| |
| |||||||
Log-Analyse und Auswertung: Avira Fund : TR/downloader.gen2 (Windows 7)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.12.2014, 19:02
| #1 |
 |  Avira Fund : TR/downloader.gen2 (Windows 7) Hallo alle zusammen  ich habe Avira auf meinem PC und das Programm hat mir gemeldet das ich folgenden Troyaner auf dem PC habe: TR/downloader.gen2. Ich hab inzwischen 3 komplette Scans des Computers durchgeführt und insgesammt 5 mal diesen Fund erhalten. Die Datei wurde jedes mal in die Quarantäne verschoben. Hier sind die Ereignisse die Avira jeweils gemeldet hat: Exportierte Ereignisse: 12.12.2014 18:06 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Tina\AppData\Local\Temp\Shuka\32.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Downloader.Gen2' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51dcb2e3.qua' verschoben! 12.12.2014 18:03 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Tina\AppData\Local\Temp\Shuka\32.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Downloader.Gen2' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 12.12.2014 17:56 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Tina\AppData\Local\Temp\smartbar\61decb9c-c421-4193-8a6d-a2e20c39b349\ Shuka.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Downloader.Gen2' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50bbbaab.qua' verschoben! 10.12.2014 18:54 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Tina\AppData\Local\Temp\Shuka\32.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Downloader.Gen2' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51c21f3f.qua' verschoben! 10.12.2014 18:50 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Tina\AppData\Local\Temp\Shuka\32.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Downloader.Gen2' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 10.12.2014 18:36 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Tina\AppData\Local\Temp\smartbar\d7511af1-d487-439c-b5fe-d3445a3fe61d\ Shuka.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Downloader.Gen2' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '518129d0.qua' verschoben! 09.12.2014 18:13 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Tina\AppData\Local\Temp\Shuka\32.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Downloader.Gen2' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50ccb837.qua' verschoben! 09.12.2014 18:10 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Tina\AppData\Local\Temp\Shuka\32.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Downloader.Gen2' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner Ich brauche dringend eure Hilfe da ich leider nicht sehr gut mit Computern bin. Lesen kann ich aber deshalb habe ich die ersten 2 Schritte eurer Anleitung erfolgreich erledigt. Die Ergebnisse findet ihr hier: FRST result: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 03 Ran by Tina (administrator) on LAPTOPTINA on 12-12-2014 18:53:48 Running from C:\Users\Tina\Downloads Loaded Profile: Tina (Available profiles: Tina) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe () C:\Users\Tina\AppData\Local\RGMService\RGMUpdater.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE () C:\Users\Tina\AppData\Local\RGMService\RGMLoader.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Akamai Technologies, Inc.) C:\Users\Tina\AppData\Local\Akamai\netsession_win.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe () C:\Users\Tina\AppData\Local\LPT\srptm.exe (Akamai Technologies, Inc.) C:\Users\Tina\AppData\Local\Akamai\netsession_win.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe () C:\Program Files (x86)\Mozilla Firefox\updated\firefox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Smartbar) C:\Users\Tina\AppData\Local\Smartbar\Application\Smartbar.exe () C:\Users\Tina\Downloads\Defogger.exe () C:\Users\Tina\AppData\Local\Smartbar\Application\Lrcnta.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-05] (Acer Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ApnUpdater] => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [701872 2013-01-24] (Cisco Systems, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2182860457-1797720720-2165504169-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Tina\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-2182860457-1797720720-2165504169-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Tina\AppData\Local\Smartbar\Application\Smartbar.exe [29696 2014-09-30] (Smartbar) HKU\S-1-5-21-2182860457-1797720720-2165504169-1000\...\Run: [LPT System Updater] => C:\Users\Tina\AppData\Local\LPT\srptm.exe [23832 2014-06-11] () HKU\S-1-5-21-2182860457-1797720720-2165504169-1000\...\Run: [cmd] => C:\Users\Tina\AppData\Local\Temp\Shuka\PackerV2.exe [5113856 2014-12-08] (Packer Framework) <===== ATTENTION HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-02-21] (NVIDIA Corporation) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2011-02-21] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2182860457-1797720720-2165504169-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb7jX1ovO-7XEY2w-wLz-hy1FEUnPZw7tZA_JWRZufmhX536zdEZkPoNgqFrrjk9K15oBTZwJdyZT5Lop46qzXfN3xOR5YwcN8f4yv9x9nvW6JMgUP-C7ldCtG_jx8q6x0UY8-kXoD3pG5V7gITQi0UDQggQQLowMRyWQ,, HKU\S-1-5-21-2182860457-1797720720-2165504169-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com HKU\S-1-5-21-2182860457-1797720720-2165504169-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb7jX1ovO-7XEY2w-wLz-hy1FEUnPZw7tZA_JWRZufmhX536zdEZkPoNgqFrrjk9K11i9RPJc3yqBOYfXqUdVTRPMd63f9D5u2kLUAVjuVLSNepJ_9XXKpCZWKokysr23bOFuMR0ecdoLg84jn_gyH5h_svAm34WUg3cA,,&q={ searchTerms} HKU\S-1-5-21-2182860457-1797720720-2165504169-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb7jX1ovO-7XEY2w-wLz-hy1FEUnPZw7tZA_JWRZufmhX536zdEZkPoNgqFrrjk9K11i9RPJc3yqBOYfXqUdVTRPMd63f9D5u2kLUAVjuVLSNepJ_9XXKpCZWKokysr23bOFuMR0ecdoLg84jn_gyH5h_svAm34WUg3cA,,&q={ searchTerms} HKU\S-1-5-21-2182860457-1797720720-2165504169-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=405cd4b2-8503-35e5-fc6b-d5622b92fb9c&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=11/03/2014&type=hp1000 SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=405cd4b2-8503-35e5-fc6b-d5622b92fb9c&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=11/03/2014&type=hp1000 SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2182860457-1797720720-2165504169-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb7jX1ovO-7XEY2w-wLz-hy1FEUnPZw7tZA_JWRZufmhX536zdEZkPoNgqFrrjk9K11i9RPJc3yqBOYfXqUdVTRPMd63f9D5u2kLUAVjuVLSNepJ_9XXKpCZWKokysr23bOFuMR0ecdoLg84jn_gyH5h_svAm34WUg3cA,,&q={ searchTerms} SearchScopes: HKU\S-1-5-21-2182860457-1797720720-2165504169-1000 -> URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA6FDCFA1-B300-41FF-8EBC-008AC3D3D30A&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-2182860457-1797720720-2165504169-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKU\S-1-5-21-2182860457-1797720720-2165504169-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb7jX1ovO-7XEY2w-wLz-hy1FEUnPZw7tZA_JWRZufmhX536zdEZkPoNgqFrrjk9K11i9RPJc3yqBOYfXqUdVTRPMd63f9D5u2kLUAVjuVLSNepJ_9XXKpCZWKokysr23bOFuMR0ecdoLg84jn_gyH5h_svAm34WUg3cA,,&q={ searchTerms} BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) BHO: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Avira SearchFree Toolbar plus Web Protection -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKU\S-1-5-21-2182860457-1797720720-2165504169-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\6j4467no.default FF NewTab: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb7jX1ovO-7XEY2w-wLz-hy1FEUnPZw7tZA_JWRZufmhX536zdEZkPoNgqFrrjk9K1_9oUQ9OwqJ-yYXPnHlVlrWzEYJOjTKTZyX3yC_EuE3kI7cgNJFvIHQd1T6L00Lsb_4XJMO9DJZ6RUGiBGWQF-Df3Rhgv5uwqc3Q,, FF SearchEngineOrder.1: Ask.com FF Homepage: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb7jX1ovO-7XEY2w-wLz-hy1FEUnPZw7tZA_JWRZufmhX536zdEZkPoNgqFrrjk9K15oBTZwJdyZT5Lop46qzXfN3xOR5YwcN8f4yv9x9nvW6JMgUP-C7ldCtG_jx8q6x0UY8-kXoD3pG5V7gITQi0UDQggQQLowMRyWQ,, FF Keyword.URL: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb7jX1ovO-7XEY2w-wLz-hy1FEUnPZw7tZA_JWRZufmhX536zdEZkPoNgqFrrjk9K11i9RPJc3yqBOYfXqUdVTRPMd63f9D5u2kLUAVjuVLSNepJ_9XXKpCZWKokysr23bOFuMR0ecdoLg84jn_gyH5h_svAm34WUg3cA,,&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\6j4467no.default\searchplugins\Web Search.xml FF Extension: Yahoo Community Smartbar - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\6j4467no.default\Extensions\{405cd4b2-8503-35e5-fc6b-d5622b92fb9c} [2014-07-10] FF Extension: DownloadHelper - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\6j4467no.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09] FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-02-22] FF HKU\S-1-5-21-2182860457-1797720720-2165504169-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF HKU\S-1-5-21-2182860457-1797720720-2165504169-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [993584 2014-11-18] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.) R2 RGMUpdater; C:\Users\Tina\AppData\Local\RGMService\RGMUpdater.exe [28160 2014-10-27] () [File not signed] S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-12 18:51 - 2014-12-12 18:53 - 00033309 _____ () C:\Users\Tina\Downloads\Addition.txt 2014-12-12 18:46 - 2014-12-12 18:55 - 00025581 _____ () C:\Users\Tina\Downloads\FRST.txt 2014-12-12 18:45 - 2014-12-12 18:53 - 00000000 ____D () C:\FRST 2014-12-12 18:44 - 2014-12-12 18:44 - 02119680 _____ (Farbar) C:\Users\Tina\Downloads\FRST64.exe 2014-12-12 18:43 - 2014-12-12 18:43 - 01111040 _____ (Farbar) C:\Users\Tina\Downloads\FRST.exe 2014-12-12 18:41 - 2014-12-12 18:41 - 00000470 _____ () C:\Users\Tina\Downloads\defogger_disable.log 2014-12-12 18:41 - 2014-12-12 18:41 - 00000000 _____ () C:\Users\Tina\defogger_reenable 2014-12-12 18:40 - 2014-12-12 18:40 - 00050477 _____ () C:\Users\Tina\Downloads\Defogger.exe 2014-12-12 18:32 - 2014-12-12 18:32 - 00005308 _____ () C:\Users\Tina\Desktop\Ereignisse Avira.txt 2014-12-11 23:37 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-11 23:37 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-11 07:50 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-11 07:50 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-11 07:50 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-11 07:50 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-11 07:50 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-11 07:50 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-11 07:50 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-11 07:50 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-11 07:50 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-11 07:50 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-11 07:49 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-11 07:49 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-09 20:46 - 2014-12-09 20:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-09 18:12 - 2014-12-09 19:08 - 00000000 ____D () C:\Users\Tina\AppData\Local\RGMService 2014-11-29 14:15 - 2014-11-30 13:46 - 00000000 ____D () C:\Users\Tina\Desktop\Kleiderkreisel 2014-11-19 22:13 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 22:13 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 22:13 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 22:13 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL 2014-11-13 07:49 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-13 07:49 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-13 07:49 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-13 07:49 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-13 07:49 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-13 07:49 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-13 07:49 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-13 07:49 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-13 07:49 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-13 07:49 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-13 07:49 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-13 07:49 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-13 07:48 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-13 07:48 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-13 07:48 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-13 07:48 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-13 07:48 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-13 07:48 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-13 07:48 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-13 07:48 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-13 07:48 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-13 07:48 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-13 07:48 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-13 07:48 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-13 07:48 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-13 07:48 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-13 07:48 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-13 07:48 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-13 07:48 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-13 07:48 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-13 07:48 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-13 07:48 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-13 07:48 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-13 07:48 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-13 07:48 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-13 07:48 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-13 07:48 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-13 07:48 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-13 07:48 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-13 07:48 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-13 07:48 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-13 07:48 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-13 07:48 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-13 07:48 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-13 07:48 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-13 07:48 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-13 07:48 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-13 07:48 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-13 07:48 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-13 07:48 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-13 07:48 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-13 07:48 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-13 07:48 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-13 07:48 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-13 07:48 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-13 07:48 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-13 07:48 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-13 07:48 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-13 07:48 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-13 07:48 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-13 07:48 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-13 07:48 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-13 07:48 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-13 07:48 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-13 07:48 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-13 07:48 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-13 07:48 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-13 07:48 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-13 07:47 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-13 07:47 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-13 07:47 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-13 07:47 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-13 07:47 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-13 07:47 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-13 07:47 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-13 07:47 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-13 07:47 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-13 07:47 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-13 07:47 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-13 07:47 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-13 07:47 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-13 07:47 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-13 07:47 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-13 07:47 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-13 07:47 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-13 07:47 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-13 07:47 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-13 07:47 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-13 07:47 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-13 07:47 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-13 07:47 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-13 07:47 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-13 07:47 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-13 07:47 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-13 07:47 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-13 07:47 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-13 07:47 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-13 07:47 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-13 07:47 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-13 07:47 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-13 07:47 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-12 18:41 - 2013-02-21 10:18 - 00000000 ____D () C:\Users\Tina 2014-12-12 18:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep 2014-12-12 17:04 - 2013-02-21 09:27 - 01255619 _____ () C:\Windows\WindowsUpdate.log 2014-12-12 07:57 - 2013-10-12 20:38 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-11 07:55 - 2013-08-15 06:13 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-11 07:47 - 2009-07-14 05:51 - 00084909 _____ () C:\Windows\setupact.log 2014-12-11 07:44 - 2013-02-21 21:42 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-10 18:51 - 2013-02-21 18:18 - 00700118 _____ () C:\Windows\system32\perfh007.dat 2014-12-10 18:51 - 2013-02-21 18:18 - 00149968 _____ () C:\Windows\system32\perfc007.dat 2014-12-10 18:51 - 2009-07-14 06:13 - 01622228 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-10 18:40 - 2013-02-21 20:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-09 19:17 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-09 19:17 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-09 19:07 - 2013-02-21 09:24 - 00269238 _____ () C:\Windows\PFRO.log 2014-12-09 19:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-07 15:54 - 2013-11-09 20:27 - 00000000 ____D () C:\Users\Tina\Documents\Uni 2014-12-07 15:54 - 2013-10-20 13:42 - 00000000 ____D () C:\Users\Tina\Documents\Sonstiges 2014-11-22 13:54 - 2014-10-25 12:42 - 00000000 ____D () C:\Users\Tina\Desktop\Handybilder 2014-11-22 12:23 - 2014-06-23 21:15 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-11-19 22:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-16 15:11 - 2009-07-14 05:45 - 00463568 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-16 15:06 - 2014-05-07 05:14 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-16 11:49 - 2013-02-21 10:19 - 00117544 _____ () C:\Users\Tina\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-14 07:41 - 2013-10-11 18:41 - 00000000 ____D () C:\Users\Tina\AppData\Local\Akamai Files to move or delete: ==================== C:\Users\Tina\AppData\Local\Temp\Shuka\PackerV2.exe Some content of TEMP: ==================== C:\Users\Tina\AppData\Local\Temp\-nybrqrv.dll C:\Users\Tina\AppData\Local\Temp\-qdnrzzf.dll C:\Users\Tina\AppData\Local\Temp\0ep3l7ot.dll C:\Users\Tina\AppData\Local\Temp\1v4uhaxc.dll C:\Users\Tina\AppData\Local\Temp\2x-ui5ut.dll C:\Users\Tina\AppData\Local\Temp\3vkvyfwn.dll C:\Users\Tina\AppData\Local\Temp\4udzzlpl.dll C:\Users\Tina\AppData\Local\Temp\6dj3dyyp.dll C:\Users\Tina\AppData\Local\Temp\88zsdt9d.dll C:\Users\Tina\AppData\Local\Temp\avgnt.exe C:\Users\Tina\AppData\Local\Temp\ccqx91gz.dll C:\Users\Tina\AppData\Local\Temp\COMAP.EXE C:\Users\Tina\AppData\Local\Temp\crohilqn.dll C:\Users\Tina\AppData\Local\Temp\df600jdx.dll C:\Users\Tina\AppData\Local\Temp\dfkc5kmn.dll C:\Users\Tina\AppData\Local\Temp\fxocq5rz.dll C:\Users\Tina\AppData\Local\Temp\gh1rzspa.dll C:\Users\Tina\AppData\Local\Temp\gxcn1fsg.dll C:\Users\Tina\AppData\Local\Temp\gytv4jaf.dll C:\Users\Tina\AppData\Local\Temp\hfzvrabg.dll C:\Users\Tina\AppData\Local\Temp\hnzcnanc.dll C:\Users\Tina\AppData\Local\Temp\ia-2lwlc.dll C:\Users\Tina\AppData\Local\Temp\jnttoxhg.dll C:\Users\Tina\AppData\Local\Temp\kughkoho.dll C:\Users\Tina\AppData\Local\Temp\m3ivapf4.dll C:\Users\Tina\AppData\Local\Temp\mhsypwkl.dll C:\Users\Tina\AppData\Local\Temp\mqormbgl.dll C:\Users\Tina\AppData\Local\Temp\mtr_dogr.dll C:\Users\Tina\AppData\Local\Temp\nseDD98.exe C:\Users\Tina\AppData\Local\Temp\nsu12FE.exe C:\Users\Tina\AppData\Local\Temp\nsu1791.exe C:\Users\Tina\AppData\Local\Temp\nsuE4F9.exe C:\Users\Tina\AppData\Local\Temp\obzh9uel.dll C:\Users\Tina\AppData\Local\Temp\ocgxma6d.dll C:\Users\Tina\AppData\Local\Temp\oquyhxqg.dll C:\Users\Tina\AppData\Local\Temp\owgsepq1.dll C:\Users\Tina\AppData\Local\Temp\pcwsywqz.dll C:\Users\Tina\AppData\Local\Temp\r6he7ell.dll C:\Users\Tina\AppData\Local\Temp\sbt_uedv.dll C:\Users\Tina\AppData\Local\Temp\SkypeSetup.exe C:\Users\Tina\AppData\Local\Temp\SPSetup.exe C:\Users\Tina\AppData\Local\Temp\tz8q5wag.dll C:\Users\Tina\AppData\Local\Temp\ucysgvkw.dll C:\Users\Tina\AppData\Local\Temp\v8etfbmf.dll C:\Users\Tina\AppData\Local\Temp\wazcopk0.dll C:\Users\Tina\AppData\Local\Temp\wnzrjwdy.dll C:\Users\Tina\AppData\Local\Temp\wumzs1kp.dll C:\Users\Tina\AppData\Local\Temp\x6ovfpsw.dll C:\Users\Tina\AppData\Local\Temp\zbq2xc4e.dll C:\Users\Tina\AppData\Local\Temp\zlpoc6ic.dll C:\Users\Tina\AppData\Local\Temp\zojfvoj4.dll C:\Users\Tina\AppData\Local\Temp\zqsdkowg.dll C:\Users\Tina\AppData\Local\Temp\_onikxrf.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-18 15:48 ==================== End Of Log ============================ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2014 03 Ran by Tina at 2014-12-12 18:55:51 Running from C:\Users\Tina\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.5.5 - Liteon) Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3009 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3016 - Acer Incorporated) Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated) Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media) Akamai NetSession Interface (HKU\S-1-5-21-2182860457-1797720720-2165504169-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.18.0 - Ask.com) <==== ATTENTION Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira) Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-2182860457-1797720720-2165504169-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.37268 - Ask.com) <==== ATTENTION Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation) Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media) Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version: - ) Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version: - Canon Inc.) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.02040 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.02040 - Cisco Systems, Inc.) Hidden CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media) eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.) Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media) Free YouTube to MP3 Converter version 3.12.29.304 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.29.304 - DVDVideoSoft Ltd.) Freiburger Histo-CD 3.1 (HKLM-x32\...\Freiburger Histo-CD_is1) (Version: 3.1 - ) Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media) GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team) Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation) iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden K-Lite Codec Pack 6.0.4 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.0.4 - ) Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4667.1002 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MiKTeX 2.8 (HKLM-x32\...\MiKTeX 2.8) (Version: 2.8 - MiKTeX.org) Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden NVIDIA Grafiktreiber 267.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.21 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) PDF-XChange Editor (HKLM-x32\...\{e6c66f24-ae75-4cce-8afc-8ed58d732f6a}) (Version: 3.0.307.0 - Tracker Software Products (Canada) Ltd.) PDF-XChange Editor (Version: 3.0.307.0 - Tracker Software Products (Canada) Ltd.) Hidden PDF-XChange Lite 2012 (HKLM\...\{AD09CC9A-6901-4921-B66D-9402FF32EF27}_is1) (Version: 5.0.273.0 - Tracker Software Products Ltd) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon) Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media) QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.) Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.12.10.97 - Conduit) <==== ATTENTION Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.) Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media) Texmaker (HKLM-x32\...\Texmaker) (Version: - ) TeXnicCenter Version 1.0 Stable RC1 (HKLM-x32\...\TeXnicCenter_is1) (Version: Version 1.0 Stable RC1 - TeXnicCenter.org) Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel) ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.2 - Nikon) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Yahoo Community Smartbar (HKLM-x32\...\{D62304BE-D5D3-4CCF-8973-123909491ADB}) (Version: 11.62.66.17712 - Linkury Inc.) <==== ATTENTION Yahoo Community Smartbar Engine (HKU\S-1-5-21-2182860457-1797720720-2165504169-1000\...\{42e5a8ed-7c27-469e-b9e0-fc74599d5890}) (Version: 11.62.66.17712 - Linkury Inc.) <==== ATTENTION YouTube Song Downloader (HKLM-x32\...\{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1) (Version: 8.2 - Abelssoft) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 14-11-2014 06:42:05 Windows Update 20-11-2014 06:39:22 Windows Update 11-12-2014 06:41:59 Windows Update 12-12-2014 06:45:42 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2014-11-19 08:21 - 00001174 ____A C:\Windows\system32\Drivers\etc\hosts 193.197.62.198 vpn.uni-ulm.de 193.197.62.198 vpn.uni-ulm.de 193.197.62.198 vpn.uni-ulm.de 193.197.62.198 vpn.uni-ulm.de 193.197.62.198 vpn.uni-ulm.de 193.197.62.198 vpn.uni-ulm.de 193.197.62.198 vpn.uni-ulm.de 193.197.62.198 vpn.uni-ulm.de 193.197.62.198 vpn.uni-ulm.de 193.197.62.198 vpn.uni-ulm.de ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {081CA4D1-A54D-4FB1-A65C-46025E44DC04} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2182860457-1797720720-2165504169-1000 Task: {697CDE50-BB7A-47C3-BE38-18D1B557DE97} - System32\Tasks\{32F28B28-01E8-464F-B305-6911CFBAA1A9} => pcalua.exe -a C:\Users\Tina\Downloads\hapinstall.exe -d C:\Users\Tina\Downloads Task: {6981D4AF-B4B5-4909-8CE5-750E4417CDE2} - System32\Tasks\{AAFD9CC3-B090-4398-AD9A-70AEFDF2B1A9} => Firefox.exe hxxp://ui.skype.com/ui/0/6.18.59.105/de/eula Task: {85E41C9E-08B1-43F2-919B-AC9EBF2AFC66} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation) Task: {8BDF55AE-C20E-46A3-A01E-74FA1B701D4B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation) Task: {904F571F-5A65-4354-B892-B3EB491C0A8C} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION Task: {B7453BE1-C93C-436D-9E65-B3C5DEF5052F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation) Task: {C2586F15-6EDD-43AB-B9EA-FB024DFBF59F} - \SidebarExecute No Task File <==== ATTENTION Task: {C6AB01DE-FAD5-4327-945E-162653A2DBB8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation) Task: {DF0DD767-E2FB-498B-9B4B-EE5CFF419C01} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc ==================== Loaded Modules (whitelisted) ============= 2014-06-23 21:15 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-10-27 16:04 - 2014-10-27 16:04 - 00028160 _____ () C:\Users\Tina\AppData\Local\RGMService\RGMUpdater.exe 2014-12-01 17:01 - 2014-12-01 17:01 - 00974848 _____ () C:\Users\Tina\AppData\Local\RGMService\RGMLoader.exe 2014-06-11 13:13 - 2014-06-11 13:13 - 00023832 _____ () C:\Users\Tina\AppData\Local\LPT\srptm.exe 2014-12-12 18:40 - 2014-12-12 18:40 - 00050477 _____ () C:\Users\Tina\Downloads\Defogger.exe 2014-09-30 23:38 - 2014-09-30 23:38 - 00025088 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\Lrcnta.exe 2013-01-24 18:34 - 2013-01-24 18:34 - 00063408 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll 2014-12-01 17:01 - 2014-12-01 17:01 - 01686016 _____ () C:\Users\Tina\AppData\Local\RGMService\RGMHost.dll 2014-12-01 17:01 - 2014-12-01 17:01 - 02745856 _____ () C:\Users\Tina\AppData\Local\RGMService\MonetizationToolsManager.dll 2014-12-01 17:02 - 2014-12-01 17:02 - 01592832 _____ () C:\Users\Tina\AppData\Local\RGMService\ProtectorsManager.dll 2014-06-11 13:13 - 2014-06-11 13:13 - 00077592 _____ () C:\Users\Tina\AppData\Local\LPT\srpt.dll 2014-06-11 13:13 - 2014-06-11 13:13 - 00043288 _____ () C:\Users\Tina\AppData\Local\LPT\srptc.dll 2014-06-11 13:11 - 2014-06-11 13:11 - 00018200 _____ () C:\Users\Tina\AppData\Local\LPT\Smartbar.Common.dll 2014-06-11 13:13 - 2014-06-11 13:13 - 00060184 _____ () C:\Users\Tina\AppData\Local\LPT\srut.dll 2014-06-11 13:13 - 2014-06-11 13:13 - 00066840 _____ () C:\Users\Tina\AppData\Local\LPT\sppsm.dll 2014-06-11 13:13 - 2014-06-11 13:13 - 00156440 _____ () C:\Users\Tina\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll 2014-06-11 13:12 - 2014-06-11 13:12 - 00027928 _____ () C:\Users\Tina\AppData\Local\LPT\Smartbar.Personalization.Common.dll 2014-06-11 13:12 - 2014-06-11 13:12 - 00166680 _____ () C:\Users\Tina\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll 2014-06-11 13:13 - 2014-06-11 13:13 - 00046872 _____ () C:\Users\Tina\AppData\Local\LPT\srbu.dll 2014-06-11 13:13 - 2014-06-11 13:13 - 00025880 _____ () C:\Users\Tina\AppData\Local\LPT\srpdm.dll 2014-06-11 13:11 - 2014-06-11 13:11 - 00026904 _____ () C:\Users\Tina\AppData\Local\LPT\ProxySettings.dll 2014-06-11 13:12 - 2014-06-11 13:12 - 00046360 _____ () C:\Users\Tina\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll 2014-06-11 13:11 - 2014-06-11 13:11 - 00053528 _____ () C:\Users\Tina\AppData\Local\LPT\Proxy.Lib.dll 2014-06-11 13:13 - 2014-06-11 13:13 - 00055064 _____ () C:\Users\Tina\AppData\Local\LPT\srprl.dll 2014-06-11 13:11 - 2014-06-11 13:11 - 00049432 _____ () C:\Users\Tina\AppData\Local\LPT\lrrot.dll 2014-06-11 13:13 - 2014-06-11 13:13 - 00028440 _____ () C:\Users\Tina\AppData\Local\LPT\sreu.dll 2011-03-10 17:14 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll 2014-10-19 12:59 - 2014-10-19 12:59 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll 2011-03-10 18:01 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-12-09 20:46 - 2014-12-09 20:46 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-06-11 13:11 - 2014-06-11 13:11 - 00317208 _____ () C:\Users\Tina\AppData\Local\LPT\Resources\ntdis_32.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00052224 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00087552 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\srau.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00167424 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 02437632 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00068608 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\spbl.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00160256 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll 2014-09-30 23:38 - 2014-09-30 23:38 - 00015872 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\siem.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00069632 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\sppsm.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00698368 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00016384 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00080384 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00028672 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00072192 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\srut.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00031232 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\srsbs.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00067072 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00152064 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\smti.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00075264 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\smsp.dll 2014-09-30 23:38 - 2014-09-30 23:38 - 00011776 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\sidc.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00032256 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\smtu.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00040448 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\smta.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00032768 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\srom.dll 2014-09-30 23:38 - 2014-09-30 23:38 - 00026112 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\sgml.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00049152 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\srbu.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00063488 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00026624 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\srpdm.dll 2014-09-30 23:38 - 2014-09-30 23:38 - 00045056 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\MACTrackBarLib.dll 2014-09-30 23:33 - 2014-09-30 23:33 - 00026624 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00036864 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll 2014-09-30 23:39 - 2014-09-30 23:39 - 00257024 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\srns.dll 2014-09-30 23:38 - 2014-09-30 23:38 - 00034816 _____ () C:\Users\Tina\AppData\Local\Smartbar\Application\lrcnt.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:798A3728 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2182860457-1797720720-2165504169-500 - Administrator - Disabled) Gast (S-1-5-21-2182860457-1797720720-2165504169-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2182860457-1797720720-2165504169-1004 - Limited - Enabled) Tina (S-1-5-21-2182860457-1797720720-2165504169-1000 - Administrator - Enabled) => C:\Users\Tina ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/12/2014 05:25:36 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm firefox.exe, Version 34.0.5.5443 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1a9c Startzeit: 01d014a059567f59 Endzeit: 1812 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 60ab1dfc-821b-11e4-9c48-b870f46b9f88 Error: (12/12/2014 05:03:12 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 30676083 Error: (12/12/2014 05:03:12 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 30676083 Error: (12/12/2014 05:03:12 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/12/2014 05:03:11 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 30675053 Error: (12/12/2014 05:03:11 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 30675053 Error: (12/12/2014 05:03:11 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/12/2014 05:03:09 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 30673993 Error: (12/12/2014 05:03:09 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 30673993 Error: (12/12/2014 05:03:09 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (12/09/2014 07:07:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Search Protect by Conduit Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (12/09/2014 07:07:33 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 09.12.2014 um 19:04:29 unerwartet heruntergefahren. Error: (12/06/2014 06:28:53 PM) (Source: Server) (EventID: 2505) (User: ) Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{67CE8622-C5D9-47E6-94E7-EAA3441F1709} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error: (12/02/2014 07:38:07 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error: (11/22/2014 01:22:01 PM) (Source: BROWSER) (EventID: 8032) (User: ) Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{67CE8622-C5D9-47E6-94E7-EAA3441F1709}" zu oft fehl. Der Sicherungssuchdienst wird beendet. Error: (11/22/2014 00:08:41 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (11/22/2014 00:03:27 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "HOP-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{67CE8622-C5D9-47E6-94E7-EAA3441F1709}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (11/22/2014 00:01:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Search Protect by Conduit Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/20/2014 10:11:02 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ZION-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{67CE8622-C5D9-47E6-94E7-EAA3441F1709}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (11/19/2014 07:46:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Microsoft Office Sessions: ========================= Error: (12/12/2014 05:25:36 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: firefox.exe34.0.5.54431a9c01d014a059567f591812C:\Program Files (x86)\Mozilla Firefox\firefox.exe60ab1dfc-821b-11e4-9c48-b870f46b9f88 Error: (12/12/2014 05:03:12 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 30676083 Error: (12/12/2014 05:03:12 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 30676083 Error: (12/12/2014 05:03:12 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/12/2014 05:03:11 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 30675053 Error: (12/12/2014 05:03:11 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 30675053 Error: (12/12/2014 05:03:11 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/12/2014 05:03:09 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 30673993 Error: (12/12/2014 05:03:09 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 30673993 Error: (12/12/2014 05:03:09 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz Percentage of memory in use: 43% Total physical RAM: 5814.71 MB Available physical RAM: 3288.41 MB Total Pagefile: 11627.59 MB Available Pagefile: 8446.67 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:352.01 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 88AA7D15) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Liebe Grüße |
Baum-Darstellung