2014-06-24 23:23 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-24 23:23 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-06-24 23:23 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-24 23:23 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-24 23:23 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-24 23:22 - 2014-06-24 23:23 - 00004551 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-06-24 14:05 - 2014-06-24 14:05 - 00000000 __SHD () C:\Users\Marcel\AppData\Local\EmieUserList
2014-06-24 14:05 - 2014-06-24 14:05 - 00000000 __SHD () C:\Users\Marcel\AppData\Local\EmieSiteList
2014-06-22 12:15 - 2014-06-22 12:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-21 13:38 - 2014-06-21 13:45 - 00001100 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector smart recovery.lnk
2014-06-21 13:38 - 2014-06-21 13:45 - 00001088 _____ () C:\Users\Public\Desktop\PC Inspector smart recovery.lnk
2014-06-21 13:38 - 2014-06-21 13:38 - 00000000 ____D () c:\Program Files\Convar
2014-06-21 13:38 - 2003-07-18 13:58 - 00516784 ____R (Xceed Software Inc (450) 442-2626 support@xceedsoft.com Xceed Home) C:\Windows\system32\XceedCry.dll
2014-06-21 13:38 - 2002-04-12 13:19 - 00028672 _____ () C:\Windows\system32\DartWeb.oca
2014-06-21 13:38 - 2002-02-28 09:46 - 00217088 _____ (Dart Communications) C:\Windows\system32\DartSock.dll
2014-06-21 13:38 - 2002-02-21 10:12 - 00118784 _____ (Dart Communications) C:\Windows\system32\DartWeb.dll
2014-06-21 13:38 - 2002-02-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\msxml4a.dll
2014-06-21 13:38 - 2000-10-02 12:27 - 00125712 _____ (Microsoft Corporation) C:\Windows\system32\VB6DE.DLL
2014-06-21 13:38 - 2000-05-22 00:00 - 00140488 _____ (Microsoft Corporation) C:\Windows\system32\COMDLG32.OCX
2014-06-21 13:38 - 1998-06-13 22:53 - 00044544 _____ () C:\Windows\system32\Gif89.dll
2014-06-21 13:31 - 2014-06-21 13:31 - 00002059 _____ () C:\Users\Marcel\Desktop\Klicken Sie hier, um PC-Fehler zu finden und zu reparieren.lnk
2014-06-21 13:31 - 2014-06-21 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Data Recovery
2014-06-21 13:31 - 2014-06-21 13:31 - 00000000 ____D () c:\Program Files\Smart PC Solutions
2014-06-21 13:26 - 1998-06-18 00:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\system32\VB5DB.DLL
2014-06-21 13:25 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-21 13:25 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-21 13:25 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-21 13:25 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-21 13:25 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-21 13:25 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-21 13:25 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-21 13:25 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-21 13:25 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-21 13:25 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-21 13:25 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-21 13:25 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-21 13:25 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-21 13:25 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-21 13:25 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-21 13:25 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-21 13:25 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-21 13:25 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-21 13:25 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-21 13:25 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-21 13:25 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-21 13:25 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-21 13:25 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-21 13:25 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-21 13:25 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-21 13:25 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-21 13:25 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-21 13:25 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-21 13:24 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-21 13:24 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-21 13:24 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-21 13:24 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-21 13:24 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-21 13:24 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-21 13:24 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-21 13:24 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-21 13:23 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-20 18:08 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-20 18:08 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-08 16:42 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-08 16:42 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-06-08 16:42 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-06-08 16:42 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-06-08 16:41 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-06-08 16:41 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-06-08 16:41 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-06-08 16:41 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-06-08 16:41 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-06-08 16:41 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-06-08 16:41 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-06-08 16:41 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-06-08 16:41 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-06-08 16:41 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
==================== One Month Modified Files and Folders =======
2014-07-07 17:41 - 2014-07-07 16:36 - 00023832 _____ () C:\Users\Marcel\Downloads\FRST.txt
2014-07-07 17:41 - 2014-07-07 16:36 - 00000000 ____D () C:\FRST
2014-07-07 17:40 - 2014-07-07 17:40 - 00000000 _____ () C:\Users\Marcel\defogger_reenable
2014-07-07 17:40 - 2010-06-13 12:26 - 00000000 ____D () C:\Users\Marcel
2014-07-07 17:22 - 2009-07-14 06:34 - 00016896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-07 17:22 - 2009-07-14 06:34 - 00016896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-07 17:10 - 2010-06-13 12:19 - 02076675 _____ () C:\Windows\WindowsUpdate.log
2014-07-07 17:08 - 2014-07-07 16:36 - 01074688 _____ (Farbar) C:\Users\Marcel\Downloads\FRST.exe
2014-07-07 17:06 - 2014-06-25 20:33 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-07-07 17:06 - 2013-08-05 11:01 - 00000000 ___RD () C:\Users\Marcel\Dropbox
2014-07-07 17:06 - 2013-08-05 10:54 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Dropbox
2014-07-07 17:05 - 2014-05-18 15:08 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\DropboxMaster
2014-07-07 17:04 - 2013-02-01 15:43 - 00000000 ___RD () C:\Users\Marcel\SkyDrive
2014-07-07 17:00 - 2013-11-19 22:11 - 00017188 _____ () C:\Windows\setupact.log
2014-07-07 17:00 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-07 16:39 - 2014-07-07 16:38 - 00048257 _____ () C:\Users\Marcel\Downloads\Addition.txt
2014-07-07 16:33 - 2013-10-05 18:11 - 00002598 _____ () C:\Users\Marcel\Desktop\Rkill.txt
2014-07-07 16:31 - 2014-07-07 16:30 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Marcel\Downloads\rkill (1).com
2014-07-07 16:06 - 2014-07-07 16:05 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Marcel\Downloads\rkill.com
2014-07-07 16:02 - 2014-07-07 16:02 - 04161050 _____ () C:\Users\Marcel\Downloads\tdsskiller.zip
2014-07-07 15:57 - 2014-07-07 15:45 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 15:45 - 2012-03-20 23:29 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Malwarebytes
2014-07-07 15:44 - 2014-07-07 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-07 15:44 - 2014-07-07 15:44 - 00000000 ____D () c:\Program Files\ Malwarebytes Anti-Malware
2014-07-07 15:44 - 2012-03-20 23:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-07 15:44 - 2012-03-20 23:29 - 00000000 ____D () c:\Program Files\Malwarebytes' Anti-Malware
2014-07-07 15:33 - 2012-02-10 22:59 - 00081812 _____ () C:\Windows\system32\TVersityMediaServer.log
2014-07-07 14:43 - 2012-12-26 15:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-07 13:41 - 2014-07-05 17:52 - 00000000 ____D () C:\Users\Marcel\AppData\Local\CrashDumps
2014-07-07 10:25 - 2013-10-15 19:29 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\vlc
2014-07-06 20:34 - 2011-05-18 21:08 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\mIRC
2014-07-06 19:58 - 2014-03-10 13:21 - 00000000 ____D () C:\Users\Marcel\Documents\Anwaltsstation
2014-07-06 13:55 - 2010-06-13 12:28 - 01658436 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-05 10:46 - 2014-07-05 10:45 - 00257464 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-07-04 11:47 - 2014-07-03 18:57 - 00002156 _____ () C:\Windows\SecuniaPackage.log
2014-07-04 11:47 - 2012-03-29 18:50 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-04 11:47 - 2011-05-31 09:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-04 11:43 - 2012-05-30 07:49 - 00000000 ____D () c:\Program Files\Mozilla Maintenance Service
2014-07-03 19:44 - 2013-09-29 12:58 - 00000000 ____D () c:\Program Files\SRWare Iron
2014-07-03 19:38 - 2014-07-03 19:38 - 00002717 _____ () C:\Users\Marcel\Desktop\JRT.txt
2014-07-03 19:33 - 2014-07-03 19:33 - 00000000 ____D () C:\Windows\ERUNT
2014-07-03 19:27 - 2010-12-18 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2014-07-03 19:24 - 2014-07-03 19:24 - 00000000 ____D () C:\Users\Marcel\AppData\Local\graphicport.net
2014-07-03 19:08 - 2012-02-11 00:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-07-03 19:07 - 2012-01-02 12:04 - 00001045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-03 19:07 - 2011-01-31 19:58 - 00001033 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-03 19:06 - 2010-06-13 12:50 - 00000000 ____D () c:\Program Files\Mozilla Firefox
2014-07-03 19:03 - 2014-07-03 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-07-03 19:02 - 2014-07-03 19:02 - 00000000 ____D () c:\Program Files\Oracle
2014-07-03 18:59 - 2013-10-15 19:25 - 00000952 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-03 18:59 - 2013-10-15 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-03 18:57 - 2010-06-14 17:41 - 00000000 ____D () c:\Program Files\MSXML 4.0
2014-07-03 18:40 - 2013-12-07 13:23 - 00190622 _____ () C:\Windows\PFRO.log
2014-07-03 18:38 - 2013-10-05 19:36 - 00000000 ____D () C:\AdwCleaner
2014-07-03 18:28 - 2014-07-03 18:28 - 00001031 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-07-03 18:28 - 2014-07-03 18:28 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Secunia PSI
2014-07-03 18:27 - 2014-07-03 18:27 - 00000000 ____D () c:\Program Files\Secunia
2014-07-03 18:08 - 2013-08-26 21:46 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-02 13:40 - 2014-07-02 13:40 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-02 13:40 - 2014-07-02 13:40 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-02 13:34 - 2013-03-22 12:35 - 00000000 ____D () C:\Users\Marcel\AppData\Local\adawarebp
2014-07-02 12:18 - 2014-07-02 12:18 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Lavasoft
2014-07-01 16:51 - 2013-01-31 16:45 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-25 20:33 - 2014-06-25 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-06-25 20:32 - 2014-06-25 20:32 - 00000000 ____D () c:\Program Files\Lavasoft
2014-06-25 20:16 - 2014-06-25 20:16 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-25 20:15 - 2013-03-22 12:35 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-25 19:41 - 2014-06-25 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Configuration Analyzer Tool 1.2
2014-06-25 19:41 - 2014-06-25 19:41 - 00000000 ____D () c:\Program Files\Microsoft OffCAT
2014-06-25 19:27 - 2010-06-13 15:00 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-24 23:23 - 2014-06-24 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-24 23:23 - 2014-06-24 23:23 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-24 23:23 - 2014-06-24 23:22 - 00004551 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-06-24 23:23 - 2014-01-24 11:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-24 23:23 - 2012-09-01 18:50 - 00000000 ____D () c:\Program Files\Java
2014-06-24 22:21 - 2010-06-13 12:50 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Mozilla
2014-06-24 14:05 - 2014-06-24 14:05 - 00000000 __SHD () C:\Users\Marcel\AppData\Local\EmieUserList
2014-06-24 14:05 - 2014-06-24 14:05 - 00000000 __SHD () C:\Users\Marcel\AppData\Local\EmieSiteList
2014-06-24 13:36 - 2014-02-19 22:38 - 00002202 _____ () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-06-24 10:17 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-24 09:51 - 2013-01-31 16:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-24 09:44 - 2013-02-01 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-06-23 14:59 - 2011-08-02 11:16 - 00000000 ____D () C:\Windows\rescache
2014-06-22 18:57 - 2013-08-26 21:46 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-22 12:15 - 2014-06-22 12:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-21 14:04 - 2013-01-31 16:40 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Microsoft Help
2014-06-21 13:45 - 2014-06-21 13:38 - 00001100 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector smart recovery.lnk
2014-06-21 13:45 - 2014-06-21 13:38 - 00001088 _____ () C:\Users\Public\Desktop\PC Inspector smart recovery.lnk
2014-06-21 13:38 - 2014-06-21 13:38 - 00000000 ____D () c:\Program Files\Convar
2014-06-21 13:38 - 2010-06-13 14:04 - 00000000 ___HD () c:\Program Files\InstallShield Installation Information
2014-06-21 13:31 - 2014-06-21 13:31 - 00002059 _____ () C:\Users\Marcel\Desktop\Klicken Sie hier, um PC-Fehler zu finden und zu reparieren.lnk
2014-06-21 13:31 - 2014-06-21 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Data Recovery
2014-06-21 13:31 - 2014-06-21 13:31 - 00000000 ____D () c:\Program Files\Smart PC Solutions
2014-06-21 13:17 - 2013-08-15 19:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-21 13:05 - 2010-06-16 10:08 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-20 18:39 - 2014-03-24 22:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-20 18:36 - 2013-02-01 15:29 - 00000000 ____D () c:\Program Files\Microsoft Office 15
2014-06-20 18:10 - 2013-08-05 11:01 - 00001021 _____ () C:\Users\Marcel\Desktop\Dropbox.lnk
2014-06-20 18:10 - 2013-08-05 10:56 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-15 16:33 - 2013-03-30 17:39 - 00000000 ___RD () C:\Users\Marcel\Podcasts
2014-06-15 16:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-06-08 16:22 - 2013-01-31 16:45 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-08 10:48 - 2014-06-21 13:24 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-21 13:24 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
Some content of TEMP:
====================
C:\Users\Marcel\AppData\Local\Temp\avgnt.exe
C:\Users\Marcel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdhftdm.dll
C:\Users\standartbenutzer\AppData\Local\Temp\AskSLib.dll
C:\Users\standartbenutzer\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-30 15:26
==================== End Of Log ============================
|
|
27.07.2014, 14:49
| #3 |
| | Echtzeitscanner erkennt 'TR/Patched.Ren.Gen - Outlook startet nicht Ich weiß, man sollte nicht pushen, aber der TR/Patched.Ren.Gen Problem bekomm ich ohne hilfe nicht behoben :/
__________________Outlook funktioniert nach den Windows Updates wieder |
|
28.07.2014, 17:57
| #4 |
| /// the machine /// TB-Ausbilder    | Echtzeitscanner erkennt 'TR/Patched.Ren.Gen - Outlook startet nicht hi, wer findet den Trojaner wo?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.07.2014, 19:24
| #5 |
| | Echtzeitscanner erkennt 'TR/Patched.Ren.Gen - Outlook startet nicht Avira Free Antivirus Echtzeitscanner Das waren die Meldungen von heute Code:
ATTFilter In der Datei 'C:\Windows\Temp\673f6c85-8ca3-4e38-8555-c9bb935aa111\tmp0000240d\tmp0000adbf'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
In der Datei 'C:\Windows\Temp\673f6c85-8ca3-4e38-8555-c9bb935aa111\tmp0000240d\tmp0000abbd'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
In der Datei 'C:\Windows\Temp\673f6c85-8ca3-4e38-8555-c9bb935aa111\tmp0000240d\tmp0000ab19'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
|
|
29.07.2014, 10:19
| #6 |
| /// the machine /// TB-Ausbilder | Echtzeitscanner erkennt 'TR/Patched.Ren.Gen - Outlook startet nicht alles Fehlalarme.
__________________ --> Echtzeitscanner erkennt 'TR/Patched.Ren.Gen - Outlook startet nicht |
|
29.07.2014, 10:55
| #7 |
| | Echtzeitscanner erkennt 'TR/Patched.Ren.Gen - Outlook startet nicht Alles klar, bessere Neuigkeiten gibts nicht... merkwürdig find ichs schon  |
|
29.07.2014, 11:51
| #8 |
| /// the machine /// TB-Ausbilder | Echtzeitscanner erkennt 'TR/Patched.Ren.Gen - Outlook startet nicht Is halt Avira, gewöhn dich dran.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Echtzeitscanner erkennt 'TR/Patched.Ren.Gen - Outlook startet nicht |
| .com, 4d36e972-e325-11ce-bfc1-08002be10318, ad-aware, alware, antivirus, avira, converter, defender, desktop, dvdvideosoft ltd., error, excel, fehlercode 1, fehlercode 2, fehlercode 21, firefox, flash player, help, installation, mp3, office 365, officejet, onedrive, programm, refresh, registry, rundll, scan, software, system, temp, tr/crypt.xpack.gen, tracker, trojaner, updates, virtualbox, vista |
Linear-Darstellung
