| Bauzdibau | 21.05.2014 09:01 |
Windows 7 meldet Win32/Small.CA-Virus
Hallo,
gestern erschien eine Warnmeldung in meinem Windows 7-Wartungscenter: ich solle den Win32/Small.CA-Virus entfernen.
Daraufhin habe ich einen Scan mit meinem Virenscanner Sophos durchgeführt, der hat aber nichts entdeckt.
Ich wollte über die Systemsteuerung im Windows-Wartungscenter Details zur Meldung aufrufen, da verschwand die Warnmeldung wieder.
Der vom Windows-Wartungscenter zuvor vorgeschlagene Microsoft Safety Scanner fand ebenfalls keinen Virus.
Auf der Sophos-Internetseite heißt es, es handele sich wohl um eine Fakemeldung des Windows-Defender (hxxp://www.sophos.com/de-de/support/knowledgebase/119716.aspx)
Auch bei euch wurde bereits ein entsprechender Fall gemeldet ( http://www.trojaner-board.de/143254-...-ca-virus.html) Vielleicht handelt es sich auch bei mir um eine Fake-Meldung. Bereits vor einiger Zeit erschien so eine Virusmeldung des Wartungscenters, verschweand dann aber ebenfalls schnell wieder.
Im Folgenden meine Log-Dateien:
defogger_disable.log Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:46 on 21/05/2014 (Andreas)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST.txt Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Andreas (administrator) on KEITH on 21-05-2014 08:47:40
Running from C:\Users\Andreas\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dropbox, Inc.) C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Swiss Academic Software) C:\Program Files (x86)\Citavi 4\bin\Citavi.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Andreas\Desktop\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-20] (Sophos Limited)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-20] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-20] (Sophos Limited)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {4DD9BCFF-1F75-4E1F-9991-A116A1039BE9} URL =
BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ny4500hk.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ny4500hk.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ny4500hk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-07-23]
==================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-20] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-05-20] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-20] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-20] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-20] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-05-20] (Sophos Limited)
==================== Drivers (Whitelisted) ====================
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2012-01-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2012-01-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [485680 2012-01-09] (Kaspersky Lab)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-20] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-05-20] (Sophos Limited)
S3 smserial; C:\Windows\System32\DRIVERS\SmSerl64.sys [1227776 2009-06-10] (Motorola Inc.)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-05-20] (Sophos Limited)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-21 08:47 - 2014-05-21 08:48 - 00011912 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-05-21 08:47 - 2014-05-21 08:47 - 00000000 ____D () C:\FRST
2014-05-21 08:46 - 2014-05-21 08:46 - 00000476 _____ () C:\Users\Andreas\Desktop\defogger_disable.log
2014-05-21 08:45 - 2014-05-21 08:45 - 02067456 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2014-05-21 08:40 - 2014-05-21 08:40 - 00000476 _____ () C:\Users\Andreas\Downloads\defogger_disable.log
2014-05-21 08:40 - 2014-05-21 08:40 - 00000000 _____ () C:\Users\Andreas\defogger_reenable
2014-05-21 08:39 - 2014-05-21 08:39 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe
2014-05-20 19:22 - 2014-05-20 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-05-20 19:22 - 2014-05-20 19:15 - 00035624 _____ (Sophos Limited) C:\windows\system32\SophosBootTasks.exe
2014-05-20 19:19 - 2014-05-20 19:19 - 00038144 _____ (Sophos Limited) C:\windows\system32\Drivers\sdcfilter.sys
2014-05-20 19:16 - 2014-05-20 19:16 - 00176120 _____ (Sophos Limited) C:\windows\system32\sdccoinstaller.dll
2014-05-20 19:16 - 2014-05-20 19:16 - 00027904 _____ (Sophos Limited) C:\windows\system32\Drivers\SophosBootDriver.sys
2014-05-20 19:13 - 2014-05-20 19:13 - 00158976 _____ (Sophos Limited) C:\windows\system32\Drivers\savonaccess.sys
2014-05-20 16:43 - 2014-05-20 16:45 - 103356184 _____ (Microsoft Corporation) C:\Users\Andreas\Downloads\msert.exe
2014-05-15 18:24 - 2014-05-15 18:24 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\DropboxMaster
2014-05-15 00:23 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-15 00:23 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-15 00:23 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-15 00:23 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-15 00:23 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-15 00:23 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-14 16:42 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-14 16:42 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-14 16:42 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-14 16:42 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-14 16:40 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-14 16:40 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-14 16:40 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-14 16:40 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-14 16:40 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-14 16:40 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-14 16:40 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-05-14 16:40 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-05-14 16:40 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-14 16:40 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-14 16:40 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-14 16:40 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-14 16:40 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-14 16:40 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-14 16:40 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-14 16:40 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-14 16:40 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-14 16:40 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-05-14 16:40 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-14 16:40 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-05-14 16:40 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-05-14 16:40 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-05-14 16:40 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-05-14 16:40 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-14 16:40 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-14 16:40 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-05-14 16:40 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-05-14 16:40 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-14 16:40 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-14 16:40 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-14 16:40 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-14 16:40 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-14 16:40 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-14 16:40 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-05-14 16:40 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-05-14 16:40 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-05-14 16:40 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-05-14 16:40 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-14 16:40 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-05-14 16:40 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-14 16:40 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-10 14:04 - 2014-05-10 14:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-05 15:04 - 2014-05-05 15:04 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProjectLibre
2014-05-05 15:04 - 2014-05-05 15:04 - 00000000 ____D () C:\Program Files (x86)\ProjectLibre
2014-04-30 22:56 - 2014-05-15 10:55 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-04-28 19:00 - 2014-04-28 19:01 - 15974387 _____ () C:\Users\Andreas\Downloads\sit_audios_kb_L04.zip
2014-04-28 16:17 - 2014-04-28 16:18 - 12418048 _____ () C:\Users\Andreas\Downloads\projectlibre-1.5.9.msi
2014-04-25 08:53 - 2014-05-20 23:11 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-25 08:53 - 2014-05-14 18:11 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-04-21 18:50 - 2014-04-21 18:50 - 17535335 _____ () C:\Users\Andreas\Downloads\sit_audios_kb_L03.zip
==================== One Month Modified Files and Folders =======
2014-05-21 08:48 - 2014-05-21 08:47 - 00011912 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-05-21 08:47 - 2014-05-21 08:47 - 00000000 ____D () C:\FRST
2014-05-21 08:46 - 2014-05-21 08:46 - 00000476 _____ () C:\Users\Andreas\Desktop\defogger_disable.log
2014-05-21 08:45 - 2014-05-21 08:45 - 02067456 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2014-05-21 08:40 - 2014-05-21 08:40 - 00000476 _____ () C:\Users\Andreas\Downloads\defogger_disable.log
2014-05-21 08:40 - 2014-05-21 08:40 - 00000000 _____ () C:\Users\Andreas\defogger_reenable
2014-05-21 08:40 - 2010-10-22 16:44 - 00000000 ____D () C:\Users\Andreas
2014-05-21 08:39 - 2014-05-21 08:39 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe
2014-05-21 08:37 - 2010-10-22 16:40 - 01822632 _____ () C:\windows\WindowsUpdate.log
2014-05-21 08:32 - 2009-07-14 06:45 - 00017376 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-21 08:32 - 2009-07-14 06:45 - 00017376 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-21 08:29 - 2010-12-06 11:37 - 00000000 ___RD () C:\Users\Andreas\Documents\My Dropbox
2014-05-21 08:29 - 2010-12-06 11:35 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Dropbox
2014-05-21 08:25 - 2013-07-23 18:22 - 00000000 ____D () C:\Users\Andreas\Documents\Citavi 4
2014-05-21 08:24 - 2013-08-16 13:54 - 00065536 _____ () C:\windows\system32\Ikeext.etl
2014-05-21 08:24 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-21 08:24 - 2009-07-14 06:51 - 00251542 _____ () C:\windows\setupact.log
2014-05-20 23:31 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\tracing
2014-05-20 23:11 - 2014-04-25 08:53 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-20 22:24 - 2010-10-22 17:26 - 00383340 _____ () C:\windows\PFRO.log
2014-05-20 19:24 - 2013-07-12 13:45 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-05-20 19:23 - 2013-07-12 13:45 - 00000000 ____D () C:\ProgramData\Sophos
2014-05-20 19:22 - 2014-05-20 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-05-20 19:19 - 2014-05-20 19:19 - 00038144 _____ (Sophos Limited) C:\windows\system32\Drivers\sdcfilter.sys
2014-05-20 19:16 - 2014-05-20 19:16 - 00176120 _____ (Sophos Limited) C:\windows\system32\sdccoinstaller.dll
2014-05-20 19:16 - 2014-05-20 19:16 - 00027904 _____ (Sophos Limited) C:\windows\system32\Drivers\SophosBootDriver.sys
2014-05-20 19:15 - 2014-05-20 19:22 - 00035624 _____ (Sophos Limited) C:\windows\system32\SophosBootTasks.exe
2014-05-20 19:13 - 2014-05-20 19:13 - 00158976 _____ (Sophos Limited) C:\windows\system32\Drivers\savonaccess.sys
2014-05-20 16:45 - 2014-05-20 16:43 - 103356184 _____ (Microsoft Corporation) C:\Users\Andreas\Downloads\msert.exe
2014-05-20 12:45 - 2009-07-14 07:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-05-19 18:55 - 2010-11-01 16:39 - 00000241 _____ () C:\windows\Brownie.ini
2014-05-19 09:15 - 2011-01-28 21:29 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Swiss Academic Software
2014-05-18 19:50 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-05-16 09:02 - 2014-03-18 17:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 22:27 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-05-15 18:24 - 2014-05-15 18:24 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\DropboxMaster
2014-05-15 18:24 - 2010-12-06 11:35 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-15 18:24 - 2010-10-22 16:59 - 00000000 ___RD () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 11:29 - 2010-10-22 16:59 - 00000000 ___RD () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 10:55 - 2014-04-30 22:56 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-15 00:23 - 2010-04-23 23:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 00:21 - 2013-07-18 09:16 - 00000000 ____D () C:\windows\system32\MRT
2014-05-15 00:19 - 2012-07-17 12:42 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-14 18:11 - 2014-04-25 08:53 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 18:11 - 2012-06-30 12:53 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 18:11 - 2011-06-23 14:02 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 14:59 - 2013-09-13 16:34 - 00000000 _____ () C:\windows\system32\vireng.log
2014-05-11 11:08 - 2012-07-26 20:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 14:05 - 2014-05-10 14:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:14 - 2014-05-14 16:42 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 16:42 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-06 06:40 - 2014-05-15 00:23 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 00:23 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 00:23 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 00:23 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 00:23 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 00:23 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-05 15:04 - 2014-05-05 15:04 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProjectLibre
2014-05-05 15:04 - 2014-05-05 15:04 - 00000000 ____D () C:\Program Files (x86)\ProjectLibre
2014-05-04 19:46 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-05-01 11:38 - 2010-04-23 20:32 - 00699342 _____ () C:\windows\system32\perfh007.dat
2014-05-01 11:38 - 2010-04-23 20:32 - 00149450 _____ () C:\windows\system32\perfc007.dat
2014-05-01 11:38 - 2009-07-14 07:13 - 01619284 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-28 19:01 - 2014-04-28 19:00 - 15974387 _____ () C:\Users\Andreas\Downloads\sit_audios_kb_L04.zip
2014-04-28 16:18 - 2014-04-28 16:17 - 12418048 _____ () C:\Users\Andreas\Downloads\projectlibre-1.5.9.msi
2014-04-25 08:54 - 2010-10-25 17:29 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Adobe
2014-04-21 18:50 - 2014-04-21 18:50 - 17535335 _____ () C:\Users\Andreas\Downloads\sit_audios_kb_L03.zip
Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptranrq.dll
C:\Users\Andreas\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe
[2014-05-14 16:40] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-13 14:53
==================== End Of Log ============================
Addition.txt Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by Andreas at 2014-05-21 08:49:03
Running from C:\Users\Andreas\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{25478065-4CB1-448C-80E4-8C4529017EE3}) (Version: 3.0.32.221 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{86C45F20-F7A4-5AE3-8859-5395166EB4DB}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Brother HL-2040 (HKLM-x32\...\{986AFC7F-EFDD-445C-8890-072CF4D0D9FF}) (Version: 1.00 - Brother)
Catalyst Control Center Core Implementation (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0113.2208.39662 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help English (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help French (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help German (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0113.2207.39662 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
ccc-utility64 (Version: 2010.0113.2208.39662 - ATI) Hidden
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
GrampsAIO64 (HKLM-x32\...\GrampsAIO64) (Version: 3.4.0 - The GRAMPS project)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel 2007 Help - Aggiornamento (KB963678) (HKLM-x32\...\{90120000-0016-0410-0000-0000000FF1CE}_HOMESTUDENTR_{9F57BDED-B51B-4D2F-B360-5B4EFAAF0F1A}) (Version: - Microsoft)
Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM-x32\...\{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version: - Microsoft)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669) (HKLM-x32\...\{90120000-0018-0410-0000-0000000FF1CE}_HOMESTUDENTR_{C76C02F1-B07F-4974-876A-A18DEC9887C8}) (Version: - Microsoft)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM-x32\...\{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version: - Microsoft)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Arabic) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Basque) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Catalan) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Galician) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Italian) 2007 (x32 Version: 12.0.4518.1018 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word 2007 Help - Aggiornamento (KB963665) (HKLM-x32\...\{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{E5B82DB3-DD7D-4C45-BC5E-09864B26F9BC}) (Version: - Microsoft)
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM-x32\...\{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version: - Microsoft)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mise à jour Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version: - Microsoft)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version: - Microsoft)
Mise à jour Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version: - Microsoft)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
msi Software Install (HKLM-x32\...\{07690F1C-04B1-4060-9691-6748ED1826B9}) (Version: 3.0.911.2701 - msi)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
ProjectLibre (HKLM-x32\...\{E29A4ED9-3192-4D72-A2E2-9C32B512714D}) (Version: 1.5.19.0 - ProjectLibre)
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
RStudio (HKLM-x32\...\RStudio) (Version: 0.97.551 - RStudio)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.7 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Image Editor (HKCU\...\DSite) (Version: - ) <==== ATTENTION
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
ZoneAlarm Antivirus (x32 Version: 10.2.081.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 11.0.000.018 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 11.0.000.504 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (x32 Version: 11.0.000.018 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (x32 Version: 11.0.000.504 - Check Point Software Technologies Ltd.) Hidden
==================== Restore Points =========================
19-04-2014 07:56:11 Installed Java 7 Update 55
28-04-2014 13:28:23 Geplanter Prüfpunkt
28-04-2014 14:18:57 Installed ProjectLibre
30-04-2014 20:56:00 Windows Update
01-05-2014 08:19:57 Removed ProjectLibre
01-05-2014 17:19:08 Windows-Sicherung
02-05-2014 21:12:19 Windows Update
05-05-2014 13:03:20 Installed ProjectLibre
14-05-2014 19:53:23 Geplanter Prüfpunkt
14-05-2014 22:16:58 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0ECAE656-0AA8-448A-BC7E-49A229B14AA9} - System32\Tasks\{C37AE8D2-8130-43A8-8DA2-339757255B68} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.156.259/en/abandoninstall?page=tsMain
Task: {194580DB-9F3D-4651-A83E-80AB0244029A} - System32\Tasks\{F4A8A89A-BCB5-4751-BC3D-F57709525509} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/privacy
Task: {29926543-B25B-417C-8900-216FF718E450} - System32\Tasks\{46A0FA7E-80E3-4912-AE40-1DA700C6C093} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/privacy
Task: {3D01257B-AAB3-444D-B12F-E5BFCFA55BD7} - System32\Tasks\{9A82B142-7EAE-47B3-A59E-431B2BEDA6A1} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {66876BB5-26A7-4EF8-8A11-105B7FE42974} - System32\Tasks\{043AE5A7-B063-47B0-BDAB-278BAD4C0613} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/privacy
Task: {6DB48DA4-5A67-4A57-9304-414CF63994AB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {B0193DE4-40D1-428F-BB1E-9FE1D27596CA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {C0CA9A5E-F173-41FF-8971-F86643C6EAE4} - System32\Tasks\{0FD1508A-D2C3-4185-A7EA-4FA6CB0C6FAF} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Task: {C49EA783-550A-4AE7-9BC0-5866E29E113C} - System32\Tasks\{254F1932-24E2-44BD-90EE-5D126D84F718} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/privacy
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2012-01-26 12:10 - 2005-03-12 02:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll
2005-06-07 20:26 - 2005-06-07 20:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR 3.61 Multi\rarext64.dll
2014-05-21 08:39 - 2014-05-21 08:39 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe
2014-05-21 08:25 - 2014-05-21 08:25 - 00041984 _____ () c:\users\andreas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptranrq.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Andreas\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-10 14:04 - 2014-05-10 14:05 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-07-23 18:21 - 2013-07-18 00:56 - 00430080 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\FirefoxPickerCommunication.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^Users^Andreas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: ISW => "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
MSCONFIG\startupreg: MGSysCtrl => C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/20/2014 07:24:46 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Produkt: Sophos AutoUpdate -- Fehler 25010. Beim Starten der spezifischen Aktion 'UpdateSubscriptionInfo' ist ein Fehler aufgetreten. Grund: Unable to read SetupConfig.dat or Migration.dat Bitte wenden Sie sich an Ihren Support.
Error: (05/19/2014 10:48:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SSDPSRV, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002bad0
ID des fehlerhaften Prozesses: 0xb98
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SSDPSRV0
Pfad der fehlerhaften Anwendung: svchost.exe_SSDPSRV1
Pfad des fehlerhaften Moduls: svchost.exe_SSDPSRV2
Berichtskennung: svchost.exe_SSDPSRV3
Error: (05/17/2014 01:44:13 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/16/2014 09:22:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000016eec
ID des fehlerhaften Prozesses: 0xe98
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (05/16/2014 09:00:25 AM) (Source: MsiInstaller) (EventID: 1024) (User: Keith)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/15/2014 11:12:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d2c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000020a7a
ID des fehlerhaften Prozesses: 0x11dc
Startzeit der fehlerhaften Anwendung: 0xtaskeng.exe0
Pfad der fehlerhaften Anwendung: taskeng.exe1
Pfad des fehlerhaften Moduls: taskeng.exe2
Berichtskennung: taskeng.exe3
Error: (05/14/2014 09:51:15 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (05/14/2014 09:47:55 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/13/2014 02:58:54 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (05/13/2014 02:55:37 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (05/20/2014 10:33:46 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{C093F9C6-F5BB-4680-AF2E-9A0C823B5BBC}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (05/20/2014 10:25:51 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (05/19/2014 10:48:06 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "SSDP-Suche" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (05/19/2014 10:48:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/19/2014 10:48:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "SSDP-Suche" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/19/2014 10:48:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/17/2014 04:33:32 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{C093F9C6-F5BB-4680-AF2E-9A0C823B5BBC}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (05/16/2014 09:22:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/16/2014 09:22:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "SSDP-Suche" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/16/2014 09:22:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (04/04/2014 03:33:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 25 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/19/2014 04:52:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 11652 seconds with 3540 seconds of active time. This session ended with a crash.
Error: (03/19/2014 01:37:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3688 seconds with 2400 seconds of active time. This session ended with a crash.
Error: (03/18/2014 04:49:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 24801 seconds with 11700 seconds of active time. This session ended with a crash.
Error: (03/10/2014 04:37:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4936 seconds with 3900 seconds of active time. This session ended with a crash.
Error: (02/19/2014 01:17:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 10479 seconds with 7020 seconds of active time. This session ended with a crash.
Error: (02/12/2014 01:39:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 13141 seconds with 9120 seconds of active time. This session ended with a crash.
Error: (02/10/2014 04:10:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/24/2014 10:31:57 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 131 seconds with 120 seconds of active time. This session ended with a crash.
Error: (11/04/2013 05:38:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2597 seconds with 1740 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2013-07-12 13:23:42.191
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-12 10:30:36.381
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-12 09:13:38.341
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-12 08:18:33.584
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-11 22:05:03.348
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-11 18:53:57.408
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-11 18:10:45.093
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-11 17:55:42.661
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-11 17:18:33.239
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-11 14:01:19.549
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 43%
Total physical RAM: 4095.3 MB
Available physical RAM: 2297.21 MB
Total Pagefile: 8188.79 MB
Available Pagefile: 6287.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (OS_Install) (Fixed) (Total:273.4 GB) (Free:218.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:180.26 GB) (Free:61.73 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: D8F85949)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=273 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=180 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Gmer.txt Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-21 09:13:59
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD5000BEVT-22A0RT0 rev.01.01A01 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Andreas\AppData\Local\Temp\kgtdqpob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031f4000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff800031f4011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1124] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75]
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1124] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1920] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1920] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1956] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1956] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75]
.text ... * 2
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe[1368] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75]
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe[1368] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75]
.text ... * 2
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[2112] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75]
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[2112] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75]
.text ... * 2
.text C:\windows\Explorer.EXE[2844] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077371890 5 bytes JMP 000000016fff00d8
.text C:\windows\Explorer.EXE[2844] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 00000000773ef490 8 bytes JMP 000000016fff0110
.text C:\windows\Explorer.EXE[2844] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefd837490 11 bytes JMP 000007fffd8000d8
.text C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3000] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75]
.text C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3000] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3064] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3064] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75]
.text ... * 2
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe[112] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75]
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe[112] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75]
.text ... * 2
.text C:\Users\Andreas\Desktop\Gmer-19357.exe[3504] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75]
.text C:\Users\Andreas\Desktop\Gmer-19357.exe[3504] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75]
.text ... * 2
---- Processes - GMER 2.1 ----
Library C:\Users\Andreas\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3000](2014-01-03 03:42:50) 0000000003ce0000
Library c:\users\andreas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptranrq.dll (*** suspicious ***) @ C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3000](2014-05-21 06:25:29) 00000000044e0000
Library C:\Users\Andreas\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3000](2013-10-18 23:55:02) 000000006fcf0000
Library C:\Users\Andreas\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3000] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 00000000739d0000
---- EOF - GMER 2.1 ----
|
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
