| |
| |||||||
Log-Analyse und Auswertung: Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werdenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.11.2014, 00:19
| #1 |
| |  Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werden Hallo :-) leider habe ich mir, seit ich ein Schriftpaket von einer eigentlich sicheren Seite heruntergeladen habe, einen Trojaner (TR/Agent.337922) eingefangen. Zusätzlich bekomme ich das Programm Search nicht mehr deinstalliert, weil es schon gar nicht unter Programme und Funktionen in der Softwareliste steht. Nun habe ich laut Info für Hilfesuchende die entsprechenden Programme durchlaufen lassen und hoffe, dass ihr mir helfen könnt! Wäre sehr froh über Eure Hilfe! defogger_disable Log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:52 on 01/11/2014 (*****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-11-2014
Ran by ***** (administrator) on *****-PC on 01-11-2014 12:30:44
Running from C:\Users\*****\Desktop
Loaded Profile: ***** (Available profiles: *****)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(brother Industries Ltd) C:\Windows\System32\BRSVC01A.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(brother Industries Ltd) C:\Windows\System32\BRSS01A.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Novell, Inc.) C:\Windows\System32\iprntsrv.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
() C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Smartbar) C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Opera Software) C:\Program Files\Opera\opera.exe
() C:\Users\*****\AppData\Local\Smartbar\Application\Lrcnta.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.exe [29696 2014-08-27] (Smartbar)
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {12c8040d-0983-11e2-93dc-0021863250a3} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {2996dc87-d47d-11e3-aa31-0021863250a3} - H:\Startme.exe
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {632ac703-f808-11e1-beec-0021863250a3} - I:\setup.exe
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {65b42b4f-a1f2-11e2-ad50-0021863250a3} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {65b42b51-a1f2-11e2-ad50-0021863250a3} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {65b42bc5-a1f2-11e2-ad50-0021863250a3} - F:\AutoRun.exe
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {65b42bdd-a1f2-11e2-ad50-0021863250a3} - F:\AutoRun.exe
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {99042775-a6d4-11e2-bc9d-0021863250a3} - F:\AutoRun.exe
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {a18ad394-b751-11e2-80a6-0021863250a3} - F:\AutoRun.exe
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {d89c29fb-918f-11e2-a81e-0021863250a3} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {d89c2a4e-918f-11e2-a81e-0021863250a3} - H:\setup_vmc_lite.exe /checkApplicationPresence
Lsa: [Notification Packages] scecli iPrntWinCredMan
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc72qdcmyMBIVgFa4mUMw,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0qqSrx5vdU8jun3PWeLf4rIfAhvX7xyrrfz2iWr2hR1iWX-W6_tH126hkB7atApvRampUFUeKO51cCwy2bARNig6QHednZqPDqWA,,
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc72qdcmyMBIVgFa4mUMw,,&q={searchTerms}
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc-YGd0wUzafP7QfSHtUQ,,&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc-YGd0wUzafP7QfSHtUQ,,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc72qdcmyMBIVgFa4mUMw,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc72qdcmyMBIVgFa4mUMw,,&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 22 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{058F7093-9463-40C6-87C5-7273FA39BD6A}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{76D888BF-CEBB-4FE6-887D-088F5D40201D}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{C4C73E85-B4F4-4B48-A13F-1BDC7AA9463B}: [NameServer] 193.189.244.206 193.189.244.225
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default
FF NewTab: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0sGxfBXV0j0OWZzdZykAeEk8YCSPDQR8ZT1M50f4nurMrMwPNePosar78vrHdCE3R6Gf0yw0GSPzT3dumK4kKQYccCl4YzeZay5w,,
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0qqSrx5vdU8jun3PWeLf4rIfAhvX7xyrrfz2iWr2hR1iWX-W6_tH126hkB7atApvRampUFUeKO51cCwy2bARNig6QHednZqPDqWA,,
FF Keyword.URL: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc72qdcmyMBIVgFa4mUMw,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @novell.com/iPrint -> C:\Windows\system32 ()
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\abs@avira.com [2014-10-01]
FF Extension: HP Detect - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-11-11]
FF Extension: DownloadHelper - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-19]
FF Extension: Ghostery - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\firefox@ghostery.com.xpi [2014-01-27]
FF Extension: Grooveshark Unlocker - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-07-25]
FF Extension: NoScript - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-23]
FF Extension: LeechBlock - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2013-06-01]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-18]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-08-22]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688240 2014-04-09] (Juniper Networks)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-08] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 iprntsrv; C:\Windows\system32\iprntsrv.exe [102400 2014-06-23] (Novell, Inc.) [File not signed]
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [246112 2013-04-10] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 OpenVPNAccessClient; C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] () [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
S3 TDslMgrService; C:\Program Files\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH) [File not signed]
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [87120 2013-02-26] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [357456 2013-02-26] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [721048 2012-10-11] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [436304 2013-02-26] (VMware, Inc.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [563112 2014-08-15] (Cisco Systems, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2014-08-15] (Cisco Systems, Inc.)
S3 AF05BDA; C:\Windows\System32\drivers\AF05BDA.sys [117376 2006-12-05] (AfaTech )
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [26112 2010-04-29] (Google Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 cpuz136; C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [25320 2013-08-24] (CPUID)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [16448 2007-08-01] (T-Systems Enterprise Services GmbH)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2014-04-09] (Juniper Networks)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41496 2012-10-11] (VMware, Inc.)
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [99968 2009-02-09] (Guillemot Corporation) [File not signed]
R1 nipplpt2; C:\Windows\system32\drivers\nipplpt.sys [42464 2014-06-23] ()
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457984 2007-09-10] (PixArt Imaging Inc.) [File not signed]
R2 RTWTKRNL; C:\Windows\system32\drivers\rtwtkrnl.sys [52760 2012-01-02] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-14] (Avira GmbH)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [587136 2011-08-08] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [551168 2011-08-08] (eMPIA Technology, Inc.)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [26064 2013-02-26] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16664 2013-02-26] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37016 2013-02-26] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26192 2013-02-26] (VMware, Inc.)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2012-10-11] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [62416 2013-02-26] (VMware, Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-08-15] (Cisco Systems, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [61464 2012-10-24] (VMware, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-01 12:30 - 2014-11-01 12:31 - 00024776 _____ () C:\Users\*****\Desktop\FRST.txt
2014-11-01 12:30 - 2014-11-01 12:30 - 00000000 ____D () C:\FRST
2014-11-01 12:27 - 2014-11-01 12:27 - 01105920 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-11-01 12:22 - 2014-11-01 12:23 - 00000472 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-11-01 12:22 - 2014-11-01 12:22 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-11-01 12:21 - 2014-11-01 12:21 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-11-01 12:11 - 2014-11-01 12:11 - 00000000 ____D () C:\Users\*****\Desktop\backups
2014-11-01 12:04 - 2014-11-01 12:04 - 00012770 _____ () C:\Users\*****\Desktop\hijackthis.log
2014-11-01 12:03 - 2014-11-01 12:03 - 00388608 _____ (Trend Micro Inc.) C:\Users\*****\Desktop\HijackThis.exe
2014-11-01 11:47 - 2014-11-01 12:01 - 00000000 ____D () C:\Users\*****\Desktop\Einladungen Geburtstag Papa
2014-11-01 11:17 - 2014-11-01 11:17 - 00002468 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-11-01 11:17 - 2014-11-01 11:17 - 00002406 _____ () C:\Users\*****\Desktop\Search.lnk
2014-11-01 11:16 - 2014-11-01 11:16 - 00000000 ____D () C:\Users\*****\AppData\Local\Smartbar
2014-11-01 11:16 - 2014-11-01 11:16 - 00000000 ____D () C:\Users\*****\AppData\Local\LPT
2014-10-30 23:58 - 2014-10-30 23:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-30 00:03 - 2014-10-30 11:25 - 00000000 ____D () C:\Users\*****\Desktop\Mathe Übungsblatt 2
2014-10-27 20:11 - 2014-10-27 20:17 - 00000000 ____D () C:\Users\*****\Desktop\AriadneTech Bewerbung 28.11.14
2014-10-26 21:20 - 2014-10-27 23:48 - 00000000 ____D () C:\Users\*****\Desktop\Bachelor-Verleihung
2014-10-26 16:08 - 2014-10-26 16:08 - 00002144 _____ () C:\Users\*****\Downloads\messaging_attachment.htm
2014-10-21 16:43 - 2014-10-27 23:48 - 00000000 ____D () C:\Users\*****\Desktop\Mathe Übung Blatt 1
2014-10-15 18:54 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 18:54 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 18:54 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 18:54 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 18:54 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 18:54 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 18:54 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 18:54 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 18:54 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 18:54 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 18:54 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 18:54 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 18:54 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 18:54 - 2014-09-19 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 18:54 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 18:54 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 18:54 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 18:54 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 18:54 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 18:54 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 18:54 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 18:54 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 18:54 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 18:54 - 2014-09-19 01:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 18:54 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 18:54 - 2014-09-19 01:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 18:54 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 18:54 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 18:54 - 2014-09-19 01:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 18:54 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 18:54 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 18:54 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 18:54 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 18:54 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 18:54 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 18:54 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 18:54 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 18:54 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 18:53 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 18:53 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 18:53 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 18:53 - 2014-08-19 03:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 18:53 - 2014-08-19 03:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 18:53 - 2014-08-19 03:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 18:53 - 2014-08-19 03:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 18:53 - 2014-08-19 02:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 18:53 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 18:53 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 18:53 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 18:53 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 18:53 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 18:53 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 18:53 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 18:53 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 18:53 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 18:53 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 18:53 - 2014-07-07 02:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 18:53 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 18:53 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 18:53 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 18:53 - 2014-07-07 02:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 18:53 - 2014-06-28 01:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 18:53 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 18:53 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 15:52 - 2014-10-14 15:53 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ControlCenter4
2014-10-14 15:52 - 2014-10-14 15:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\FLEXnet
2014-10-14 15:48 - 2014-10-14 15:48 - 00002110 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-10-14 15:47 - 2014-10-14 15:47 - 00000000 ____D () C:\ProgramData\ControlCenter4
2014-10-14 15:47 - 2014-10-14 15:47 - 00000000 ____D () C:\Program Files\ControlCenter4
2014-10-14 15:39 - 2014-10-14 15:39 - 00001890 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2014-10-14 15:39 - 2014-10-14 15:39 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Nuance
2014-10-14 15:39 - 2014-10-14 15:39 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-10-14 15:39 - 2014-10-14 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12
2014-10-14 15:38 - 2014-10-14 15:57 - 00000000 ____D () C:\ProgramData\Nuance
2014-10-14 15:38 - 2014-10-14 15:45 - 00000000 ____D () C:\Program Files\Nuance
2014-10-14 15:38 - 2014-10-14 15:38 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-10-14 15:38 - 2014-10-14 15:38 - 00000000 ____D () C:\Program Files\Common Files\ScanSoft Shared
2014-10-12 15:30 - 2014-10-12 15:30 - 00000853 _____ () C:\Users\*****\Desktop\eclipse.exe - Verknüpfung.lnk
2014-10-11 18:13 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141011-191315.backup
2014-10-11 18:12 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141011-191248.backup
2014-10-10 19:35 - 2014-10-29 13:07 - 00000000 ____D () C:\Users\*****\AppData\Local\Eclipse
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-01 12:24 - 2012-08-20 17:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-01 12:22 - 2012-08-18 14:47 - 00000000 ____D () C:\Users\*****
2014-11-01 12:19 - 2012-08-18 15:29 - 00000000 ____D () C:\Setups
2014-11-01 10:49 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-01 10:49 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-01 10:48 - 2012-08-18 14:39 - 01715315 _____ () C:\Windows\WindowsUpdate.log
2014-11-01 10:44 - 2012-08-20 18:58 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job
2014-11-01 10:40 - 2013-04-13 18:52 - 00000000 ____D () C:\ProgramData\VMware
2014-11-01 10:40 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-01 10:40 - 2009-07-14 05:39 - 00126449 _____ () C:\Windows\setupact.log
2014-10-31 21:49 - 2012-08-22 14:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-10-31 21:39 - 2010-11-20 22:01 - 01637490 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-31 13:49 - 2012-08-18 15:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-29 20:41 - 2012-08-20 15:17 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-10-26 12:47 - 2012-08-20 22:45 - 00000000 ____D () C:\Windows\pss
2014-10-21 16:45 - 2013-04-13 18:58 - 00000000 ____D () C:\Users\*****\AppData\Local\VMware
2014-10-21 16:22 - 2013-04-13 18:58 - 00000000 ____D () C:\Users\*****\AppData\Roaming\VMware
2014-10-19 12:41 - 2012-08-18 19:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-19 12:40 - 2014-04-13 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-18 12:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-10-18 10:45 - 2013-04-14 21:37 - 00000000 ____D () C:\Users\*****\Documents\Virtual Machines
2014-10-18 10:37 - 2014-08-21 22:22 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-10-18 10:37 - 2012-08-20 17:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-18 10:37 - 2012-08-20 17:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-17 18:03 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 00:07 - 2009-07-14 05:33 - 00435256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 00:05 - 2014-05-08 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 00:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-16 00:27 - 2013-07-29 16:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 22:41 - 2012-08-18 17:03 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 18:35 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-15 08:24 - 2014-09-10 18:09 - 00001119 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-15 08:24 - 2014-08-11 02:19 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-15 08:24 - 2013-08-14 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-15 08:24 - 2013-08-14 20:00 - 00000000 ____D () C:\Program Files\Avira
2014-10-14 18:59 - 2012-08-22 14:41 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-14 15:54 - 2012-08-18 15:37 - 00112864 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-14 15:48 - 2013-01-20 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-10-14 15:47 - 2013-01-20 16:20 - 00000000 ____D () C:\Program Files\Browny02
2014-10-14 15:47 - 2013-01-20 16:20 - 00000000 ____D () C:\Program Files\Brother
2014-10-14 15:46 - 2012-11-04 19:01 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-12 21:53 - 2012-08-18 19:13 - 01804758 _____ () C:\Windows\DPINST.LOG
2014-10-12 21:51 - 2014-10-01 19:30 - 00001996 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-10-12 21:51 - 2014-10-01 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-10-12 01:23 - 2010-11-20 22:48 - 00316096 _____ () C:\Windows\PFRO.log
2014-10-11 15:30 - 2014-05-21 00:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\inkscape
2014-10-09 18:08 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32
2014-10-09 09:35 - 2013-08-14 20:04 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-09 09:35 - 2013-08-14 20:00 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-09 09:35 - 2013-08-14 20:00 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp247kgd.dll
C:\Users\*****\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\*****\AppData\Local\Temp\ose00000.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\somoto_ChopinScript_1.0.exe
C:\Users\*****\AppData\Local\Temp\_is26F3.exe
C:\Users\*****\AppData\Local\Temp\_is3024.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-18 12:23
==================== End Of Log ============================
Additions Log: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-11-2014
Ran by ***** at 2014-11-01 12:32:12
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
- Siemens MedSW)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
4500_G510nz_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adblock Plus for IE (32-bit) (HKLM\...\{21B632E1-4B3D-4AC2-9ABD-E00544F67D48}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\{922E8525-AC7E-4294-ACAA-43712D4423C0}) (Version: 10.0.22.87 - Adobe Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Audacity 2.0.2 (HKLM\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avira (HKLM\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Brother MFL-Pro Suite DCP-7055 (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version: - )
Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05182 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.05182 - Cisco Systems, Inc.) Hidden
Cyberduck 4.2.1 (9350) (HKLM\...\Cyberduck) (Version: 4.2.1 (9350) - )
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DICOM Inspector.NET (HKLM\...\{A9F16121-CBDD-4CF9-89F7-7AE61E3410E4}) (Version: 1.0.0 - wrs)
DicomEdit (HKLM\...\{225D0EDC-F44B-4F36-98F7-944E5169B97F}) (Version: 8.0
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DSL-Manager (HKLM\...\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}) (Version: - )
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GO Contact Sync Mod (HKLM\...\{6CF50AEE-2F3E-4D01-999E-91BEB5CDB9B3}) (Version: 3.5.22 - WebGear, Create Software, Stru.be, saller.NET)
GO Contact Sync Mod (HKLM\...\{D486452A-63E4-4FBA-953B-9080266077A0}) (Version: 3.8.0 - WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET + Big-R)
Google Calendar Sync (HKLM\...\Google Calendar Sync) (Version: - )
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
GroupWise (HKLM\...\{C98B6523-9B2A-40D9-A722-D24CADD131AC}) (Version: 12.0.2 - Novell)
GroupWise Client - VC Runtimes (release) (Version: 2.00.0000 - Novell) Hidden
HL-2130 (HKLM\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM\...\{69FD2930-C361-47F6-822E-71B021526778}) (Version: 11.50.0015 - Hewlett-Packard Company)
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
IBM SPSS Statistics 19 (HKLM\...\{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}) (Version: 19.0.0 - SPSS Inc., an IBM Company)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron JMB38X Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.20.07 - JMicron Technology Corp.)
Juniper Networks Network Connect 7.0.0 (HKLM\...\Juniper Network Connect 7.0.0) (Version: 7.0.0.18809 - Juniper Networks)
Juniper Networks Network Connect 7.4.0 (HKLM\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30611 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.4.9.44981 - Juniper Networks, Inc.)
MATLAB R2012a (HKLM\...\Matlab R2012a) (Version: 7.14 - The MathWorks, Inc.)
MGTEK MiniIDE 1.19 (HKLM\...\{A933C7DE-E96A-4A27-BE68-57297196E274}) (Version: 1.19.176 - MGTEK)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools DEU (HKLM\...\{E32260E7-0B10-43C7-9B77-AB9F4184676D}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 DEU (HKLM\...\{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C# 2008 Express Edition - DEU (HKLM\...\Microsoft Visual C# 2008 Express Edition - DEU) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 21.005.15.00.705 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 33.0.2 (x86 de) (HKLM\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MVE (HKLM\...\MVE - Medical Volume Explorer_is1) (Version: - Dr. Jürgen Abel)
Network (Version: 130.0.550.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM\...\Notepad++) (Version: 6.2.3 - )
Novell iPrint Client v05.98.00 (HKLM\...\Novell iPrint Client) (Version: - Novell, Inc.)
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.6 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
OpenVPN Client (HKLM\...\{072A5217-8165-4AB7-8366-36CB3245DB60}) (Version: 1.5.6 - OpenVPN Technologies)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Padre on Strawberry Perl version 0.05 (HKLM\...\Strawberry_Perl_with_Cream_is1) (Version: 0.05 - )
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PC Wizard 2013.2.12 (HKLM\...\PC Wizard 2013_is1) (Version: - CPUID)
pdfsam (HKLM\...\pdfsam) (Version: 2.2.1 - )
Pixillion Imagedatei-Konverter (HKLM\...\Pixillion) (Version: 2.61 - NCH Software)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Qt SDK (HKCU\...\Qt SDK) (Version: 1.2.1 - Nokia)
Rainlendar2 (remove only) (HKLM\...\Rainlendar2) (Version: - )
Re (HKLM\...\RealTimeWindowsTarget) (Version: - )
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Secure Download Manager (HKLM\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SILKYPIX Developer Studio 3.1 SE (HKLM\...\InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.1 SE (Version: 3 - Ichikawa Soft Laboratory) Hidden
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony PC Companion 2.10.228 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.228 - Sony)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
VC Runtimes MSI (Version: 9.0.21022 - Microsoft) Hidden
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
VMware Player (HKLM\...\VMware_Player) (Version: 5.0.2 - VMware, Inc)
VMware Player (Version: 5.0.2 - VMware, Inc.) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Yahoo Community Smartbar (HKLM\...\{4E732E5D-E577-451A-9BB1-CBE64A2CBC2F}) (Version: 11.112.66.19229 - Linkury Inc.) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-392681275-1122118515-239412949-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392681275-1122118515-239412949-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\*****\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-392681275-1122118515-239412949-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392681275-1122118515-239412949-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392681275-1122118515-239412949-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392681275-1122118515-239412949-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392681275-1122118515-239412949-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392681275-1122118515-239412949-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392681275-1122118515-239412949-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392681275-1122118515-239412949-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
01-11-2014 10:19:20 Removed Nuance PaperPort 12
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0038DE0F-385C-4EDB-8518-3B9C1076A709} - System32\Tasks\MATLAB R2012a Startup Accelerator => C:\Program Files\MATLAB\R2012a\bin\win32\MATLABStartupAccelerator.exe [2011-12-29] ()
Task: {4C6C037D-DF71-4CBD-8803-3FED500C7800} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {534E6633-7221-434F-A2D0-F88666740CDB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {59DB19AD-7229-4696-9412-F44A5EE06846} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {9AF427F5-01AE-488E-87D4-820AD38974F9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B5EDB9DE-1D56-4C19-B5F8-56B4DCF10F0E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-18] (Adobe Systems Incorporated)
Task: {FDCEF5DB-98A8-4CB0-8D03-24239AFF3173} - System32\Tasks\{EAEF1109-2199-4975-93E1-969A0DD67984} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/privacy
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job => C:\Program Files\MATLAB\R2012a\bin\win32\MATLABStartupAccelerator.exe
==================== Loaded Modules (whitelisted) =============
2014-08-15 19:25 - 2014-08-15 19:25 - 00063400 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2006-12-04 00:25 - 2006-12-04 00:25 - 00022723 _____ () C:\Windows\System32\sugs1l3.dll
2011-03-14 16:27 - 2011-03-14 16:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2013-04-10 18:55 - 2013-04-10 18:54 - 00246112 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2013-04-10 18:55 - 2013-04-10 18:54 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2013-04-10 18:55 - 2013-04-10 18:54 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2013-04-10 18:55 - 2013-04-10 18:54 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2013-04-10 18:55 - 2013-04-10 18:54 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2013-04-10 18:55 - 2013-04-10 18:54 - 00384512 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2013-04-10 18:55 - 2013-04-10 18:54 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2010-08-12 16:45 - 2010-08-12 16:45 - 00024064 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
2009-07-05 05:35 - 2009-07-05 05:35 - 00028160 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\servicemanager.pyd
2009-07-05 05:35 - 2009-07-05 05:35 - 00110592 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll
2009-07-05 05:35 - 2009-07-05 05:35 - 00041472 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32service.pyd
2009-07-05 05:35 - 2009-07-05 05:35 - 00096256 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd
2009-10-26 08:27 - 2009-10-26 08:27 - 00153088 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd
2009-10-26 08:25 - 2009-10-26 08:25 - 00040448 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd
2009-10-26 08:25 - 2009-10-26 08:25 - 00645120 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd
2010-03-16 12:05 - 2010-03-16 12:05 - 00020480 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd
2009-10-26 08:27 - 2009-10-26 08:27 - 00311808 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd
2009-10-26 08:25 - 2009-10-26 08:25 - 00073728 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd
2009-10-26 08:27 - 2009-10-26 08:27 - 00011776 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\select.pyd
2010-05-05 12:44 - 2010-05-05 12:44 - 00010752 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd
2010-05-05 12:44 - 2010-05-05 12:44 - 00051200 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd
2010-05-05 12:44 - 2010-05-05 12:44 - 00039936 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd
2009-07-05 05:35 - 2009-07-05 05:35 - 00036352 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd
2010-05-05 12:43 - 2010-05-05 12:43 - 00008192 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd
2009-07-05 05:35 - 2009-07-05 05:35 - 00110592 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32security.pyd
2009-07-05 05:35 - 2009-07-05 05:35 - 00017920 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd
2009-07-06 03:16 - 2009-07-06 03:16 - 00111104 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32file.pyd
2009-07-05 05:35 - 2009-07-05 05:35 - 00024064 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32pipe.pyd
2013-02-26 01:28 - 2013-02-26 01:28 - 01260624 _____ () C:\Program Files\VMware\VMware Player\libxml2.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2012-09-23 19:43 - 2012-09-23 19:43 - 00010240 _____ () C:\Program Files\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2014-08-27 16:29 - 2014-08-27 16:29 - 00052224 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00087552 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\srau.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00167424 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 02426880 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00068608 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\spbl.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00160256 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-08-27 16:28 - 2014-08-27 16:28 - 00015872 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\siem.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00069120 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\sppsm.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00698368 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00016384 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00080384 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00028672 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00071680 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\srut.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00031232 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\srsbs.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00067072 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00152064 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\smti.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00075264 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\smsp.dll
2014-08-27 16:28 - 2014-08-27 16:28 - 00011776 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\sidc.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00032256 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\smtu.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00040448 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\smta.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00032768 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\srom.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00049152 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\srbu.dll
2014-08-27 16:28 - 2014-08-27 16:28 - 00025600 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\sgml.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00063488 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00026624 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\srpdm.dll
2014-08-27 16:28 - 2014-08-27 16:28 - 00045056 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-08-27 16:24 - 2014-08-27 16:24 - 00026624 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00036864 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00257024 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\srns.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-05-08 14:49 - 2014-05-08 14:49 - 00133120 _____ () C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Locale\de_de\PDFMaker\PDFMOfficeAddin.DEU
2014-08-27 16:28 - 2014-08-27 16:28 - 00025088 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Lrcnta.exe
2014-08-27 16:28 - 2014-08-27 16:28 - 00034816 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\lrcnt.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\Windows\pss\Google Calendar Sync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Client.lnk => C:\Windows\pss\OpenVPN Client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSL-Manager.lnk => C:\Windows\pss\DSL-Manager.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: iPrint Event Monitor => C:\Windows\system32\iprntlgn.exe
MSCONFIG\startupreg: iPrint Tray => C:\Windows\system32\iprntctl.exe TRAY_ICON
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\*****\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-392681275-1122118515-239412949-500 - Administrator - Disabled)
***** (S-1-5-21-392681275-1122118515-239412949-1000 - Administrator - Enabled) => C:\Users\*****
Gast (S-1-5-21-392681275-1122118515-239412949-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-392681275-1122118515-239412949-1004 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/01/2014 11:26:18 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: *****-PC)
Description: Die Anwendung oder der Dienst "linmsl" konnte nicht heruntergefahren werden.
Error: (11/01/2014 10:40:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/31/2014 09:34:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/31/2014 01:49:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/31/2014 08:05:46 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/10/31 08:05:46.093]: [00002316]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2
Error: (10/31/2014 07:31:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/30/2014 06:53:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/30/2014 11:42:34 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/10/30 11:42:34.941]: [00002308]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2
Error: (10/30/2014 09:58:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/29/2014 07:04:46 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/10/29 19:04:46.595]: [00002316]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2
System errors:
=============
Error: (11/01/2014 11:03:04 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (11/01/2014 10:40:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/01/2014 10:40:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (10/31/2014 09:38:43 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{7967F29F-64E2-4810-89E8-F8D596FBFBC4}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (10/31/2014 09:34:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/31/2014 09:34:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (10/31/2014 01:49:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/31/2014 01:49:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (10/31/2014 07:31:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/31/2014 07:31:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Microsoft Office Sessions:
=========================
Error: (11/01/2014 11:26:18 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: *****-PC)
Description: 1C:\Program Files\LPT\linmsl.exelinmsl0511778040
Error: (11/01/2014 10:40:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/31/2014 09:34:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/31/2014 01:49:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/31/2014 08:05:46 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/10/31 08:05:46.093]: [00002316]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2
Error: (10/31/2014 07:31:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/30/2014 06:53:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/30/2014 11:42:34 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/10/30 11:42:34.941]: [00002308]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2
Error: (10/30/2014 09:58:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/29/2014 07:04:46 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/10/29 19:04:46.595]: [00002316]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz
Percentage of memory in use: 46%
Total physical RAM: 3069.21 MB
Available physical RAM: 1642.44 MB
Total Pagefile: 6136.7 MB
Available Pagefile: 4252.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.55 MB
==================== Drives ================================
Drive c: (Systemdateien, Programme) (Fixed) (Total:123.11 GB) (Free:22.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:8.96 GB) (Free:1.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:14.83 GB) (Free:4.87 GB) FAT32
Drive g: (Dateien) (Fixed) (Total:146.48 GB) (Free:49.17 GB) NTFS
Drive u: (Ubuntu) (Fixed) (Total:19.53 GB) (Free:18.47 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 76579EF5)
Partition 1: (Active) - (Size=123.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=19.5 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-01 23:49:12
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.8909 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\*****\AppData\Local\Temp\kgddapod.sys
---- System - GMER 2.1 ----
SSDT 91A532A6 ZwCreateSection
SSDT 91A532B0 ZwRequestWaitReplyPort
SSDT 91A532AB ZwSetContextThread
SSDT 91A532B5 ZwSetSecurityObject
SSDT 91A532BA ZwSystemDebugControl
SSDT 91A53247 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83289A35 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832C3392 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 832CA6DC 4 Bytes [A6, 32, A5, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 832CAA38 4 Bytes [B0, 32, A5, 91] {MOV AL, 0x32; MOVSD ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 832CAA7C 4 Bytes [AB, 32, A5, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 832CAAF8 4 Bytes [B5, 32, A5, 91] {MOV CH, 0x32; MOVSD ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 832CAB4C 4 Bytes [BA, 32, A5, 91]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys
Device \Driver\usbehci \Device\USBPDO-2 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-4 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-5 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-6 hcmon.sys
Device \Driver\usbehci \Device\USBPDO-7 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-9 hcmon.sys
Device \Driver\usbhub \Device\00000081 hcmon.sys
Device \Driver\usbhub \Device\00000082 hcmon.sys
Device \Driver\usbhub \Device\00000083 hcmon.sys
Device \Driver\usbhub \Device\00000084 hcmon.sys
Device \Driver\usbhub \Device\00000085 hcmon.sys
Device \Driver\usbhub \Device\00000086 hcmon.sys
Device \Driver\usbhub \Device\00000087 hcmon.sys
Device \Driver\usbhub \Device\00000088 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-2 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-6 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-7 hcmon.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0021863250a3
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0021863250a3 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-392681275-1122118515-239412949-1000\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 1148720864
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-392681275-1122118515-239412949-1000\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30406166
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-392681275-1122118515-239412949-1000\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 1148720864
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-392681275-1122118515-239412949-1000\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30406166
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@EE94D2ED 1083
---- EOF - GMER 2.1 ----
|
|
02.11.2014, 06:53
| #2 |
| /// the machine /// TB-Ausbilder    | Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werden hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ |
|
02.11.2014, 12:24
| #3 |
| | Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werden Hi,
__________________Search war leider auch in der Revo Uninstaller Liste nicht aufgeführt und konnte somit auch nicht deinstalliert werden. Bei Combofix ist mir leider der Rechner automatisch heruntergefahren, weil ich vergessen hatte die Zeit hochzusetzen... Danach kam die Meldung "Zugriff verweigert". Danach wurde von Combofix dieses Logfile erstellt. Ist das normal, dass sich Avira wieder selbst aktiviert? Soll ich nun Combofix noch einmal durchlaufen lassen? Combofix.txt: Code:
ATTFilter ComboFix 14-10-29.01 - ***** 02.11.2014 11:48:30.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3069.1892 [GMT 1:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\SecureDownloadManager.log
c:\users\*****\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\system32\AF05BDAEX.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-10-02 bis 2014-11-02 ))))))))))))))))))))))))))))))
.
.
2014-11-02 11:01 . 2014-11-02 11:06 -------- d-----w- c:\users\*****\AppData\Local\temp
2014-11-02 11:01 . 2014-11-02 11:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-02 10:26 . 2014-11-02 10:44 -------- d-----w- c:\program files\VS Revo Group
2014-11-01 11:30 . 2014-11-01 11:33 -------- d-----w- C:\FRST
2014-10-15 17:53 . 2014-07-17 01:39 3221504 ----a-w- c:\windows\system32\mstscax.dll
2014-10-14 14:52 . 2014-10-14 14:52 -------- d-----w- c:\users\*****\AppData\Roaming\FLEXnet
2014-10-14 14:52 . 2014-10-14 14:53 -------- d-----w- c:\users\*****\AppData\Roaming\ControlCenter4
2014-10-14 14:47 . 2014-10-14 14:47 -------- d-----w- c:\programdata\ControlCenter4
2014-10-14 14:47 . 2014-10-14 14:47 -------- d-----w- c:\program files\ControlCenter4
2014-10-14 14:39 . 2014-10-14 14:39 -------- d-----w- c:\users\*****\AppData\Roaming\Nuance
2014-10-14 14:39 . 2014-10-14 14:39 -------- d-----w- c:\programdata\ScanSoft
2014-10-14 14:38 . 2014-10-14 14:38 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2014-10-14 14:38 . 2014-10-14 14:38 -------- d-----w- c:\programdata\FLEXnet
2014-10-14 14:38 . 2014-10-14 14:57 -------- d-----w- c:\programdata\Nuance
2014-10-14 14:38 . 2014-10-14 14:45 -------- d-----w- c:\program files\Nuance
2014-10-10 18:35 . 2014-10-29 12:07 -------- d-----w- c:\users\*****\AppData\Local\Eclipse
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-18 09:37 . 2012-08-20 16:00 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-18 09:37 . 2012-08-20 16:00 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-09 08:35 . 2013-08-14 19:04 37384 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-10-09 08:35 . 2013-08-14 19:00 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-10-09 08:35 . 2013-08-14 19:00 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-09-25 01:40 . 2014-10-01 11:09 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-09 21:47 . 2014-09-25 06:41 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-23 01:46 . 2014-08-28 19:05 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-15 18:25 . 2014-08-15 18:25 11176 ----a-w- c:\windows\system32\vpncategories.dll
2014-08-15 18:25 . 2014-08-15 18:25 34216 ----a-w- c:\windows\system32\vpnevents.dll
2014-08-15 18:07 . 2014-08-15 18:07 43888 ----a-w- c:\windows\system32\drivers\vpnva-6.sys
2014-08-15 18:07 . 2014-08-15 18:07 92528 ----a-r- c:\windows\system32\drivers\acsock.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-10-09 703736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-05-08 3499896]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-09-23 165168]
.
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2012-11-4 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli iPrntWinCredMan
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
backup=c:\windows\pss\Google Calendar Sync.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Client.lnk
backup=c:\windows\pss\OpenVPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSL-Manager.lnk]
path=c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
backup=c:\windows\pss\DSL-Manager.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2014-02-27 18:38 558496 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
2012-06-06 13:31 3076096 ------w- c:\program files\Browny02\Brother\BrStMonW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cisco AnyConnect Secure Mobility Agent for Windows]
2014-08-15 18:25 707496 ----a-w- c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter4]
2012-09-06 19:06 143360 ------w- c:\program files\ControlCenter4\BrCcBoot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Event Monitor]
2014-06-23 08:19 118456 ----a-w- c:\windows\System32\iprntlgn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Tray]
2014-06-23 08:19 114360 ----a-w- c:\windows\System32\iprntctl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-08-27 07:20 22041192 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\Mobile Partner\UpdateDog\ouc.exe [2013-04-10 246112]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2014-08-15 92528]
R3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [2006-12-05 117376]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 26112]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2012-06-05 266240]
R3 cpuz136;cpuz136;c:\program files\CPUID\PC Wizard 2013\pcwiz_x32.sys [2013-08-24 25320]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2013-04-10 102784]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2013-04-10 353280]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2014-06-19 12400]
R3 hxctlflt;hxctlflt;c:\windows\system32\DRIVERS\hxctlflt.sys [2009-02-09 99968]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-09-19 108032]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 TDslMgrService;DSL-Manager;c:\program files\DSL-Manager\DslMgrSvc.exe [2008-10-23 307200]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-10-09 994552]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-10-24 71152]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-10-24 61464]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-25 37352]
S1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\DRIVERS\dslmnlwf.sys [2007-08-01 16448]
S1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2014-06-23 42464]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-02 81920]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-10-09 431920]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-09-23 160560]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-04-01 49464]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
S2 iprntsrv;Novell iPrint Service;c:\windows\system32\iprntsrv.exe [2014-06-23 102400]
S2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-08-12 24064]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]
S2 RTWTKRNL;Real-Time Windows Target;c:\windows\system32\drivers\rtwtkrnl.sys [2012-01-02 52760]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2012-10-11 721048]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2014-08-15 563112]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2013-04-10 73216]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-22 107360]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-08-03 26112]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 09:37]
.
2014-11-02 c:\windows\Tasks\MATLAB R2012a Startup Accelerator.job
- c:\program files\MATLAB\R2012a\bin\win32\MATLABStartupAccelerator.exe [2012-08-20 02:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0qqSrx5vdU8jun3PWeLf4rIfAhvX7xyrrfz2iWr2hR1iWX-W6_tH126hkB7atApvRampUFUeKO51cCwy2Zf9wVO8WrWpXxddvQUA,,
uSearchAssistant = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc5ThUU9InTlfMZaaYMdA,,&q={searchTerms}
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
LSP: %windir%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{058F7093-9463-40C6-87C5-7273FA39BD6A}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{76D888BF-CEBB-4FE6-887D-088F5D40201D}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{C4C73E85-B4F4-4B48-A13F-1BDC7AA9463B}: NameServer = 193.189.244.206 193.189.244.225
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc5ThUU9InTlfMZaaYMdA,,&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Spotify - c:\users\*****\AppData\Roaming\Spotify\Spotify.exe
MSConfigStartUp-Spotify Web Helper - c:\users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\brsvc01a.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\programdata\Mobile Partner\OnlineUpdate\ouc.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\program files\Microsoft Office\Office14\ONENOTEM.EXE
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-02 12:13:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-11-02 11:13
.
Vor Suchlauf: 14 Verzeichnis(se), 23.370.022.912 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 23.856.128.000 Bytes frei
.
- - End Of File - - E4D7FC436B692421402E6533171ABD52
A36C5E4F47E84449FF07ED3517B43A31
|
|
02.11.2014, 18:09
| #4 |
| /// the machine /// TB-Ausbilder | Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werden Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.11.2014, 13:08
| #5 |
| | Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werden Hi schrauber, vielen vielen Dank nochmal, dass du mir hilfst!  Hier sind die geforderten Logs: mbam.txt: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 02.11.2014 Suchlauf-Zeit: 19:21:11 Logdatei: mbam.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.11.02.05 Rootkit Datenbank: v2014.11.01.02 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: ***** Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 315926 Verstrichene Zeit: 27 Min, 10 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 2 PUP.Optional.Snapdo.T, HKU\S-1-5-21-392681275-1122118515-239412949-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Löschen bei Neustart, [1fde8da9e49803336e9859902ed4d62a], PUP.Optional.Snapdo.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [1fde8da9e49803336e9859902ed4d62a], Registrierungswerte: 1 PUP.Optional.Snapdo.T, HKU\S-1-5-21-392681275-1122118515-239412949-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, Löschen bei Neustart, [6a93c2744933ca6cc90e2e0c62a1b24e] Registrierungsdaten: 5 PUP.Optional.HelperBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc-YGd0wUzafP7QfSHtUQ,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc-YGd0wUzafP7QfSHtUQ,,&q={searchTerms}),Ersetzt,[54a982b4ff7dc96df5f045e8da2b20e0] PUP.Optional.HelperBar.A, HKU\S-1-5-21-392681275-1122118515-239412949-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0qqSrx5vdU8jun3PWeLf4rIfAhvX7xyrrfz2iWr2hR1iWX-W6_tH126hkB7atApvRampUFUeKO51cCwy2Zf9wVO8WrWpXxddvQUA,,, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0qqSrx5vdU8jun3PWeLf4rIfAhvX7xyrrfz2iWr2hR1iWX-W6_tH126hkB7atApvRampUFUeKO51cCwy2Zf9wVO8WrWpXxddvQUA,,),Löschen bei Neustart,[feff54e26418ba7cb435e24bf60fd927] PUP.Optional.HelperBar.A, HKU\S-1-5-21-392681275-1122118515-239412949-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc5ThUU9InTlfMZaaYMdA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc5ThUU9InTlfMZaaYMdA,,&q={searchTerms}),Löschen bei Neustart,[40bde650106cbd79975343ead3326f91] PUP.Optional.HelperBar.A, HKU\S-1-5-21-392681275-1122118515-239412949-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc5ThUU9InTlfMZaaYMdA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc5ThUU9InTlfMZaaYMdA,,&q={searchTerms}),Löschen bei Neustart,[06f72214cfad5bdb4c9f6ac3c93cf20e] PUP.Optional.HelperBar.A, HKU\S-1-5-21-392681275-1122118515-239412949-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc5ThUU9InTlfMZaaYMdA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc5ThUU9InTlfMZaaYMdA,,&q={searchTerms}),Löschen bei Neustart,[728b270f73090f27bc2ae4494eb78779] Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 1 PUP.Optional.HelperBar.A, C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc5ThUU9InTlfMZaaYMdA,,&q=");), Ersetzt,[d22bcb6b91ebcb6b34e0f27b9d6817e9] Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.002 - Bericht erstellt am 02/11/2014 um 20:25:05
# DB v2014-10-26.6
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : ***** - *****-PC
# Gestartet von : C:\Users\*****\Desktop\AdwCleaner_4.002.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files\NCH Software
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\*****\Desktop\Search.lnk
Verknüpfung Desinfiziert : C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v33.0.2 (x86 de)
*************************
AdwCleaner[R0].txt - [1759 octets] - [02/11/2014 20:18:48]
AdwCleaner[S0].txt - [1842 octets] - [02/11/2014 20:25:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1902 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 7 Professional x86
Ran by ***** on 02.11.2014 at 20:35:38,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\7ax84ufs.default\prefs.js
user_pref("browser.search.defaultenginename", "Web Search");
user_pref("browser.search.selectedEngine", "Web Search");
Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\7ax84ufs.default\minidumps [454 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.11.2014 at 20:40:31,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter
LastRegBack: 2014-10-18 12:23
==================== End Of Log ============================
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014
Ran by ***** (administrator) on *****-PC on 03-11-2014 13:03:41
Running from C:\Users\*****\Desktop
Loaded Profile: ***** (Available profiles: *****)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(brother Industries Ltd) C:\Windows\System32\BRSVC01A.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(brother Industries Ltd) C:\Windows\System32\BRSS01A.EXE
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Novell, Inc.) C:\Windows\System32\iprntsrv.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
() C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Opera Software) C:\Program Files\Opera\opera.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
Lsa: [Notification Packages] scecli iPrntWinCredMan
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-392681275-1122118515-239412949-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{058F7093-9463-40C6-87C5-7273FA39BD6A}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{76D888BF-CEBB-4FE6-887D-088F5D40201D}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{C4C73E85-B4F4-4B48-A13F-1BDC7AA9463B}: [NameServer] 193.189.244.206 193.189.244.225
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @novell.com/iPrint -> C:\Windows\system32 ()
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\abs@avira.com [2014-10-01]
FF Extension: HP Detect - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-11-11]
FF Extension: DownloadHelper - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-19]
FF Extension: Ghostery - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\firefox@ghostery.com.xpi [2014-01-27]
FF Extension: Grooveshark Unlocker - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-07-25]
FF Extension: NoScript - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-23]
FF Extension: LeechBlock - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2013-06-01]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-18]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-08-22]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688240 2014-04-09] (Juniper Networks)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-08] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 iprntsrv; C:\Windows\system32\iprntsrv.exe [102400 2014-06-23] (Novell, Inc.) [File not signed]
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [246112 2013-04-10] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 OpenVPNAccessClient; C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] () [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
S3 TDslMgrService; C:\Program Files\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH) [File not signed]
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [87120 2013-02-26] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [357456 2013-02-26] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [721048 2012-10-11] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [436304 2013-02-26] (VMware, Inc.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [563112 2014-08-15] (Cisco Systems, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2014-08-15] (Cisco Systems, Inc.)
S3 AF05BDA; C:\Windows\System32\drivers\AF05BDA.sys [117376 2006-12-05] (AfaTech )
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [26112 2010-04-29] (Google Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 cpuz136; C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [25320 2013-08-24] (CPUID)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [16448 2007-08-01] (T-Systems Enterprise Services GmbH)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2014-04-09] (Juniper Networks)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41496 2012-10-11] (VMware, Inc.)
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [99968 2009-02-09] (Guillemot Corporation) [File not signed]
R1 nipplpt2; C:\Windows\system32\drivers\nipplpt.sys [42464 2014-06-23] ()
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457984 2007-09-10] (PixArt Imaging Inc.) [File not signed]
R2 RTWTKRNL; C:\Windows\system32\drivers\rtwtkrnl.sys [52760 2012-01-02] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-14] (Avira GmbH)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [587136 2011-08-08] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [551168 2011-08-08] (eMPIA Technology, Inc.)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [26064 2013-02-26] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16664 2013-02-26] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37016 2013-02-26] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26192 2013-02-26] (VMware, Inc.)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2012-10-11] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [62416 2013-02-26] (VMware, Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-08-15] (Cisco Systems, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [61464 2012-10-24] (VMware, Inc.)
S3 catchme; \??\C:\Users\*****\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-03 13:03 - 2014-11-03 13:03 - 00018750 _____ () C:\Users\*****\Desktop\FRST.txt
2014-11-02 21:18 - 2014-11-02 21:18 - 00000000 ____D () C:\Users\*****\Desktop\FRST-OlderVersion
2014-11-02 21:18 - 2014-11-02 21:18 - 00000000 ____D () C:\Users\*****\Desktop\2 FRST
2014-11-02 20:42 - 2014-11-02 20:42 - 00000000 ____D () C:\Users\*****\Desktop\1 FRST
2014-11-02 20:40 - 2014-11-02 20:45 - 00001004 _____ () C:\Users\*****\Desktop\JRT.txt
2014-11-02 20:35 - 2014-11-02 20:35 - 00000000 ____D () C:\Windows\ERUNT
2014-11-02 20:31 - 2014-11-02 20:32 - 01706359 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-11-02 20:28 - 2014-11-02 20:46 - 00001759 _____ () C:\Users\*****\Desktop\AdwCleaner[R0].txt
2014-11-02 20:27 - 2014-11-02 20:46 - 00001982 _____ () C:\Users\*****\Desktop\AdwCleaner[S0].txt
2014-11-02 20:18 - 2014-11-02 20:25 - 00000000 ____D () C:\AdwCleaner
2014-11-02 20:17 - 2014-11-02 20:45 - 00006131 _____ () C:\Users\*****\Desktop\mbam.txt
2014-11-02 20:17 - 2014-11-02 20:17 - 01998336 _____ () C:\Users\*****\Desktop\AdwCleaner_4.002.exe
2014-11-02 19:20 - 2014-11-02 20:06 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 19:20 - 2014-11-02 19:20 - 00001084 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-02 19:20 - 2014-11-02 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-02 19:20 - 2014-11-02 19:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-02 19:20 - 2014-11-02 19:20 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-11-02 19:20 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-02 19:20 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-02 19:20 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-02 19:18 - 2014-11-02 19:18 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\*****\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-02 12:22 - 2014-11-02 12:23 - 00018696 _____ () C:\Users\*****\Desktop\ComboFix.txt
2014-11-02 12:13 - 2014-11-02 12:13 - 00018696 _____ () C:\ComboFix.txt
2014-11-02 11:46 - 2014-11-02 12:13 - 00000000 ____D () C:\Qoobox
2014-11-02 11:46 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-02 11:46 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-02 11:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-02 11:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-02 11:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-02 11:46 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-02 11:46 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-02 11:46 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-02 11:45 - 2014-11-02 12:11 - 00000000 ____D () C:\Windows\erdnt
2014-11-02 11:44 - 2014-11-02 11:44 - 00001246 _____ () C:\Users\*****\Desktop\Revo Uninstaller.lnk
2014-11-02 11:26 - 2014-11-02 11:44 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-11-02 11:23 - 2014-11-02 11:23 - 05591672 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2014-11-02 11:21 - 2014-11-02 11:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\*****\Desktop\revosetup95.exe
2014-11-01 23:49 - 2014-11-02 00:14 - 00011498 _____ () C:\Users\*****\Desktop\Gmer.txt
2014-11-01 23:19 - 2014-11-01 23:19 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-11-01 23:17 - 2014-11-01 23:17 - 00001142 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-01 12:32 - 2014-11-02 00:12 - 00037962 _____ () C:\Users\*****\Desktop\Addition.txt
2014-11-01 12:30 - 2014-11-03 13:03 - 00000000 ____D () C:\FRST
2014-11-01 12:27 - 2014-11-02 21:18 - 01106432 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-11-01 12:22 - 2014-11-02 00:14 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-11-01 12:22 - 2014-11-01 12:22 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-11-01 12:21 - 2014-11-01 12:21 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-11-01 12:11 - 2014-11-01 12:11 - 00000000 ____D () C:\Users\*****\Desktop\backups
2014-11-01 12:04 - 2014-11-01 12:04 - 00012770 _____ () C:\Users\*****\Desktop\hijackthis.log
2014-11-01 12:03 - 2014-11-01 12:03 - 00388608 _____ (Trend Micro Inc.) C:\Users\*****\Desktop\HijackThis.exe
2014-11-01 11:47 - 2014-11-03 12:55 - 00000000 ____D () C:\Users\*****\Desktop\Einladungen Geburtstag Papa
2014-11-01 11:17 - 2014-11-02 20:25 - 00001061 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-11-01 11:17 - 2014-11-02 20:25 - 00001031 _____ () C:\Users\*****\Desktop\Search.lnk
2014-10-30 23:58 - 2014-10-30 23:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-30 00:03 - 2014-10-30 11:25 - 00000000 ____D () C:\Users\*****\Desktop\Mathe Übungsblatt 2
2014-10-27 20:11 - 2014-10-27 20:17 - 00000000 ____D () C:\Users\*****\Desktop\AriadneTech Bewerbung 28.11.14
2014-10-26 21:20 - 2014-10-27 23:48 - 00000000 ____D () C:\Users\*****\Desktop\Bachelor-Verleihung
2014-10-26 16:08 - 2014-10-26 16:08 - 00002144 _____ () C:\Users\*****\Downloads\messaging_attachment.htm
2014-10-21 16:43 - 2014-10-27 23:48 - 00000000 ____D () C:\Users\*****\Desktop\Mathe Übung Blatt 1
2014-10-15 18:54 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 18:54 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 18:54 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 18:54 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 18:54 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 18:54 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 18:54 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 18:54 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 18:54 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 18:54 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 18:54 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 18:54 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 18:54 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 18:54 - 2014-09-19 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 18:54 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 18:54 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 18:54 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 18:54 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 18:54 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 18:54 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 18:54 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 18:54 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 18:54 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 18:54 - 2014-09-19 01:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 18:54 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 18:54 - 2014-09-19 01:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 18:54 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 18:54 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 18:54 - 2014-09-19 01:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 18:54 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 18:54 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 18:54 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 18:54 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 18:54 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 18:54 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 18:54 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 18:54 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 18:54 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 18:53 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 18:53 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 18:53 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 18:53 - 2014-08-19 03:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 18:53 - 2014-08-19 03:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 18:53 - 2014-08-19 03:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 18:53 - 2014-08-19 03:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 18:53 - 2014-08-19 02:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 18:53 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 18:53 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 18:53 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 18:53 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 18:53 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 18:53 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 18:53 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 18:53 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 18:53 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 18:53 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 18:53 - 2014-07-07 02:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 18:53 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 18:53 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 18:53 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 18:53 - 2014-07-07 02:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 18:53 - 2014-06-28 01:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 18:53 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 18:53 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 15:52 - 2014-10-14 15:53 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ControlCenter4
2014-10-14 15:52 - 2014-10-14 15:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\FLEXnet
2014-10-14 15:48 - 2014-10-14 15:48 - 00002110 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-10-14 15:47 - 2014-10-14 15:47 - 00000000 ____D () C:\ProgramData\ControlCenter4
2014-10-14 15:47 - 2014-10-14 15:47 - 00000000 ____D () C:\Program Files\ControlCenter4
2014-10-14 15:39 - 2014-10-14 15:39 - 00001890 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2014-10-14 15:39 - 2014-10-14 15:39 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Nuance
2014-10-14 15:39 - 2014-10-14 15:39 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-10-14 15:39 - 2014-10-14 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12
2014-10-14 15:38 - 2014-10-14 15:57 - 00000000 ____D () C:\ProgramData\Nuance
2014-10-14 15:38 - 2014-10-14 15:45 - 00000000 ____D () C:\Program Files\Nuance
2014-10-14 15:38 - 2014-10-14 15:38 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-10-14 15:38 - 2014-10-14 15:38 - 00000000 ____D () C:\Program Files\Common Files\ScanSoft Shared
2014-10-12 15:30 - 2014-10-12 15:30 - 00000853 _____ () C:\Users\*****\Desktop\eclipse.exe - Verknüpfung.lnk
2014-10-11 18:13 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141011-191315.backup
2014-10-11 18:12 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141011-191248.backup
2014-10-10 19:35 - 2014-10-29 13:07 - 00000000 ____D () C:\Users\*****\AppData\Local\Eclipse
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-03 12:41 - 2010-11-20 22:01 - 01637490 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-03 12:24 - 2012-08-20 17:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-03 12:17 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-03 12:17 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-03 12:15 - 2012-08-18 14:39 - 01804351 _____ () C:\Windows\WindowsUpdate.log
2014-11-03 12:14 - 2014-09-10 18:09 - 00001119 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-03 12:14 - 2014-08-11 02:19 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-03 12:14 - 2013-08-14 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-03 12:14 - 2013-08-14 20:00 - 00000000 ____D () C:\Program Files\Avira
2014-11-03 12:10 - 2012-08-20 18:58 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job
2014-11-03 12:07 - 2013-04-13 18:52 - 00000000 ____D () C:\ProgramData\VMware
2014-11-03 12:07 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-03 12:07 - 2009-07-14 05:39 - 00126785 _____ () C:\Windows\setupact.log
2014-11-02 20:26 - 2010-11-20 22:48 - 00318022 _____ () C:\Windows\PFRO.log
2014-11-02 16:51 - 2012-08-22 14:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-11-02 16:51 - 2012-08-20 15:17 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-11-02 12:13 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-11-02 12:13 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-11-02 12:06 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-01 12:22 - 2012-08-18 14:47 - 00000000 ____D () C:\Users\*****
2014-11-01 12:19 - 2012-08-18 15:29 - 00000000 ____D () C:\Setups
2014-10-31 13:49 - 2012-08-18 15:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-26 12:47 - 2012-08-20 22:45 - 00000000 ____D () C:\Windows\pss
2014-10-21 16:45 - 2013-04-13 18:58 - 00000000 ____D () C:\Users\*****\AppData\Local\VMware
2014-10-21 16:22 - 2013-04-13 18:58 - 00000000 ____D () C:\Users\*****\AppData\Roaming\VMware
2014-10-19 12:41 - 2012-08-18 19:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-19 12:40 - 2014-04-13 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-18 12:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-10-18 10:45 - 2013-04-14 21:37 - 00000000 ____D () C:\Users\*****\Documents\Virtual Machines
2014-10-18 10:37 - 2014-08-21 22:22 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-10-18 10:37 - 2012-08-20 17:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-18 10:37 - 2012-08-20 17:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-17 18:03 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 00:07 - 2009-07-14 05:33 - 00435256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 00:05 - 2014-05-08 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 00:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-16 00:27 - 2013-07-29 16:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 22:41 - 2012-08-18 17:03 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 18:35 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-14 18:59 - 2012-08-22 14:41 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-14 15:54 - 2012-08-18 15:37 - 00112864 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-14 15:48 - 2013-01-20 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-10-14 15:47 - 2013-01-20 16:20 - 00000000 ____D () C:\Program Files\Browny02
2014-10-14 15:47 - 2013-01-20 16:20 - 00000000 ____D () C:\Program Files\Brother
2014-10-14 15:46 - 2012-11-04 19:01 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-12 21:53 - 2012-08-18 19:13 - 01804758 _____ () C:\Windows\DPINST.LOG
2014-10-12 21:51 - 2014-10-01 19:30 - 00001996 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-10-12 21:51 - 2014-10-01 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-10-11 15:30 - 2014-05-21 00:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\inkscape
2014-10-09 18:08 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32
2014-10-09 09:35 - 2013-08-14 20:04 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-09 09:35 - 2013-08-14 20:00 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-09 09:35 - 2013-08-14 20:00 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\temp\avgnt.exe
C:\Users\*****\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8p0dfd.dll
C:\Users\*****\AppData\Local\temp\Quarantine.exe
C:\Users\*****\AppData\Local\temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-02 22:10
==================== End Of Log ============================
--- --- --- --- --- --- |
|
03.11.2014, 22:31
| #6 |
| /// the machine /// TB-Ausbilder | Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werdenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werden |
|
04.11.2014, 10:04
| #7 |
| | Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werden Hi schrauber, Bei dem ESET Log musste ich aus Datenschutzgründen einige Namen in den Pfaden streichen. Passt das trotzdem so? ESET Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ecc26f5bf9d33f41ace4de3056f6a491
# engine=20915
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-04 06:50:13
# local_time=2014-11-04 07:50:13 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 47179 159635991 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 38693548 166715004 0 0
# scanned=588931
# found=28
# cleaned=0
# scan_time=27184
sh=ABA32A0BF4960B1AB88953C36CF160625C78AC9B ft=1 fh=47eacc88b34b8f30 vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\CPUID\PC Wizard 2013\systweakasp_c.exe"
sh=0C1F2A8250263816784C7C204BF0187CC3B74DAE ft=1 fh=589abba3bb9db297 vn="Win32/StartPage.OPH Trojaner" ac=I fn="C:\Setups\vlc-2.0.3-win32.exe"
sh=FA5C1D1872C5C9B4E15F468005E664F1BB634CB3 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen Virus" ac=I fn="C:\Users\*****\AppData\Local\Mozilla\Firefox\Profiles\7ax84ufs.default\cache2\entries\83A51E00705F161C9AC5440E8E6879EB83E571AD"
sh=AD5D69913C865717D924EB37206EDA6DD1CAE102 ft=1 fh=16047ece737ee51d vn="Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung" ac=I fn="G:\Dokumente\Programmdateien, Keys usw\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="G:\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\!Einordnen BA\*****v10\Programme\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="G:\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\!Einordnen BA\ORdnen BA\*****v10\Programme\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="G:\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\*****v10\Programme\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="G:\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\*****v10b\Programme\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="G:\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\Thesis Dokumente 2\*****v10\Programme\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="G:\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\Thesis Dokumente 2\*****v6\Programme\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="G:\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\Thesis Dokumente 2\*****v7\Programme\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="G:\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\Thesis Dokumente 2\*****v8\Programme\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="G:\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\Thesis Dokumente 2\*****v9\Programme\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="G:\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\USB BA Kopien\17.04.2014\*****v10\Programme\bs_DICOM_Inspector.NET.exe"
sh=AD5D69913C865717D924EB37206EDA6DD1CAE102 ft=1 fh=16047ece737ee51d vn="Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung" ac=I fn="H:\Dateien 02.11.14\Dokumente\Programmdateien, Keys usw\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="H:\Dateien 02.11.14\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\!Einordnen BA\*****v10\Programme\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="H:\Dateien 02.11.14\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\!Einordnen BA\ORdnen BA\*****v10\Programme\bs_DICOM_Inspector.NET.exe"
sh=AD5D69913C865717D924EB37206EDA6DD1CAE102 ft=1 fh=16047ece737ee51d vn="Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung" ac=I fn="H:\Datensicherung 19.10.2014\Dokumente\Programmdateien, Keys usw\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="H:\Datensicherung 19.10.2014\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\!Einordnen BA\*****v10\Programme\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="H:\Datensicherung 19.10.2014\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\!Einordnen BA\ORdnen BA\*****v10\Programme\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="H:\Datensicherung 19.10.2014\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\*****v10\Programme\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="H:\Datensicherung 19.10.2014\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\*****v10b\Programme\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="H:\Datensicherung 19.10.2014\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\Thesis Dokumente 2\*****v10\Programme\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="H:\Datensicherung 19.10.2014\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\Thesis Dokumente 2\*****v6\Programme\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="H:\Datensicherung 19.10.2014\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\Thesis Dokumente 2\*****v7\Programme\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="H:\Datensicherung 19.10.2014\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\Thesis Dokumente 2\*****v8\Programme\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="H:\Datensicherung 19.10.2014\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\Thesis Dokumente 2\*****v9\Programme\bs_DICOM_Inspector.NET.exe"
sh=C2CB0A7B2BD583D982242E1FE4B10533C279EAD7 ft=1 fh=375d279c9263c6c6 vn="Variante von Win32/Toolbar.Conduit.AB evtl. unerwünschte Anwendung" ac=I fn="H:\Datensicherung 19.10.2014\Dokumente\Studium\!Bachelorstudium *****\***** Bachelorthesis\USB BA Kopien\17.04.2014\*****v10\Programme\bs_DICOM_Inspector.NET.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.89
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
JavaFX 2.1.1
Java 7 Update 67
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 15.0.0.189
Adobe Reader XI
Mozilla Firefox (33.0.2)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Mobile Partner OnlineUpdate ouc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST log: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014
Ran by ***** (administrator) on *****-PC on 04-11-2014 09:59:20
Running from C:\Users\*****\Desktop
Loaded Profile: ***** (Available profiles: *****)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(brother Industries Ltd) C:\Windows\System32\BRSVC01A.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(brother Industries Ltd) C:\Windows\System32\BRSS01A.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Novell, Inc.) C:\Windows\System32\iprntsrv.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
() C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
Lsa: [Notification Packages] scecli iPrntWinCredMan
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-392681275-1122118515-239412949-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{058F7093-9463-40C6-87C5-7273FA39BD6A}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{76D888BF-CEBB-4FE6-887D-088F5D40201D}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{C4C73E85-B4F4-4B48-A13F-1BDC7AA9463B}: [NameServer] 193.189.244.206 193.189.244.225
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @novell.com/iPrint -> C:\Windows\system32 ()
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\abs@avira.com [2014-10-01]
FF Extension: HP Detect - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-11-11]
FF Extension: DownloadHelper - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-19]
FF Extension: Ghostery - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\firefox@ghostery.com.xpi [2014-01-27]
FF Extension: Grooveshark Unlocker - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-07-25]
FF Extension: NoScript - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-23]
FF Extension: LeechBlock - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2013-06-01]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-18]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-08-22]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688240 2014-04-09] (Juniper Networks)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-08] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 iprntsrv; C:\Windows\system32\iprntsrv.exe [102400 2014-06-23] (Novell, Inc.) [File not signed]
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [246112 2013-04-10] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 OpenVPNAccessClient; C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] () [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
S3 TDslMgrService; C:\Program Files\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH) [File not signed]
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [87120 2013-02-26] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [357456 2013-02-26] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [721048 2012-10-11] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [436304 2013-02-26] (VMware, Inc.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [563112 2014-08-15] (Cisco Systems, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2014-08-15] (Cisco Systems, Inc.)
S3 AF05BDA; C:\Windows\System32\drivers\AF05BDA.sys [117376 2006-12-05] (AfaTech )
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [26112 2010-04-29] (Google Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 cpuz136; C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [25320 2013-08-24] (CPUID)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [16448 2007-08-01] (T-Systems Enterprise Services GmbH)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2014-04-09] (Juniper Networks)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41496 2012-10-11] (VMware, Inc.)
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [99968 2009-02-09] (Guillemot Corporation) [File not signed]
R1 nipplpt2; C:\Windows\system32\drivers\nipplpt.sys [42464 2014-06-23] ()
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457984 2007-09-10] (PixArt Imaging Inc.) [File not signed]
R2 RTWTKRNL; C:\Windows\system32\drivers\rtwtkrnl.sys [52760 2012-01-02] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-14] (Avira GmbH)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [587136 2011-08-08] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [551168 2011-08-08] (eMPIA Technology, Inc.)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [26064 2013-02-26] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16664 2013-02-26] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37016 2013-02-26] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26192 2013-02-26] (VMware, Inc.)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2012-10-11] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [62416 2013-02-26] (VMware, Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-08-15] (Cisco Systems, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [61464 2012-10-24] (VMware, Inc.)
S3 catchme; \??\C:\Users\*****\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-04 09:50 - 2014-11-04 09:51 - 00000000 ____D () C:\Users\*****\Desktop\ESET an
2014-11-04 08:09 - 2014-11-04 08:09 - 00854448 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-11-04 08:04 - 2014-11-04 08:04 - 00000000 ____D () C:\Users\*****\Desktop\ESET
2014-11-03 23:11 - 2014-11-03 23:11 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_deu.exe
2014-11-03 13:03 - 2014-11-04 09:59 - 00018755 _____ () C:\Users\*****\Desktop\FRST.txt
2014-11-02 21:18 - 2014-11-02 21:18 - 00000000 ____D () C:\Users\*****\Desktop\FRST-OlderVersion
2014-11-02 21:18 - 2014-11-02 21:18 - 00000000 ____D () C:\Users\*****\Desktop\2 FRST
2014-11-02 20:42 - 2014-11-02 20:42 - 00000000 ____D () C:\Users\*****\Desktop\1 FRST
2014-11-02 20:40 - 2014-11-02 20:45 - 00001004 _____ () C:\Users\*****\Desktop\JRT.txt
2014-11-02 20:35 - 2014-11-02 20:35 - 00000000 ____D () C:\Windows\ERUNT
2014-11-02 20:31 - 2014-11-02 20:32 - 01706359 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-11-02 20:28 - 2014-11-02 20:46 - 00001759 _____ () C:\Users\*****\Desktop\AdwCleaner[R0].txt
2014-11-02 20:27 - 2014-11-02 20:46 - 00001982 _____ () C:\Users\*****\Desktop\AdwCleaner[S0].txt
2014-11-02 20:18 - 2014-11-02 20:25 - 00000000 ____D () C:\AdwCleaner
2014-11-02 20:17 - 2014-11-02 20:45 - 00006131 _____ () C:\Users\*****\Desktop\mbam.txt
2014-11-02 20:17 - 2014-11-02 20:17 - 01998336 _____ () C:\Users\*****\Desktop\AdwCleaner_4.002.exe
2014-11-02 19:20 - 2014-11-02 20:06 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 19:20 - 2014-11-02 19:20 - 00001084 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-02 19:20 - 2014-11-02 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-02 19:20 - 2014-11-02 19:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-02 19:20 - 2014-11-02 19:20 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-11-02 19:20 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-02 19:20 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-02 19:20 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-02 19:18 - 2014-11-02 19:18 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\*****\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-02 12:22 - 2014-11-02 12:23 - 00018696 _____ () C:\Users\*****\Desktop\ComboFix.txt
2014-11-02 12:13 - 2014-11-02 12:13 - 00018696 _____ () C:\ComboFix.txt
2014-11-02 11:46 - 2014-11-02 12:13 - 00000000 ____D () C:\Qoobox
2014-11-02 11:46 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-02 11:46 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-02 11:46 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-02 11:46 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-02 11:46 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-02 11:46 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-02 11:46 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-02 11:46 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-02 11:45 - 2014-11-02 12:11 - 00000000 ____D () C:\Windows\erdnt
2014-11-02 11:44 - 2014-11-02 11:44 - 00001246 _____ () C:\Users\*****\Desktop\Revo Uninstaller.lnk
2014-11-02 11:26 - 2014-11-02 11:44 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-11-02 11:23 - 2014-11-02 11:23 - 05591672 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2014-11-02 11:21 - 2014-11-02 11:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\*****\Desktop\revosetup95.exe
2014-11-01 23:49 - 2014-11-02 00:14 - 00011498 _____ () C:\Users\*****\Desktop\Gmer.txt
2014-11-01 23:19 - 2014-11-01 23:19 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-11-01 23:17 - 2014-11-01 23:17 - 00001142 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-01 12:32 - 2014-11-02 00:12 - 00037962 _____ () C:\Users\*****\Desktop\Addition.txt
2014-11-01 12:30 - 2014-11-04 09:59 - 00000000 ____D () C:\FRST
2014-11-01 12:27 - 2014-11-02 21:18 - 01106432 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-11-01 12:22 - 2014-11-02 00:14 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-11-01 12:22 - 2014-11-01 12:22 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-11-01 12:21 - 2014-11-01 12:21 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-11-01 12:11 - 2014-11-01 12:11 - 00000000 ____D () C:\Users\*****\Desktop\backups
2014-11-01 12:04 - 2014-11-01 12:04 - 00012770 _____ () C:\Users\*****\Desktop\hijackthis.log
2014-11-01 12:03 - 2014-11-01 12:03 - 00388608 _____ (Trend Micro Inc.) C:\Users\*****\Desktop\HijackThis.exe
2014-11-01 11:47 - 2014-11-03 21:12 - 00000000 ____D () C:\Users\*****\Desktop\Einladungen Geburtstag Papa
2014-11-01 11:17 - 2014-11-02 20:25 - 00001061 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-11-01 11:17 - 2014-11-02 20:25 - 00001031 _____ () C:\Users\*****\Desktop\Search.lnk
2014-10-30 23:58 - 2014-10-30 23:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-30 00:03 - 2014-10-30 11:25 - 00000000 ____D () C:\Users\*****\Desktop\Mathe Übungsblatt 2
2014-10-27 20:11 - 2014-10-27 20:17 - 00000000 ____D () C:\Users\*****\Desktop\AriadneTech Bewerbung 28.11.14
2014-10-26 21:20 - 2014-10-27 23:48 - 00000000 ____D () C:\Users\*****\Desktop\Bachelor-Verleihung
2014-10-26 16:08 - 2014-10-26 16:08 - 00002144 _____ () C:\Users\*****\Downloads\messaging_attachment.htm
2014-10-21 16:43 - 2014-10-27 23:48 - 00000000 ____D () C:\Users\*****\Desktop\Mathe Übung Blatt 1
2014-10-15 18:54 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 18:54 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 18:54 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 18:54 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 18:54 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 18:54 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 18:54 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 18:54 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 18:54 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 18:54 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 18:54 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 18:54 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 18:54 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 18:54 - 2014-09-19 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 18:54 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 18:54 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 18:54 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 18:54 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 18:54 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 18:54 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 18:54 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 18:54 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 18:54 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 18:54 - 2014-09-19 01:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 18:54 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 18:54 - 2014-09-19 01:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 18:54 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 18:54 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 18:54 - 2014-09-19 01:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 18:54 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 18:54 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 18:54 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 18:54 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 18:54 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 18:54 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 18:54 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 18:54 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 18:54 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 18:53 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 18:53 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 18:53 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 18:53 - 2014-08-19 03:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 18:53 - 2014-08-19 03:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 18:53 - 2014-08-19 03:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 18:53 - 2014-08-19 03:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 18:53 - 2014-08-19 02:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 18:53 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 18:53 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 18:53 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 18:53 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 18:53 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 18:53 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 18:53 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 18:53 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 18:53 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 18:53 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 18:53 - 2014-07-07 02:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 18:53 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 18:53 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 18:53 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 18:53 - 2014-07-07 02:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 18:53 - 2014-06-28 01:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 18:53 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 18:53 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 15:52 - 2014-10-14 15:53 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ControlCenter4
2014-10-14 15:52 - 2014-10-14 15:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\FLEXnet
2014-10-14 15:48 - 2014-10-14 15:48 - 00002110 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-10-14 15:47 - 2014-10-14 15:47 - 00000000 ____D () C:\ProgramData\ControlCenter4
2014-10-14 15:47 - 2014-10-14 15:47 - 00000000 ____D () C:\Program Files\ControlCenter4
2014-10-14 15:39 - 2014-10-14 15:39 - 00001890 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2014-10-14 15:39 - 2014-10-14 15:39 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Nuance
2014-10-14 15:39 - 2014-10-14 15:39 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-10-14 15:39 - 2014-10-14 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12
2014-10-14 15:38 - 2014-10-14 15:57 - 00000000 ____D () C:\ProgramData\Nuance
2014-10-14 15:38 - 2014-10-14 15:45 - 00000000 ____D () C:\Program Files\Nuance
2014-10-14 15:38 - 2014-10-14 15:38 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-10-14 15:38 - 2014-10-14 15:38 - 00000000 ____D () C:\Program Files\Common Files\ScanSoft Shared
2014-10-12 15:30 - 2014-10-12 15:30 - 00000853 _____ () C:\Users\*****\Desktop\eclipse.exe - Verknüpfung.lnk
2014-10-11 18:13 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141011-191315.backup
2014-10-11 18:12 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141011-191248.backup
2014-10-10 19:35 - 2014-10-29 13:07 - 00000000 ____D () C:\Users\*****\AppData\Local\Eclipse
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-04 09:24 - 2012-08-20 17:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-04 08:05 - 2012-08-20 18:58 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job
2014-11-04 03:00 - 2012-08-18 14:39 - 01833165 _____ () C:\Windows\WindowsUpdate.log
2014-11-03 23:05 - 2012-08-20 15:17 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-11-03 19:45 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-03 19:45 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-03 19:37 - 2013-04-13 18:52 - 00000000 ____D () C:\ProgramData\VMware
2014-11-03 19:37 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-03 19:37 - 2009-07-14 05:39 - 00126897 _____ () C:\Windows\setupact.log
2014-11-03 12:41 - 2010-11-20 22:01 - 01637490 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-03 12:14 - 2014-09-10 18:09 - 00001119 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-03 12:14 - 2014-08-11 02:19 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-03 12:14 - 2013-08-14 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-03 12:14 - 2013-08-14 20:00 - 00000000 ____D () C:\Program Files\Avira
2014-11-02 20:26 - 2010-11-20 22:48 - 00318022 _____ () C:\Windows\PFRO.log
2014-11-02 16:51 - 2012-08-22 14:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-11-02 12:13 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-11-02 12:13 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-11-02 12:06 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-01 12:22 - 2012-08-18 14:47 - 00000000 ____D () C:\Users\*****
2014-11-01 12:19 - 2012-08-18 15:29 - 00000000 ____D () C:\Setups
2014-10-31 13:49 - 2012-08-18 15:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-26 12:47 - 2012-08-20 22:45 - 00000000 ____D () C:\Windows\pss
2014-10-21 16:45 - 2013-04-13 18:58 - 00000000 ____D () C:\Users\*****\AppData\Local\VMware
2014-10-21 16:22 - 2013-04-13 18:58 - 00000000 ____D () C:\Users\*****\AppData\Roaming\VMware
2014-10-19 12:41 - 2012-08-18 19:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-19 12:40 - 2014-04-13 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-18 12:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-10-18 10:45 - 2013-04-14 21:37 - 00000000 ____D () C:\Users\*****\Documents\Virtual Machines
2014-10-18 10:37 - 2014-08-21 22:22 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-10-18 10:37 - 2012-08-20 17:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-18 10:37 - 2012-08-20 17:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-17 18:03 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 00:07 - 2009-07-14 05:33 - 00435256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 00:05 - 2014-05-08 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 00:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-16 00:27 - 2013-07-29 16:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 22:41 - 2012-08-18 17:03 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 18:35 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-14 18:59 - 2012-08-22 14:41 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-14 15:54 - 2012-08-18 15:37 - 00112864 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-14 15:48 - 2013-01-20 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-10-14 15:47 - 2013-01-20 16:20 - 00000000 ____D () C:\Program Files\Browny02
2014-10-14 15:47 - 2013-01-20 16:20 - 00000000 ____D () C:\Program Files\Brother
2014-10-14 15:46 - 2012-11-04 19:01 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-12 21:53 - 2012-08-18 19:13 - 01804758 _____ () C:\Windows\DPINST.LOG
2014-10-12 21:51 - 2014-10-01 19:30 - 00001996 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-10-12 21:51 - 2014-10-01 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-10-11 15:30 - 2014-05-21 00:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\inkscape
2014-10-09 18:08 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32
2014-10-09 09:35 - 2013-08-14 20:04 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-09 09:35 - 2013-08-14 20:00 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-09 09:35 - 2013-08-14 20:00 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\temp\avgnt.exe
C:\Users\*****\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8p0dfd.dll
C:\Users\*****\AppData\Local\temp\Foxit Reader Updater.exe
C:\Users\*****\AppData\Local\temp\Quarantine.exe
C:\Users\*****\AppData\Local\temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-02 22:10
==================== End Of Log ============================
--- --- --- |
|
04.11.2014, 20:29
| #8 |
| /// the machine /// TB-Ausbilder | Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werden Flash updaten. Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.11.2014, 21:49
| #9 |
| | Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werden Ich finde leider nur das Adobe Flash Player 15.0.0.189 Plugin. Das ist laut Adobe HP die aktuellste Version, welche auch schon installiert ist. Den aktuellsten Adobe Flash Player 15 ActiveX finde ich auf der Herstellerseite nur als Debugger-Version. Soll ich diese Version installieren? |
|
05.11.2014, 17:30
| #10 |
| /// the machine /// TB-Ausbilder | Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werden Nee passt schon. Deinstalliere aber den alten Flash 10
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.11.2014, 16:29
| #11 |
| | Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werden Ok, ist erledigt |
|
07.11.2014, 08:43
| #12 |
| /// the machine /// TB-Ausbilder | Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werden Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.11.2014, 15:11
| #13 |
| | Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werden Hi schrauber, vielen, vielen Dank für deine schnelle und sehr gute Hilfe! Eine Frage habe ich noch: Kann ich die Dateien in der MBAM-Quarantäne löschen? LG HulaHula |
|
09.11.2014, 07:52
| #14 |
| /// the machine /// TB-Ausbilder | Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werden Ja kannste machen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werden |
| device driver, fehlercode 0x5, fehlercode 22, fehlercode 28, fehlercode windows, html/iframe.b.gen, linkury, msil/advancedsystemprotector.d, newtab, officejet, pup.optional.helperbar.a, pup.optional.snapdo.t, safer networking, spotify web helper, this device is disabled. (code 22), tr/agent.337922), win32/startpage.oph, win32/toolbar.conduit.ab, win32/toolbar.conduit.ae, yahoo community smartbar entfernen |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
