Nach dem (erfolgreichen) Download und der erfolgreichen Installation von "Audiograbber" werden in Firfox Seiten mit Adressen: "123srv" und "lmbxbox600" geöffnet. Außerdem werden Texte mit Hyperlinks versehen, die auf Werbung verweisen (Ads by RR savings) und "filebunker.com".
Das ist mir mehr als ungeheuer und ich weiß nicht, wie das beheben soll.
Für Hilfe bin ich dankbar!

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2014
Ran by hsteindo at 2014-04-25 09:36:44
Running from D:\Users\hsteindo\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.5 - Hewlett-Packard) Hidden
actions-langs (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Agent Connected Backup/PC (HKLM-x32\...\{393E4C89-67E9-43BF-AD29-94D19F7624F7}) (Version: 8.6 - Autonomy Corporation plc)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 7.01.00 - )
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arch-To-Pst for Notes 4.5.4.29539 STERIA Corporate Version (HKLM-x32\...\Arch-To-Pst for Notes_is1) (Version: 4.5.4.29539 - Refresh IT Solutions)
assetmanagementmodule-langs (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
auth-satellite-server-langs (x32 Version: 11.2.3.18533 - Novell, Inc.) Hidden
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
bundle-langs (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
CASA (HKLM\...\{DA40BB75-1C00-4D4B-A001-F11E9011748F}) (Version: 1.7.1805 - Novell)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Configuration Manager Client (Version: 5.00.7804.1000 - Microsoft Corporation) Hidden
content-distribution-point-langs (x32 Version: 11.2.3.18533 - Novell, Inc.) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DNE Update (HKLM\...\{7A535F79-8940-4120-A110-C582ED84EFB1}) (Version: 4.15.2.18623 - Deterministic Networks, Inc.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.36 - )
Engineering Client Viewer 7.0 (HKLM-x32\...\SAP_Engineering Client Viewer 7.0) (Version:  - SAP AG)
Eumex 800 V1.30 (HKLM-x32\...\InstallShield_{FACE9D51-E374-4DDB-857C-816FCB1D6B40}) (Version: 1.30.0000 - T-Home)
Eumex 800 V1.30 (x32 Version: 1.30.0000 - T-Home) Hidden
Eumex RNDIS64 Treiber V1.02 (HKLM\...\{293C4FDD-FB80-48F8-8B40-F085392FDAA1}) (Version: 1.02.0000 - Deutsche Telekom)
FreeHD-Sport TV V9.0 (HKLM-x32\...\FreeHD-Sport TV V9.0) (Version: 1.34.3.28 - installdaddy)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2778 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
inventory-langs (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
Java 2 Runtime Environment, SE v1.4.2_19 (HKLM-x32\...\{7148F0A8-6813-11D6-A77B-00B0D0142190}) (Version: 1.4.2_19 - Sun Microsystems, Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
KeePass Password Safe 2.22 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.21 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.03.0005 - Lenovo)
Lotus Notes 8.5.3 de (HKLM-x32\...\{D17BC5AF-E3C4-4217-83EF-D228A8A154D9}) (Version: 8.53.11286 - IBM)
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Lync 2010 (HKLM\...\{58A013B1-1613-4978-881A-FCA43710C84A}) (Version: 4.0.7577.4384 - Microsoft Corporation)
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1146-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1150 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Online Services-Anmeldeassistent (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Policy Platform (Version: 1.2.3602.0 - Microsoft Corporation) Hidden
Microsoft Redistributable Files (x64) (Version: 9.0 - Novell, Inc.) Hidden
Microsoft Redistributable Files (x86) (x32 Version: 9.0 - Novell, Inc.) Hidden
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.2.3.2 - Ericsson AB)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
NICI U.S./Worldwide 2.77.1.0 (x32) (HKLM-x32\...\{6FCC48CA-FE49-44D6-A930-7E331E62937F}) (Version: 2.77.1.0 - Novell, Inc.)
NICI U.S./Worldwide 2.77.1.0 (x64) (HKLM\...\{123B3157-26AF-43F5-AD46-AB200AC56292}) (Version: 2.77.1.0 - Novell, Inc.)
NMAS Challenge Response Method (HKLM\...\{54031C8D-F80D-47BB-B3CA-5E9BD7750C27}) (Version: 2.8.3.3 - Novell, Inc.)
NMAS Client (HKLM\...\{22859902-78CE-40B0-9429-6FE7A00BBF85}) (Version: 3.5.1.1 - Novell, Inc.)
Novell CASA Authentication Token Client (x64) (HKLM\...\{59902F84-B456-457B-AD52-A6A2F6A493C3}) (Version: 1.7.1774 - Novell, Inc.)
Novell Client für Windows (HKLM\...\Novell Client for Windows) (Version: 2 SP3 - Novell, Inc.)
Novell iPrint Client v05.82.00 (HKLM\...\Novell iPrint Client) (Version:  - Novell, Inc.)
Novell ZENworks (HKLM-x32\...\ZENworks) (Version: 11.2.3.21755 - Novell, Inc.)
Novell ZENworks Adaptive Agent Help (x32 Version: 11.2.3.18533 - Novell, Inc.) Hidden
Novell ZENworks Endpoint Security Agent (x32 Version: 11.2.3.362 - Novell) Hidden
Novell ZENworks Image-Safe Data Service (x32 Version: 11.2.3.18519 - Novell, Inc.) Hidden
Novell ZENworks Remote Management (Version: 11.2.3.18534 - Novell, Inc.) Hidden
novell-zenworks-patch-management-agent (x32 Version: 11.2.3.12 - Novell Inc) Hidden
PatchBeam v1.10 (HKLM-x32\...\PatchBeam_is1) (Version: 1.00 - ConeXware, Inc.)
patch-langs (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
PDF24 Creator (HKLM-x32\...\{2AF85095-391A-462F-9CBD-28EC57966F85}) (Version: 5.4.0 - www.pdf24.org)
Policy Action Handler Resources (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
Policy Handler Resources (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
policy-langs (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
PowerArchiver 2010 (HKLM-x32\...\{2417A012-73B3-4926-95D0-FE0A97B5BCC0}) (Version: 11.71.04 - ConeXware, Inc.)
primary-agent-langs (x32 Version: 11.2.3.18533 - Novell, Inc.) Hidden
Protegere (HKLM-x32\...\Protegere) (Version:  - )
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
QuickTime Alternative 3.2.2 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 3.2.2 - )
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Refresh MigrNAB 1.4.1.0 STERIA Corporate Version (HKLM-x32\...\Refresh MigrNAB_is1) (Version: 1.4.1.0 - Refresh IT Solutions)
remotemanagement-langs (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
RrFilter (Version: 1.0.0.0 - RrFilter) Hidden
rrsavings (HKLM\...\rrsavings) (Version: 2.0.1 - rrsavings) <==== ATTENTION
RrSavings (x32 Version: 1.0.0.0 - RrSavings) Hidden <==== ATTENTION
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
SAP Business Explorer (HKLM-x32\...\SAPBI) (Version: 7.30 - SAP AG)
SAP GUI for Windows 7.30 (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 1 - SAP)
SAP JNet (HKLM-x32\...\SAP_JNet) (Version:  - SAP AG)
SAP Mobile Infrastructure (HKLM-x32\...\InstallShield_{9E7260AC-22D9-4622-AA26-7CD6011D9DA4}) (Version: 2.5 - <ISProductFolder>\Redist\Language Independent\OS Independent\DestIcon.ibd)
SAP Mobile Infrastructure (x32 Version: 2.5 - <ISProductFolder>\Redist\Language Independent\OS Independent\DestIcon.ibd) Hidden
SAPSetup Automatic Workstation Update Service (HKLM-x32\...\SAP_WUS) (Version:  - SAP AG)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.12.20.154 - Conduit) <==== ATTENTION
See & Share (HKLM-x32\...\{72E37E13-0FB8-4644-A8E8-F2900B9C7B67}) (Version: 3.1.39.1 - Tandberg)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM-x32\...\{09959E11-AD5D-408E-96AF-E3346954D6B8}) (Version: 1.0.0 - Microsoft)
Sierra Wireless QMI Lenovo Driver Package (HKLM-x32\...\SWILenovoDrvInstaller) (Version: 1.0.45.0 - Sierra Wireless Inc.)
SMC Vorlagen für Office 2010 (HKLM-x32\...\{F1E96F10-C9DC-4D6F-BF13-CFD6CABD3438}_is1) (Version: 5.94 - Steria Mummert Consulting GmbH)
SnagIt 8 (HKLM-x32\...\{93699C3E-005E-4294-87CA-F5B7DE2CD687}) (Version: 8.0.2 - TechSmith Corporation)
status-collection-point-langs (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
Steria ConfigMgr Local Policy (x32 Version: 1.0.0 - Steria Limited) Hidden
Symantec Endpoint Protection (HKLM\...\{540E5E40-78A4-4D59-8615-6CB83753ABD2}) (Version: 12.1.3001.165 - Symantec Corporation)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.2 - )
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.36.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{38294D95-DB90-4D8C-824C-26856E5001A6}) (Version: 5.9.8.7264 - Authentec Inc.)
usermanagement-langs-x86_64 (Version: 11.2.3.18533 - Novell, Inc.) Hidden
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
windows-desktop-langs-x86_64 (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
Windows-Treiberpaket - T-Home Net  (06/30/2010 6.0.6000.16384) (HKLM\...\7B73EBFEF26F2C40D3AA9D389F5CF2C77121106C) (Version: 06/30/2010 6.0.6000.16384 - T-Home)
WinProxy-langs (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.)
zencore-agent-langs (x32 Version: 11.2.3.18533 - Novell, Inc.) Hidden
zennotifyicon-langs (x32 Version: 11.2.3.18533 - Novell, Inc.) Hidden
ZENworks Action Handlers (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
ZENworks Action Utilities (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
ZENworks Actions (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
ZENworks Agent Asset Management Module (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
ZENworks Agent Authentication Satellite Module (x32 Version: 11.2.3.18533 - Novell, Inc.) Hidden
ZENworks Agent Bundle Management (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
ZENworks Agent Core Modules (x32 Version: 11.2.3.20677 - Novell, Inc.) Hidden
ZENworks Agent Inventory Management (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
ZENworks Agent Patch Management (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
ZENworks Agent Policy Management (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
ZENworks Agent System Update Module (x32 Version: 11.2.3.18533 - Novell, Inc.) Hidden
ZENworks Agent WinProxy Module (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
ZENworks Content Distribution Point (x32 Version: 11.2.3.19588 - Novell, Inc.) Hidden
ZENworks DLU Policy Handler (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
ZENworks Extensions Libraries (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
ZENworks Group Policy Handler (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
ZENworks Image Management (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
ZENworks Image-Safe Data Agent (x32 Version: 11.2.3.18519 - Novell, Inc.) Hidden
ZENworks Imaging Server (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
ZENworks Information Icon (x32 Version: 11.2.3.18533 - Novell, Inc.) Hidden
ZENworks Launcher Policy Handler (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
ZENworks Patch Management Agent (HKLM\...\{554C3EB0-B5FB-423D-8098-9F298F29E0E7}) (Version: 6.4.2.504 - Novell, Inc.)
ZENworks Policy Handlers (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
ZENworks Policy Libraries (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
ZENworks Primary Agent (x32 Version: 11.2.3.21744 - Novell, Inc.) Hidden
ZENworks Remote Management (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
ZENworks Status Collection Point (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
ZENworks Uninstaller (x32 Version: 11.2.3.18534 - Novell, Inc.) Hidden
ZENworks User Management (Version: 11.2.3.18533 - Novell, Inc.) Hidden
ZENworks Version Information (x32 Version: 11.2.3.21755 - Novell, Inc.) Hidden
ZENworks Windows UI (x32 Version: 11.2.3.21005 - Novell, Inc.) Hidden

==================== Restore Points  =========================

23-04-2014 11:00:16 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0E2642C6-1588-44EE-BB1B-FEB2FF35E3F5} - System32\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-5 => C:\Program Files (x86)\FreeHD-Sport TV V9.0\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-5.exe
Task: {19423D66-CE96-4759-A186-E272AC8AB74E} - System32\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-4 => C:\Program Files (x86)\FreeHD-Sport TV V9.0\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-4.exe
Task: {29110209-8361-499C-8D08-CBA049162FBA} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-16] (Adobe Systems Incorporated)
Task: {3D4D434B-77CC-412F-BB7C-1798FC95A6C0} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {4B2ED68E-8F49-4C5D-9627-67EF485D2D61} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {51F60F0E-AE1D-472F-AF5F-90AB5023F0F6} - System32\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-2 => C:\Program Files (x86)\FreeHD-Sport TV V9.0\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-2.exe
Task: {586F1246-C390-409F-B773-AD7A91D07454} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2012-11-21] (Microsoft Corporation)
Task: {5DF1F066-623D-43EF-B218-DE402A140DF2} - System32\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-3 => C:\Program Files (x86)\FreeHD-Sport TV V9.0\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-3.exe [2014-04-01] (installdaddy)
Task: {7C517696-2E84-4BD1-B3CA-3A7F8E967B6E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2260904419-1400770398-4175912926-164630 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9948D7BE-9986-4810-AABB-4BB7E3B36758} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2260904419-1400770398-4175912926-164630 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9C51E015-9F44-4B29-808D-3FE462D47231} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-09-17] ()
Task: {A95EA855-C7ED-4B3A-BA6D-23B5E05A8218} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12] (Google Inc.)
Task: {BA10FFEB-5BDD-4F04-88AF-64B65C847EDE} - System32\Tasks\PriceMeterUpdater => D:\Users\hsteindo\AppData\Roaming\PriceMeterUpdater\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {C7D98B69-2E6E-4DBC-B741-E9A0FBC574BD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CB2313CF-3A30-4509-A344-83D83A7ECCCF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12] (Google Inc.)
Task: {E3CE5B52-F953-4A6F-AC16-576313D9556B} - System32\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-1 => C:\Program Files (x86)\FreeHD-Sport TV V9.0\FreeHD-Sport TV V9.0-codedownloader.exe
Task: C:\WINDOWS\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-1.job => C:\Program Files (x86)\FreeHD-Sport TV V9.0\FreeHD-Sport TV V9.0-codedownloader.exe
Task: C:\WINDOWS\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-2.job => C:\Program Files (x86)\FreeHD-Sport TV V9.0\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-2.exe
Task: C:\WINDOWS\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-3.job => C:\Program Files (x86)\FreeHD-Sport TV V9.0\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-3.exe
Task: C:\WINDOWS\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-4.job => C:\Program Files (x86)\FreeHD-Sport TV V9.0\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-4.exe
Task: C:\WINDOWS\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-5.job => C:\Program Files (x86)\FreeHD-Sport TV V9.0\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-5.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PriceMeterUpdater.job => D:\Users\hsteindo\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-04-25 13:15 - 2013-01-15 20:47 - 00048696 _____ () C:\WINDOWS\system32\ncv1_0.DLL
2013-02-06 17:50 - 2013-02-06 17:50 - 00068608 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\nzrSwitcher.dll
2013-04-25 13:15 - 2013-01-15 20:47 - 01004088 _____ () C:\WINDOWS\system32\ncnetprovider.dll
2013-04-25 13:15 - 2013-01-15 20:47 - 00109112 _____ () C:\WINDOWS\system32\NCLangID.dll
2013-04-25 13:15 - 2013-01-15 20:47 - 00174648 _____ () C:\WINDOWS\system32\MAPBASE.dll
2013-04-25 13:15 - 2013-01-15 20:47 - 00272440 _____ () C:\WINDOWS\system32\NWSHLXNT.dll
2013-04-25 13:15 - 2012-12-17 12:54 - 00016384 _____ () C:\WINDOWS\system32\nls\DEUTSCH\NCLangIDR.DLL
2013-04-25 13:15 - 2012-12-17 12:54 - 00086528 _____ () C:\WINDOWS\system32\nls\DEUTSCH\MAPBASER.DLL
2013-04-25 13:15 - 2012-12-17 12:54 - 00102400 _____ () C:\WINDOWS\system32\nls\DEUTSCH\NWSHLXNTR.DLL
2013-04-25 13:15 - 2012-12-17 12:54 - 00496640 _____ () C:\WINDOWS\system32\nls\DEUTSCH\ncnetproviderR.DLL
2013-04-25 13:15 - 2013-01-15 20:47 - 02458168 _____ () C:\WINDOWS\system32\noveap.dll
2013-02-04 22:05 - 2013-02-04 22:05 - 00580096 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\sqlite3.DLL
2013-04-09 18:11 - 2013-04-09 18:11 - 00009216 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\Localizer.XmlSerializers.dll
2013-02-06 11:33 - 2013-02-06 11:33 - 00040960 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\ZMD_de.dll
2013-02-06 11:39 - 2013-02-06 11:39 - 00008192 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\LoggerUI_de.dll
2013-02-06 11:36 - 2013-02-06 11:36 - 00005120 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\ZenNotifyIconModule_de.dll
2013-02-06 11:39 - 2013-02-06 11:39 - 00010240 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\ZenNotifyIconPlugins_de.dll
2013-02-06 11:35 - 2013-02-06 11:35 - 00004608 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\SettingsModule_de.dll
2013-02-06 11:35 - 2013-02-06 11:35 - 00036864 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\RegistrationModule_de.dll
2012-03-22 09:57 - 2012-03-22 09:57 - 00439296 _____ () C:\WINDOWS\system32\casa_authtoken.DLL
2012-12-12 13:45 - 2012-12-12 13:45 - 00074752 _____ () C:\WINDOWS\system32\micasa.dll
2012-12-12 13:44 - 2012-12-12 13:44 - 00069120 _____ () C:\WINDOWS\system32\micasacache.dll
2013-02-06 12:37 - 2013-02-06 12:37 - 00011776 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\WinProxyUI_de.dll
2013-02-06 12:27 - 2013-02-06 12:27 - 00007680 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\StatusCollectionPoint_de.dll
2013-02-06 11:45 - 2013-02-06 11:45 - 00036864 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\ContentDistributionPoint_de.dll
2013-04-09 18:14 - 2013-04-09 18:14 - 00692224 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\zmd.XmlSerializers.dll
2013-02-06 11:44 - 2013-02-06 11:44 - 00028672 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\AuthSatellite_de.dll
2013-02-06 12:27 - 2013-02-06 12:27 - 00008704 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\PolicyManager_de.dll
2013-02-06 12:27 - 2013-02-06 12:27 - 00135168 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\Novell.Zenworks.PolicyManager.XmlSerializers.dll
2013-02-06 12:27 - 2013-02-06 12:27 - 00065536 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\PolicyHandlersResource_de.dll
2013-02-06 12:29 - 2013-02-06 12:29 - 00040960 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\RemoteManagement_de.dll
2013-02-06 12:28 - 2013-02-06 12:28 - 00006656 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\PatchModule_de.dll
2013-02-06 12:26 - 2013-02-06 12:26 - 00045056 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\AppModule_de.dll
2013-02-06 12:34 - 2013-02-06 12:34 - 00005632 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\NalModule_de.dll
2013-03-21 17:11 - 2013-03-21 17:11 - 00155648 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\RegistrationModule.XmlSerializers.dll
2013-02-06 12:28 - 2013-02-06 12:28 - 00028672 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\InventoryManager_de.dll
2013-02-06 11:34 - 2013-02-06 11:34 - 00003584 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\StatusSender_de.dll
2013-02-06 11:38 - 2013-02-06 11:38 - 00005120 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\SatelliteRoles_de.dll
2013-03-21 17:13 - 2013-03-21 17:13 - 00212992 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\requirements.XmlSerializers.dll
2013-03-21 17:13 - 2013-03-21 17:13 - 00237568 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\ActionManager.XmlSerializers.dll
2013-02-06 12:28 - 2013-02-06 12:28 - 00278528 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\InventoryManager.XmlSerializers.dll
2013-02-06 12:26 - 2013-02-06 12:26 - 00315392 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\AppModule.XmlSerializers.dll
2013-02-06 11:36 - 2013-02-06 11:36 - 00007680 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\ContentManager_de.dll
2013-02-06 11:37 - 2013-02-06 11:37 - 00024576 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\ActionMan_de.dll
2013-02-06 12:29 - 2013-02-06 12:29 - 00009216 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\GenericActions_de.dll
2012-03-22 09:56 - 2012-03-22 09:56 - 00094720 _____ () C:\Program Files\novell\casa\lib\pwmech.dll
2013-03-21 17:14 - 2013-03-21 17:14 - 00053248 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\ContainmentRefresh.XmlSerializers.dll
2013-03-21 17:14 - 2013-03-21 17:14 - 00049152 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\QuickTaskManager.XmlSerializers.dll
2013-03-21 17:11 - 2013-03-21 17:11 - 00110592 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\AssignmentManager.XmlSerializers.dll
2013-03-21 17:12 - 2013-03-21 17:12 - 00237568 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\ContentManager.XmlSerializers.dll
2013-03-21 17:11 - 2013-03-21 17:11 - 00053248 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\Novell.Zenworks.Settings.XmlSerializers.dll
2013-02-06 12:29 - 2013-02-06 12:29 - 00106496 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\Novell.Zenworks.RMModule.XmlSerializers.dll
2013-02-06 11:31 - 2013-02-06 11:31 - 00004608 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\LoggerResource_de.dll
2013-03-21 17:13 - 2013-03-21 17:13 - 00014848 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\ZESMCoreSettingsModule.XmlSerializers.dll
2013-02-06 12:29 - 2013-02-06 12:29 - 00094208 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\XmlSerializers\GenericActions.XmlSerializers.dll
2013-04-25 13:15 - 2013-01-15 20:47 - 00152120 _____ () C:\Program Files\Novell\Client\XTier\Common\libslp.dll
2014-04-24 21:16 - 2014-04-24 21:16 - 00706560 _____ () C:\Program Files\002\bukgmhvrux64.exe
2014-04-24 21:15 - 2014-04-24 21:15 - 01005056 _____ () D:\Users\hsteindo\AppData\Roaming\BupSystem\bup.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-03-06 15:52 - 2014-03-06 15:52 - 00171008 _____ () c:\Program Files\RrFilter\RrFilterService64.exe
2014-03-04 13:25 - 2014-03-04 13:25 - 00110080 _____ () c:\Program Files\RrFilter\nfapi.dll
2014-03-04 13:25 - 2014-03-04 13:25 - 00317952 _____ () c:\Program Files\RrFilter\ProtocolFilters.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-04-25 12:43 - 2012-09-24 06:36 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2013-04-25 12:30 - 2012-08-29 17:15 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-25 13:15 - 2013-01-15 20:47 - 00039992 _____ () C:\Program Files\Novell\Client\nwtray.exe
2013-04-25 13:15 - 2013-01-15 20:47 - 01004088 _____ () C:\WINDOWS\system32\NCNetProvider.DLL
2013-04-25 13:15 - 2012-12-17 12:54 - 00496640 _____ () C:\WINDOWS\system32\nls\DEUTSCH\NCNetProviderR.DLL
2013-05-22 20:50 - 2013-05-22 20:50 - 00400704 _____ () D:\Users\hsteindo\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2013-11-07 23:07 - 2014-03-13 22:32 - 01398064 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe
2013-02-06 11:43 - 2013-02-06 11:43 - 00011264 _____ () C:\Program Files (x86)\Novell\ZENworks\lang\ZenNotifyIcon_de.dll
2013-04-25 12:37 - 2012-03-21 07:35 - 00051776 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-04-24 21:15 - 2014-04-24 21:15 - 00374272 _____ () D:\Users\hsteindo\AppData\Roaming\BupSystem\sub\default.dll
2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2013-04-25 12:46 - 2011-08-02 04:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2013-04-25 12:46 - 2011-08-02 04:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2012-11-23 17:47 - 2012-11-23 17:47 - 00053248 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\xmlparse.dll
2012-11-23 17:47 - 2012-11-23 17:47 - 00081920 _____ () C:\Program Files (x86)\Novell\ZENworks\bin\xmltok.dll
2008-09-11 15:20 - 2008-09-11 15:20 - 03264512 _____ () C:\Program Files (x86)\ZENworks\Patch Management Agent\cryptocme2.dll
2013-04-25 12:38 - 2011-07-13 11:10 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband drivers\WMCore\MBMDebug.dll
2013-04-25 12:39 - 2012-02-21 12:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-11-07 23:05 - 2014-03-13 22:34 - 08952624 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\wgui13.dll
2013-11-07 23:05 - 2014-03-13 22:32 - 00028672 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\rsdcom48.dll
2013-11-07 23:05 - 2014-03-13 22:32 - 00309040 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\rscorewinapi48.dll
2013-11-07 23:05 - 2014-03-13 22:32 - 00321328 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\rsguiwinapi48.dll
2013-11-07 23:05 - 2014-03-13 22:33 - 03506992 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\wcore13.dll
2013-11-07 23:05 - 2014-03-13 22:32 - 00136496 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\rsodbc48.dll
2013-11-07 23:05 - 2014-03-14 10:55 - 02194736 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\wfvie13.dll
2013-11-07 23:05 - 2014-03-13 22:33 - 01611056 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\wsteu13.dll
2013-11-07 23:05 - 2014-03-13 22:32 - 01739568 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\wreli13.dll
2013-11-07 23:05 - 2014-03-13 22:33 - 04273456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\wauff13.dll
2013-01-17 15:30 - 2014-01-14 11:50 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\clucene-core.dll
2013-01-17 15:30 - 2014-01-14 11:50 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\clucene-shared.dll
2013-01-17 15:30 - 2014-01-14 11:50 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\clucene-contribs-lib.dll
2013-11-07 23:05 - 2014-03-13 22:32 - 01505584 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\wmain13.dll
2013-11-07 23:05 - 2014-03-13 22:33 - 04972336 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\wbae113.dll
2013-11-07 23:05 - 2014-03-13 22:33 - 01373488 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\wbae213.dll
2013-11-07 23:05 - 2014-03-13 22:33 - 01748784 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\wbae313.dll
2013-11-07 23:05 - 2014-03-13 22:33 - 01582896 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\wbae413.dll
2013-11-07 23:05 - 2014-03-13 22:33 - 01147184 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\whau113.dll
2013-11-07 23:05 - 2014-03-13 22:33 - 01230640 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\whau213.dll
2013-11-07 23:05 - 2014-03-13 22:33 - 01307952 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\wwerb13.dll
2013-11-07 23:05 - 2014-03-13 22:33 - 06789936 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\wkont13.dll
2013-11-07 23:05 - 2014-03-13 22:33 - 01253888 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\wimp13.dll
2013-11-07 23:05 - 2014-03-13 22:33 - 01317168 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2013\wfabu13.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () D:\Users\hsteindo\AppData\Roaming\Dropbox\bin\libcef.dll
2010-01-08 19:39 - 2010-01-08 19:39 - 00091488 _____ () C:\Program Files (x86)\ZENworks\Patch Management Agent\Content.Common.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-12-21 01:15 - 2010-12-21 01:15 - 01041248 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-04-02 10:55 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-16 12:49 - 2014-04-16 12:49 - 16351920 _____ () C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ZESService => "ImagePath"="C:\Program Files (x86)\Novell\ZENworks\esm\ZESService.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ZESService => "ImagePath"="C:\Program Files (x86)\Novell\ZENworks\esm\ZESService.exe"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/25/2014 09:33:54 AM) (Source: Novell.Zenworks.Logger) (User: )
Description: Kategorie: BundleManager 
GenericActions.LaunchExitError: Fehler bei Aufruf von wusa.exe.  Endcode: 2359302

Error: (04/25/2014 09:30:34 AM) (Source: Novell.Zenworks.Logger) (User: )
Description: Kategorie: BundleManager 
GenericActions.LaunchExitError: Fehler bei Aufruf von D:\Users\hsteindo\AppData\Local\Temp\outlook2010-kb2817371-fullfile-x86-glb.exe.  Endcode: 17025

Error: (04/25/2014 09:27:13 AM) (Source: Novell.Zenworks.Logger) (User: )
Description: Kategorie: BundleManager 
GenericActions.LaunchExitError: Fehler bei Aufruf von wusa.exe.  Endcode: 2359302

Error: (04/25/2014 09:26:52 AM) (Source: Novell.Zenworks.Logger) (User: )
Description: Kategorie: BundleManager 
ActionMan.CachedItemError: CachedItemError (Adobe Reader)

Error: (04/25/2014 09:26:17 AM) (Source: AutoEnrollment) (User: )
Description: AD-ONE\hsteindo0x8007041dDer Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (04/25/2014 09:23:18 AM) (Source: Novell.Zenworks.Logger) (User: )
Description: Kategorie: ZESM Core Settings 
Unable to decrypt encrypted Settings XML.StackTrace =   bei Novell.Zenworks.ZESMCoreSetttings.ZESMCoreSetttingsModule.ApplySecuritySettings(String encrSecuritySettings): StackTrace =   bei Novell.Zenworks.ZESMCoreSetttings.ZESMCoreSetttingsModule.ApplySecuritySettings(String encrSecuritySettings)

Error: (04/25/2014 09:18:35 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/25/2014 09:18:35 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/25/2014 09:18:35 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/25/2014 09:18:35 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (04/25/2014 09:24:49 AM) (Source: Microsoft-Windows-GroupPolicy) (User: AD-ONE)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error: (04/25/2014 09:19:04 AM) (Source: TermService) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.

Error: (04/25/2014 09:17:12 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT-AUTORITÄT)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error: (04/25/2014 09:15:59 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
ASPI32
cdrom

Error: (04/25/2014 09:15:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinkHandler" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/25/2014 09:15:57 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Novell ZENworks ISD Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%14001

Error: (04/25/2014 09:15:56 AM) (Source: NETLOGON) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne AD-ONE aufgrund der folgenden
Ursache nicht einrichten: 
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (04/25/2014 09:15:46 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ASPI32.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (04/24/2014 09:22:42 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (04/24/2014 09:18:52 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056


Microsoft Office Sessions:
=========================
Error: (04/25/2014 09:33:54 AM) (Source: Novell.Zenworks.Logger)(User: )
Description: Kategorie: BundleManager 
GenericActions.LaunchExitError: Fehler bei Aufruf von wusa.exe.  Endcode: 2359302

Error: (04/25/2014 09:30:34 AM) (Source: Novell.Zenworks.Logger)(User: )
Description: Kategorie: BundleManager 
GenericActions.LaunchExitError: Fehler bei Aufruf von D:\Users\hsteindo\AppData\Local\Temp\outlook2010-kb2817371-fullfile-x86-glb.exe.  Endcode: 17025

Error: (04/25/2014 09:27:13 AM) (Source: Novell.Zenworks.Logger)(User: )
Description: Kategorie: BundleManager 
GenericActions.LaunchExitError: Fehler bei Aufruf von wusa.exe.  Endcode: 2359302

Error: (04/25/2014 09:26:52 AM) (Source: Novell.Zenworks.Logger)(User: )
Description: Kategorie: BundleManager 
ActionMan.CachedItemError: CachedItemError (Adobe Reader)

Error: (04/25/2014 09:26:17 AM) (Source: AutoEnrollment)(User: )
Description: AD-ONE\hsteindo0x8007041dDer Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (04/25/2014 09:23:18 AM) (Source: Novell.Zenworks.Logger)(User: )
Description: Kategorie: ZESM Core Settings 
Unable to decrypt encrypted Settings XML.StackTrace =   bei Novell.Zenworks.ZESMCoreSetttings.ZESMCoreSetttingsModule.ApplySecuritySettings(String encrSecuritySettings): StackTrace =   bei Novell.Zenworks.ZESMCoreSetttings.ZESMCoreSetttingsModule.ApplySecuritySettings(String encrSecuritySettings)

Error: (04/25/2014 09:18:35 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\ZENworks\Patch Management Agent\PLInv32.exe

Error: (04/25/2014 09:18:35 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\ZENworks\Patch Management Agent\PLInv32.exe

Error: (04/25/2014 09:18:35 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\ZENworks\Patch Management Agent\PLInv32.exe

Error: (04/25/2014 09:18:35 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\ZENworks\Patch Management Agent\PLInv32.exe


CodeIntegrity Errors:
===================================
  Date: 2014-02-05 22:27:25.805
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-27 16:36:56.292
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-27 16:33:58.016
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-13 20:27:24.522
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sysfer.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-13 15:10:23.542
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sysfer.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-13 10:15:44.320
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sysfer.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-13 09:42:18.130
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sysfer.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-13 09:17:49.866
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sysfer.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-13 09:01:42.836
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sysfer.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-13 08:49:22.117
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sysfer.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 16081.65 MB
Available physical RAM: 11632.7 MB
Total Pagefile: 32161.49 MB
Available Pagefile: 27434.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:80 GB) (Free:14.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:68.55 GB) (Free:43.2 GB) NTFS
Drive e: (SDA300) (Fixed) (Total:298.09 GB) (Free:274.47 GB) NTFS
Drive z: (public) (Network) (Total:916.41 GB) (Free:513.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: A4AD6292)
Partition 1: (Active) - (Size=80 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=69 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 7A312A1C)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by hsteindo (administrator) on MC00021037 on 25-04-2014 09:36:17
Running from D:\Users\hsteindo\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Novell, Inc) C:\Program Files (x86)\Novell\CASA\bin\micasad.exe
(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\ZenworksWindowsService.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
(Autonomy Corporation plc) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
() C:\Program Files\002\bukgmhvrux64.exe
() D:\Users\hsteindo\AppData\Roaming\BupSystem\bup.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Novell, Inc.) C:\WINDOWS\system32\iprntsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(IBM Corp) C:\Notes\SUService.exe
(IBM) C:\Notes\nsd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\nzrWinVNC.exe
(Novell, Inc.) C:\Program Files (x86)\ZENworks\Patch Management Agent\GravitixService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() c:\Program Files\RrFilter\RrFilterService64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\Umbrella293.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\esm\ZESService.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe
(Microsoft Corporation) C:\WINDOWS\system32\UI0Detect.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\nzrWinVNCApp.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\WINDOWS\CCM\CcmExec.exe
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Microsoft Corporation) C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SAP AG) C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\esm\ZESUser.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\ZenUserDaemon.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\Umbrella293.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Novell, Inc.) C:\Windows\System32\iprntctl.exe
(Novell, Inc.) C:\Windows\System32\iprntlgn.exe
() C:\Program Files\Novell\Client\nwtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() D:\Users\hsteindo\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(T-Com) C:\Program Files (x86)\T-Home\Eumex 800 V1.30\ControlCenter.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\SnagIt 8\SnagIt32.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
() C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe
(Dropbox, Inc.) D:\Users\hsteindo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\ZenNotifyIcon.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\SnagIt 8\TSCHelp.exe
(Lumension) C:\Program Files (x86)\ZENworks\Patch Management Agent\NotificationManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Autonomy Corporation plc) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\WINDOWS\CCM\SCNotification.exe
(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [291720 2012-08-31] (Lenovo Group Limited)
HKLM\...\Run: [iPrint Tray] => C:\WINDOWS\system32\iprntctl.exe [66136 2012-04-25] (Novell, Inc.)
HKLM\...\Run: [iPrint Event Monitor] => C:\WINDOWS\system32\iprntlgn.exe [69720 2012-04-25] (Novell, Inc.)
HKLM\...\Run: [NWTRAY] => C:\Program Files\Novell\Client\nwtray.exe [39992 2013-01-15] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2962232 2012-10-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [Build] => c:\installs\build.vbs [0 2011-04-21] ()
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508144 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [ZenNotifyIcon] => C:\Program Files (x86)\Novell\Zenworks\bin\ZenNotifyIcon.exe [296448 2013-02-06] (Novell, Inc.)
HKLM-x32\...\Run: [NalView] => C:\Program Files (x86)\Novell\ZENworks\bin\nalview.exe [57344 2013-03-28] (Novell, Inc.)
HKLM-x32\...\Run: [NotificationManager] => C:\Program Files (x86)\ZENworks\Patch Management Agent\NotificationManager.exe [587104 2010-01-08] (Lumension)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AgentUiRunKey] => C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe [294400 2012-03-20] (Autonomy Corporation plc)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1960448 2013-04-05] (Dominik Reichl)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12107944 2013-03-23] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-08-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime Alternative\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LCredMgr: C:\Program Files\Novell\CASA\bin\lcredmgr.dll ()
Winlogon\Notify\NovEapLogn: C:\WINDOWS\system32\Noveap.dll ()
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll [X]
HKU\S-1-5-21-2260904419-1400770398-4175912926-164630\...\Run: [AmazonMP3DownloaderHelper] => D:\Users\hsteindo\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-2260904419-1400770398-4175912926-164630\...\Run: [PolkastLibrary] => C:\Program Files (x86)\Polkast\PolkastLibrary.exe "auto"
HKU\S-1-5-21-2260904419-1400770398-4175912926-164630\...\Run: [PriceMeterW] => "D:\Users\hsteindo\AppData\Local\PriceMeter\pricemeterw.exe"
HKU\S-1-5-21-2260904419-1400770398-4175912926-164630\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-2260904419-1400770398-4175912926-164630\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-2260904419-1400770398-4175912926-164630\...\Policies\system: [WarningMsgInBody] 
HKU\S-1-5-21-2260904419-1400770398-4175912926-164630\...\Policies\Explorer: [AlwaysShowClassicMenu] 1
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355552 2014-04-08] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-04-08] (Conduit)
Lsa: [Authentication Packages] msv1_0 ncv1_0 ZenV1_0
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll iPrntWinCredMan
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ControlCenter.lnk
ShortcutTarget: ControlCenter.lnk -> C:\Program Files (x86)\T-Home\Eumex 800 V1.30\ControlCenter.exe (T-Com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SnagIt 8.lnk
ShortcutTarget: SnagIt 8.lnk -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: D:\Users\hsteindo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> D:\Users\hsteindo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M65C9ED84-E9E2-465D-9535-A57827DD6D87&SearchSource=55&CUI=&UM=5&UP=SPF67A824C-3B8A-4FF9-872E-A1B4B3D3D4C6&SSPV=
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=D31811D4-3C3C-4BBD-8CDC-6CC2EFCEFF8A&ref=toolbox&q={searchTerms}
SearchScopes: HKCU - DefaultScope {16AAF3D0-56F7-48E8-853C-ADEF80569BF5} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {16AAF3D0-56F7-48E8-853C-ADEF80569BF5} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=D31811D4-3C3C-4BBD-8CDC-6CC2EFCEFF8A&ref=toolbox&q={searchTerms}
BHO: FreeHD-Sport TV V9.0 - {11111111-1111-1111-1111-110511131186} - C:\Program Files (x86)\FreeHD-Sport TV V9.0\FreeHD-Sport TV V9.0-bho64.dll (installdaddy)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: RrSavings - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\Rr Savings\RrSavings.dll ()
BHO-x32: FreeHD-Sport TV V9.0 - {11111111-1111-1111-1111-110511131186} - C:\Program Files (x86)\FreeHD-Sport TV V9.0\FreeHD-Sport TV V9.0-bho.dll (installdaddy)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} -  No File
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} -  No File
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
ShellExecuteHooks: ZENworks Adaptive Agent - {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files (x86)\Novell\ZENworks\bin\NalShell.dll [1419776 2013-03-28] (Novell, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{E877DA86-CED8-4AEF-8961-2377002D7589}: [NameServer]10.74.210.210 10.74.210.211

FireFox:
========
FF ProfilePath: D:\Users\hsteindo\AppData\Roaming\Mozilla\Firefox\Profiles\eykza8ir.default
FF user.js: detected! => D:\Users\hsteindo\AppData\Roaming\Mozilla\Firefox\Profiles\eykza8ir.default\user.js
FF NewTab: hxxp://search.conduit.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M65C9ED84-E9E2-465D-9535-A57827DD6D87&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPF67A824C-3B8A-4FF9-872E-A1B4B3D3D4C6
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://search.conduit.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M65C9ED84-E9E2-465D-9535-A57827DD6D87&SearchSource=55&CUI=&UM=5&UP=SPF67A824C-3B8A-4FF9-872E-A1B4B3D3D4C6&SSPV=
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @novell.com/iPrint - C:\WINDOWS\SysWOW64 ()
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - D:\Users\hsteindo\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: D:\Users\hsteindo\AppData\Roaming\Mozilla\Firefox\Profiles\eykza8ir.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\StartWeb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: RrSavings - D:\Users\hsteindo\AppData\Roaming\Mozilla\Firefox\Profiles\eykza8ir.default\Extensions\RrSavings@jetpack [2014-04-24]
FF Extension: Protegere - D:\Users\hsteindo\AppData\Roaming\Mozilla\Firefox\Profiles\eykza8ir.default\Extensions\security@protegere.org [2014-04-24]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\IPSFF [2014-04-24]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-08-24]

Chrome: 
=======
CHR HomePage: http:\/\/search.conduit.com\/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M65C9ED84-E9E2-465D-9535-A57827DD6D87&SearchSource=55&CUI=&UM=5&UP=SPF67A824C-3B8A-4FF9-872E-A1B4B3D3D4C6&SSPV=
CHR StartupUrls: "http:\/\/search.conduit.com\/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M65C9ED84-E9E2-465D-9535-A57827DD6D87&SearchSource=55&CUI=&UM=5&UP=SPF67A824C-3B8A-4FF9-872E-A1B4B3D3D4C6&SSPV="],"startup_urls_migration_time":"13040901507579354"},"sync_promo":{"show_on_first_run_allowed":false},"translate_blocked_languages":["de"],"translate_whitelists":{},"default_search_provider":{"name":"Conduit Search","keyword":"conduit.search","search_url":"http:\/\/search.conduit.com\/Results.aspx?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M65C9ED84-E9E2-465D-9535-A57827DD6D87&SearchSource=58&CUI=&UM=5&UP=SPF67A824C-3B8A-4FF9-872E-A1B4B3D3D4C6&q={searchTerms}&SSPV=","suggest_url":"http:\/\/suggest.search.conduit.com\/CSuggestJson.ashx?prefix={searchTerms}"
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchURL: http:\/\/search.conduit.com\/Results.aspx?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=M65C9ED84-E9E2-465D-9535-A57827DD6D87&SearchSource=58&CUI=&UM=5&UP=SPF67A824C-3B8A-4FF9-872E-A1B4B3D3D4C6&q={searchTerms}&SSPV=
CHR Extension: (YouTube) - D:\Users\hsteindo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-16]
CHR Extension: (FreeHD-Sport TV V9.0) - D:\Users\hsteindo\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkckblnmlbemmgefidhlmjcfboijafe [2014-04-01]
CHR Extension: (Google Search) - D:\Users\hsteindo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-16]
CHR Extension: (Protegere) - D:\Users\hsteindo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkeieaieohnceanbhdeijclgemgjjkf [2014-04-24]
CHR Extension: (RealDownloader) - D:\Users\hsteindo\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-08-24]
CHR Extension: (Rr Savings) - D:\Users\hsteindo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kofjjfgnmnjmoihhmjpafcllkhinmboe [2014-04-24]
CHR Extension: (Chrome In-App Payments service) - D:\Users\hsteindo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - D:\Users\hsteindo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-16]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - "C:\Program Files (x86)\Iminent\Iminent.crx" [2013-08-14]

==================== Services (Whitelisted) =================

R2 AgentService; C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe [7617952 2012-03-20] (Autonomy Corporation plc)
R2 bukgmhvrux64; C:\Program Files\002\bukgmhvrux64.exe [706560 2014-04-24] ()
R2 bupService; D:\Users\hsteindo\AppData\Roaming\BupSystem\bup.exe [1005056 2014-04-24] ()
R2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1842352 2013-08-31] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2470688 2014-04-08] (Conduit)
R2 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [633952 2012-11-21] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-09-24] (Lenovo.)
R2 GobiQDLService; C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [312688 2011-11-25] (Sierra Wireless, Inc.)
R2 iprntsrv; C:\Windows\system32\iprntsrv.exe [55296 2012-04-25] (Novell, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [184712 2012-08-31] (Lenovo Group Limited)
R2 LNSUSvc; C:\Notes\SUService.exe [192104 2013-03-28] (IBM Corp)
R2 Lotus Notes Diagnostics; C:\Notes\nsd.exe [4456040 2013-03-28] (IBM)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R2 NovEAP; C:\WINDOWS\system32\NOVEAP.DLL [2458168 2013-01-15] ()
R2 Novell Identity Store; C:\Program Files (x86)\Novell\CASA\bin\micasad.exe [249856 2012-12-12] (Novell, Inc)
R2 Novell ZENworks Agent Service; C:\Program Files (x86)\Novell\ZENworks\bin\ZenworksWindowsService.exe [32768 2013-04-09] (Novell, Inc.)
S2 Novell ZENworks Image-Safe Data Service; C:\Program Files (x86)\Novell\ZENworks\bin\preboot\novell-zisdservice.exe [94208 2013-02-05] ()
R2 NWSAPAutoWorkstationUpdateSvc; C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe [187152 2012-12-16] (SAP AG)
R2 nzwinvnc; C:\Program Files (x86)\Novell\ZENworks\bin\nzrWinVNC.exe [1829888 2013-02-06] (Novell, Inc.)
R2 PatchLink Update; C:\Program Files (x86)\ZENworks\Patch Management Agent\GravitixService.exe [181600 2010-01-08] (Novell, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RrFilterService64; c:\Program Files\RrFilter\RrFilterService64.exe [171008 2014-03-06] ()
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [144368 2014-04-24] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe [2316184 2014-04-24] (Symantec Corporation)
S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [401584 2013-08-31] (Microsoft Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\snac64.exe [334736 2014-04-24] (Symantec Corporation)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\Umbrella293.exe [3052864 2014-04-10] (Iminent)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] ()
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [20536 2013-01-15] (Novell, Inc.)
S3 ZENPreAgent; C:\WINDOWS\novell\zenworks\bin\ZENPreAgent.exe [229376 2013-04-25] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
R2 ZESService; C:\Program Files (x86)\Novell\ZENworks\esm\ZESService.exe [51288 2013-03-25] (Novell, Inc.)
S2 WinkHandler; C:\Program Files (x86)\Iminent\WinkHandler.exe [X]

==================== Drivers (Whitelisted) ====================

S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20140409.011\BHDrvx64.sys [1525976 2014-04-01] (Symantec Corporation)
R1 ccSettings_{98738D8E-2623-4C7C-8986-652A6C70CBA3}; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys [169048 2014-04-24] (Symantec Corporation)
R3 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [36432 2012-08-07] (DemoForge, LLC)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [131920 2013-05-31] (Citrix Systems, Inc.)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-05] (Symantec Corporation)
R3 EraserUtilDrv11312; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [137648 2014-02-05] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\IPSDefs\20140424.011\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [103184 2012-03-01] (Ericsson AB)
R2 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker64.sys [54824 2012-03-20] ()
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443208 2012-10-02] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [453960 2012-10-02] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [21832 2012-10-02] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [506184 2012-10-02] (MCCI Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20140424.009\ENG64.SYS [126040 2014-02-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20140424.009\EX64.SYS [2099288 2014-02-05] (Symantec Corporation)
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [112696 2013-01-15] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [115256 2013-01-15] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [90680 2013-01-15] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [120376 2013-01-15] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [26680 2013-01-15] ()
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61736 2014-02-28] (NetFilterSDK.com)
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [31800 2013-01-15] (Novell, Inc.)
R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-17] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSP64.SYS [796760 2014-04-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSPX64.SYS [36952 2013-05-13] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\SyDvCtrl64.sys [34800 2014-04-24] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMDS64.SYS [493656 2014-04-24] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMEFA64.SYS [1139800 2014-04-24] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-04-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\Ironx64.SYS [224416 2013-05-13] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMNETS.SYS [433752 2014-04-24] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159472 2014-04-24] (Symantec Corporation)
R3 TcUsb; C:\Windows\System32\Drivers\tcusb.sys [63304 2011-11-14] (AuthenTec, Inc.)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [91944 2014-04-24] (Symantec Corporation)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-04-01] (StdLib)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [279344 2012-10-12] (Ericsson AB)
U3 nccache; C:\Program Files\Novell\Client\XTier\Drivers\nccache.sys [55864 2013-01-15] (Novell, Inc.)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [80952 2013-01-15] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [79416 2013-01-15] (Novell, Inc.)
U3 ncpfsp; C:\Program Files\Novell\Client\XTier\Drivers\ncpfsp.sys [101944 2013-01-15] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [49720 2013-01-15] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [20024 2013-01-15] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [84024 2013-01-15] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [39480 2013-01-15] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [56376 2013-01-15] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [37944 2013-01-15] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [25656 2013-01-15] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [36408 2013-01-15] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [59960 2013-01-15] (Novell, Inc.)

==================== NetSvcs (Whitelisted) ===================

NETSVC: NovEAP -> NOVEAP.DLL ==> No File.

==================== One Month Created Files and Folders ========

2014-04-25 09:36 - 2014-04-25 09:36 - 00039522 _____ () D:\Users\hsteindo\Downloads\FRST.txt
2014-04-25 09:35 - 2014-04-25 09:36 - 00000000 ____D () C:\FRST
2014-04-25 09:35 - 2014-04-25 09:35 - 02061824 _____ (Farbar) D:\Users\hsteindo\Downloads\FRST64.exe
2014-04-25 09:32 - 2014-04-25 09:32 - 00000831 _____ () D:\Users\hsteindo\Documents\140425 Symantec.csv
2014-04-25 09:18 - 2014-04-25 09:18 - 00000000 ____D () D:\Users\hsteindo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMC Beta.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-04-25 09:18 - 2014-04-25 09:18 - 00000000 ____D () D:\Users\hsteindo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMC Anwendungen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-04-24 21:32 - 2014-04-24 21:32 - 00462136 _____ () D:\Users\hsteindo\Downloads\download_audiograbber_mp3_plugin.exe
2014-04-24 21:22 - 2014-04-24 22:01 - 00000665 _____ () C:\WINDOWS\cdplayer.ini
2014-04-24 21:17 - 2014-04-24 21:34 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-04-24 21:17 - 2014-04-24 21:17 - 00001020 _____ () D:\Users\Public\Desktop\Audiograbber.lnk
2014-04-24 21:17 - 2014-04-24 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
2014-04-24 21:17 - 2014-04-24 21:17 - 00000000 ____D () C:\Program Files\RrFilter
2014-04-24 21:16 - 2014-04-24 21:17 - 00000000 ____D () C:\Program Files (x86)\Rr Savings
2014-04-24 21:16 - 2014-04-24 21:16 - 00000000 ____D () C:\Program Files\rrsavings
2014-04-24 21:15 - 2014-04-24 21:16 - 00000000 ____D () C:\Program Files\002
2014-04-24 21:15 - 2014-04-24 21:15 - 00000000 ____D () D:\Users\hsteindo\AppData\Roaming\Security System 2
2014-04-24 21:15 - 2014-04-24 21:15 - 00000000 ____D () D:\Users\hsteindo\AppData\Roaming\BupSystem
2014-04-24 21:15 - 2014-04-24 21:15 - 00000000 ____D () D:\Users\hsteindo\AppData\Local\SearchProtect
2014-04-24 21:15 - 2014-04-24 21:15 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-04-24 21:10 - 2014-04-24 21:10 - 00452624 _____ () D:\Users\hsteindo\Downloads\agsetup183se_v3.0.0.67.exe
2014-04-24 21:03 - 2014-04-24 21:08 - 00000000 ____D () C:\Program Files (x86)\1X-Ripper
2014-04-24 21:03 - 2014-04-24 21:03 - 00000000 ____D () C:\Program Files (x86)\mresreg
2014-04-24 21:03 - 1999-09-10 12:06 - 00045056 _____ (Adaptec) C:\WINDOWS\SysWOW64\WNASPI32.DLL
2014-04-24 21:03 - 1999-09-10 12:06 - 00025244 _____ (Adaptec) C:\WINDOWS\SysWOW64\Drivers\ASPI32.SYS
2014-04-24 21:03 - 1999-09-10 12:06 - 00005600 _____ (Adaptec) C:\WINDOWS\system\WINASPI.DLL
2014-04-24 21:03 - 1999-09-10 12:06 - 00004672 _____ (Adaptec) C:\WINDOWS\system\WOWPOST.EXE
2014-04-17 13:20 - 2014-04-17 13:20 - 01015808 _____ () D:\Users\hsteindo\Downloads\Benutzer_Neuanlage_R6_V1.xls
2014-04-07 14:34 - 2014-04-07 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\SMC Vorlagen 5.94 für Office 2010
2014-04-07 11:47 - 2014-04-07 11:47 - 00031514 _____ () C:\WINDOWS\SysWOW64\hs_err_pid44216.log
2014-04-07 11:46 - 2014-04-07 11:46 - 00031565 _____ () C:\WINDOWS\SysWOW64\hs_err_pid43408.log
2014-04-04 10:38 - 2014-04-04 10:39 - 00005327 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-04-04 10:27 - 2014-04-04 10:27 - 01850306 _____ (Dominik Reichl ) D:\Users\hsteindo\Downloads\KeePass-1.26-Setup.exe
2014-04-04 10:17 - 2014-04-04 10:17 - 00000000 ____D () D:\Users\Public\Documents\NativeFus_Log
2014-04-04 10:17 - 2014-04-04 10:17 - 00000000 ____D () D:\Users\hsteindo\Documents\samsung
2014-04-04 10:17 - 2014-04-04 10:17 - 00000000 ____D () D:\Users\hsteindo\AppData\Roaming\Samsung
2014-04-04 10:17 - 2014-04-04 10:17 - 00000000 ____D () D:\Users\hsteindo\AppData\Local\Samsung
2014-04-04 10:17 - 2014-04-04 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-04-04 10:17 - 2014-01-23 18:23 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2014-04-04 10:17 - 2013-12-26 07:41 - 00206136 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2014-04-04 10:17 - 2013-12-26 07:41 - 00108856 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2014-04-04 10:16 - 2014-04-04 10:17 - 00000000 ____D () C:\ProgramData\Samsung
2014-04-04 10:16 - 2014-04-04 10:17 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-04-04 10:16 - 2014-04-04 10:16 - 00000000 ____D () D:\Users\hsteindo\AppData\Local\Downloaded Installations
2014-04-04 10:15 - 2014-04-04 10:15 - 75397136 _____ (Samsung Electronics Co., Ltd.) D:\Users\hsteindo\Downloads\KiesSetup.exe
2014-04-03 22:15 - 2014-04-04 13:15 - 00000086 _____ () D:\Users\hsteindo\AppData\Roaming\WB.CFG
2014-04-03 14:33 - 2014-04-03 14:33 - 00337408 _____ () D:\Users\hsteindo\Downloads\Migrationsliste Schleuse PE wichtig!.xls
2014-04-03 09:33 - 2014-04-03 09:33 - 00003160 _____ () C:\WINDOWS\System32\Tasks\{9C769240-9AAD-468C-AC8D-0FE8EE283040}
2014-04-03 09:20 - 2014-04-03 09:20 - 00709352 _____ ( ) D:\Users\hsteindo\Downloads\COMPUTER_BILD-Download-Manager_fuer_adwcleaner.exe
2014-04-02 10:55 - 2014-04-02 10:55 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-02 10:55 - 2014-04-02 10:55 - 00000000 ____D () D:\Users\hsteindo\AppData\Roaming\Mozilla
2014-04-02 10:55 - 2014-04-02 10:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-02 08:05 - 2014-04-03 09:21 - 00037703 _____ () C:\WINDOWS\SysWOW64\console.log
2014-04-01 22:38 - 2014-04-01 22:38 - 00061120 _____ (StdLib) C:\WINDOWS\system32\Drivers\wStLibG64.sys
2014-04-01 21:22 - 2014-04-01 21:23 - 00528280 _____ () D:\Users\hsteindo\Downloads\AtdheNetAppsSetup(18_3f)1_ff(2).exe
2014-04-01 21:18 - 2014-04-01 21:18 - 00528280 _____ () D:\Users\hsteindo\Downloads\AtdheNetAppsSetup(18_3f)1_ff(1).exe
2014-04-01 21:14 - 2014-04-24 22:15 - 00000304 _____ () C:\WINDOWS\Tasks\PriceMeterUpdater.job
2014-04-01 21:14 - 2014-04-04 13:15 - 00003246 _____ () C:\WINDOWS\System32\Tasks\PriceMeterUpdater
2014-04-01 21:14 - 2014-04-03 09:27 - 00000000 ____D () C:\Program Files (x86)\PriceMeterLiveUpdate
2014-04-01 21:14 - 2014-04-01 21:14 - 00000000 ____D () D:\Users\hsteindo\AppData\Roaming\PriceMeterUpdater
2014-04-01 21:14 - 2014-04-01 21:14 - 00000000 ____D () D:\Users\hsteindo\AppData\Local\PriceMeterLiveUpdate
2014-04-01 21:14 - 2014-04-01 21:14 - 00000000 ____D () C:\ProgramData\PriceMeterLiveUpdate
2014-04-01 21:07 - 2014-04-01 21:07 - 00000000 ____D () D:\Users\hsteindo\AppData\Roaming\IminentToolbar
2014-04-01 21:04 - 2014-04-25 09:23 - 00003138 _____ () C:\WINDOWS\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-3.job
2014-04-01 21:04 - 2014-04-25 09:23 - 00002550 _____ () C:\WINDOWS\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-4.job
2014-04-01 21:04 - 2014-04-25 09:23 - 00001628 _____ () C:\WINDOWS\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-5.job
2014-04-01 21:04 - 2014-04-25 09:23 - 00001544 _____ () C:\WINDOWS\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-1.job
2014-04-01 21:04 - 2014-04-25 09:23 - 00001452 _____ () C:\WINDOWS\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-2.job
2014-04-01 21:04 - 2014-04-03 09:09 - 00000000 ____D () C:\Program Files (x86)\FreeHD-Sport TV V9.0
2014-04-01 21:04 - 2014-04-01 21:23 - 00006168 _____ () C:\WINDOWS\System32\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-3
2014-04-01 21:04 - 2014-04-01 21:23 - 00005580 _____ () C:\WINDOWS\System32\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-4
2014-04-01 21:04 - 2014-04-01 21:23 - 00004658 _____ () C:\WINDOWS\System32\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-5
2014-04-01 21:04 - 2014-04-01 21:23 - 00004574 _____ () C:\WINDOWS\System32\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-1
2014-04-01 21:04 - 2014-04-01 21:23 - 00004482 _____ () C:\WINDOWS\System32\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-2
2014-04-01 21:02 - 2014-04-01 21:02 - 00528280 _____ () D:\Users\hsteindo\Downloads\atdhenetappssetup(18_3f)1_ff.exe
2014-03-31 11:47 - 2014-03-31 11:47 - 00031559 _____ () C:\WINDOWS\SysWOW64\hs_err_pid42060.log
2014-03-31 11:46 - 2014-03-31 11:46 - 00031559 _____ () C:\WINDOWS\SysWOW64\hs_err_pid41680.log

==================== One Month Modified Files and Folders =======

2014-04-25 09:36 - 2014-04-25 09:36 - 00039522 _____ () D:\Users\hsteindo\Downloads\FRST.txt
2014-04-25 09:36 - 2014-04-25 09:35 - 00000000 ____D () C:\FRST
2014-04-25 09:35 - 2014-04-25 09:35 - 02061824 _____ (Farbar) D:\Users\hsteindo\Downloads\FRST64.exe
2014-04-25 09:34 - 2013-07-19 21:58 - 00000000 ____D () D:\Users\hsteindo\Documents\Outlook-Dateien
2014-04-25 09:34 - 2009-07-14 06:45 - 00018928 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-25 09:34 - 2009-07-14 06:45 - 00018928 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-25 09:33 - 2013-04-25 12:35 - 01081949 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-25 09:32 - 2014-04-25 09:32 - 00000831 _____ () D:\Users\hsteindo\Documents\140425 Symantec.csv
2014-04-25 09:26 - 2013-04-25 13:17 - 00000000 ____D () C:\ProgramData\Symantec
2014-04-25 09:23 - 2014-04-01 21:04 - 00003138 _____ () C:\WINDOWS\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-3.job
2014-04-25 09:23 - 2014-04-01 21:04 - 00002550 _____ () C:\WINDOWS\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-4.job
2014-04-25 09:23 - 2014-04-01 21:04 - 00001628 _____ () C:\WINDOWS\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-5.job
2014-04-25 09:23 - 2014-04-01 21:04 - 00001544 _____ () C:\WINDOWS\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-1.job
2014-04-25 09:23 - 2014-04-01 21:04 - 00001452 _____ () C:\WINDOWS\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-2.job
2014-04-25 09:20 - 2010-11-21 08:21 - 00704648 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-25 09:20 - 2010-11-21 08:21 - 00150992 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-25 09:20 - 2009-07-14 07:13 - 01632428 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-25 09:18 - 2014-04-25 09:18 - 00000000 ____D () D:\Users\hsteindo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMC Beta.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-04-25 09:18 - 2014-04-25 09:18 - 00000000 ____D () D:\Users\hsteindo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMC Anwendungen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-04-25 09:18 - 2013-08-19 11:00 - 00000000 ___RD () D:\Users\hsteindo\Dropbox
2014-04-25 09:18 - 2013-08-19 10:58 - 00000000 ____D () D:\Users\hsteindo\AppData\Roaming\Dropbox
2014-04-25 09:18 - 2013-07-12 22:53 - 00001110 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-25 09:18 - 2013-04-25 12:35 - 00000570 _____ () C:\WINDOWS\SMSCFG.INI
2014-04-25 09:17 - 2013-04-25 12:59 - 00116981 _____ () C:\WINDOWS\system32\ZCredMgr.LOG
2014-04-25 09:17 - 2009-07-14 05:20 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-04-25 09:15 - 2013-04-25 15:29 - 00152760 _____ () C:\SUService.log
2014-04-25 09:15 - 2010-11-21 05:47 - 01779086 _____ () C:\WINDOWS\PFRO.log
2014-04-25 09:15 - 2009-07-14 07:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-25 09:15 - 2009-07-14 06:51 - 00070472 _____ () C:\WINDOWS\setupact.log
2014-04-24 22:43 - 2013-04-25 23:58 - 00000000 ____D () D:\Users\hsteindo\AppData\Roaming\KeePass
2014-04-24 22:42 - 2013-04-25 15:07 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-24 22:15 - 2014-04-01 21:14 - 00000304 _____ () C:\WINDOWS\Tasks\PriceMeterUpdater.job
2014-04-24 22:01 - 2014-04-24 21:22 - 00000665 _____ () C:\WINDOWS\cdplayer.ini
2014-04-24 21:57 - 2013-08-24 21:14 - 00000000 ____D () D:\Users\hsteindo\AppData\Roaming\vlc
2014-04-24 21:55 - 2013-07-12 22:53 - 00001114 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-24 21:34 - 2014-04-24 21:17 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-04-24 21:32 - 2014-04-24 21:32 - 00462136 _____ () D:\Users\hsteindo\Downloads\download_audiograbber_mp3_plugin.exe
2014-04-24 21:17 - 2014-04-24 21:17 - 00001020 _____ () D:\Users\Public\Desktop\Audiograbber.lnk
2014-04-24 21:17 - 2014-04-24 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
2014-04-24 21:17 - 2014-04-24 21:17 - 00000000 ____D () C:\Program Files\RrFilter
2014-04-24 21:17 - 2014-04-24 21:16 - 00000000 ____D () C:\Program Files (x86)\Rr Savings
2014-04-24 21:16 - 2014-04-24 21:16 - 00000000 ____D () C:\Program Files\rrsavings
2014-04-24 21:16 - 2014-04-24 21:15 - 00000000 ____D () C:\Program Files\002
2014-04-24 21:15 - 2014-04-24 21:15 - 00000000 ____D () D:\Users\hsteindo\AppData\Roaming\Security System 2
2014-04-24 21:15 - 2014-04-24 21:15 - 00000000 ____D () D:\Users\hsteindo\AppData\Roaming\BupSystem
2014-04-24 21:15 - 2014-04-24 21:15 - 00000000 ____D () D:\Users\hsteindo\AppData\Local\SearchProtect
2014-04-24 21:15 - 2014-04-24 21:15 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-04-24 21:10 - 2014-04-24 21:10 - 00452624 _____ () D:\Users\hsteindo\Downloads\agsetup183se_v3.0.0.67.exe
2014-04-24 21:08 - 2014-04-24 21:03 - 00000000 ____D () C:\Program Files (x86)\1X-Ripper
2014-04-24 21:03 - 2014-04-24 21:03 - 00000000 ____D () C:\Program Files (x86)\mresreg
2014-04-24 21:03 - 2009-07-14 05:20 - 00000000 ____D () C:\WINDOWS\system
2014-04-24 19:07 - 2013-04-25 16:07 - 00361911 _____ () C:\WINDOWS\system32\ZenNotify.log
2014-04-24 19:07 - 2013-04-25 13:31 - 00003047 _____ () C:\WINDOWS\system32\ZENLGN.LOG
2014-04-24 19:06 - 2013-04-25 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
2014-04-24 19:05 - 2013-05-13 20:36 - 00420240 _____ (Symantec Corporation) C:\WINDOWS\SysWOW64\SymVPN.dll
2014-04-24 19:05 - 2013-05-13 20:36 - 00136592 _____ (Symantec Corporation) C:\WINDOWS\SysWOW64\FwsVpn.dll
2014-04-24 19:05 - 2013-04-25 14:54 - 00576400 _____ (Symantec Corporation) C:\WINDOWS\system32\SymVPN.dll
2014-04-24 19:05 - 2013-04-25 14:54 - 00459152 _____ (Symantec Corporation) C:\WINDOWS\system32\sysfer.dll
2014-04-24 19:05 - 2013-04-25 14:54 - 00361360 _____ (Symantec Corporation) C:\WINDOWS\SysWOW64\sysfer.dll
2014-04-24 19:05 - 2013-04-25 14:54 - 00159472 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SysPlant.sys
2014-04-24 19:05 - 2013-04-25 14:54 - 00157584 _____ (Symantec Corporation) C:\WINDOWS\system32\FwsVpn.dll
2014-04-24 19:05 - 2013-04-25 14:54 - 00056720 _____ (Symantec Corporation) C:\WINDOWS\system32\snacnp.dll
2014-04-24 19:05 - 2013-04-25 14:54 - 00050576 _____ (Symantec Corporation) C:\WINDOWS\SysWOW64\snacnp.dll
2014-04-24 19:05 - 2013-04-25 14:54 - 00044448 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\WGX64.SYS
2014-04-24 19:05 - 2013-04-25 14:54 - 00012176 _____ (Symantec Corporation) C:\WINDOWS\system32\sysferThunk.dll
2014-04-24 19:05 - 2013-04-25 14:54 - 00011152 _____ (Symantec Corporation) C:\WINDOWS\SysWOW64\sysferThunk.dll
2014-04-24 16:29 - 2013-04-25 12:34 - 00000992 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-04-24 12:35 - 2013-06-04 09:31 - 00000000 _____ () C:\WINDOWS\hpmnwun.ini
2014-04-24 10:10 - 2013-04-25 13:12 - 00000000 ____D () C:\NDPS
2014-04-24 09:29 - 2013-04-25 14:54 - 00177312 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-04-24 09:29 - 2013-04-25 14:54 - 00007631 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-04-24 09:29 - 2013-04-25 14:54 - 00000000 ____D () C:\Program Files\Symantec
2014-04-24 09:28 - 2013-05-13 20:35 - 00000000 ____D () C:\ProgramData\regid.1992-12.com.symantec
2014-04-24 09:28 - 2013-04-25 14:54 - 00000000 ____D () C:\WINDOWS\system32\Drivers\SEP
2014-04-24 09:27 - 2012-04-21 17:27 - 00091944 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\Teefer.sys
2014-04-24 09:26 - 2013-04-25 13:03 - 00063482 __RSH () C:\ProgramData\ntuser.pol
2014-04-24 09:25 - 2013-04-25 13:43 - 00004438 __RSH () D:\Users\hsteindo\ntuser.pol
2014-04-24 09:25 - 2013-04-25 13:43 - 00000000 ____D () D:\Users\hsteindo
2014-04-22 17:12 - 2013-08-24 21:43 - 00000000 ____D () D:\Users\hsteindo\AppData\Roaming\Real
2014-04-17 13:20 - 2014-04-17 13:20 - 01015808 _____ () D:\Users\hsteindo\Downloads\Benutzer_Neuanlage_R6_V1.xls
2014-04-16 12:50 - 2013-04-25 15:08 - 00000000 ____D () D:\Users\hsteindo\AppData\Local\Adobe
2014-04-16 12:49 - 2013-04-25 15:07 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-04-16 12:49 - 2013-04-25 15:07 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-16 12:49 - 2013-04-25 15:07 - 00003822 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-04-14 08:41 - 2013-11-07 23:15 - 00000000 ____D () D:\Users\hsteindo\Documents\Mein Steuer-Sparbuch Heute
2014-04-07 14:55 - 2013-11-07 23:07 - 00000766 _____ () C:\WINDOWS\wiso.ini
2014-04-07 14:34 - 2014-04-07 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\SMC Vorlagen 5.94 für Office 2010
2014-04-07 14:33 - 2013-04-25 14:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-04-07 14:20 - 2013-04-25 13:43 - 00110064 _____ () D:\Users\hsteindo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-07 14:19 - 2009-07-14 06:45 - 00409632 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-07 14:18 - 2013-04-25 15:52 - 00001818 _____ () D:\Users\Public\Desktop\Menü- und Symbolleistenbefehle in Office 2010.lnk
2014-04-07 14:18 - 2013-04-25 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-04-07 14:18 - 2013-04-25 15:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-07 14:17 - 2013-04-25 15:49 - 00000000 ____D () C:\WINDOWS\SHELLNEW
2014-04-07 14:16 - 2009-07-14 04:34 - 00000580 _____ () C:\WINDOWS\win.ini
2014-04-07 13:50 - 2013-07-12 22:53 - 00004110 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-07 13:50 - 2013-07-12 22:53 - 00003858 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-07 11:47 - 2014-04-07 11:47 - 00031514 _____ () C:\WINDOWS\SysWOW64\hs_err_pid44216.log
2014-04-07 11:46 - 2014-04-07 11:46 - 00031565 _____ () C:\WINDOWS\SysWOW64\hs_err_pid43408.log
2014-04-04 13:15 - 2014-04-03 22:15 - 00000086 _____ () D:\Users\hsteindo\AppData\Roaming\WB.CFG
2014-04-04 13:15 - 2014-04-01 21:14 - 00003246 _____ () C:\WINDOWS\System32\Tasks\PriceMeterUpdater
2014-04-04 10:39 - 2014-04-04 10:38 - 00005327 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-04-04 10:39 - 2013-10-02 23:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-04 10:39 - 2013-04-25 13:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-04 10:36 - 2013-04-25 23:04 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-04-04 10:27 - 2014-04-04 10:27 - 01850306 _____ (Dominik Reichl ) D:\Users\hsteindo\Downloads\KeePass-1.26-Setup.exe
2014-04-04 10:17 - 2014-04-04 10:17 - 00000000 ____D () D:\Users\Public\Documents\NativeFus_Log
2014-04-04 10:17 - 2014-04-04 10:17 - 00000000 ____D () D:\Users\hsteindo\Documents\samsung
2014-04-04 10:17 - 2014-04-04 10:17 - 00000000 ____D () D:\Users\hsteindo\AppData\Roaming\Samsung
2014-04-04 10:17 - 2014-04-04 10:17 - 00000000 ____D () D:\Users\hsteindo\AppData\Local\Samsung
2014-04-04 10:17 - 2014-04-04 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-04-04 10:17 - 2014-04-04 10:16 - 00000000 ____D () C:\ProgramData\Samsung
2014-04-04 10:17 - 2014-04-04 10:16 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-04-04 10:17 - 2013-04-25 12:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-04 10:16 - 2014-04-04 10:16 - 00000000 ____D () D:\Users\hsteindo\AppData\Local\Downloaded Installations
2014-04-04 10:15 - 2014-04-04 10:15 - 75397136 _____ (Samsung Electronics Co., Ltd.) D:\Users\hsteindo\Downloads\KiesSetup.exe
2014-04-03 14:33 - 2014-04-03 14:33 - 00337408 _____ () D:\Users\hsteindo\Downloads\Migrationsliste Schleuse PE wichtig!.xls
2014-04-03 09:33 - 2014-04-03 09:33 - 00003160 _____ () C:\WINDOWS\System32\Tasks\{9C769240-9AAD-468C-AC8D-0FE8EE283040}
2014-04-03 09:27 - 2014-04-01 21:14 - 00000000 ____D () C:\Program Files (x86)\PriceMeterLiveUpdate
2014-04-03 09:21 - 2014-04-02 08:05 - 00037703 _____ () C:\WINDOWS\SysWOW64\console.log
2014-04-03 09:20 - 2014-04-03 09:20 - 00709352 _____ ( ) D:\Users\hsteindo\Downloads\COMPUTER_BILD-Download-Manager_fuer_adwcleaner.exe
2014-04-03 09:16 - 2013-04-25 13:43 - 00000000 ___RD () D:\Users\hsteindo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-03 09:09 - 2014-04-01 21:04 - 00000000 ____D () C:\Program Files (x86)\FreeHD-Sport TV V9.0
2014-04-03 09:03 - 2013-07-12 22:53 - 00000000 ____D () C:\Program Files\Google
2014-04-03 09:03 - 2013-07-12 22:53 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-02 10:55 - 2014-04-02 10:55 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-02 10:55 - 2014-04-02 10:55 - 00000000 ____D () D:\Users\hsteindo\AppData\Roaming\Mozilla
2014-04-02 10:55 - 2014-04-02 10:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-02 10:55 - 2014-03-18 18:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-02 08:16 - 2013-07-12 22:53 - 00000000 ____D () D:\Users\hsteindo\AppData\Local\Google
2014-04-02 08:16 - 2013-07-12 22:53 - 00000000 ____D () C:\ProgramData\Google
2014-04-01 22:38 - 2014-04-01 22:38 - 00061120 _____ (StdLib) C:\WINDOWS\system32\Drivers\wStLibG64.sys
2014-04-01 21:23 - 2014-04-01 21:22 - 00528280 _____ () D:\Users\hsteindo\Downloads\AtdheNetAppsSetup(18_3f)1_ff(2).exe
2014-04-01 21:23 - 2014-04-01 21:04 - 00006168 _____ () C:\WINDOWS\System32\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-3
2014-04-01 21:23 - 2014-04-01 21:04 - 00005580 _____ () C:\WINDOWS\System32\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-4
2014-04-01 21:23 - 2014-04-01 21:04 - 00004658 _____ () C:\WINDOWS\System32\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-5
2014-04-01 21:23 - 2014-04-01 21:04 - 00004574 _____ () C:\WINDOWS\System32\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-1
2014-04-01 21:23 - 2014-04-01 21:04 - 00004482 _____ () C:\WINDOWS\System32\Tasks\5748f13f-0b3f-4c50-ac16-cb29efb4c5b9-2
2014-04-01 21:18 - 2014-04-01 21:18 - 00528280 _____ () D:\Users\hsteindo\Downloads\AtdheNetAppsSetup(18_3f)1_ff(1).exe
2014-04-01 21:14 - 2014-04-01 21:14 - 00000000 ____D () D:\Users\hsteindo\AppData\Roaming\PriceMeterUpdater
2014-04-01 21:14 - 2014-04-01 21:14 - 00000000 ____D () D:\Users\hsteindo\AppData\Local\PriceMeterLiveUpdate
2014-04-01 21:14 - 2014-04-01 21:14 - 00000000 ____D () C:\ProgramData\PriceMeterLiveUpdate
2014-04-01 21:07 - 2014-04-01 21:07 - 00000000 ____D () D:\Users\hsteindo\AppData\Roaming\IminentToolbar
2014-04-01 21:02 - 2014-04-01 21:02 - 00528280 _____ () D:\Users\hsteindo\Downloads\atdhenetappssetup(18_3f)1_ff.exe
2014-03-31 11:47 - 2014-03-31 11:47 - 00031559 _____ () C:\WINDOWS\SysWOW64\hs_err_pid42060.log
2014-03-31 11:46 - 2014-03-31 11:46 - 00031559 _____ () C:\WINDOWS\SysWOW64\hs_err_pid41680.log
2014-03-27 23:11 - 2013-04-25 13:19 - 00000000 ____D () C:\ProgramData\Ster4769
2014-03-27 23:11 - 2013-04-25 13:12 - 00000000 ____D () C:\WINDOWS\system32\iprint
2014-03-27 23:10 - 2013-06-17 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Refresh IT Solutions
2014-03-27 23:10 - 2013-04-25 13:12 - 00001028 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMC Helpdesk.lnk
2014-03-27 23:10 - 2013-04-25 13:12 - 00000910 _____ () D:\Users\Public\Desktop\SMC Helpdesk.lnk
2014-03-27 23:05 - 2013-04-25 23:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
2014-03-27 23:05 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Some content of TEMP:
====================
D:\Users\hsteindo\AppData\Local\Temp\BackupSetup.exe
D:\Users\hsteindo\AppData\Local\Temp\i4jdel0.exe
D:\Users\hsteindo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
D:\Users\hsteindo\AppData\Local\Temp\mdm_z4_ext_96796744_44028.dll
D:\Users\hsteindo\AppData\Local\Temp\mdm_z4_ext_97124424_41512.dll
D:\Users\hsteindo\AppData\Local\Temp\mdm_z4_ext_97255496_43068.dll
D:\Users\hsteindo\AppData\Local\Temp\mdm_z4_ext_97452104_42764.dll
D:\Users\hsteindo\AppData\Local\Temp\mdm_z4_ext_97583176_42468.dll
D:\Users\hsteindo\AppData\Local\Temp\nipp-sl.exe
D:\Users\hsteindo\AppData\Local\Temp\nsb5B10.exe
D:\Users\hsteindo\AppData\Local\Temp\nse3168.exe
D:\Users\hsteindo\AppData\Local\Temp\nsg58BE.exe
D:\Users\hsteindo\AppData\Local\Temp\nsg64A6.exe
D:\Users\hsteindo\AppData\Local\Temp\nsg6717.exe
D:\Users\hsteindo\AppData\Local\Temp\nsj810.exe
D:\Users\hsteindo\AppData\Local\Temp\nsl5D71.exe
D:\Users\hsteindo\AppData\Local\Temp\nsl69A7.exe
D:\Users\hsteindo\AppData\Local\Temp\nsoAA0.exe
D:\Users\hsteindo\AppData\Local\Temp\nst2C47.exe
D:\Users\hsteindo\AppData\Local\Temp\nsz2ED8.exe
D:\Users\hsteindo\AppData\Local\Temp\nsz561.exe
D:\Users\hsteindo\AppData\Local\Temp\outlook2010-kb2817371-fullfile-x86-glb.exe
D:\Users\hsteindo\AppData\Local\Temp\ozyffumi.dll
D:\Users\hsteindo\AppData\Local\Temp\screen_2012.exe
D:\Users\hsteindo\AppData\Local\Temp\setup_smc_helpdesk.exe
D:\Users\hsteindo\AppData\Local\Temp\stubhelper.dll
D:\Users\hsteindo\AppData\Local\Temp\vcredist_x64.exe
D:\Users\hsteindo\AppData\Local\Temp\vpnclient_setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-23 12:53

==================== End Of Log ============================
         

--- --- ---

--- --- ---

Ist das ein gewebrlich genutztes System? Ich seh da nämlich was von SAP sowie ein Windows 7 Professional....

Moin,
ich nutze den Rechner für private Zwecke, aber auch für gewerbliche Zwecke.

Viele Grüße
Nadolni

Dann bitte das hier lesen wenn du den Rechner gewerblich verwendest: http://www.trojaner-board.de/108422-...tml#post758384

Zitat:

Bereinigung von gewerblich genutzten Rechnern

Grundsätzlich bereinigen wir keine gewerblich genutzen Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen eigenen IT Support haben, machen wir da eine Ausnahme und helfen gerne (kleine Spende hilft auch uns). Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit. Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können (Kundendaten, Bankdaten, etc.) sowie das Malware genauso wie unsere Scanner die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe. Hier gilt insbesondere, dass wir im Nachhinein keine Logfiles löschen werden, egal wie sehr "euer Chef das auch will"

Gelesen und verstanden?

Gelesen und verstanden!
Ich werde mich mit den Kunden abstimmen und melde mich hier ggf. wieder.
Vielen Dank!
VG Nadolni
P.S.: super Forum; professionelle Hilfe