|
Plagegeister aller Art und deren Bekämpfung: Pop-ups am laufenden BandWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.08.2014, 15:10 | #1 |
| Pop-ups am laufenden Band Hallo zusammen, vorweg, ich bin alles andere als ein Experte in Sachen PC und Software. Ich bitte darum mir nachzusehen, wenn ich etwas nicht sonderlich gut beschreiben bzw. die Fachtermini benutzen kann. Ich habe folgendes Problem: Seit kurzer Zeit öffnen sich in Chrome immer wieder ungewollt Pop-ups und neue Tabs mit Werbung. Meist sowas hier "hxxp://ads.adsrvmedia.com/player.html?..." Ich hab mit einer Chrome-Erweiterung versucht das Schlimmste einzudämmen, mir ist allerdings klar, dass das nur Symptom- und keine Ursachenbekämpfung sein kann. Ein Freund riet mir Ant-Malware von Malwarebytes drüberlaufen zu lassen. Hab ich gemacht und einige Dateien in Quarantäne geschickt. Dennoch ist das Problem nicht behoben. Ein Protokoll kann ich bei bedarf gerne anhängen. Vielleicht kann mir jemand schnell und möglichst für Laien erklären, was zu tun ist. Danke vielmals! |
19.08.2014, 15:13 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Pop-ups am laufenden Band Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
19.08.2014, 15:33 | #3 |
| Pop-ups am laufenden Band Danke für die schnelle Antwort!
__________________Hier schon mal der Log von Anti-Malware: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 19.08.2014 Suchlauf-Zeit: 10:50:08 Logdatei: X1X.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.19.06 Rootkit Datenbank: v2014.08.16.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 337070 Verstrichene Zeit: 15 Min, 15 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 11 PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [630f794faecd1f17b8e8f1f918eac13f], PUP.Optional.Linkury.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pennybee, In Quarantäne, [db979f293a4148eef2d8b1307d85936d], PUP.Optional.Linkury.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wpennybeed, In Quarantäne, [5919418727548ea8a02b568be9196799], PUP.Optional.Linkury.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\pennybee, In Quarantäne, [ea8801c7621956e09d2fa0416e94d22e], PUP.Optional.Linkury.A, HKU\S-1-5-21-1327516751-110657712-331319228-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\pennybee, In Quarantäne, [e68cf7d1572480b628a4fee371918a76], PUP.Optional.Conduit.A, HKU\S-1-5-21-1327516751-110657712-331319228-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, In Quarantäne, [95dda325295244f2b1044fdcc242b34d], PUP.Optional.ValueApps.A, HKU\S-1-5-21-1327516751-110657712-331319228-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, In Quarantäne, [3b375a6e3e3d75c13c40b25e21e20000], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1327516751-110657712-331319228-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [5f13587087f488ae0cfc19f70df69d63], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1327516751-110657712-331319228-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [0e64e4e4abd091a588b41b0b719338c8], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-1327516751-110657712-331319228-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [0b672f99bcbf88ae5946be2c738f31cf], PUP.Optional.Linkury.A, HKU\S-1-5-21-1327516751-110657712-331319228-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\pennybee, In Quarantäne, [9cd6e5e3d8a349ed28ebf7e551b1b54b], Registrierungswerte: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-1327516751-110657712-331319228-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X2O1C0R2R1R, In Quarantäne, [0e64e4e4abd091a588b41b0b719338c8] Registrierungsdaten: 0 (No malicious items detected) Ordner: 14 PUP.Optional.ValueApps.A, C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\6izprlfg.default\valueApps, In Quarantäne, [650d6068a7d43303565b437c57ab52ae], PUP.Optional.ValueApps.A, C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\6izprlfg.default\valueApps\CT2269050, In Quarantäne, [650d6068a7d43303565b437c57ab52ae], PUP.Optional.SystemSpeedup, C:\Users\AppData\Roaming\Systweak\ssd, In Quarantäne, [dd95438519622b0b6a40f7dbd42e01ff], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector, In Quarantäne, [6111a91f87f4c96dba9711c7689a0ff1], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\2.1.1000.13665, In Quarantäne, [6111a91f87f4c96dba9711c7689a0ff1], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures, In Quarantäne, [6111a91f87f4c96dba9711c7689a0ff1], PUP.Optional.AdvancedSystemProtector.A, C:\Users\AppData\Roaming\Systweak\Advanced-System-Protector, In Quarantäne, [90e21cac730856e0e968c810d2302dd3], PUP.Optional.AdvancedSystemProtector.A, C:\Users\AppData\Roaming\Systweak\Advanced-System-Protector\2.1.1000.13665, In Quarantäne, [90e21cac730856e0e968c810d2302dd3], PUP.Optional.Linkury.A, C:\ProgramData\pennybee, Löschen bei Neustart, [9cd6e5e3d8a349ed28ebf7e551b1b54b], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\cache, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\logs, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\TrayIcons, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], Dateien: 45 PUP.Optional.OutBrowse, C:\$Recycle.Bin\S-1-5-21-1327516751-110657712-331319228-1000\$RVMW6ZC.exe, In Quarantäne, [cea47454710ab87ec508e78460a226da], PUP.Optional.DVDVSoft, C:\Users\Downloads\FreeYouTubeToMP3Converter.exe, In Quarantäne, [155dffc9bdbeb97d38d8a401956cbe42], PUP.Optional.Linkury.A, C:\Windows\Tasks\pennybee Runner.job, In Quarantäne, [5b17ba0e23581b1bde048958d13132ce], PUP.Optional.Linkury.A, C:\Windows\System32\Tasks\pennybee Runner, In Quarantäne, [244e0dbbaad101351fc4449de51de11f], PUP.Optional.RegCleanerPro, C:\Windows\System32\Tasks\ASP, In Quarantäne, [4b27d3f52655c472984d0bd7857d926e], PUP.Optional.Conduit.A, C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\6izprlfg.default\searchplugins\conduit.xml, In Quarantäne, [bcb63f8905760234b6941aeb778c7789], PUP.Optional.Linkury.A, C:\ProgramData\pennybee\pennybee.exe, Löschen bei Neustart, [db979f293a4148eef2d8b1307d85936d], PUP.Optional.Linkury.A, C:\ProgramData\pennybee\wpennybeed.exe, Löschen bei Neustart, [5919418727548ea8a02b568be9196799], PUP.Optional.SystemSpeedup, C:\Users\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, In Quarantäne, [dd95438519622b0b6a40f7dbd42e01ff], PUP.Optional.AdvancedSystemProtector.A, C:\Users\AppData\Roaming\Systweak\Advanced-System-Protector\Settings.db, In Quarantäne, [90e21cac730856e0e968c810d2302dd3], PUP.Optional.AdvancedSystemProtector.A, C:\Users\AppData\Roaming\Systweak\Advanced-System-Protector\2.1.1000.13665\ASPLog.txt, In Quarantäne, [90e21cac730856e0e968c810d2302dd3], PUP.Optional.Linkury.A, C:\ProgramData\pennybee\logo.ico, In Quarantäne, [9cd6e5e3d8a349ed28ebf7e551b1b54b], PUP.Optional.Linkury.A, C:\ProgramData\pennybee\pennybeeutil.dll, Löschen bei Neustart, [9cd6e5e3d8a349ed28ebf7e551b1b54b], PUP.Optional.Linkury.A, C:\ProgramData\pennybee\Uninstaller.exe, In Quarantäne, [9cd6e5e3d8a349ed28ebf7e551b1b54b], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\dgapi.js, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\dgmain_app_bg.js, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\dgmain_app_cs.js, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\jquery4toolbar.js, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\cache\7c0022298b948a99e406a6310bffea7f_gb, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\cache\2d455ce3c6c24563563a9d5d01ef3156, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\cache\2d455ce3c6c24563563a9d5d01ef3156_expire, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\cache\2d455ce3c6c24563563a9d5d01ef3156_gb, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\cache\3ab6cfcad30baf81fac23ae3890bffc8, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\cache\3ab6cfcad30baf81fac23ae3890bffc8_expire, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\cache\3ab6cfcad30baf81fac23ae3890bffc8_gb, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\cache\5353fe618a525cf84c7c3e117446f2d5, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\cache\5353fe618a525cf84c7c3e117446f2d5_expire, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\cache\5353fe618a525cf84c7c3e117446f2d5_gb, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\cache\73f82623658278cf03c2acf12426f916, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\cache\73f82623658278cf03c2acf12426f916_expire, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\cache\73f82623658278cf03c2acf12426f916_gb, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\cache\7c0022298b948a99e406a6310bffea7f, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\cache\7c0022298b948a99e406a6310bffea7f_expire, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\cstauf\AppData\LocalLow\pennybee\content\cache\8f43b50088266b9870b42ce6ef7ffbde, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\cache\8f43b50088266b9870b42ce6ef7ffbde_expire, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\cstauf\AppData\LocalLow\pennybee\content\cache\8f43b50088266b9870b42ce6ef7ffbde_gb, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\cache\e8882aa44ad634f346a0b72f049c2e4c, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\cache\e8882aa44ad634f346a0b72f049c2e4c_expire, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\cache\e8882aa44ad634f346a0b72f049c2e4c_gb, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Linkury.A, C:\Users\AppData\LocalLow\pennybee\content\TrayIcons\logo.ico, In Quarantäne, [73ffefd9a2d9c37327efa339d32fe818], PUP.Optional.Conduit.A, C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\6izprlfg.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN06480805574695281&UM=&q=");), Ersetzt,[046ebd0bed8e2b0bb7418681a263d729] PUP.Optional.Conduit.A, C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\6izprlfg.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}");), Ersetzt,[254dc0083645979f56b560a8fd085ca4] PUP.Optional.Conduit.A, C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\6izprlfg.default\prefs.js, Gut: (), Schlecht: (user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=");), Ersetzt,[7ff318b0a3d861d5e428a266689d8d73] PUP.Optional.Conduit.A, C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\6izprlfg.default\prefs.js, Gut: (), Schlecht: (user_pref("CT2269050.CT2269050.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2269050&octid=CT2269050&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_ID\"}");), Ersetzt,[bcb6e3e5bac1a3931cff8781e91cb44c] PUP.Optional.Conduit.A, C:\Users\cstauf\AppData\Roaming\Mozilla\Firefox\Profiles\6izprlfg.default\prefs.js, Gut: (), Schlecht: (user_pref("CT2269050.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT2269050&octid=CT2269050&ISID=ISID_ID&SearchSource=15&CUI=UN06480805574695281&SSPV=&Lay=1&UM=\"}");), Ersetzt,[373b7355dba0063074a7ad5bb64f44bc] Physische Sektoren: 0 (No malicious items detected) (end) FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01 Ran by cstauf (administrator) on ZWR-NB01 on 19-08-2014 16:27:22 Running from C:\Users\cstauf\Downloads Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () C:\ProgramData\MobileBrServ\mbbService.exe (uib GmbH) C:\Program Files (x86)\opsi.org\opsi-client-agent\opsiclientd.exe () C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe () C:\Program Files (x86)\XSManager\WTGService.exe (4G Systems GmbH & Co. KG) C:\Windows\service4g.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe () C:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe (alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe (4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe (WebToGo Mobiles Internet GmbH) C:\Program Files (x86)\XSManager\XSManager.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1164584 2010-09-16] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [NPSStartup] => [X] HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.) HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2013-04-27] (alch) HKLM-x32\...\Run: [starter4g] => C:\Windows\starter4g.exe [160424 2010-04-30] (4G Systems GmbH & Co. KG) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-07-21] (Cisco Systems, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1 HKU\.DEFAULT\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20917408 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-1327516751-110657712-331319228-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.) HKU\S-1-5-21-1327516751-110657712-331319228-1000\...\MountPoints2: F - F:\autorun.exe HKU\S-1-5-21-1327516751-110657712-331319228-1000\...\MountPoints2: {6718734d-ffc6-11e3-b347-028037ec0200} - F:\autorun.exe HKU\S-1-5-21-1327516751-110657712-331319228-1000\...\MountPoints2: {78fa3c3c-b296-11e2-82cb-028037ec0200} - E:\AutoRun.exe Startup: C:\Users\cstauf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk ShortcutTarget: OpenVPN GUI.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB838AE4B58B1CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{D34D47B6-1F3B-4DBC-AA23-01EC749EEE3A}: [NameServer]10.74.210.210 10.74.210.211 FireFox: ======== FF ProfilePath: C:\Users\cstauf\AppData\Roaming\Mozilla\Firefox\Profiles\6izprlfg.default FF Homepage: hxxp://www.google.de/ FF NetworkProxy: "backup.ftp", "" FF NetworkProxy: "backup.ftp_port", 0 FF NetworkProxy: "backup.socks", "" FF NetworkProxy: "backup.socks_port", 0 FF NetworkProxy: "backup.ssl", "" FF NetworkProxy: "backup.ssl_port", 0 FF NetworkProxy: "ftp", "62.113.208.89" FF NetworkProxy: "ftp_port", 8089 FF NetworkProxy: "http", "62.113.208.89" FF NetworkProxy: "http_port", 8089 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "62.113.208.89" FF NetworkProxy: "socks_port", 8089 FF NetworkProxy: "ssl", "62.113.208.89" FF NetworkProxy: "ssl_port", 8089 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\cstauf\AppData\Roaming\Mozilla\Firefox\Profiles\6izprlfg.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\cstauf\AppData\Roaming\Mozilla\Firefox\Profiles\6izprlfg.default\searchplugins\ask.xml FF Extension: Xmarks - C:\Users\cstauf\AppData\Roaming\Mozilla\Firefox\Profiles\6izprlfg.default\Extensions\foxmarks@kei.com [2013-05-31] FF Extension: Microsoft .NET Framework Assistant - C:\Users\cstauf\AppData\Roaming\Mozilla\Firefox\Profiles\6izprlfg.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-09-08] FF Extension: DVDVideoSoftTB - C:\Users\cstauf\AppData\Roaming\Mozilla\Firefox\Profiles\6izprlfg.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2014-01-28] FF Extension: iFox Smooth - C:\Users\cstauf\AppData\Roaming\Mozilla\Firefox\Profiles\6izprlfg.default\Extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688} [2010-09-08] FF Extension: DVDVideoSoft Toolbar - C:\Users\cstauf\AppData\Roaming\Mozilla\Firefox\Profiles\6izprlfg.default\Extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010-09-08] FF Extension: Ask Toolbar for Firefox - C:\Users\cstauf\AppData\Roaming\Mozilla\Firefox\Profiles\6izprlfg.default\Extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010-09-08] FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\cstauf\AppData\Roaming\Mozilla\Firefox\Profiles\6izprlfg.default\Extensions\admin@proxy-listen.de.xpi [2014-06-24] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\cstauf\AppData\Roaming\Mozilla\Firefox\Profiles\6izprlfg.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20] FF Extension: Adblock Plus - C:\Users\cstauf\AppData\Roaming\Mozilla\Firefox\Profiles\6izprlfg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-07] FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012-08-13] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-02-04] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-07-26] Chrome: ======= CHR HomePage: https://www.deutsche-bank.de/pfb/content/privatkunden/lp-festzinssparen-sonderzinsaktion.html?kid=e.7020.99.83 CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File CHR Extension: (Google Docs) - C:\Users\cstauf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-14] CHR Extension: (Google Drive) - C:\Users\cstauf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-14] CHR Extension: (YouTube) - C:\Users\cstauf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-14] CHR Extension: (Adblock Plus) - C:\Users\cstauf\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-30] CHR Extension: (Google-Suche) - C:\Users\cstauf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-14] CHR Extension: (Google Wallet) - C:\Users\cstauf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14] CHR Extension: (SiteBlock) - C:\Users\cstauf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2014-08-15] CHR Extension: (Google Mail) - C:\Users\cstauf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] () R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation) R2 opsiclientd; C:\Program Files (x86)\opsi.org\opsi-client-agent\opsiclientd.exe [176640 2012-05-16] (uib GmbH) [File not signed] R2 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [453120 2010-01-28] () [File not signed] R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [327392 2012-04-25] () R2 XS Stick Service; C:\Windows\service4g.exe [145064 2010-04-30] (4G Systems GmbH & Co. KG) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2014-06-29] (Mobile Connector) R3 d554gps; C:\Windows\System32\DRIVERS\d554gps64.sys [96296 2009-12-09] (Ericsson AB) R3 d554scard; C:\Windows\System32\DRIVERS\d554scard.sys [60968 2009-10-13] (Ericsson AB) R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2009-11-19] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2009-11-19] (Ericsson AB) R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [346624 2009-12-03] (MCCI Corporation) R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [370688 2009-12-03] (MCCI Corporation) R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19456 2009-12-03] (MCCI Corporation) R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [427008 2009-12-03] (MCCI Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation) S1 truecrypt; C:\Windows\SysWOW64\drivers\truecrypt.sys [223440 2010-01-27] (TrueCrypt Foundation) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.) R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268328 2010-01-20] (Ericsson AB) S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-19 16:27 - 2014-08-19 16:29 - 00019923 _____ () C:\Users\cstauf\Downloads\FRST.txt 2014-08-19 16:27 - 2014-08-19 16:27 - 00000000 ____D () C:\FRST 2014-08-19 16:26 - 2014-08-19 16:26 - 02101760 _____ (Farbar) C:\Users\cstauf\Downloads\FRST64.exe 2014-08-19 16:15 - 2014-08-19 16:15 - 00015284 _____ () C:\Windows\PFRO.log 2014-08-19 16:13 - 2014-08-19 16:14 - 00000176 _____ () C:\Windows\Tasks\Tempo Runner.job 2014-08-19 16:13 - 2014-08-19 16:13 - 00002246 _____ () C:\Windows\System32\Tasks\Tempo Runner 2014-08-19 16:06 - 2014-08-19 16:06 - 00013114 _____ () C:\Users\cstauf\Downloads\X1X.txt 2014-08-19 15:52 - 2014-08-19 15:52 - 00448512 _____ (OldTimer Tools) C:\Users\cstauf\Downloads\TFC.exe 2014-08-19 15:47 - 2014-08-19 15:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-19 15:47 - 2014-08-19 15:47 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-19 15:47 - 2014-08-19 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-19 15:47 - 2014-08-19 15:47 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-19 15:47 - 2014-08-19 15:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-19 15:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-19 15:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-19 15:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-19 15:44 - 2014-08-19 15:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\cstauf\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-14 11:53 - 2014-08-05 12:58 - 00096256 _____ () C:\Users\cstauf\Desktop\Übersicht_DA-SA-PS.xls 2014-08-14 11:12 - 2014-08-15 12:38 - 00000000 ____D () C:\Users\cstauf\Desktop\Anlagen 2014-08-13 12:03 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-13 12:03 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-13 12:03 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-13 12:03 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-13 12:03 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-13 12:03 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-13 12:02 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-13 12:02 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-13 09:24 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-13 09:24 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-13 09:24 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-13 09:24 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-13 09:24 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-08-13 09:24 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-13 09:24 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-13 09:24 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-13 09:24 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-13 09:24 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-13 09:24 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-13 09:24 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-13 09:24 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-04 04:56 - 2014-08-04 04:56 - 00000000 _____ () C:\Users\cstauf\AppData\Local\{FAD1E054-E847-4F33-910F-821CB3F0D141} 2014-08-01 09:41 - 2014-08-01 09:41 - 00001072 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-08-01 09:34 - 2014-08-01 09:34 - 00826192 _____ (Chip Digital GmbH) C:\Users\cstauf\Downloads\VLC media player 32 Bit - CHIP-Installer (1).exe 2014-08-01 09:32 - 2014-08-01 09:33 - 00826192 _____ (Chip Digital GmbH) C:\Users\cstauf\Downloads\VLC media player 32 Bit - CHIP-Installer.exe 2014-08-01 02:10 - 2014-08-01 02:10 - 509092801 _____ () C:\Windows\MEMORY.DMP 2014-08-01 02:10 - 2014-08-01 02:10 - 00478160 _____ () C:\Windows\Minidump\080114-26223-01.dmp 2014-07-29 11:18 - 2014-04-18 16:28 - 00228181 _____ () C:\Users\cstauf\Desktop\Literatur_CS_2010-07-21.xlsx 2014-07-28 09:58 - 2014-08-19 16:15 - 00001008 _____ () C:\Windows\setupact.log 2014-07-28 09:58 - 2014-07-28 09:58 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-27 12:01 - 2014-08-19 12:00 - 00040347 _____ () C:\Windows\IE11_main.log 2014-07-26 13:22 - 2014-07-26 13:22 - 00201570 _____ () C:\Users\cstauf\Documents\cc_20140726_132225.reg 2014-07-26 13:20 - 2014-07-26 13:20 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-07-26 13:20 - 2014-07-26 13:20 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-07-26 13:20 - 2014-07-26 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-07-26 13:20 - 2014-07-26 13:20 - 00000000 ____D () C:\Program Files\CCleaner 2014-07-26 13:18 - 2014-07-26 13:19 - 03736040 _____ (Piriform Ltd) C:\Users\cstauf\Downloads\ccsetup415_slim.exe 2014-07-26 13:18 - 2014-07-26 13:19 - 03736040 _____ (Piriform Ltd) C:\Users\cstauf\Downloads\ccsetup415_slim (1).exe 2014-07-26 13:16 - 2014-07-26 13:16 - 00000000 ____D () C:\Users\cstauf\AppData\Roaming\unpacked24715 2014-07-26 13:16 - 2014-07-26 13:16 - 00000000 ____D () C:\Users\cstauf\AppData\Local\tmp24711 2014-07-26 13:11 - 2014-08-19 16:06 - 00000000 ____D () C:\ProgramData\Systweak 2014-07-26 13:11 - 2014-07-26 13:11 - 00001538 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2014-07-26 13:10 - 2014-08-19 16:06 - 00000000 ____D () C:\Users\cstauf\AppData\Roaming\Systweak 2014-07-26 13:10 - 2014-07-16 16:43 - 00020280 _____ () C:\Windows\system32\roboot64.exe 2014-07-24 11:17 - 2014-07-30 10:46 - 00000000 ____D () C:\Users\cstauf\Desktop\AA Bewerbungen 2014-07-23 12:11 - 2014-07-23 12:12 - 00918952 _____ (Oracle Corporation) C:\Users\cstauf\Downloads\chromeinstall-7u65.exe 2014-07-21 23:50 - 2014-07-21 23:50 - 00034216 _____ (Cisco Systems, Inc.) C:\Windows\SysWOW64\vpnevents.dll 2014-07-21 23:50 - 2014-07-21 23:50 - 00011176 _____ (Cisco Systems, Inc.) C:\Windows\SysWOW64\vpncategories.dll 2014-07-21 13:02 - 2014-07-21 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-19 16:29 - 2014-08-19 16:27 - 00019923 _____ () C:\Users\cstauf\Downloads\FRST.txt 2014-08-19 16:29 - 2010-07-19 14:52 - 01361704 _____ () C:\Windows\WindowsUpdate.log 2014-08-19 16:27 - 2014-08-19 16:27 - 00000000 ____D () C:\FRST 2014-08-19 16:26 - 2014-08-19 16:26 - 02101760 _____ (Farbar) C:\Users\cstauf\Downloads\FRST64.exe 2014-08-19 16:26 - 2012-06-13 14:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-19 16:23 - 2009-07-14 06:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-19 16:23 - 2009-07-14 06:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-19 16:16 - 2013-09-12 18:54 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-19 16:15 - 2014-08-19 16:15 - 00015284 _____ () C:\Windows\PFRO.log 2014-08-19 16:15 - 2014-07-28 09:58 - 00001008 _____ () C:\Windows\setupact.log 2014-08-19 16:15 - 2010-07-19 14:53 - 00000000 ____D () C:\tmp 2014-08-19 16:15 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\addins 2014-08-19 16:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-19 16:15 - 2009-07-14 06:45 - 00417024 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-19 16:14 - 2014-08-19 16:13 - 00000176 _____ () C:\Windows\Tasks\Tempo Runner.job 2014-08-19 16:13 - 2014-08-19 16:13 - 00002246 _____ () C:\Windows\System32\Tasks\Tempo Runner 2014-08-19 16:12 - 2014-07-07 20:39 - 00051463 _____ () C:\Users\cstauf\Documents\Arbeitsplan.xlsx 2014-08-19 16:06 - 2014-08-19 16:06 - 00013114 _____ () C:\Users\cstauf\Downloads\X1X.txt 2014-08-19 16:06 - 2014-07-26 13:11 - 00000000 ____D () C:\ProgramData\Systweak 2014-08-19 16:06 - 2014-07-26 13:10 - 00000000 ____D () C:\Users\cstauf\AppData\Roaming\Systweak 2014-08-19 15:52 - 2014-08-19 15:52 - 00448512 _____ (OldTimer Tools) C:\Users\cstauf\Downloads\TFC.exe 2014-08-19 15:48 - 2014-08-19 15:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-19 15:47 - 2014-08-19 15:47 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-19 15:47 - 2014-08-19 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-19 15:47 - 2014-08-19 15:47 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-19 15:47 - 2014-08-19 15:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-19 15:46 - 2014-08-19 15:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\cstauf\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-19 15:35 - 2013-09-12 18:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-19 13:46 - 2014-04-19 12:06 - 00000000 ____D () C:\Users\cstauf\Desktop\DISS_18.04.2014 2014-08-19 12:40 - 2010-08-15 20:44 - 00000000 ____D () C:\Users\cstauf\AppData\Roaming\vlc 2014-08-19 12:00 - 2014-07-27 12:01 - 00040347 _____ () C:\Windows\IE11_main.log 2014-08-19 09:18 - 2014-06-12 12:31 - 00181714 _____ () C:\Users\cstauf\Desktop\Trainingsplan_Juni 2013.xlsx 2014-08-18 09:45 - 2010-07-19 15:57 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl 2014-08-18 09:39 - 2014-05-14 10:55 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-08-18 09:24 - 2009-07-14 12:57 - 02906280 _____ () C:\Windows\system32\perfh007.dat 2014-08-18 09:24 - 2009-07-14 12:57 - 00857642 _____ () C:\Windows\system32\perfc007.dat 2014-08-18 09:24 - 2009-07-14 07:13 - 00006256 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-15 14:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-08-15 12:38 - 2014-08-14 11:12 - 00000000 ____D () C:\Users\cstauf\Desktop\Anlagen 2014-08-13 21:46 - 2010-09-22 17:29 - 00000000 ____D () C:\Users\cstauf\AppData\Roaming\dvdcss 2014-08-13 15:30 - 2014-06-29 22:29 - 00000000 ____D () C:\Users\cstauf\Desktop\Jobs IPR-Manager 2014-08-06 10:31 - 2014-06-29 22:13 - 00016266 _____ () C:\Users\cstauf\Desktop\Bewerbungen 2014.xlsx 2014-08-05 12:58 - 2014-08-14 11:53 - 00096256 _____ () C:\Users\cstauf\Desktop\Übersicht_DA-SA-PS.xls 2014-08-04 04:56 - 2014-08-04 04:56 - 00000000 _____ () C:\Users\cstauf\AppData\Local\{FAD1E054-E847-4F33-910F-821CB3F0D141} 2014-08-01 09:41 - 2014-08-01 09:41 - 00001072 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-08-01 09:41 - 2010-07-19 15:20 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-08-01 09:34 - 2014-08-01 09:34 - 00826192 _____ (Chip Digital GmbH) C:\Users\cstauf\Downloads\VLC media player 32 Bit - CHIP-Installer (1).exe 2014-08-01 09:33 - 2014-08-01 09:32 - 00826192 _____ (Chip Digital GmbH) C:\Users\cstauf\Downloads\VLC media player 32 Bit - CHIP-Installer.exe 2014-08-01 02:10 - 2014-08-01 02:10 - 509092801 _____ () C:\Windows\MEMORY.DMP 2014-08-01 02:10 - 2014-08-01 02:10 - 00478160 _____ () C:\Windows\Minidump\080114-26223-01.dmp 2014-08-01 02:10 - 2011-02-13 20:49 - 00000000 ____D () C:\Windows\Minidump 2014-07-30 19:07 - 2010-07-19 16:21 - 00000000 ____D () C:\Users\cstauf\AppData\Local\Microsoft Help 2014-07-30 10:46 - 2014-07-24 11:17 - 00000000 ____D () C:\Users\cstauf\Desktop\AA Bewerbungen 2014-07-29 11:17 - 2012-08-13 14:29 - 00000000 ____D () C:\Program Files (x86)\Cisco 2014-07-29 11:17 - 2012-08-13 14:28 - 00000000 ____D () C:\ProgramData\Cisco 2014-07-28 09:58 - 2014-07-28 09:58 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-26 13:31 - 2010-07-19 15:48 - 00000000 ____D () C:\Windows\Panther 2014-07-26 13:22 - 2014-07-26 13:22 - 00201570 _____ () C:\Users\cstauf\Documents\cc_20140726_132225.reg 2014-07-26 13:20 - 2014-07-26 13:20 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-07-26 13:20 - 2014-07-26 13:20 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-07-26 13:20 - 2014-07-26 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-07-26 13:20 - 2014-07-26 13:20 - 00000000 ____D () C:\Program Files\CCleaner 2014-07-26 13:19 - 2014-07-26 13:18 - 03736040 _____ (Piriform Ltd) C:\Users\cstauf\Downloads\ccsetup415_slim.exe 2014-07-26 13:19 - 2014-07-26 13:18 - 03736040 _____ (Piriform Ltd) C:\Users\cstauf\Downloads\ccsetup415_slim (1).exe 2014-07-26 13:16 - 2014-07-26 13:16 - 00000000 ____D () C:\Users\cstauf\AppData\Roaming\unpacked24715 2014-07-26 13:16 - 2014-07-26 13:16 - 00000000 ____D () C:\Users\cstauf\AppData\Local\tmp24711 2014-07-26 13:12 - 2012-09-04 20:13 - 00000000 ____D () C:\Users\cstauf\AppData\Roaming\DVDVideoSoft 2014-07-26 13:11 - 2014-07-26 13:11 - 00001538 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2014-07-26 13:11 - 2012-09-04 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2014-07-26 13:11 - 2012-09-04 20:14 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-07-26 12:46 - 2012-07-15 20:08 - 00000000 ____D () C:\Users\cstauf\AppData\Roaming\Skype 2014-07-23 12:12 - 2014-07-23 12:11 - 00918952 _____ (Oracle Corporation) C:\Users\cstauf\Downloads\chromeinstall-7u65.exe 2014-07-22 11:18 - 2012-05-27 22:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-21 23:50 - 2014-07-21 23:50 - 00034216 _____ (Cisco Systems, Inc.) C:\Windows\SysWOW64\vpnevents.dll 2014-07-21 23:50 - 2014-07-21 23:50 - 00011176 _____ (Cisco Systems, Inc.) C:\Windows\SysWOW64\vpncategories.dll 2014-07-21 23:31 - 2014-06-11 05:15 - 00112496 ____R (Cisco Systems, Inc.) C:\Windows\system32\Drivers\acsock64.sys 2014-07-21 13:02 - 2014-07-21 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-19 14:19 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01 Ran by cstauf at 2014-08-19 16:30:11 Running from C:\Users\cstauf\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) AAVUpdateManager (HKLM-x32\...\{B82157D3-6D31-4650-93B4-FC39BB08D6CE}) (Version: 15.00.0000 - Akademische Arbeitsgemeinschaft) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.7 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden Adobe Flash Player 14 ActiveX (HKLM-x32\...\{1F5E5F2E-5E61-431D-B796-58CCC6B68E28}) (Version: 14.0.0.125 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\{C4B32291-F7B2-4BEC-BA4D-4195676A08CC}) (Version: 14.0.0.125 - Adobe Systems Incorporated) Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated) CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform) Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{5D342F51-B2DC-4886-95F4-471E5C896020}) (Version: 3.1.05178 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05178 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05178 - Cisco Systems, Inc.) Hidden Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.2.0.0 - Swiss Academic Software) ClamWin Free Antivirus 0.97.8 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version: - alch) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A3AD381D-848C-4478-80DC-228E37309308}) (Version: - Microsoft) Dell Mobile Broadband Manager (HKLM-x32\...\{23EEC842-57ED-4055-A056-9D4185DFB1AA}) (Version: 6.1.13.2 - Dell) Dell Wireless HSPA Mini-Card Drivers (HKLM-x32\...\{9D583F01-A973-4B04-90BD-FB7886779090}) (Version: 6.1.19.3 - Dell) DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.1.2.2 - DivX, Inc. ) Free YouTube to MP3 Converter version 3.12.42.716 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.42.716 - DVDVideoSoft Ltd.) GIMP 2.6.7 (HKLM-x32\...\WinGimp-2.0_is1) (Version: - ) GnuWin32: OpenSSL-0.9.8h-1 (HKLM-x32\...\OpenSSL-0.9.8h-1_is1) (Version: 0.9.8h-1 - GnuWin32) Google Chrome (HKLM-x32\...\{5F6C7C79-9E78-3694-8827-E4F4936BA25F}) (Version: 65.205.49268 - Google, Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Integrated Webcam Driver (1.03.02.0919) (HKLM\...\Creative OA001) (Version: - ) Java 7 Update 15 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417015FF}) (Version: 7.0.150 - Oracle) Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle) Java(TM) 6 Update 30 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416030FF}) (Version: 6.0.300 - Oracle) Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Antimalware Service DE-DE Language Pack (Version: 2.1.6805.0 - Microsoft Corporation) Hidden Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8107.0 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.3.0219.0 - Microsoft Corporation) Hidden Microsoft Security Client DE-DE Language Pack (Version: 2.0.0657.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.219.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.14.00.03 - Huawei Technologies Co.,Ltd) Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 7 Micro (HKLM-x32\...\Nero7Lite_is1) (Version: 7.11.10.0 - UpdatePack.nl) Nero BurnRights (HKLM-x32\...\Nero BurnRights!UninstallKey) (Version: - ) OpenVPN 2.1.1-gui-1.0.3 (HKLM-x32\...\OpenVPN) (Version: 2.1.1-gui-1.0.3 - ) opsi-client-agent (HKLM-x32\...\opsi-client-agent) (Version: 4.0.2.1-2 - ) PuTTY version 0.62 (HKLM-x32\...\PuTTY_is1) (Version: 0.62 - Simon Tatham) RICOH Media Driver ver.2.07.01.01 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.01 - RICOH) Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.2.25 - SSW Software GmbH) Saal Design Software (x32 Version: 3.2.25 - SSW Software GmbH) Hidden Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.) SecureW2 EAP Suite 1.1.2 for Windows (HKLM-x32\...\SecureW2 EAP Suite) (Version: - ) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Skype™ 6.14 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.14.104 - Skype Technologies S.A.) Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.01 - Akademische Arbeitsgemeinschaft Verlag) Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler) TrueCrypt 6.3a (HKLM-x32\...\{63AB8337-3D58-4747-A6E6-A8857D68BC81}) (Version: 6.3.1.0 - TrueCrypt Foundation) tulox Freeware-Wörterbuch (Spanisch) (HKLM-x32\...\tulox Freeware-Wörterbuch (Spanisch)) (Version: - ) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553092) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{97C39B81-3054-4AB4-B11D-A656DE619982}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft) VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN) WDS-Skat Shareware (HKLM-x32\...\WDS-Skat Shareware) (Version: 2.2 - ) XSManager (HKLM-x32\...\XSManager) (Version: 3.2 - XSManager) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {478C3596-452C-439F-A551-22941335A928} - \ASP No Task File <==== ATTENTION Task: {4BEFD5AA-0DDE-47DA-9001-A7BBD8B5FEC1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-12] (Google Inc.) Task: {4CF8AD22-DE65-4E51-9255-006476CBB84F} - System32\Tasks\Tempo Runner => C:\PROGRA~3\pennybee\pennybee.exe Task: {5124A465-1D65-4CBD-B4E2-E0577A8E6B53} - System32\Tasks\OpenVPN-GUI => C:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe [2009-07-07] () Task: {7533EF4A-59BC-4311-8CBE-1EC9C11248A1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd) Task: {E20AEC88-F367-4B41-B353-88CB42351D57} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-12] (Google Inc.) Task: {E908C0C2-C85C-4810-97ED-85A6807BF3D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-13] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Tempo Runner.job => C:\PROGRA~3\pennybee\pennybee.exe ==================== Loaded Modules (whitelisted) ============= 2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe 2013-05-01 21:41 - 2012-03-12 11:05 - 00232288 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe 2010-07-19 15:46 - 2010-01-28 14:53 - 00453120 ____R () C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe 2014-06-29 21:59 - 2012-04-25 19:00 - 00327392 ____N () C:\Program Files (x86)\XSManager\WTGService.exe 2013-09-12 19:36 - 2008-04-19 16:35 - 00080384 _____ () C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll 2010-09-16 22:04 - 2010-09-16 22:04 - 01164584 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2009-07-07 15:21 - 2009-07-07 15:21 - 00110080 _____ () C:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe 2014-07-21 23:50 - 2014-07-21 23:50 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2013-02-26 22:48 - 2012-05-16 01:17 - 00028160 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\servicemanager.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00110592 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\pywintypes26.dll 2013-02-26 22:48 - 2012-05-16 01:17 - 00041472 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\win32service.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00096256 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\win32api.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00111104 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\win32file.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00040448 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\_socket.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00665600 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\_ssl.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00073728 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\_ctypes.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00017920 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\win32event.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00023040 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\win32ts.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00036352 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\win32process.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00110592 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\win32security.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00167936 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\win32gui.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00065024 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\win32net.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00024576 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\win32wnet.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00022528 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\win32pdh.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00024064 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\win32pipe.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00017920 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\win32profile.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00354304 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\pythoncom26.dll 2013-02-26 22:48 - 2012-05-16 01:17 - 00016384 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\win32trace.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00011776 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\select.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00010752 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\OpenSSL.rand.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00045056 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\OpenSSL.crypto.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00039936 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\OpenSSL.SSL.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00286208 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\_hashlib.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00022016 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\Crypto.Cipher.Blowfish.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00044544 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\_librsync.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00056320 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\Crypto.Cipher.DES3.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00010752 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\Crypto.Random.OSRNG.winrandom.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00011264 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\Crypto.Hash.SHA256.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00011264 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\Crypto.Util._counter.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00031744 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\Crypto.Cipher.AES.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00006656 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\twisted.protocols._c_urlarg.pyd 2010-10-02 20:57 - 2012-05-16 01:17 - 00071680 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\bz2.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00720384 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\apsw.pyd 2013-02-26 22:48 - 2012-05-16 01:17 - 00585728 _____ () C:\Program Files (x86)\opsi.org\opsi-client-agent\lib\unicodedata.pyd 2010-07-19 15:46 - 2010-01-26 15:01 - 00065576 ____R () C:\Program Files (x86)\Dell\Dell WWAN\WMCore\MBMDebug.dll 2010-09-16 22:04 - 2010-09-16 22:04 - 00095528 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll 2013-09-12 19:36 - 2005-02-08 16:23 - 00979005 _____ () C:\Program Files (x86)\ClamWin\bin\python23.dll 2013-09-12 19:36 - 2004-11-20 02:27 - 00069632 _____ () C:\Program Files (x86)\ClamWin\lib\win32api.pyd 2013-09-12 19:36 - 2004-10-11 19:21 - 00094208 _____ () C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll 2013-09-12 19:36 - 2004-05-25 20:18 - 00057401 _____ () C:\Program Files (x86)\ClamWin\lib\_sre.pyd 2013-09-12 19:36 - 2004-11-20 02:27 - 00086016 _____ () C:\Program Files (x86)\ClamWin\lib\win32gui.pyd 2013-09-12 19:36 - 2004-11-20 02:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32event.pyd 2013-09-12 19:36 - 2004-11-20 02:27 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\win32process.pyd 2013-09-12 19:36 - 2004-05-25 20:18 - 00049212 _____ () C:\Program Files (x86)\ClamWin\lib\_socket.pyd 2013-09-12 19:36 - 2004-05-25 20:18 - 00495616 _____ () C:\Program Files (x86)\ClamWin\lib\_ssl.pyd 2013-09-12 19:36 - 2004-05-25 20:20 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\_winreg.pyd 2013-09-12 19:36 - 2004-10-11 19:22 - 00315392 _____ () C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll 2013-09-12 19:36 - 2004-11-20 02:27 - 00106496 _____ () C:\Program Files (x86)\ClamWin\lib\shell.pyd 2013-09-12 19:36 - 2004-11-20 02:27 - 00065536 _____ () C:\Program Files (x86)\ClamWin\lib\win32security.pyd 2013-09-12 19:36 - 2004-01-15 13:45 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd 2013-09-12 19:36 - 2004-11-20 02:27 - 00077824 _____ () C:\Program Files (x86)\ClamWin\lib\win32file.pyd 2013-09-12 19:36 - 2004-11-20 02:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd 2013-09-12 19:36 - 2003-10-01 12:40 - 02240512 _____ () C:\Program Files (x86)\ClamWin\lib\wxc.pyd 2013-09-12 19:36 - 2003-10-01 10:43 - 03239936 _____ () C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll 2013-09-12 19:36 - 2003-08-10 08:14 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd 2013-09-12 19:36 - 2004-05-25 20:17 - 00622651 _____ () C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd 2013-09-12 19:36 - 2004-05-25 20:19 - 00045117 _____ () C:\Program Files (x86)\ClamWin\lib\datetime.pyd 2014-06-29 21:59 - 2012-04-25 19:00 - 00016096 ____N () C:\Program Files (x86)\XSManager\WTGDebugs.dll 2014-06-29 21:59 - 2012-04-25 19:00 - 00048352 ____N () C:\Program Files (x86)\XSManager\WtgDriverInstall.dll 2014-06-29 21:59 - 2012-04-25 19:00 - 00384736 ____N () C:\Program Files (x86)\XSManager\WtgCore.dll 2014-06-29 21:59 - 2012-04-25 19:00 - 00229088 ____N () C:\Program Files (x86)\XSManager\WtgUtil.dll 2014-06-29 21:59 - 2012-04-25 19:00 - 00089824 ____N () C:\Program Files (x86)\XSManager\WtgPorts.dll 2014-06-29 21:59 - 2012-04-25 19:00 - 00085728 ____N () C:\Program Files (x86)\XSManager\WtgDialup.dll 2014-06-29 21:59 - 2012-04-25 19:00 - 00110304 ____N () C:\Program Files (x86)\XSManager\WtgDatabase.dll 2014-06-29 21:59 - 2012-04-25 19:00 - 00143072 ____N () C:\Program Files (x86)\XSManager\WtgBluetooth.dll 2014-06-29 21:59 - 2012-04-25 19:00 - 00171744 ____N () C:\Program Files (x86)\XSManager\WtgDetection.dll 2014-06-29 21:59 - 2012-04-25 19:00 - 00892640 ____N () C:\Program Files (x86)\XSManager\4GSystems_OneClickAssistantGer.dll 2014-06-29 21:59 - 2012-04-25 19:00 - 00601824 ____N () C:\Program Files (x86)\XSManager\WTGXMLUtil.dll 2014-06-29 21:59 - 2012-04-25 19:00 - 00200416 ____N () C:\Program Files (x86)\XSManager\WTGSMSPCClient.Dll 2014-06-29 21:59 - 2012-04-25 19:00 - 00009440 ____N () C:\Program Files (x86)\XSManager\4GSystems_WTGSMSPCClientGer.dll 2014-06-29 21:59 - 2012-04-25 19:00 - 00016608 ____N () C:\Program Files (x86)\XSManager\WTGDriverInstallX.Dll 2013-04-04 01:09 - 2013-04-04 01:09 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2014-08-18 09:39 - 2014-08-07 05:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll 2014-08-18 09:39 - 2014-08-07 05:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll 2014-08-18 09:39 - 2014-08-07 05:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll 2014-08-18 09:39 - 2014-08-07 05:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll 2014-08-18 09:39 - 2014-08-07 05:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: tuloxFreeWBS => ==================== Faulty Device Manager Devices ============= Name: Broadcom USH Description: Broadcom USH Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/19/2014 08:34:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: pennybee.exe, Version: 1.1.0.13, Zeitstempel: 0x53b1262f Name des fehlerhaften Moduls: pennybee.exe, Version: 1.1.0.13, Zeitstempel: 0x53b1262f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000870e ID des fehlerhaften Prozesses: 0x190 Startzeit der fehlerhaften Anwendung: 0xpennybee.exe0 Pfad der fehlerhaften Anwendung: pennybee.exe1 Pfad des fehlerhaften Moduls: pennybee.exe2 Berichtskennung: pennybee.exe3 Error: (08/18/2014 09:24:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (08/18/2014 09:24:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (08/18/2014 09:24:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (08/18/2014 09:20:27 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: pennybee.exe, Version: 1.1.0.13, Zeitstempel: 0x53b1262f Name des fehlerhaften Moduls: pennybee.exe, Version: 1.1.0.13, Zeitstempel: 0x53b1262f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000870e ID des fehlerhaften Prozesses: 0x30c Startzeit der fehlerhaften Anwendung: 0xpennybee.exe0 Pfad der fehlerhaften Anwendung: pennybee.exe1 Pfad des fehlerhaften Moduls: pennybee.exe2 Berichtskennung: pennybee.exe3 Error: (08/18/2014 09:20:25 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: pennybee.exe, Version: 1.1.0.13, Zeitstempel: 0x53b1262f Name des fehlerhaften Moduls: pennybee.exe, Version: 1.1.0.13, Zeitstempel: 0x53b1262f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000870e ID des fehlerhaften Prozesses: 0xbfc Startzeit der fehlerhaften Anwendung: 0xpennybee.exe0 Pfad der fehlerhaften Anwendung: pennybee.exe1 Pfad des fehlerhaften Moduls: pennybee.exe2 Berichtskennung: pennybee.exe3 Error: (08/18/2014 09:20:25 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: pennybee.exe, Version: 1.1.0.13, Zeitstempel: 0x53b1262f Name des fehlerhaften Moduls: pennybee.exe, Version: 1.1.0.13, Zeitstempel: 0x53b1262f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000870e ID des fehlerhaften Prozesses: 0xbb0 Startzeit der fehlerhaften Anwendung: 0xpennybee.exe0 Pfad der fehlerhaften Anwendung: pennybee.exe1 Pfad des fehlerhaften Moduls: pennybee.exe2 Berichtskennung: pennybee.exe3 Error: (08/18/2014 09:20:24 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: pennybee.exe, Version: 1.1.0.13, Zeitstempel: 0x53b1262f Name des fehlerhaften Moduls: pennybee.exe, Version: 1.1.0.13, Zeitstempel: 0x53b1262f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000870e ID des fehlerhaften Prozesses: 0x840 Startzeit der fehlerhaften Anwendung: 0xpennybee.exe0 Pfad der fehlerhaften Anwendung: pennybee.exe1 Pfad des fehlerhaften Moduls: pennybee.exe2 Berichtskennung: pennybee.exe3 Error: (08/18/2014 09:20:24 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: pennybee.exe, Version: 1.1.0.13, Zeitstempel: 0x53b1262f Name des fehlerhaften Moduls: pennybee.exe, Version: 1.1.0.13, Zeitstempel: 0x53b1262f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000870e ID des fehlerhaften Prozesses: 0xb3c Startzeit der fehlerhaften Anwendung: 0xpennybee.exe0 Pfad der fehlerhaften Anwendung: pennybee.exe1 Pfad des fehlerhaften Moduls: pennybee.exe2 Berichtskennung: pennybee.exe3 Error: (08/18/2014 09:20:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: pennybee.exe, Version: 1.1.0.13, Zeitstempel: 0x53b1262f Name des fehlerhaften Moduls: pennybee.exe, Version: 1.1.0.13, Zeitstempel: 0x53b1262f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000870e ID des fehlerhaften Prozesses: 0x7f4 Startzeit der fehlerhaften Anwendung: 0xpennybee.exe0 Pfad der fehlerhaften Anwendung: pennybee.exe1 Pfad des fehlerhaften Moduls: pennybee.exe2 Berichtskennung: pennybee.exe3 System errors: ============= Error: (08/19/2014 04:16:01 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Routing und RAS" wurde mit folgendem dienstspezifischem Fehler beendet: %%11004. Error: (08/19/2014 04:15:59 PM) (Source: RemoteAccess) (EventID: 20152) (User: ) Description: Der momentan konfigurierte Authentifizierungsanbieter konnte nicht geladen und initialisiert werden. Der angeforderte Name ist gültig, es wurden jedoch keine Daten des angeforderten Typs gefunden. Error: (08/19/2014 04:15:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: truecrypt Error: (08/19/2014 04:15:47 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT-AUTORITÄT) Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator. Error: (08/19/2014 04:15:45 PM) (Source: NETLOGON) (EventID: 5719) (User: ) Description: Der Computer konnte eine sichere Sitzung mit einem Domänencontroller in der Domäne UNI-KL aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein. Error: (08/19/2014 04:15:08 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\truecrypt.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (08/19/2014 04:14:30 PM) (Source: volsnap) (EventID: 14) (User: ) Description: Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen. Error: (08/19/2014 00:01:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 für Windows 7 für x64-basierte Systeme Error: (08/19/2014 08:34:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "pennybee" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/19/2014 08:34:34 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Routing und RAS" wurde mit folgendem dienstspezifischem Fehler beendet: %%11004. Microsoft Office Sessions: ========================= Error: (08/19/2014 08:34:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: pennybee.exe1.1.0.1353b1262fpennybee.exe1.1.0.1353b1262fc00000050000870e19001cfbb779b81fc55C:\PROGRA~3\pennybee\pennybee.exeC:\PROGRA~3\pennybee\pennybee.exee0a396d1-276a-11e4-9882-028037ec0200 Error: (08/18/2014 09:24:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (08/18/2014 09:24:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (08/18/2014 09:24:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (08/18/2014 09:20:27 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: pennybee.exe1.1.0.1353b1262fpennybee.exe1.1.0.1353b1262fc00000050000870e30c01cfbab4e2467454C:\PROGRA~3\pennybee\pennybee.exeC:\PROGRA~3\pennybee\pennybee.exe1ff56095-26a8-11e4-8e46-028037ec0200 Error: (08/18/2014 09:20:25 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: pennybee.exe1.1.0.1353b1262fpennybee.exe1.1.0.1353b1262fc00000050000870ebfc01cfbab4e1918bbfC:\PROGRA~3\pennybee\pennybee.exeC:\PROGRA~3\pennybee\pennybee.exe1f42d960-26a8-11e4-8e46-028037ec0200 Error: (08/18/2014 09:20:25 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: pennybee.exe1.1.0.1353b1262fpennybee.exe1.1.0.1353b1262fc00000050000870ebb001cfbab4e1409cf6C:\PROGRA~3\pennybee\pennybee.exeC:\PROGRA~3\pennybee\pennybee.exe1eef8937-26a8-11e4-8e46-028037ec0200 Error: (08/18/2014 09:20:24 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: pennybee.exe1.1.0.1353b1262fpennybee.exe1.1.0.1353b1262fc00000050000870e84001cfbab4e0efae2dC:\PROGRA~3\pennybee\pennybee.exeC:\PROGRA~3\pennybee\pennybee.exe1e9e9a6d-26a8-11e4-8e46-028037ec0200 Error: (08/18/2014 09:20:24 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: pennybee.exe1.1.0.1353b1262fpennybee.exe1.1.0.1353b1262fc00000050000870eb3c01cfbab4e09ebf63C:\PROGRA~3\pennybee\pennybee.exeC:\PROGRA~3\pennybee\pennybee.exe1e4daba4-26a8-11e4-8e46-028037ec0200 Error: (08/18/2014 09:20:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: pennybee.exe1.1.0.1353b1262fpennybee.exe1.1.0.1353b1262fc00000050000870e7f401cfbab4e04dd09aC:\PROGRA~3\pennybee\pennybee.exeC:\PROGRA~3\pennybee\pennybee.exe1dfcbcdb-26a8-11e4-8e46-028037ec0200 ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz Percentage of memory in use: 46% Total physical RAM: 4047.9 MB Available physical RAM: 2172.72 MB Total Pagefile: 8093.98 MB Available Pagefile: 6060.87 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:232.88 GB) (Free:64.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 83632223) Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Kurzer Nachtrag: Hatte nach Malwarebytes den PC neu gestartet. Seither keine Probleme mehr mit Pop-ups. Kann's das schon gewesen sein? Geändert von sforce81 (19.08.2014 um 15:38 Uhr) |
19.08.2014, 17:22 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Pop-ups am laufenden BandZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
19.08.2014, 18:01 | #5 |
| Pop-ups am laufenden Band Naja, gewerblich wäre zuviel gesagt. Ist ein Pc der Uni, den ich privat nutzen darf. Spielt das eine Rolle? |
19.08.2014, 22:11 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Pop-ups am laufenden Band Ja das spielt eine Rolle. Bei gewerblichen Systemen gibt es entsprechende Hinweise und man darf auch gern mal fragen warum bei gewerblich genutzten Systemen oder dem Uni-Eigentum nicht der entsprechende Administrator benachrichtigt wird. Geht nicht darum, dass ich nicht helfen will, aber man sollte primär mal die Zuständigkeiten im Auge behalten...ich würde es als Uni-Admin (falls ich einer wäre) nicht gerne sehen wenn die User da an mir "vorbeiadministrieren" würden...
__________________ --> Pop-ups am laufenden Band |
20.08.2014, 08:26 | #7 |
| Pop-ups am laufenden Band Ist in Ordnung. Trotzdem Danke. |