| |
| |||||||
Log-Analyse und Auswertung: Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werdenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.11.2014, 00:19
| #1 |
| |  Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werden Hallo :-) leider habe ich mir, seit ich ein Schriftpaket von einer eigentlich sicheren Seite heruntergeladen habe, einen Trojaner (TR/Agent.337922) eingefangen. Zusätzlich bekomme ich das Programm Search nicht mehr deinstalliert, weil es schon gar nicht unter Programme und Funktionen in der Softwareliste steht. Nun habe ich laut Info für Hilfesuchende die entsprechenden Programme durchlaufen lassen und hoffe, dass ihr mir helfen könnt! Wäre sehr froh über Eure Hilfe! defogger_disable Log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:52 on 01/11/2014 (*****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-11-2014
Ran by ***** (administrator) on *****-PC on 01-11-2014 12:30:44
Running from C:\Users\*****\Desktop
Loaded Profile: ***** (Available profiles: *****)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(brother Industries Ltd) C:\Windows\System32\BRSVC01A.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(brother Industries Ltd) C:\Windows\System32\BRSS01A.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Novell, Inc.) C:\Windows\System32\iprntsrv.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
() C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Smartbar) C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Opera Software) C:\Program Files\Opera\opera.exe
() C:\Users\*****\AppData\Local\Smartbar\Application\Lrcnta.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.exe [29696 2014-08-27] (Smartbar)
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {12c8040d-0983-11e2-93dc-0021863250a3} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {2996dc87-d47d-11e3-aa31-0021863250a3} - H:\Startme.exe
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {632ac703-f808-11e1-beec-0021863250a3} - I:\setup.exe
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {65b42b4f-a1f2-11e2-ad50-0021863250a3} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {65b42b51-a1f2-11e2-ad50-0021863250a3} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {65b42bc5-a1f2-11e2-ad50-0021863250a3} - F:\AutoRun.exe
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {65b42bdd-a1f2-11e2-ad50-0021863250a3} - F:\AutoRun.exe
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {99042775-a6d4-11e2-bc9d-0021863250a3} - F:\AutoRun.exe
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {a18ad394-b751-11e2-80a6-0021863250a3} - F:\AutoRun.exe
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {d89c29fb-918f-11e2-a81e-0021863250a3} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-392681275-1122118515-239412949-1000\...\MountPoints2: {d89c2a4e-918f-11e2-a81e-0021863250a3} - H:\setup_vmc_lite.exe /checkApplicationPresence
Lsa: [Notification Packages] scecli iPrntWinCredMan
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc72qdcmyMBIVgFa4mUMw,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0qqSrx5vdU8jun3PWeLf4rIfAhvX7xyrrfz2iWr2hR1iWX-W6_tH126hkB7atApvRampUFUeKO51cCwy2bARNig6QHednZqPDqWA,,
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc72qdcmyMBIVgFa4mUMw,,&q={searchTerms}
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc-YGd0wUzafP7QfSHtUQ,,&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc-YGd0wUzafP7QfSHtUQ,,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc72qdcmyMBIVgFa4mUMw,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc72qdcmyMBIVgFa4mUMw,,&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 22 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{058F7093-9463-40C6-87C5-7273FA39BD6A}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{76D888BF-CEBB-4FE6-887D-088F5D40201D}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{C4C73E85-B4F4-4B48-A13F-1BDC7AA9463B}: [NameServer] 193.189.244.206 193.189.244.225
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default
FF NewTab: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0sGxfBXV0j0OWZzdZykAeEk8YCSPDQR8ZT1M50f4nurMrMwPNePosar78vrHdCE3R6Gf0yw0GSPzT3dumK4kKQYccCl4YzeZay5w,,
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0qqSrx5vdU8jun3PWeLf4rIfAhvX7xyrrfz2iWr2hR1iWX-W6_tH126hkB7atApvRampUFUeKO51cCwy2bARNig6QHednZqPDqWA,,
FF Keyword.URL: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxiWOLFEAbbBbDGRz_oVAaL8QxNHbhTKXubzwq7AsoeoKh6WBmsUlDJja19YUyJK9Z0m5oGqxymOnvuXRHS1qtbCaRrU_p180KPd4lN70Ryk0eh0thnZCKs0lGYtknNriv6EMpMBo8omUY2Xryc72qdcmyMBIVgFa4mUMw,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @novell.com/iPrint -> C:\Windows\system32 ()
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\abs@avira.com [2014-10-01]
FF Extension: HP Detect - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-11-11]
FF Extension: DownloadHelper - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-19]
FF Extension: Ghostery - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\firefox@ghostery.com.xpi [2014-01-27]
FF Extension: Grooveshark Unlocker - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-07-25]
FF Extension: NoScript - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-23]
FF Extension: LeechBlock - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2013-06-01]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7ax84ufs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-18]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-08-22]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688240 2014-04-09] (Juniper Networks)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-08] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 iprntsrv; C:\Windows\system32\iprntsrv.exe [102400 2014-06-23] (Novell, Inc.) [File not signed]
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [246112 2013-04-10] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 OpenVPNAccessClient; C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] () [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
S3 TDslMgrService; C:\Program Files\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH) [File not signed]
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [87120 2013-02-26] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [357456 2013-02-26] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [721048 2012-10-11] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [436304 2013-02-26] (VMware, Inc.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [563112 2014-08-15] (Cisco Systems, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2014-08-15] (Cisco Systems, Inc.)
S3 AF05BDA; C:\Windows\System32\drivers\AF05BDA.sys [117376 2006-12-05] (AfaTech )
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [26112 2010-04-29] (Google Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 cpuz136; C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [25320 2013-08-24] (CPUID)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [16448 2007-08-01] (T-Systems Enterprise Services GmbH)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2014-04-09] (Juniper Networks)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41496 2012-10-11] (VMware, Inc.)
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [99968 2009-02-09] (Guillemot Corporation) [File not signed]
R1 nipplpt2; C:\Windows\system32\drivers\nipplpt.sys [42464 2014-06-23] ()
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457984 2007-09-10] (PixArt Imaging Inc.) [File not signed]
R2 RTWTKRNL; C:\Windows\system32\drivers\rtwtkrnl.sys [52760 2012-01-02] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-14] (Avira GmbH)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [587136 2011-08-08] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [551168 2011-08-08] (eMPIA Technology, Inc.)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [26064 2013-02-26] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16664 2013-02-26] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37016 2013-02-26] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26192 2013-02-26] (VMware, Inc.)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2012-10-11] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [62416 2013-02-26] (VMware, Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-08-15] (Cisco Systems, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [61464 2012-10-24] (VMware, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-01 12:30 - 2014-11-01 12:31 - 00024776 _____ () C:\Users\*****\Desktop\FRST.txt
2014-11-01 12:30 - 2014-11-01 12:30 - 00000000 ____D () C:\FRST
2014-11-01 12:27 - 2014-11-01 12:27 - 01105920 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-11-01 12:22 - 2014-11-01 12:23 - 00000472 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-11-01 12:22 - 2014-11-01 12:22 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-11-01 12:21 - 2014-11-01 12:21 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-11-01 12:11 - 2014-11-01 12:11 - 00000000 ____D () C:\Users\*****\Desktop\backups
2014-11-01 12:04 - 2014-11-01 12:04 - 00012770 _____ () C:\Users\*****\Desktop\hijackthis.log
2014-11-01 12:03 - 2014-11-01 12:03 - 00388608 _____ (Trend Micro Inc.) C:\Users\*****\Desktop\HijackThis.exe
2014-11-01 11:47 - 2014-11-01 12:01 - 00000000 ____D () C:\Users\*****\Desktop\Einladungen Geburtstag Papa
2014-11-01 11:17 - 2014-11-01 11:17 - 00002468 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-11-01 11:17 - 2014-11-01 11:17 - 00002406 _____ () C:\Users\*****\Desktop\Search.lnk
2014-11-01 11:16 - 2014-11-01 11:16 - 00000000 ____D () C:\Users\*****\AppData\Local\Smartbar
2014-11-01 11:16 - 2014-11-01 11:16 - 00000000 ____D () C:\Users\*****\AppData\Local\LPT
2014-10-30 23:58 - 2014-10-30 23:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-30 00:03 - 2014-10-30 11:25 - 00000000 ____D () C:\Users\*****\Desktop\Mathe Übungsblatt 2
2014-10-27 20:11 - 2014-10-27 20:17 - 00000000 ____D () C:\Users\*****\Desktop\AriadneTech Bewerbung 28.11.14
2014-10-26 21:20 - 2014-10-27 23:48 - 00000000 ____D () C:\Users\*****\Desktop\Bachelor-Verleihung
2014-10-26 16:08 - 2014-10-26 16:08 - 00002144 _____ () C:\Users\*****\Downloads\messaging_attachment.htm
2014-10-21 16:43 - 2014-10-27 23:48 - 00000000 ____D () C:\Users\*****\Desktop\Mathe Übung Blatt 1
2014-10-15 18:54 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 18:54 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 18:54 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 18:54 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 18:54 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 18:54 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 18:54 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 18:54 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 18:54 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 18:54 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 18:54 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 18:54 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 18:54 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 18:54 - 2014-09-19 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 18:54 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 18:54 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 18:54 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 18:54 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 18:54 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 18:54 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 18:54 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 18:54 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 18:54 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 18:54 - 2014-09-19 01:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 18:54 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 18:54 - 2014-09-19 01:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 18:54 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 18:54 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 18:54 - 2014-09-19 01:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 18:54 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 18:54 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 18:54 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 18:54 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 18:54 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 18:54 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 18:54 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 18:54 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 18:54 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 18:53 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 18:53 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 18:53 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 18:53 - 2014-08-19 03:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 18:53 - 2014-08-19 03:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 18:53 - 2014-08-19 03:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 18:53 - 2014-08-19 03:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 18:53 - 2014-08-19 02:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 18:53 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 18:53 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 18:53 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 18:53 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 18:53 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 18:53 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 18:53 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 18:53 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 18:53 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 18:53 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 18:53 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 18:53 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 18:53 - 2014-07-07 02:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 18:53 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 18:53 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 18:53 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 18:53 - 2014-07-07 02:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 18:53 - 2014-06-28 01:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 18:53 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 18:53 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 15:52 - 2014-10-14 15:53 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ControlCenter4
2014-10-14 15:52 - 2014-10-14 15:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\FLEXnet
2014-10-14 15:48 - 2014-10-14 15:48 - 00002110 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-10-14 15:47 - 2014-10-14 15:47 - 00000000 ____D () C:\ProgramData\ControlCenter4
2014-10-14 15:47 - 2014-10-14 15:47 - 00000000 ____D () C:\Program Files\ControlCenter4
2014-10-14 15:39 - 2014-10-14 15:39 - 00001890 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2014-10-14 15:39 - 2014-10-14 15:39 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Nuance
2014-10-14 15:39 - 2014-10-14 15:39 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-10-14 15:39 - 2014-10-14 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12
2014-10-14 15:38 - 2014-10-14 15:57 - 00000000 ____D () C:\ProgramData\Nuance
2014-10-14 15:38 - 2014-10-14 15:45 - 00000000 ____D () C:\Program Files\Nuance
2014-10-14 15:38 - 2014-10-14 15:38 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-10-14 15:38 - 2014-10-14 15:38 - 00000000 ____D () C:\Program Files\Common Files\ScanSoft Shared
2014-10-12 15:30 - 2014-10-12 15:30 - 00000853 _____ () C:\Users\*****\Desktop\eclipse.exe - Verknüpfung.lnk
2014-10-11 18:13 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141011-191315.backup
2014-10-11 18:12 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141011-191248.backup
2014-10-10 19:35 - 2014-10-29 13:07 - 00000000 ____D () C:\Users\*****\AppData\Local\Eclipse
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-01 12:24 - 2012-08-20 17:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-01 12:22 - 2012-08-18 14:47 - 00000000 ____D () C:\Users\*****
2014-11-01 12:19 - 2012-08-18 15:29 - 00000000 ____D () C:\Setups
2014-11-01 10:49 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-01 10:49 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-01 10:48 - 2012-08-18 14:39 - 01715315 _____ () C:\Windows\WindowsUpdate.log
2014-11-01 10:44 - 2012-08-20 18:58 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job
2014-11-01 10:40 - 2013-04-13 18:52 - 00000000 ____D () C:\ProgramData\VMware
2014-11-01 10:40 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-01 10:40 - 2009-07-14 05:39 - 00126449 _____ () C:\Windows\setupact.log
2014-10-31 21:49 - 2012-08-22 14:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-10-31 21:39 - 2010-11-20 22:01 - 01637490 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-31 13:49 - 2012-08-18 15:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-29 20:41 - 2012-08-20 15:17 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-10-26 12:47 - 2012-08-20 22:45 - 00000000 ____D () C:\Windows\pss
2014-10-21 16:45 - 2013-04-13 18:58 - 00000000 ____D () C:\Users\*****\AppData\Local\VMware
2014-10-21 16:22 - 2013-04-13 18:58 - 00000000 ____D () C:\Users\*****\AppData\Roaming\VMware
2014-10-19 12:41 - 2012-08-18 19:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-19 12:40 - 2014-04-13 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-18 12:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-10-18 10:45 - 2013-04-14 21:37 - 00000000 ____D () C:\Users\*****\Documents\Virtual Machines
2014-10-18 10:37 - 2014-08-21 22:22 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-10-18 10:37 - 2012-08-20 17:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-18 10:37 - 2012-08-20 17:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-17 18:03 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 00:07 - 2009-07-14 05:33 - 00435256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 00:05 - 2014-05-08 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 00:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-16 00:27 - 2013-07-29 16:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 22:41 - 2012-08-18 17:03 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 18:35 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-15 08:24 - 2014-09-10 18:09 - 00001119 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-15 08:24 - 2014-08-11 02:19 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-15 08:24 - 2013-08-14 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-15 08:24 - 2013-08-14 20:00 - 00000000 ____D () C:\Program Files\Avira
2014-10-14 18:59 - 2012-08-22 14:41 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-14 15:54 - 2012-08-18 15:37 - 00112864 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-14 15:48 - 2013-01-20 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-10-14 15:47 - 2013-01-20 16:20 - 00000000 ____D () C:\Program Files\Browny02
2014-10-14 15:47 - 2013-01-20 16:20 - 00000000 ____D () C:\Program Files\Brother
2014-10-14 15:46 - 2012-11-04 19:01 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-12 21:53 - 2012-08-18 19:13 - 01804758 _____ () C:\Windows\DPINST.LOG
2014-10-12 21:51 - 2014-10-01 19:30 - 00001996 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-10-12 21:51 - 2014-10-01 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-10-12 01:23 - 2010-11-20 22:48 - 00316096 _____ () C:\Windows\PFRO.log
2014-10-11 15:30 - 2014-05-21 00:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\inkscape
2014-10-09 18:08 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32
2014-10-09 09:35 - 2013-08-14 20:04 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-09 09:35 - 2013-08-14 20:00 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-09 09:35 - 2013-08-14 20:00 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp247kgd.dll
C:\Users\*****\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\*****\AppData\Local\Temp\ose00000.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\somoto_ChopinScript_1.0.exe
C:\Users\*****\AppData\Local\Temp\_is26F3.exe
C:\Users\*****\AppData\Local\Temp\_is3024.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-18 12:23
==================== End Of Log ============================
Additions Log: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-11-2014
Ran by ***** at 2014-11-01 12:32:12
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
- Siemens MedSW)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
4500_G510nz_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adblock Plus for IE (32-bit) (HKLM\...\{21B632E1-4B3D-4AC2-9ABD-E00544F67D48}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\{922E8525-AC7E-4294-ACAA-43712D4423C0}) (Version: 10.0.22.87 - Adobe Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Audacity 2.0.2 (HKLM\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avira (HKLM\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Brother MFL-Pro Suite DCP-7055 (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version: - )
Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05182 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.05182 - Cisco Systems, Inc.) Hidden
Cyberduck 4.2.1 (9350) (HKLM\...\Cyberduck) (Version: 4.2.1 (9350) - )
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DICOM Inspector.NET (HKLM\...\{A9F16121-CBDD-4CF9-89F7-7AE61E3410E4}) (Version: 1.0.0 - wrs)
DicomEdit (HKLM\...\{225D0EDC-F44B-4F36-98F7-944E5169B97F}) (Version: 8.0
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DSL-Manager (HKLM\...\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}) (Version: - )
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GO Contact Sync Mod (HKLM\...\{6CF50AEE-2F3E-4D01-999E-91BEB5CDB9B3}) (Version: 3.5.22 - WebGear, Create Software, Stru.be, saller.NET)
GO Contact Sync Mod (HKLM\...\{D486452A-63E4-4FBA-953B-9080266077A0}) (Version: 3.8.0 - WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET + Big-R)
Google Calendar Sync (HKLM\...\Google Calendar Sync) (Version: - )
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
GroupWise (HKLM\...\{C98B6523-9B2A-40D9-A722-D24CADD131AC}) (Version: 12.0.2 - Novell)
GroupWise Client - VC Runtimes (release) (Version: 2.00.0000 - Novell) Hidden
HL-2130 (HKLM\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM\...\{69FD2930-C361-47F6-822E-71B021526778}) (Version: 11.50.0015 - Hewlett-Packard Company)
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
IBM SPSS Statistics 19 (HKLM\...\{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}) (Version: 19.0.0 - SPSS Inc., an IBM Company)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron JMB38X Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.20.07 - JMicron Technology Corp.)
Juniper Networks Network Connect 7.0.0 (HKLM\...\Juniper Network Connect 7.0.0) (Version: 7.0.0.18809 - Juniper Networks)
Juniper Networks Network Connect 7.4.0 (HKLM\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30611 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.4.9.44981 - Juniper Networks, Inc.)
MATLAB R2012a (HKLM\...\Matlab R2012a) (Version: 7.14 - The MathWorks, Inc.)
MGTEK MiniIDE 1.19 (HKLM\...\{A933C7DE-E96A-4A27-BE68-57297196E274}) (Version: 1.19.176 - MGTEK)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools DEU (HKLM\...\{E32260E7-0B10-43C7-9B77-AB9F4184676D}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 DEU (HKLM\...\{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C# 2008 Express Edition - DEU (HKLM\...\Microsoft Visual C# 2008 Express Edition - DEU) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 21.005.15.00.705 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 33.0.2 (x86 de) (HKLM\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MVE (HKLM\...\MVE - Medical Volume Explorer_is1) (Version: - Dr. Jürgen Abel)
Network (Version: 130.0.550.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM\...\Notepad++) (Version: 6.2.3 - )
Novell iPrint Client v05.98.00 (HKLM\...\Novell iPrint Client) (Version: - Novell, Inc.)
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.6 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
OpenVPN Client (HKLM\...\{072A5217-8165-4AB7-8366-36CB3245DB60}) (Version: 1.5.6 - OpenVPN Technologies)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Padre on Strawberry Perl version 0.05 (HKLM\...\Strawberry_Perl_with_Cream_is1) (Version: 0.05 - )
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PC Wizard 2013.2.12 (HKLM\...\PC Wizard 2013_is1) (Version: - CPUID)
pdfsam (HKLM\...\pdfsam) (Version: 2.2.1 - )
Pixillion Imagedatei-Konverter (HKLM\...\Pixillion) (Version: 2.61 - NCH Software)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Qt SDK (HKCU\...\Qt SDK) (Version: 1.2.1 - Nokia)
Rainlendar2 (remove only) (HKLM\...\Rainlendar2) (Version: - )
Re (HKLM\...\RealTimeWindowsTarget) (Version: - )
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Secure Download Manager (HKLM\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SILKYPIX Developer Studio 3.1 SE (HKLM\...\InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.1 SE (Version: 3 - Ichikawa Soft Laboratory) Hidden
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony PC Companion 2.10.228 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.228 - Sony)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
VC Runtimes MSI (Version: 9.0.21022 - Microsoft) Hidden
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
VMware Player (HKLM\...\VMware_Player) (Version: 5.0.2 - VMware, Inc)
VMware Player (Version: 5.0.2 - VMware, Inc.) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Yahoo Community Smartbar (HKLM\...\{4E732E5D-E577-451A-9BB1-CBE64A2CBC2F}) (Version: 11.112.66.19229 - Linkury Inc.) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-392681275-1122118515-239412949-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392681275-1122118515-239412949-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\*****\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-392681275-1122118515-239412949-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392681275-1122118515-239412949-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392681275-1122118515-239412949-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392681275-1122118515-239412949-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392681275-1122118515-239412949-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392681275-1122118515-239412949-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392681275-1122118515-239412949-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-392681275-1122118515-239412949-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
01-11-2014 10:19:20 Removed Nuance PaperPort 12
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0038DE0F-385C-4EDB-8518-3B9C1076A709} - System32\Tasks\MATLAB R2012a Startup Accelerator => C:\Program Files\MATLAB\R2012a\bin\win32\MATLABStartupAccelerator.exe [2011-12-29] ()
Task: {4C6C037D-DF71-4CBD-8803-3FED500C7800} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {534E6633-7221-434F-A2D0-F88666740CDB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {59DB19AD-7229-4696-9412-F44A5EE06846} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {9AF427F5-01AE-488E-87D4-820AD38974F9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B5EDB9DE-1D56-4C19-B5F8-56B4DCF10F0E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-18] (Adobe Systems Incorporated)
Task: {FDCEF5DB-98A8-4CB0-8D03-24239AFF3173} - System32\Tasks\{EAEF1109-2199-4975-93E1-969A0DD67984} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/privacy
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job => C:\Program Files\MATLAB\R2012a\bin\win32\MATLABStartupAccelerator.exe
==================== Loaded Modules (whitelisted) =============
2014-08-15 19:25 - 2014-08-15 19:25 - 00063400 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2006-12-04 00:25 - 2006-12-04 00:25 - 00022723 _____ () C:\Windows\System32\sugs1l3.dll
2011-03-14 16:27 - 2011-03-14 16:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2013-04-10 18:55 - 2013-04-10 18:54 - 00246112 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2013-04-10 18:55 - 2013-04-10 18:54 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2013-04-10 18:55 - 2013-04-10 18:54 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2013-04-10 18:55 - 2013-04-10 18:54 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2013-04-10 18:55 - 2013-04-10 18:54 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2013-04-10 18:55 - 2013-04-10 18:54 - 00384512 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2013-04-10 18:55 - 2013-04-10 18:54 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2010-08-12 16:45 - 2010-08-12 16:45 - 00024064 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
2009-07-05 05:35 - 2009-07-05 05:35 - 00028160 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\servicemanager.pyd
2009-07-05 05:35 - 2009-07-05 05:35 - 00110592 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll
2009-07-05 05:35 - 2009-07-05 05:35 - 00041472 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32service.pyd
2009-07-05 05:35 - 2009-07-05 05:35 - 00096256 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd
2009-10-26 08:27 - 2009-10-26 08:27 - 00153088 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd
2009-10-26 08:25 - 2009-10-26 08:25 - 00040448 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd
2009-10-26 08:25 - 2009-10-26 08:25 - 00645120 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd
2010-03-16 12:05 - 2010-03-16 12:05 - 00020480 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd
2009-10-26 08:27 - 2009-10-26 08:27 - 00311808 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd
2009-10-26 08:25 - 2009-10-26 08:25 - 00073728 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd
2009-10-26 08:27 - 2009-10-26 08:27 - 00011776 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\select.pyd
2010-05-05 12:44 - 2010-05-05 12:44 - 00010752 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd
2010-05-05 12:44 - 2010-05-05 12:44 - 00051200 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd
2010-05-05 12:44 - 2010-05-05 12:44 - 00039936 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd
2009-07-05 05:35 - 2009-07-05 05:35 - 00036352 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd
2010-05-05 12:43 - 2010-05-05 12:43 - 00008192 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd
2009-07-05 05:35 - 2009-07-05 05:35 - 00110592 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32security.pyd
2009-07-05 05:35 - 2009-07-05 05:35 - 00017920 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd
2009-07-06 03:16 - 2009-07-06 03:16 - 00111104 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32file.pyd
2009-07-05 05:35 - 2009-07-05 05:35 - 00024064 _____ () C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32pipe.pyd
2013-02-26 01:28 - 2013-02-26 01:28 - 01260624 _____ () C:\Program Files\VMware\VMware Player\libxml2.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2012-09-23 19:43 - 2012-09-23 19:43 - 00010240 _____ () C:\Program Files\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2014-08-27 16:29 - 2014-08-27 16:29 - 00052224 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00087552 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\srau.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00167424 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 02426880 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00068608 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\spbl.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00160256 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-08-27 16:28 - 2014-08-27 16:28 - 00015872 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\siem.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00069120 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\sppsm.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00698368 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00016384 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00080384 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00028672 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00071680 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\srut.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00031232 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\srsbs.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00067072 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00152064 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\smti.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00075264 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\smsp.dll
2014-08-27 16:28 - 2014-08-27 16:28 - 00011776 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\sidc.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00032256 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\smtu.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00040448 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\smta.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00032768 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\srom.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00049152 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\srbu.dll
2014-08-27 16:28 - 2014-08-27 16:28 - 00025600 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\sgml.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00063488 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00026624 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\srpdm.dll
2014-08-27 16:28 - 2014-08-27 16:28 - 00045056 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-08-27 16:24 - 2014-08-27 16:24 - 00026624 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00036864 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-08-27 16:29 - 2014-08-27 16:29 - 00257024 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\srns.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-05-08 14:49 - 2014-05-08 14:49 - 00133120 _____ () C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Locale\de_de\PDFMaker\PDFMOfficeAddin.DEU
2014-08-27 16:28 - 2014-08-27 16:28 - 00025088 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\Lrcnta.exe
2014-08-27 16:28 - 2014-08-27 16:28 - 00034816 _____ () C:\Users\*****\AppData\Local\Smartbar\Application\lrcnt.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\Windows\pss\Google Calendar Sync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Client.lnk => C:\Windows\pss\OpenVPN Client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSL-Manager.lnk => C:\Windows\pss\DSL-Manager.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: iPrint Event Monitor => C:\Windows\system32\iprntlgn.exe
MSCONFIG\startupreg: iPrint Tray => C:\Windows\system32\iprntctl.exe TRAY_ICON
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\*****\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-392681275-1122118515-239412949-500 - Administrator - Disabled)
***** (S-1-5-21-392681275-1122118515-239412949-1000 - Administrator - Enabled) => C:\Users\*****
Gast (S-1-5-21-392681275-1122118515-239412949-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-392681275-1122118515-239412949-1004 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/01/2014 11:26:18 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: *****-PC)
Description: Die Anwendung oder der Dienst "linmsl" konnte nicht heruntergefahren werden.
Error: (11/01/2014 10:40:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/31/2014 09:34:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/31/2014 01:49:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/31/2014 08:05:46 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/10/31 08:05:46.093]: [00002316]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2
Error: (10/31/2014 07:31:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/30/2014 06:53:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/30/2014 11:42:34 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/10/30 11:42:34.941]: [00002308]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2
Error: (10/30/2014 09:58:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/29/2014 07:04:46 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/10/29 19:04:46.595]: [00002316]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2
System errors:
=============
Error: (11/01/2014 11:03:04 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (11/01/2014 10:40:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/01/2014 10:40:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (10/31/2014 09:38:43 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{7967F29F-64E2-4810-89E8-F8D596FBFBC4}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (10/31/2014 09:34:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/31/2014 09:34:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (10/31/2014 01:49:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/31/2014 01:49:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (10/31/2014 07:31:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/31/2014 07:31:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Microsoft Office Sessions:
=========================
Error: (11/01/2014 11:26:18 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: *****-PC)
Description: 1C:\Program Files\LPT\linmsl.exelinmsl0511778040
Error: (11/01/2014 10:40:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/31/2014 09:34:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/31/2014 01:49:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/31/2014 08:05:46 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/10/31 08:05:46.093]: [00002316]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2
Error: (10/31/2014 07:31:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/30/2014 06:53:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/30/2014 11:42:34 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/10/30 11:42:34.941]: [00002308]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2
Error: (10/30/2014 09:58:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/29/2014 07:04:46 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/10/29 19:04:46.595]: [00002316]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 2
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz
Percentage of memory in use: 46%
Total physical RAM: 3069.21 MB
Available physical RAM: 1642.44 MB
Total Pagefile: 6136.7 MB
Available Pagefile: 4252.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.55 MB
==================== Drives ================================
Drive c: (Systemdateien, Programme) (Fixed) (Total:123.11 GB) (Free:22.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:8.96 GB) (Free:1.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:14.83 GB) (Free:4.87 GB) FAT32
Drive g: (Dateien) (Fixed) (Total:146.48 GB) (Free:49.17 GB) NTFS
Drive u: (Ubuntu) (Fixed) (Total:19.53 GB) (Free:18.47 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 76579EF5)
Partition 1: (Active) - (Size=123.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=19.5 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-01 23:49:12
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.8909 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\*****\AppData\Local\Temp\kgddapod.sys
---- System - GMER 2.1 ----
SSDT 91A532A6 ZwCreateSection
SSDT 91A532B0 ZwRequestWaitReplyPort
SSDT 91A532AB ZwSetContextThread
SSDT 91A532B5 ZwSetSecurityObject
SSDT 91A532BA ZwSystemDebugControl
SSDT 91A53247 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83289A35 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832C3392 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 832CA6DC 4 Bytes [A6, 32, A5, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 832CAA38 4 Bytes [B0, 32, A5, 91] {MOV AL, 0x32; MOVSD ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 832CAA7C 4 Bytes [AB, 32, A5, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 832CAAF8 4 Bytes [B5, 32, A5, 91] {MOV CH, 0x32; MOVSD ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 832CAB4C 4 Bytes [BA, 32, A5, 91]
.text ...
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys
Device \Driver\usbehci \Device\USBPDO-2 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-4 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-5 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-6 hcmon.sys
Device \Driver\usbehci \Device\USBPDO-7 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-9 hcmon.sys
Device \Driver\usbhub \Device\00000081 hcmon.sys
Device \Driver\usbhub \Device\00000082 hcmon.sys
Device \Driver\usbhub \Device\00000083 hcmon.sys
Device \Driver\usbhub \Device\00000084 hcmon.sys
Device \Driver\usbhub \Device\00000085 hcmon.sys
Device \Driver\usbhub \Device\00000086 hcmon.sys
Device \Driver\usbhub \Device\00000087 hcmon.sys
Device \Driver\usbhub \Device\00000088 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-2 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-6 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-7 hcmon.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0021863250a3
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0021863250a3 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-392681275-1122118515-239412949-1000\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 1148720864
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-392681275-1122118515-239412949-1000\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30406166
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-392681275-1122118515-239412949-1000\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 1148720864
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-392681275-1122118515-239412949-1000\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30406166
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@EE94D2ED 1083
---- EOF - GMER 2.1 ----
|
| Themen zu Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werden |
| device driver, fehlercode 0x5, fehlercode 22, fehlercode 28, fehlercode windows, html/iframe.b.gen, linkury, msil/advancedsystemprotector.d, newtab, officejet, pup.optional.helperbar.a, pup.optional.snapdo.t, safer networking, spotify web helper, this device is disabled. (code 22), tr/agent.337922), win32/startpage.oph, win32/toolbar.conduit.ab, win32/toolbar.conduit.ae, yahoo community smartbar entfernen |
Baum-Darstellung