| |
| |||||||
Log-Analyse und Auswertung: McAffe meldet Trojanerangriff - Laptop jetzt wirklich sauber?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
15.01.2014, 18:38
| #1 |
 |  McAffe meldet Trojanerangriff - Laptop jetzt wirklich sauber? Hallo, bisher haben sie mir immer super geholfen. Deshalb hoffe ich da jetzt auch drauf. Gestern hat mir McAffe einen Trojanerangriff gemeldet und gelöscht. Jetzt stellt sich die Frage , ob der Rechner wirklich sauber ist. Folgende Untersuchungen habe ich durchgeführt: MBAM: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.15.07 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Heike und Achim :: MUEMMEL [Administrator] 15.01.2014 17:49:03 mbam-log-2014-01-15 (17-49-03).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 260990 Laufzeit: 11 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 01
Ran by Heike und Achim (administrator) on MUEMMEL on 15-01-2014 18:09:16
Running from C:\Users\Heike und Achim\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(M-Budget) C:\Program Files (x86)\M-Budget\M-Budget Data Manager\DashBoardS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Swisscom) C:\Program Files (x86)\M-Budget\Sesam\BIN\SecMIPService.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
() C:\Users\Heike und Achim\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Sunrise T@KE AWAY\ModemListener.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
() C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(iolo technologies, LLC) C:\Program Files\Sony\VAIO Care\Iolo\ioloTools.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files\Sony\VAIO Care\listener.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Bluetooth Connection Assistant] - LBTWIZ.EXE -silent
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [243216 2008-12-18] (Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [650080 2011-03-15] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [EMET Notifier] - C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM-x32\...\Run: [NSU_agent] - C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] ()
HKLM-x32\...\Run: [ModemListener] - C:\Program Files (x86)\Sunrise T@KE AWAY\ModemListener.exe [98304 2010-06-22] ()
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-30] (Google Inc.)
HKCU\...\Run: [CAHeadless] - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe [615808 2009-10-09] (Adobe Systems Incorporated)
HKCU\...\Run: [Elbserver] - C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe [83344 2010-12-15] (Sony Corporation)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Heike und Achim\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [455232 2013-12-02] (BillP Studios)
Startup: C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x65D6D57C2599CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {1A2B2817-BE54-41E8-8B15-06FECE8FE96B} URL = hxxp://preisvergleich.t-online.de/angebote/{searchTerms}?soid=42534758
SearchScopes: HKCU - {2FE5D142-064E-476C-889E-437251B9C717} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {49CC5944-F116-46C1-9C84-CA4425F44637} URL = hxxp://rover.ebay.com/rover/1/707-1403-9414-51/4?satitle={searchTerms}
SearchScopes: HKCU - {4F4D9082-2896-4547-8D09-B399B0976432} URL = hxxp://dict.leo.org/ende?lp=ende&search={searchTerms}
SearchScopes: HKCU - {5EA0551C-94B2-4C61-AB72-B2E3236E4FFC} URL = hxxp://dict.leo.org/esde?lp=esde&search={searchTerms}
SearchScopes: HKCU - {75130749-C703-44EF-9723-AD0BC0D73CB8} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tportal&q={searchTerms}&dia=tie8
SearchScopes: HKCU - {80CD0D12-AE1A-45E5-A407-75ECDFA45D01} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
SearchScopes: HKCU - {9020E173-64C9-414D-9699-6C46BC52E6E1} URL = hxxp://dict.leo.org/frde?lp=frde&search={searchTerms}
SearchScopes: HKCU - {AC367EDC-41BC-496F-89B9-ECEBCB6609E4} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {B38769FD-4C73-4662-B28A-53D8BDF1CFE6} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
SearchScopes: HKCU - {BF376C58-4977-4A19-BE96-95ED7BC3EEC8} URL = hxxp://de.shopping.com/?linkin_id=8056363
SearchScopes: HKCU - {E174FACB-CE49-418A-8C18-547173B13166} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\mcafee\msk\mskapbho.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A45ECEED-70F4-4E5A-A404-2A0B79070844}: [NameServer]195.186.152.33 195.186.216.33
FireFox:
========
FF ProfilePath: C:\Users\Heike und Achim\AppData\Roaming\Mozilla\Firefox\Profiles\8yc8mqnr.default
FF Keyword.URL: chrome://browser-region/locale/region.properties
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.103 - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Heike und Achim\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Heike und Achim\AppData\Roaming\Mozilla\Firefox\Profiles\8yc8mqnr.default\Extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e}-trash [2012-01-21]
FF Extension: All-in-One Sidebar - C:\Users\Heike und Achim\AppData\Roaming\Mozilla\Firefox\Profiles\8yc8mqnr.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-07-11]
FF Extension: CookieCuller - C:\Users\Heike und Achim\AppData\Roaming\Mozilla\Firefox\Profiles\8yc8mqnr.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2012-10-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2010-07-30]
FF HKLM-x32\...\Firefox\Extensions: [{E4D8AFFF-DA7C-412F-A976-05ED142C7806}] - C:\Program Files (x86)\M-Budget\M-Budget Data Manager\FireFox_Remote\
FF Extension: M-Budget Data Manager - C:\Program Files (x86)\M-Budget\M-Budget Data Manager\FireFox_Remote\ []
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2010-07-30]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: delta-search.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6CFF00ADE1AC1C1A&affID=121240&tsp=4974
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.230.5) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U23) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\gears.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Heike und Achim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2\McChPlg.dll No File
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (SiteAdvisor) - C:\Users\Heike und Achim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1271_0 [2013-10-23]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Heike und Achim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 [2013-10-04]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-01-11]
==================== Services (Whitelisted) =================
S2 0127681389803000mcinstcleanup; C:\Windows\TEMP\012768~1.EXE [834664 2013-07-30] (McAfee, Inc.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 DeviceManager; C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe [40960 2010-06-17] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [237328 2012-03-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MDM Service; C:\Program Files (x86)\M-Budget\M-Budget Data Manager\DashBoardS.exe [153456 2011-06-16] (M-Budget)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-11-26] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [53248 2011-05-25] (NOS Microsystems Ltd.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 SesamService; C:\Program Files (x86)\M-Budget\Sesam\BIN\SecMIPService.exe [1482240 2011-05-16] (Swisscom)
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [307568 2010-09-22] (Sierra Wireless, Inc.)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1368624 2013-08-01] (Sony Corporation)
S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [x]
==================== Drivers (Whitelisted) ====================
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2011-05-23] (Huawei Technologies Co., Ltd.)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [119680 2010-06-17] (TCT International Mobile Ltd)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [92160 2010-06-16] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R3 WtSmpAdap; C:\Windows\System32\DRIVERS\wtsmpadap.sys [56688 2011-04-11] (Swisscom)
R1 WtSmpFlt; C:\Windows\System32\DRIVERS\wtsmpflt.sys [409456 2011-04-11] (Swisscom)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-15 18:09 - 2014-01-15 18:10 - 00030547 _____ C:\Users\Heike und Achim\Desktop\FRST.txt
2014-01-15 18:08 - 2014-01-15 18:08 - 00000000 ____D C:\FRST
2014-01-15 18:05 - 2014-01-15 18:05 - 02076160 _____ (Farbar) C:\Users\Heike und Achim\Desktop\FRST64.exe
2014-01-15 17:37 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-15 17:37 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-15 17:37 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-15 17:37 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-15 17:36 - 2014-01-15 17:37 - 00005402 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-13 23:51 - 2014-01-13 23:51 - 00001453 _____ C:\Users\Public\Desktop\Die 12 Heldentaten des Herkules.lnk
2014-01-13 23:29 - 2014-01-13 23:33 - 314419680 _____ (INTENIUM GmbH) C:\Users\Heike und Achim\Downloads\Die12HeldentatenDesHerkules.exe
2014-01-13 23:28 - 2014-01-13 23:28 - 00002335 _____ C:\Users\Public\Desktop\Play Haunted Train - Spirits of Charon Collectors Edition.lnk
2014-01-13 23:28 - 2014-01-13 23:28 - 00001334 _____ C:\Users\Public\Desktop\More Great Games.lnk
2014-01-13 23:26 - 2014-01-13 23:28 - 00000000 ____D C:\Program Files (x86)\Haunted Train - Spirits of Charon Collectors Edition
2014-01-13 23:26 - 2014-01-13 23:26 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Train - Spirits of Charon Collectors Edition
2014-01-13 23:21 - 2014-01-13 23:21 - 00002202 _____ C:\Users\Public\Desktop\Play Spirits of Mystery - The Silver Arrow.lnk
2014-01-13 23:18 - 2014-01-13 23:22 - 00000000 ____D C:\Program Files (x86)\Spirits of Mystery - The Silver Arrow
2014-01-13 23:18 - 2014-01-13 23:18 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spirits of Mystery - The Silver Arrow
2014-01-13 23:15 - 2014-01-13 23:15 - 00002390 _____ C:\Users\Public\Desktop\Play Witches Legacy - Hunter and the Hunted Collectors Edition.lnk
2014-01-13 23:10 - 2014-01-13 23:15 - 00000000 ____D C:\Program Files (x86)\Witches Legacy - Hunter and the Hunted Collectors Edition
2014-01-13 23:10 - 2014-01-13 23:10 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Witches Legacy - Hunter and the Hunted Collectors Edition
2014-01-13 23:06 - 2014-01-13 23:06 - 00002213 _____ C:\Users\Public\Desktop\Play Cruel Collections - The Any Wish Hotel.lnk
2014-01-13 23:03 - 2014-01-13 23:06 - 00000000 ____D C:\Program Files (x86)\Cruel Collections - The Any Wish Hotel
2014-01-13 23:03 - 2014-01-13 23:03 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cruel Collections - The Any Wish Hotel
2014-01-13 22:59 - 2014-01-13 22:59 - 00002065 _____ C:\Users\Public\Desktop\Play Esoterica - Hollow Earth.lnk
2014-01-13 22:55 - 2014-01-13 23:00 - 00000000 ____D C:\Program Files (x86)\Esoterica - Hollow Earth
2014-01-13 22:55 - 2014-01-13 22:55 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Esoterica - Hollow Earth
2014-01-12 20:32 - 2014-01-12 20:32 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Germanicus Head Games
2014-01-12 12:42 - 2014-01-12 12:42 - 00002403 _____ C:\Users\Public\Desktop\Play Mythic Wonders - The Philosophers Stone Collectors Edition.lnk
2014-01-12 12:42 - 2014-01-12 12:42 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mythic Wonders - The Philosophers Stone Collectors Edition
2014-01-12 12:42 - 2014-01-12 12:42 - 00000000 ____D C:\Program Files (x86)\Mythic Wonders - The Philosophers Stone Collectors Edition
2014-01-12 12:33 - 2014-01-12 12:33 - 00002024 _____ C:\Users\Public\Desktop\Play Fall of the New Age.lnk
2014-01-12 12:30 - 2014-01-12 12:33 - 00000000 ____D C:\Program Files (x86)\Fall of the New Age
2014-01-12 12:30 - 2014-01-12 12:30 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fall of the New Age
2014-01-12 11:55 - 2014-01-12 20:22 - 00000000 ____D C:\Program Files (x86)\Dangerous Games - Prisoners of Destiny Collector's Edition
2014-01-12 11:43 - 2014-01-12 14:58 - 00000000 ____D C:\Program Files (x86)\Campgrounds - The Endorus Expedition
2014-01-11 22:15 - 2014-01-11 22:15 - 00000000 ____D C:\ProgramData\MisteryRiddles
2014-01-11 18:05 - 2014-01-11 19:22 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\The Great Gatsby
2014-01-10 16:56 - 2014-01-10 16:56 - 00002289 _____ C:\Users\Heike und Achim\Desktop\Kingdom’s Heyday.lnk
2014-01-10 16:42 - 2014-01-10 16:42 - 00001250 _____ C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
2014-01-08 22:55 - 2014-01-08 22:55 - 00002069 _____ C:\Users\Public\Desktop\Play Rebuild the European Union.lnk
2014-01-08 22:53 - 2014-01-08 22:55 - 00000000 ____D C:\Program Files (x86)\Rebuild the European Union
2014-01-08 22:53 - 2014-01-08 22:53 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rebuild the European Union
2014-01-08 17:09 - 2014-01-08 17:09 - 00000040 _____ C:\Windows\system32\ὐ·
2014-01-08 16:29 - 2014-01-08 16:40 - 00000000 ____D C:\Users\Heike und Achim\Documents\Telefon
2014-01-08 16:08 - 2014-01-08 16:12 - 37188119 ____R C:\Users\Heike und Achim\Documents\08012013.nbu
2014-01-07 23:28 - 2014-01-07 23:28 - 00000000 ____D C:\Users\Heike und Achim\AppData\Local\Farmington Tales 2 - Winter Crop
2014-01-07 21:12 - 2014-01-07 21:36 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Chinese Dragon
2014-01-07 20:53 - 2014-01-07 20:53 - 00002081 _____ C:\Users\Public\Desktop\Play Dream Hills - Captured Magic.lnk
2014-01-07 20:52 - 2014-01-07 20:53 - 00000000 ____D C:\Program Files (x86)\Dream Hills - Captured Magic
2014-01-07 20:52 - 2014-01-07 20:52 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dream Hills - Captured Magic
2014-01-07 19:25 - 2014-01-07 19:25 - 00002109 _____ C:\Users\Public\Desktop\Play The Ultimate Christmas Puzzler.lnk
2014-01-07 19:24 - 2014-01-07 19:25 - 00000000 ____D C:\Program Files (x86)\The Ultimate Christmas Puzzler
2014-01-07 19:24 - 2014-01-07 19:24 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Ultimate Christmas Puzzler
2014-01-07 19:18 - 2014-01-07 19:18 - 00002204 _____ C:\Users\Public\Desktop\Play Christmas Stories - A Christmas Carol.lnk
2014-01-07 19:13 - 2014-01-07 19:18 - 00000000 ____D C:\Program Files (x86)\Christmas Stories - A Christmas Carol
2014-01-07 19:13 - 2014-01-07 19:13 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Christmas Stories - A Christmas Carol
2014-01-07 18:07 - 2014-01-07 18:07 - 00002220 _____ C:\Users\Public\Desktop\Play Mysterium - Lake Bliss Collectors Edition.lnk
2014-01-07 18:06 - 2014-01-07 18:07 - 00000000 ____D C:\Program Files (x86)\Mysterium - Lake Bliss Collectors Edition
2014-01-07 18:06 - 2014-01-07 18:06 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mysterium - Lake Bliss Collectors Edition
2014-01-06 17:00 - 2014-01-06 17:00 - 00002020 _____ C:\Users\Public\Desktop\Play Mystery of Sargasso Sea.lnk
2014-01-06 16:57 - 2014-01-06 17:00 - 00000000 ____D C:\Program Files (x86)\Mystery of Sargasso Sea
2014-01-06 16:57 - 2014-01-06 16:57 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery of Sargasso Sea
2014-01-05 16:34 - 2014-01-05 16:34 - 00002135 _____ C:\Users\Public\Desktop\Play Punished Talents - Seven Muses.lnk
2014-01-05 16:32 - 2014-01-05 16:34 - 00000000 ____D C:\Program Files (x86)\Punished Talents - Seven Muses
2014-01-05 16:32 - 2014-01-05 16:32 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Punished Talents - Seven Muses
2014-01-03 22:58 - 2014-01-03 22:58 - 00000000 _____ C:\Windows\system32\ὐ¾
2014-01-02 19:25 - 2014-01-04 23:46 - 00000000 ____D C:\Program Files (x86)\Spirits of Mystery - The Silver Arrow Collectors Edition
2014-01-01 21:49 - 2014-01-01 21:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-30 19:42 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2013-12-25 13:45 - 2013-12-25 13:46 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Realore_Whiterra Adelantado3
2013-12-17 22:39 - 2013-12-17 22:39 - 00002157 _____ C:\Users\Public\Desktop\Play In Search Of Treasure - Pirate Stories.lnk
2013-12-17 22:38 - 2013-12-17 22:39 - 00000000 ____D C:\Program Files (x86)\In Search Of Treasure - Pirate Stories
2013-12-17 22:38 - 2013-12-17 22:38 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\In Search Of Treasure - Pirate Stories
==================== One Month Modified Files and Folders =======
2014-01-15 18:10 - 2014-01-15 18:09 - 00030547 _____ C:\Users\Heike und Achim\Desktop\FRST.txt
2014-01-15 18:08 - 2014-01-15 18:08 - 00000000 ____D C:\FRST
2014-01-15 18:07 - 2010-07-30 14:50 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-15 18:05 - 2014-01-15 18:05 - 02076160 _____ (Farbar) C:\Users\Heike und Achim\Desktop\FRST64.exe
2014-01-15 17:56 - 2010-12-05 10:35 - 01660777 _____ C:\Windows\WindowsUpdate.log
2014-01-15 17:45 - 2013-07-22 02:01 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 17:37 - 2014-01-15 17:36 - 00005402 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 17:37 - 2013-10-19 09:07 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 17:37 - 2012-07-02 20:50 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-15 17:37 - 2010-12-05 11:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 17:29 - 2012-04-02 16:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-15 17:26 - 2012-12-17 17:04 - 00000000 ____D C:\ProgramData\MDM
2014-01-15 17:21 - 2013-05-12 10:23 - 00006471 _____ C:\Windows\LkmdfCoInst.log
2014-01-15 17:21 - 2013-02-03 20:21 - 00290290 _____ C:\Windows\setupact.log
2014-01-15 17:20 - 2010-12-05 13:48 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-01-15 17:17 - 2010-07-30 14:50 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-15 00:24 - 2010-12-06 22:23 - 00000000 ____D C:\Users\Heike und Achim\Documents\2_Tabellen
2014-01-15 00:11 - 2009-07-14 05:45 - 00013872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-15 00:11 - 2009-07-14 05:45 - 00013872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-14 23:59 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-14 23:57 - 2011-01-13 00:00 - 00007634 _____ C:\Users\Heike und Achim\AppData\Local\Resmon.ResmonCfg
2014-01-14 23:39 - 2010-12-05 10:46 - 00003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CC221A39-85F4-4CDD-BC0D-616AC92F41A3}
2014-01-14 23:05 - 2010-12-05 14:45 - 00000785 _____ C:\Users\Public\Desktop\IrfanView.lnk
2014-01-14 23:02 - 2011-12-13 09:21 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-14 22:14 - 2013-02-03 20:58 - 00098548 _____ C:\Windows\PFRO.log
2014-01-13 23:51 - 2014-01-13 23:51 - 00001453 _____ C:\Users\Public\Desktop\Die 12 Heldentaten des Herkules.lnk
2014-01-13 23:51 - 2012-06-21 19:56 - 00001131 _____ C:\Users\Public\Desktop\GAME CENTER.lnk
2014-01-13 23:49 - 2012-07-02 18:12 - 00000000 ____D C:\Program Files (x86)\DEUTSCHLAND SPIELT
2014-01-13 23:33 - 2014-01-13 23:29 - 314419680 _____ (INTENIUM GmbH) C:\Users\Heike und Achim\Downloads\Die12HeldentatenDesHerkules.exe
2014-01-13 23:28 - 2014-01-13 23:28 - 00002335 _____ C:\Users\Public\Desktop\Play Haunted Train - Spirits of Charon Collectors Edition.lnk
2014-01-13 23:28 - 2014-01-13 23:28 - 00001334 _____ C:\Users\Public\Desktop\More Great Games.lnk
2014-01-13 23:28 - 2014-01-13 23:26 - 00000000 ____D C:\Program Files (x86)\Haunted Train - Spirits of Charon Collectors Edition
2014-01-13 23:26 - 2014-01-13 23:26 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Train - Spirits of Charon Collectors Edition
2014-01-13 23:22 - 2014-01-13 23:18 - 00000000 ____D C:\Program Files (x86)\Spirits of Mystery - The Silver Arrow
2014-01-13 23:21 - 2014-01-13 23:21 - 00002202 _____ C:\Users\Public\Desktop\Play Spirits of Mystery - The Silver Arrow.lnk
2014-01-13 23:18 - 2014-01-13 23:18 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spirits of Mystery - The Silver Arrow
2014-01-13 23:15 - 2014-01-13 23:15 - 00002390 _____ C:\Users\Public\Desktop\Play Witches Legacy - Hunter and the Hunted Collectors Edition.lnk
2014-01-13 23:15 - 2014-01-13 23:10 - 00000000 ____D C:\Program Files (x86)\Witches Legacy - Hunter and the Hunted Collectors Edition
2014-01-13 23:10 - 2014-01-13 23:10 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Witches Legacy - Hunter and the Hunted Collectors Edition
2014-01-13 23:06 - 2014-01-13 23:06 - 00002213 _____ C:\Users\Public\Desktop\Play Cruel Collections - The Any Wish Hotel.lnk
2014-01-13 23:06 - 2014-01-13 23:03 - 00000000 ____D C:\Program Files (x86)\Cruel Collections - The Any Wish Hotel
2014-01-13 23:03 - 2014-01-13 23:03 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cruel Collections - The Any Wish Hotel
2014-01-13 23:00 - 2014-01-13 22:55 - 00000000 ____D C:\Program Files (x86)\Esoterica - Hollow Earth
2014-01-13 22:59 - 2014-01-13 22:59 - 00002065 _____ C:\Users\Public\Desktop\Play Esoterica - Hollow Earth.lnk
2014-01-13 22:55 - 2014-01-13 22:55 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Esoterica - Hollow Earth
2014-01-13 22:41 - 2010-07-30 14:35 - 00000000 ____D C:\Program Files\Common Files\mcafee
2014-01-13 22:35 - 2013-07-08 21:29 - 00000000 ____D C:\BigFishCache
2014-01-13 20:58 - 2012-09-04 21:20 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\8floor
2014-01-13 19:49 - 2012-02-24 21:14 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\AlawarEntertainment
2014-01-13 18:22 - 2012-07-12 21:10 - 00000000 ____D C:\Users\Heike und Achim\Documents\8floor
2014-01-12 20:32 - 2014-01-12 20:32 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Germanicus Head Games
2014-01-12 20:22 - 2014-01-12 11:55 - 00000000 ____D C:\Program Files (x86)\Dangerous Games - Prisoners of Destiny Collector's Edition
2014-01-12 19:43 - 2011-07-06 19:14 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\BlamGames
2014-01-12 15:04 - 2013-11-24 18:33 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\FGS
2014-01-12 14:58 - 2014-01-12 11:43 - 00000000 ____D C:\Program Files (x86)\Campgrounds - The Endorus Expedition
2014-01-12 12:42 - 2014-01-12 12:42 - 00002403 _____ C:\Users\Public\Desktop\Play Mythic Wonders - The Philosophers Stone Collectors Edition.lnk
2014-01-12 12:42 - 2014-01-12 12:42 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mythic Wonders - The Philosophers Stone Collectors Edition
2014-01-12 12:42 - 2014-01-12 12:42 - 00000000 ____D C:\Program Files (x86)\Mythic Wonders - The Philosophers Stone Collectors Edition
2014-01-12 12:33 - 2014-01-12 12:33 - 00002024 _____ C:\Users\Public\Desktop\Play Fall of the New Age.lnk
2014-01-12 12:33 - 2014-01-12 12:30 - 00000000 ____D C:\Program Files (x86)\Fall of the New Age
2014-01-12 12:30 - 2014-01-12 12:30 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fall of the New Age
2014-01-11 23:18 - 2012-08-19 19:05 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iplay
2014-01-11 23:18 - 2012-06-20 19:58 - 00000000 ____D C:\Program Files (x86)\Oberon Media SIDR
2014-01-11 22:15 - 2014-01-11 22:15 - 00000000 ____D C:\ProgramData\MisteryRiddles
2014-01-11 19:22 - 2014-01-11 18:05 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\The Great Gatsby
2014-01-11 15:12 - 2012-09-09 21:35 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Eipix
2014-01-11 11:56 - 2013-09-26 18:01 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Argali
2014-01-11 11:11 - 2011-04-15 18:55 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\ERS Game Studios
2014-01-10 22:22 - 2011-08-08 22:12 - 00000000 ____D C:\ProgramData\HipSoft
2014-01-10 20:28 - 2013-01-14 20:43 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Big Top Games
2014-01-10 16:56 - 2014-01-10 16:56 - 00002289 _____ C:\Users\Heike und Achim\Desktop\Kingdom’s Heyday.lnk
2014-01-10 16:42 - 2014-01-10 16:42 - 00001250 _____ C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
2014-01-09 23:28 - 2011-07-23 14:38 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Elephant Games
2014-01-09 22:29 - 2010-07-31 00:24 - 00697098 _____ C:\Windows\system32\perfh007.dat
2014-01-09 22:29 - 2010-07-31 00:24 - 00148362 _____ C:\Windows\system32\perfc007.dat
2014-01-09 22:29 - 2009-07-14 06:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 21:37 - 2011-03-09 20:36 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Boomzap
2014-01-09 18:15 - 2010-12-05 14:53 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\PC Suite
2014-01-08 22:55 - 2014-01-08 22:55 - 00002069 _____ C:\Users\Public\Desktop\Play Rebuild the European Union.lnk
2014-01-08 22:55 - 2014-01-08 22:53 - 00000000 ____D C:\Program Files (x86)\Rebuild the European Union
2014-01-08 22:53 - 2014-01-08 22:53 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rebuild the European Union
2014-01-08 21:20 - 2012-12-09 20:34 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Gogii Games
2014-01-08 17:09 - 2014-01-08 17:09 - 00000040 _____ C:\Windows\system32\ὐ·
2014-01-08 16:40 - 2014-01-08 16:29 - 00000000 ____D C:\Users\Heike und Achim\Documents\Telefon
2014-01-08 16:12 - 2014-01-08 16:08 - 37188119 ____R C:\Users\Heike und Achim\Documents\08012013.nbu
2014-01-07 23:28 - 2014-01-07 23:28 - 00000000 ____D C:\Users\Heike und Achim\AppData\Local\Farmington Tales 2 - Winter Crop
2014-01-07 21:51 - 2011-10-30 16:33 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\casualArts
2014-01-07 21:51 - 2011-10-30 16:33 - 00000000 ____D C:\ProgramData\casualArts
2014-01-07 21:36 - 2014-01-07 21:12 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Chinese Dragon
2014-01-07 20:53 - 2014-01-07 20:53 - 00002081 _____ C:\Users\Public\Desktop\Play Dream Hills - Captured Magic.lnk
2014-01-07 20:53 - 2014-01-07 20:52 - 00000000 ____D C:\Program Files (x86)\Dream Hills - Captured Magic
2014-01-07 20:52 - 2014-01-07 20:52 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dream Hills - Captured Magic
2014-01-07 19:25 - 2014-01-07 19:25 - 00002109 _____ C:\Users\Public\Desktop\Play The Ultimate Christmas Puzzler.lnk
2014-01-07 19:25 - 2014-01-07 19:24 - 00000000 ____D C:\Program Files (x86)\The Ultimate Christmas Puzzler
2014-01-07 19:24 - 2014-01-07 19:24 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Ultimate Christmas Puzzler
2014-01-07 19:18 - 2014-01-07 19:18 - 00002204 _____ C:\Users\Public\Desktop\Play Christmas Stories - A Christmas Carol.lnk
2014-01-07 19:18 - 2014-01-07 19:13 - 00000000 ____D C:\Program Files (x86)\Christmas Stories - A Christmas Carol
2014-01-07 19:13 - 2014-01-07 19:13 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Christmas Stories - A Christmas Carol
2014-01-07 18:07 - 2014-01-07 18:07 - 00002220 _____ C:\Users\Public\Desktop\Play Mysterium - Lake Bliss Collectors Edition.lnk
2014-01-07 18:07 - 2014-01-07 18:06 - 00000000 ____D C:\Program Files (x86)\Mysterium - Lake Bliss Collectors Edition
2014-01-07 18:06 - 2014-01-07 18:06 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mysterium - Lake Bliss Collectors Edition
2014-01-06 17:00 - 2014-01-06 17:00 - 00002020 _____ C:\Users\Public\Desktop\Play Mystery of Sargasso Sea.lnk
2014-01-06 17:00 - 2014-01-06 16:57 - 00000000 ____D C:\Program Files (x86)\Mystery of Sargasso Sea
2014-01-06 16:57 - 2014-01-06 16:57 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery of Sargasso Sea
2014-01-05 16:34 - 2014-01-05 16:34 - 00002135 _____ C:\Users\Public\Desktop\Play Punished Talents - Seven Muses.lnk
2014-01-05 16:34 - 2014-01-05 16:32 - 00000000 ____D C:\Program Files (x86)\Punished Talents - Seven Muses
2014-01-05 16:32 - 2014-01-05 16:32 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Punished Talents - Seven Muses
2014-01-04 23:46 - 2014-01-02 19:25 - 00000000 ____D C:\Program Files (x86)\Spirits of Mystery - The Silver Arrow Collectors Edition
2014-01-03 22:58 - 2014-01-03 22:58 - 00000000 _____ C:\Windows\system32\ὐ¾
2014-01-02 16:27 - 2012-07-11 19:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-01 21:49 - 2014-01-01 21:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-31 14:02 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-30 20:41 - 2010-07-30 14:35 - 00000000 ____D C:\ProgramData\McAfee
2013-12-25 13:46 - 2013-12-25 13:45 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Realore_Whiterra Adelantado3
2013-12-18 21:09 - 2014-01-15 17:37 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-18 21:04 - 2014-01-15 17:37 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-18 21:04 - 2014-01-15 17:37 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-18 21:03 - 2014-01-15 17:37 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-17 22:39 - 2013-12-17 22:39 - 00002157 _____ C:\Users\Public\Desktop\Play In Search Of Treasure - Pirate Stories.lnk
2013-12-17 22:39 - 2013-12-17 22:38 - 00000000 ____D C:\Program Files (x86)\In Search Of Treasure - Pirate Stories
2013-12-17 22:38 - 2013-12-17 22:38 - 00000000 ____D C:\Users\Heike und Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\In Search Of Treasure - Pirate Stories
Files to move or delete:
====================
C:\Users\Heike und Achim\grub.exe
C:\Users\Heike und Achim\rescue2usb.exe
Some content of TEMP:
====================
C:\Users\Heike und Achim\AppData\Local\Temp\bfguni.exe
C:\Users\Heike und Achim\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Heike und Achim\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Heike und Achim\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Heike und Achim\AppData\Local\Temp\Paint.NET.3.5.11.Install.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-12 17:36
==================== End Of Log ============================
Die addition.txt musste ich zippen, weil zu lang Wäre sehr nett, wenn da mal jemand drüber schauen könnte. Außerdem habe ich die Frage, ob ich VaioCare über die Aufgabenplanung deaktivieren kann. Der frisst Speicher, startet aber automatisch beim Systemstart. Danke im voraus Viele Grüße ebb8924 |
|
16.01.2014, 07:43
| #2 |
| /// the machine /// TB-Ausbilder    | McAffe meldet Trojanerangriff - Laptop jetzt wirklich sauber? Hi,
__________________spontan seh ich nix. Wo hat McAfee denn was gefunden? Das Teil kannste deaktivieren 
__________________ |
|
16.01.2014, 17:34
| #3 |
| | McAffe meldet Trojanerangriff - Laptop jetzt wirklich sauber? Hallo Schrauber,
__________________erst mal vielen Dank für deine Antwort.  Wo genau der McAffee was gefunden hat kann ich garnicht sagen. Es poppte das Fenster mit der Warnmeldung auf und meldete einen Trojanerbefall. Unten war dann der Button zum Neustart des Rechners zur Reparatur. Das habe ich gemacht und dann war nichts mehr von dem Befall zu sehen. In MBam wenigstens. Deshalb dann auch meine Frage, ob der Rechner sauber ist. McAffee sieht übrigens auch die TFC-Seite (Der tmp-Cleaner) von Oldtimer als gefährlich an. Die ist doch aber okay. Ich habe mich jetzt nicht getraut das runter zu laden, um mal meine TMP aufzuräumen. Vaio Care werde ich deaktivieren. Viele Grüße ebb8924 |
|
17.01.2014, 12:51
| #4 |
| /// the machine /// TB-Ausbilder | McAffe meldet Trojanerangriff - Laptop jetzt wirklich sauber? Klar ist das Ok. Öffne mal die Oberfläche von McAfee, ob Du da irgendwo en Log finden kannst.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.01.2014, 16:29
| #5 |
| | McAffe meldet Trojanerangriff - Laptop jetzt wirklich sauber? Hi Schrauber, ich habe mich mal im "schlau" gemacht. Macaffe produziert keine von uns Usern lesbare log-files. Ziemlich dämlich eigentlich. Aber danke für deine Antwort. Gruß ebb8924 |
|
18.01.2014, 07:49
| #6 |
| /// the machine /// TB-Ausbilder | McAffe meldet Trojanerangriff - Laptop jetzt wirklich sauber? Ok. Beobachte das mal. Wenn nochmal was gemeldet wird abschreiben oder Screenshot bitte.
__________________ --> McAffe meldet Trojanerangriff - Laptop jetzt wirklich sauber? |
|
| Themen zu McAffe meldet Trojanerangriff - Laptop jetzt wirklich sauber? |
| administrator, adobe, adobe flash player, downloader, explorer, firefox, flash player, frage, google, home, homepage, iexplore.exe, mozilla, mp3, phishing, realtek, registry, secunia psi, services.exe, sierra, siteadvisor, software, super, superantispyware, svchost.exe, symantec, temp, winlogon.exe |
Linear-Darstellung
