| |
| |||||||
Log-Analyse und Auswertung: Bank sperrt Online-Banking wegen Verdacht auf Trojaner BefallWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
31.07.2014, 14:34
| #1 |
 |  Bank sperrt Online-Banking wegen Verdacht auf Trojaner Befall Hallo, meine Bank hat meinen Onlinebanking Zugang gesperrt und mir mitgeteilt, dass von einer verdächtigen IP Adresse mit meinen Daten ein Zugang versucht wurde. Sie vermuten eine Trojanerinfektion bei mir und empfehlen den Rechner komplett platt zu machen. Da das für mich sehr aufwendig wäre würde ich gern erst einmal sicher gehen, dass es wirklich nötig ist und heraus finden was eigentlich das Problem ist. Eigentlich verhalte ich mir recht sicherheitsbewußt im Netz und es würde mich sehr wundern wenn der Rechner tatsächlich verseucht ist. Hier also die logfiles, ich hoffe ihr könnt mir helfen! Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:28 on 31/07/2014 (*****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01
Ran by ***** (ATTENTION: The logged in user is not administrator) on ***** on 31-07-2014 14:31:33
Running from C:\Users\*****\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
(Mendeley Ltd.) C:\Program Files (x86)\Mendeley Desktop\MendeleyDesktop.exe
(Dropbox, Inc.) C:\Users\s*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\pnamain.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [684016 2012-12-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-08-21] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215360 2011-01-12] (McAfee, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [362432 2011-12-22] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\.DEFAULT\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-4253473865-3197154111-2873975343-79045\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-4253473865-3197154111-2873975343-79045\...\Run: [SkyDrive] => C:\Users\s*****\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-07-30] (Microsoft Corporation)
HKU\S-1-5-21-4253473865-3197154111-2873975343-79045\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-4253473865-3197154111-2873975343-79045\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE [944520 2011-02-12] (Microsoft Corporation)
HKU\S-1-5-21-4253473865-3197154111-2873975343-79045\...\RunOnce: [Uninstall C:\Users\s*****\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\s*****\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64"
HKU\S-1-5-21-4253473865-3197154111-2873975343-79045\...\RunOnce: [Uninstall C:\Users\s*****\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\s*****\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512_1\amd64"
HKU\S-1-5-21-4253473865-3197154111-2873975343-79045\...\RunOnce: [Uninstall C:\Users\s*****\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\s*****\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64"
HKU\S-1-5-21-4253473865-3197154111-2873975343-79045\...\RunOnce: [Uninstall C:\Users\s*****\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\s*****\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618"
HKU\S-1-5-21-4253473865-3197154111-2873975343-79045\...\Policies\system: [RunLogonScriptSync] 1
HKU\S-1-5-21-4253473865-3197154111-2873975343-79045\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-4253473865-3197154111-2873975343-79045\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-4253473865-3197154111-2873975343-79045\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-4253473865-3197154111-2873975343-79045\...\Policies\Explorer: [NoNetHood] 1
HKU\S-1-5-21-4253473865-3197154111-2873975343-79045\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4253473865-3197154111-2873975343-79045\...\MountPoints2: {9c9b1ba4-5420-11e3-ac30-74e543508e32} - F:\Startme.exe
Startup: C:\Users\s*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\s*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\s*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fu-berlin.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120910124241.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120910124242.dll (McAfee, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\s*****\AppData\Roaming\Mozilla\Firefox\Profiles\bgucrjj5. new
FF Homepage: hxxp://www.fu-berlin.de
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\s*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pieps.com/PiepsUpdate - C:\Users\s*****\AppData\Roaming\Pieps\PiepsUpdate\1.3.0.0\npPiepsUpdate.dll (Pieps GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Ghostery - C:\Users\s*****\AppData\Roaming\Mozilla\Firefox\Profiles\o64cizzn.default\Extensions\firefox@ghostery.com [2013-03-14]
FF Extension: LeechBlock - C:\Users\s*****\AppData\Roaming\Mozilla\Firefox\Profiles\o64cizzn.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2012-12-03]
FF Extension: LeechBlock - C:\Users\s*****\AppData\Roaming\Mozilla\Firefox\Profiles\bgucrjj5. new\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2013-08-05]
FF Extension: No Name - C:\Users\s*****\AppData\Roaming\Mozilla\Firefox\Profiles\bgucrjj5. new\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-26]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F} [2013-03-15]
FF Extension: Quick Locale Switcher - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F} [2014-01-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\langpack-de@firefox.mozilla.org.xpi [2014-01-15]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012-09-10]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-09-13]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1840208 2012-11-21] (Microsoft Corporation)
R2 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [633952 2012-11-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-08-21] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199008 2012-09-10] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [209760 2011-01-12] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2012-09-10] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [402000 2012-11-21] () [File not signed]
R2 USBDLM; C:\Program Files (x86)\USBDLM\USBDLM.exe [156160 2008-09-18] (Uwe Sieber - www.uwe-sieber.de) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2012-07-04] (Broadcom Corporation.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [158712 2012-09-10] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [228752 2012-09-10] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [642952 2012-09-10] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100904 2012-09-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2012-09-10] (McAfee, Inc.)
S3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-31 14:33 - 2014-07-31 14:35 - 00042920 _____ () C:\Users\s*****\Desktop\Addition.txt
2014-07-31 14:31 - 2014-07-31 14:36 - 00034992 _____ () C:\Users\s*****\Desktop\FRST.txt
2014-07-31 14:31 - 2014-07-31 14:35 - 00000000 ____D () C:\FRST
2014-07-31 14:30 - 2014-07-31 14:30 - 02094080 _____ (Farbar) C:\Users\s*****\Desktop\FRST64.exe
2014-07-31 14:28 - 2014-07-31 14:28 - 00000474 _____ () C:\Users\s*****\Desktop\defogger_disable.log
2014-07-31 14:24 - 2014-07-31 14:24 - 00050477 _____ () C:\Users\s*****\Desktop\Defogger.exe
2014-07-30 10:25 - 2014-07-30 10:25 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-30 10:25 - 2014-07-30 10:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-30 10:25 - 2014-07-30 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-09 17:07 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 17:07 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 17:07 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 17:06 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 17:06 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 17:05 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 17:03 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 17:03 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 17:03 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 17:03 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 17:03 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-07-09 17:03 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 17:03 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 17:03 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 17:03 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 17:03 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-07-09 17:03 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 17:03 - 2014-06-19 04:10 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-07-09 17:03 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 17:03 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 17:03 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 17:03 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-07-09 17:03 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-07-09 17:03 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-07-09 17:03 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-07-09 17:03 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 17:03 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 17:03 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 17:03 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 17:03 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 17:03 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-07-09 17:03 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 17:03 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 17:03 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 17:03 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 17:03 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 17:03 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-07-09 17:03 - 2014-06-19 02:52 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-07-09 17:03 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 17:03 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 17:03 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 17:03 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-07-09 17:03 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-07-09 17:03 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-07-09 17:03 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-07-09 17:03 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-07-09 17:03 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-07-09 17:03 - 2014-06-19 01:37 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RegisterIEPKEYs.exe
2014-07-09 17:03 - 2014-06-19 01:34 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RegisterIEPKEYs.exe
2014-07-09 17:01 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 17:01 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\secur32.dll
2014-07-09 17:01 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-31 14:36 - 2014-07-31 14:31 - 00034992 _____ () C:\Users\s*****\Desktop\FRST.txt
2014-07-31 14:35 - 2014-07-31 14:33 - 00042920 _____ () C:\Users\s*****\Desktop\Addition.txt
2014-07-31 14:35 - 2014-07-31 14:31 - 00000000 ____D () C:\FRST
2014-07-31 14:30 - 2014-07-31 14:30 - 02094080 _____ (Farbar) C:\Users\s*****\Desktop\FRST64.exe
2014-07-31 14:28 - 2014-07-31 14:28 - 00000474 _____ () C:\Users\s*****\Desktop\defogger_disable.log
2014-07-31 14:28 - 2013-08-21 13:41 - 00000000 ____D () C:\Users\s*****.LOE10123LAP
2014-07-31 14:28 - 2010-11-21 08:21 - 00701698 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-31 14:28 - 2010-11-21 08:21 - 00150542 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-31 14:28 - 2009-07-14 07:13 - 01626052 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-31 14:24 - 2014-07-31 14:24 - 00050477 _____ () C:\Users\s*****\Desktop\Defogger.exe
2014-07-31 13:37 - 2013-08-26 10:21 - 00001110 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 08:27 - 2013-08-26 10:21 - 00001106 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-30 11:33 - 2014-03-02 09:45 - 00002169 _____ () C:\Users\s*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-07-30 10:26 - 2013-03-13 15:48 - 00000000 ____D () C:\ProgramData\Skype
2014-07-30 10:26 - 2012-09-13 11:48 - 01103254 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-30 10:25 - 2014-07-30 10:25 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-30 10:25 - 2014-07-30 10:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-30 10:25 - 2014-07-30 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-30 10:19 - 2012-12-11 15:29 - 00000000 ____D () C:\Users\s*****\AppData\Roaming\Skype
2014-07-30 10:08 - 2013-10-01 08:32 - 00000000 ____D () C:\Users\s*****\AppData\Roaming\Dropbox
2014-07-30 10:07 - 2013-10-01 10:04 - 00000988 _____ () C:\Users\s*****\Desktop\Dropbox.lnk
2014-07-30 10:07 - 2013-10-01 08:35 - 00000000 ____D () C:\Users\s*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-26 11:30 - 2009-07-14 06:45 - 00019120 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-26 11:30 - 2009-07-14 06:45 - 00019120 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 08:37 - 2009-07-14 05:20 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-14 21:48 - 2009-07-14 05:20 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-14 20:26 - 2012-09-10 12:38 - 00000569 _____ () C:\WINDOWS\SMSCFG.INI
2014-07-14 20:24 - 2009-07-14 07:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-14 20:23 - 2009-07-14 06:51 - 00152669 _____ () C:\WINDOWS\setupact.log
2014-07-14 20:23 - 2009-07-14 06:45 - 00573600 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-14 20:21 - 2010-11-21 08:27 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-14 14:01 - 2012-09-13 12:01 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-07-14 14:01 - 2012-09-13 12:01 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 17:09 - 2012-09-10 12:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-06 21:31 - 2012-09-13 12:45 - 00000000 ____D () C:\Users\s*****\AppData\Local\Microsoft Help
2014-07-01 10:56 - 2012-09-13 12:12 - 00047738 __RSH () C:\ProgramData\ntuser.pol
Some content of TEMP:
====================
C:\Users\s*****\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplb8ngk.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 01
Ran by s***** at 2014-07-31 14:36:35
Running from C:\Users\s*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee VirusScan Enterprise (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
calibre (HKLM-x32\...\{BA356893-F9F4-4C84-B10B-6EB2FC3C3B90}) (Version: 1.5.0 - Kovid Goyal)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
Canon MX710 series Benutzerregistrierung (HKLM-x32\...\Canon MX710 series Benutzerregistrierung) (Version: - )
Canon MX710 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX710_series) (Version: - )
Canon MX710 series On-screen Manual (HKLM-x32\...\Canon MX710 series On-screen Manual) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3099 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Citrix Receiver (DV) (HKLM-x32\...\{655C5545-7974-443F-882F-D745607EBB08}) (Version: 13.1.0.89 - Citrix Systems, Inc.)
Citrix Receiver (HDX Flash-Umleitung) (HKLM-x32\...\{BC728724-882E-4E2D-B3EE-E2C7332DC2F2}) (Version: 13.1.0.89 - Citrix Systems, Inc.)
Citrix Receiver (USB) (HKLM-x32\...\{A113003E-8271-4485-ABC1-83FB96BFFF52}) (Version: 13.1.0.89 - Citrix Systems, Inc.)
Citrix Receiver Inside (HKLM-x32\...\{991057FA-3CA7-42B0-94B6-5B1B2535FBD3}) (Version: 3.1.0.64094 - Citrix Systems, Inc.)
Citrix Receiver(Aero) (HKLM-x32\...\{246CB06B-308C-4CAE-AD1C-CB8409274261}) (Version: 13.1.0.89 - Citrix Systems, Inc.)
Citrix Receiver(PNA) (HKLM-x32\...\{38409AC9-F0FD-4323-A98F-881D8EF338C4}) (Version: 13.1.0.89 - Citrix Systems, Inc.)
Citrix Receiver(SSON) (HKLM-x32\...\{F5D0DB5D-6688-46FE-B4E5-4AACAEAA8B7A}) (Version: 13.1.0.89 - Citrix Systems, Inc.)
Configuration Manager Client (Version: 5.00.7804.1000 - Microsoft Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.124 - ALPS ELECTRIC CO., LTD.)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
ELAN 4.5.1 (HKLM-x32\...\ELAN 4.5.1) (Version: 4.5.1.0 - MPI - The Language Archive)
EndNote X5 (HKLM-x32\...\{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}) (Version: 15.0.0.5478 - Thomson Reuters)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
FU-Schriftarten (HKLM-x32\...\{23A30745-EB3A-463B-86B7-109D5971C8DB}) (Version: 1.0 - FU Berlin - ZEDAT)
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.02) (Version: 9.02 - Artifex Software Inc.)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
IZArc 4.1.6 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
MAXQDA 10 Reader (R240113) (HKLM-x32\...\MAXQDA10Reader) (Version: (R240113) - VERBI Software.Consult.Sozialforschung GmbH)
McAfee Agent (HKLM-x32\...\{1995804A-B1A2-4826-99DD-CEA1352D090B}) (Version: 4.6.0.2935 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.01000 - McAfee, Inc.)
Mendeley Desktop 1.11 (HKLM-x32\...\Mendeley Desktop) (Version: 1.11 - Mendeley Ltd.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Policy Platform (Version: 1.2.3602.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MoviScript (HKLM-x32\...\{A4051AC2-3B01-487E-8446-B0F704F0A0EE}_is1) (Version: - )
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 19.0.2 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Online Plug-in (HKLM-x32\...\{739A6D0C-CA8D-4955-8E3D-58D1847327AC}) (Version: 13.1.0.89 - Citrix Systems, Inc.)
Opera 11.50 (HKLM-x32\...\Opera 11.50.1074) (Version: 11.50.1074 - Opera Software ASA)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Pieps Connect Plugin (HKCU\...\{2b673b19-5ff5-411d-944b-b714d270d38e}) (Version: 1.3.0.0 - Pieps GmbH)
Pieps Update Plugin (x32 Version: 1.3.0.0 - Pieps GmbH) Hidden
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - )
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000005}) (Version: 11.0.0 - Adobe Systems Incorporated)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TSDoctor (HKLM-x32\...\{B301AB91-A25A-49F7-AA17-569345328A84}) (Version: 1.2.82 - Cypheros)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{0C175ED0-26B9-4B09-AFA9-3F16A03A29B9}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.STANDARD_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{81CA2EFA-7250-4B1E-B3A6-E0595224E2CD}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
USB drive letter manager (x32 Version: 4.2.3 - Uwe Sieber) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WhoAmI (HKLM-x32\...\{1899D16E-C577-4DEF-A272-243824576D88}) (Version: 1.0 - FU Berlin - ZEDAT)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2013-12-13 10:47 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?
==================== Loaded Modules (whitelisted) =============
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-09-13 11:38 - 2012-02-01 11:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: ColdTurkey_notify => C:\Program Files\ColdTurkey\ct_notify.exe
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/31/2014 11:35:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SkyDrive.exe, Version: 17.3.1171.714, Zeitstempel: 0x53c48bb5
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1072
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00038e19
ID des fehlerhaften Prozesses: 0x1e58
Startzeit der fehlerhaften Anwendung: 0xSkyDrive.exe0
Pfad der fehlerhaften Anwendung: SkyDrive.exe1
Pfad des fehlerhaften Moduls: SkyDrive.exe2
Berichtskennung: SkyDrive.exe3
Error: (07/14/2014 08:24:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/08/2014 01:09:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/03/2014 10:02:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc6b7
Name des fehlerhaften Moduls: igdumd32.dll, Version: 8.15.10.2639, Zeitstempel: 0x4f29a518
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0027cac8
ID des fehlerhaften Prozesses: 0x1498
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3
Error: (07/02/2014 08:49:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1072
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0x14d4
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3
Error: (07/01/2014 08:10:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1072
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0x11e4
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3
Error: (07/01/2014 07:58:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mcshield.exe, Version: 14.4.0.354, Zeitstempel: 0x4e262841
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c92c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000d89e
ID des fehlerhaften Prozesses: 0x80c
Startzeit der fehlerhaften Anwendung: 0xmcshield.exe0
Pfad der fehlerhaften Anwendung: mcshield.exe1
Pfad des fehlerhaften Moduls: mcshield.exe2
Berichtskennung: mcshield.exe3
Error: (06/20/2014 07:43:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Skype.exe, Version: 6.2.32.106, Zeitstempel: 0x5113a755
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0fafafa
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xdd4
Startzeit der fehlerhaften Anwendung: 0xSkype.exe0
Pfad der fehlerhaften Anwendung: Skype.exe1
Pfad des fehlerhaften Moduls: Skype.exe2
Berichtskennung: Skype.exe3
Error: (06/19/2014 04:56:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/12/2014 02:23:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Skype.exe, Version: 6.2.32.106, Zeitstempel: 0x5113a755
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0fafafa
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xf30
Startzeit der fehlerhaften Anwendung: 0xSkype.exe0
Pfad der fehlerhaften Anwendung: Skype.exe1
Pfad des fehlerhaften Moduls: Skype.exe2
Berichtskennung: Skype.exe3
System errors:
=============
Error: (07/31/2014 02:15:43 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne CAMPUS aufgrund der folgenden
Ursache nicht einrichten:
%%1311
Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.
ZUSÄTZLICHE INFORMATIONEN
Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error: (07/31/2014 08:20:42 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: FU-BERLIN)
Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Der Computername konnte nicht aufgelöst werden. Dies kann mindestens eine der folgenden Ursachen haben:
a) Fehler bei der Namensauflösung mit dem aktuellen Domänencontroller.
b) Active Directory-Replikationswartezeit (ein auf einem anderen Domänencontroller erstelltes Konto hat nicht auf dem aktuellen Domänencontroller repliziert).
Error: (07/31/2014 08:20:42 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne CAMPUS aufgrund der folgenden
Ursache nicht einrichten:
%%1311
Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.
ZUSÄTZLICHE INFORMATIONEN
Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error: (07/30/2014 04:44:01 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: ****)
Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Der Computername konnte nicht aufgelöst werden. Dies kann mindestens eine der folgenden Ursachen haben:
a) Fehler bei der Namensauflösung mit dem aktuellen Domänencontroller.
b) Active Directory-Replikationswartezeit (ein auf einem anderen Domänencontroller erstelltes Konto hat nicht auf dem aktuellen Domänencontroller repliziert).
Error: (07/30/2014 03:06:45 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: FU-BERLIN)
Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Der Computername konnte nicht aufgelöst werden. Dies kann mindestens eine der folgenden Ursachen haben:
a) Fehler bei der Namensauflösung mit dem aktuellen Domänencontroller.
b) Active Directory-Replikationswartezeit (ein auf einem anderen Domänencontroller erstelltes Konto hat nicht auf dem aktuellen Domänencontroller repliziert).
Error: (07/30/2014 02:29:08 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne CAMPUS aufgrund der folgenden
Ursache nicht einrichten:
%%1311
Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.
ZUSÄTZLICHE INFORMATIONEN
Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error: (07/30/2014 02:28:38 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT-AUTORITÄT)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error: (07/30/2014 10:01:08 AM) (Source: TermService) (EventID: 1067) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.
Error: (07/30/2014 09:57:52 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne CAMPUS aufgrund der folgenden
Ursache nicht einrichten:
%%1311
Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.
ZUSÄTZLICHE INFORMATIONEN
Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error: (07/30/2014 09:55:52 AM) (Source: TermService) (EventID: 1067) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.
Microsoft Office Sessions:
=========================
Error: (07/31/2014 11:35:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1171.71453c48bb5ntdll.dll6.1.7601.1822951fb1072c000000500038e191e5801cfabd9610fe9ecC:\Users\s*****\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\WINDOWS\SysWOW64\ntdll.dllf83d8e3a-1895-11e4-a4af-74e543508e32
Error: (07/14/2014 08:24:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/08/2014 01:09:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/03/2014 10:02:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.1.7600.163854a5bc6b7igdumd32.dll8.15.10.26394f29a518c00000050027cac8149801cf96950fc19d51C:\WINDOWS\SysWOW64\DllHost.exeC:\WINDOWS\SysWOW64\igdumd32.dll5af565ff-0288-11e4-ab7e-74e543508e32
Error: (07/02/2014 08:49:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.1822951fb1072c0000005000223e014d401cf95c016cc9659C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\WINDOWS\SysWOW64\ntdll.dll003503c9-01b5-11e4-ab7e-74e543508e32
Error: (07/01/2014 08:10:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.1822951fb1072c0000005000223e011e401cf94f1860154a6C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\WINDOWS\SysWOW64\ntdll.dll656c1612-00e6-11e4-ab7e-74e543508e32
Error: (07/01/2014 07:58:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mcshield.exe14.4.0.3544e262841ole32.dll6.1.7601.175144ce7c92cc0000005000000000000d89e80c01cf8bce7887aa2cC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\WINDOWS\system32\ole32.dllc8124426-00e4-11e4-ab7e-74e543508e32
Error: (06/20/2014 07:43:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.2.32.1065113a755KERNELBASE.dll6.1.7601.1840953159a86e0fafafa0000c42ddd401cf8bcf16a805a1C:\Program Files (x86)\Skype\Phone\Skype.exeC:\WINDOWS\syswow64\KERNELBASE.dllda7c3c72-f83d-11e3-ab7e-74e543508e32
Error: (06/19/2014 04:56:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/12/2014 02:23:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.2.32.1065113a755KERNELBASE.dll6.1.7601.1840953159a86e0fafafa0000c42df3001cf858bd492cc29C:\Program Files (x86)\Skype\Phone\Skype.exeC:\WINDOWS\syswow64\KERNELBASE.dll6c4b16f3-f22c-11e3-80de-74e543508e32
CodeIntegrity Errors:
===================================
Date: 2013-12-13 09:40:27.976
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-13 09:40:27.947
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 22%
Total physical RAM: 8074.62 MB
Available physical RAM: 6248.23 MB
Total Pagefile: 16147.41 MB
Available Pagefile: 13266.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (SYSTEM) (Fixed) (Total:232.88 GB) (Free:172.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (lokale Daten ohne Backup) (Fixed) (Total:232.88 GB) (Free:110.74 GB) NTFS
Drive h: (Offline) (Network) (Total:232.88 GB) (Free:172.23 GB) CSC-CACHE
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-31 15:06:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0005 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\S****~1.LOE\AppData\Local\Temp\ffroikog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\WINDOWS\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800039ad000 45 bytes [00, 00, EB, 00, 4E, 74, 66, ...]
INITKDBG C:\WINDOWS\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800039ad02f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1316] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076bb1465 2 bytes [BB, 76]
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1316] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076bb14bb 2 bytes [BB, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4480] C:\WINDOWS\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000768f8791 5 bytes JMP 0000000168ee7f8e
.text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4480] C:\WINDOWS\syswow64\ole32.dll!OleLoadFromStream 00000000771e6143 5 bytes JMP 000000016942ca31
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3652] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076bb1465 2 bytes [BB, 76]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3652] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076bb14bb 2 bytes [BB, 76]
.text ... * 2
.text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5852] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076bb1465 2 bytes [BB, 76]
.text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5852] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076bb14bb 2 bytes [BB, 76]
.text ... * 2
.text C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE[3416] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076bb1465 2 bytes [BB, 76]
.text C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE[3416] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076bb14bb 2 bytes [BB, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [4848:4940] 000000006da0cf23
Thread C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [4848:4944] 000000006da0cf23
Thread C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [4848:4948] 000000006da0cf23
Thread C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [4848:4952] 000000006da0cf23
Thread C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [4848:4956] 000000006da0cf23
Thread C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [4848:4960] 000000006da0e697
Thread C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [4848:4964] 000000006da0cf23
Thread C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [4848:4992] 000000006da0cf23
Thread C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [4848:4996] 000000006da0cf23
---- Processes - GMER 2.1 ----
Library C:\Users\+++++\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [2396](2014-07-21 20:53:38) 0000000003f80000
Library c:\users\s*****\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplb8ngk.dll (*** suspicious ***) @ C:\Users\s*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [2396](2014-07-30 08:08:10) 0000000004680000
Library C:\Users\s*****\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\s*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [2396](2013-10-18 23:55:02) 0000000062c70000
Library C:\Users\s*****\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\s*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [2396] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 00000000622e0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\74e543508e32 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543508e32
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543508e32@fc58faa10058 0xD2 0x9E 0x1D 0x67 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\74e543508e32 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\74e543508e32@fc58faa10058 0xD2 0x9E 0x1D 0x67 ...
---- EOF - GMER 2.1 ----
Ok, soweit erstmal! Schon jetzt ein großes Danke für eure Arbeit, mir wurde hier schon mehrfach geholfen, ihr macht einen tollen Job! |
| Themen zu Bank sperrt Online-Banking wegen Verdacht auf Trojaner Befall |
| 4d36e972-e325-11ce-bfc1-08002be10318, browser, canon, combofix, defender, dllhost.exe, ebanking, flash player, gesperrt, homepage, iexplore.exe, netzwerk, problem, pup.optional.installcore, pup.optional.softonic.a, registry, security, services.exe, software, svchost.exe, trojaner, win32/downloadsponsor.a, win32/wajam.f, windows |
Baum-Darstellung