| |
| |||||||
Log-Analyse und Auswertung: Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
12.03.2014, 18:54
| #1 |
 |  Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware Hallo liebe Helfer! Ich habe vorhin seit langem mal wieder Malwarebytes Anti-Malware durchlaufen lassen und dabei leider zweimal einen Befall mit Trojan-SpyEyes gefunden. Ich habe zunächst bei MBAM nichts unternommen und die anderen 3 Programme durchlaufen lassen. Bei Defogger gab es kein Problem und daher auch keinen Bericht. Die beiden Berichte von FRST und GMER sowie den ursprünglichen Bericht von MBAM habe ich hier gepostet. FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014 Ran by Jörg (administrator) on JÖRG-PC on 12-03-2014 17:18:01 Running from C:\Users\Jörg\Desktop\Jörg Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (AMD) C:\Windows\system32\atieclxx.exe (B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Windows\system32\mfevtps.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe (SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Huawei Technologies Co., Ltd.) C:\Users\Jörg\AppData\Roaming\Telekom Internet Manager\ouc.exe () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe (Microsoft Corporation) C:\Windows\system32\taskmgr.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-26] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.) HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.) HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-26] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] () HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-25] (CyberLink Corp.) HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [DellSupportCenter] - "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter HKLM-x32\...\Run: [RemoteControl] - C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.) HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\Telekom\InternetManager_H\DataCardMonitor.exe [259424 2013-05-03] (Huawei Technologies Co., Ltd.) HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.) HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-09-17] (Softthinks) HKLM-x32\...\RunOnce: [STToasterLauncher] - C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-09-17] () HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKU\.DEFAULT\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [fheydbueyj.exe] - C:\fheydbueyj.exe\fheydbueyj.exe HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.6\ICQ.exe [127040 2011-10-10] (ICQ, LLC.) HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [306688 2012-03-26] (FileHippo.com) HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC) HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] - C:\Program Files (x86)\Telekom\InternetManager_H\UpdateDog\ouc.exe [116064 2010-12-28] (Huawei Technologies Co., Ltd.) HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\MountPoints2: {30fd19bd-7bc8-11e0-93b7-904ce5f5dda9} - F:\LaunchU3.exe -a HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\MountPoints2: {3896c37a-3e37-11df-a8dd-0026b911bb0f} - E:\EasySuite.exe HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\MountPoints2: {6d37b00c-b3fd-11e2-9846-0026b911bb0f} - E:\AutoRun.exe HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\MountPoints2: {6d37b01c-b3fd-11e2-9846-0026b911bb0f} - E:\AutoRun.exe HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\MountPoints2: {cbbe3de7-098f-11df-b382-0026b911bb0f} - E:\EasySuite.exe HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\MountPoints2: {ebb8898e-075e-11df-b8b8-904ce5f5dda9} - F:\EasySuite.exe Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} URLSearchHook: HKLM-x32 - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File URLSearchHook: HKCU - QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Jörg\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/?query={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/?query={searchTerms} SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 SearchScopes: HKCU - DefaultScope {810C5518-649C-4767-A11C-59BFFAE36D78} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE105&p={SearchTerms} SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd SearchScopes: HKCU - {810C5518-649C-4767-A11C-59BFFAE36D78} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE105&p={SearchTerms} SearchScopes: HKCU - {86DB3314-17F2-4C6A-8F85-09C6A55AD9EB} URL = SearchScopes: HKCU - {9DB5AE8D-3204-4F85-A13A-773039C1C5B4} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/?query={searchTerms} SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 SearchScopes: HKCU - {E2D2B080-405E-4C81-904E-7410130A754E} URL = BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Jörg\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File DPF: HKLM-x32 {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} hxxp://www.ppiwidget.com/campaigns/startrek_AR/widget/de/Plugin/DFusionHomeWebPlugIn.Installer.exe Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchKeyword: mcafee CHR DefaultSearchProvider: McAfee CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?fr=mcafee&type=A211DE105&p={searchTerms} CHR DefaultNewTabURL: CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (D'Fusion @Home Web Plug-In (2.10.8863)) - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll () CHR Extension: (YouTube) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15] CHR Extension: (Adblock Plus) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-11] CHR Extension: (Google-Suche) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15] CHR Extension: (SiteAdvisor) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-11-01] CHR Extension: (Webseite Blocher (Beta)) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2013-04-11] CHR Extension: (Google Wallet) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-25] CHR Extension: (Google Mail) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15] ==================== Services (Whitelisted) ================= R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [344928 2011-01-28] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.) R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.) ==================== Drivers (Whitelisted) ==================== R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.) R3 CryptOSD; C:\Windows\System32\DRIVERS\CryptOSD.sys [431488 2009-06-25] (Phoenix Technologies) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.) R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.) R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.) R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.) R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.) R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [282440 2011-07-11] (PC Tools) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC) S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [13168 2011-07-13] (SMART Technologies ULC) S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [16368 2011-07-13] (SMART Technologies ULC) S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [24944 2011-07-13] (SMART Technologies ULC) R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-12 17:17 - 2014-03-12 17:18 - 00000000 ____D () C:\FRST 2014-03-12 17:14 - 2014-03-12 17:14 - 00000000 _____ () C:\Users\Jörg\defogger_reenable 2014-03-12 16:24 - 2014-03-12 16:24 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Malwarebytes 2014-03-12 16:23 - 2014-03-12 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-12 16:23 - 2014-03-12 16:23 - 00001075 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-12 16:23 - 2014-03-12 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-12 16:23 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-12 16:21 - 2014-03-12 16:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jörg\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-12 16:21 - 2014-03-12 16:21 - 00001141 _____ () C:\Users\Jörg\Desktop\Continue Zip Extractor Installation.lnk 2014-03-12 16:19 - 2014-03-12 16:19 - 00687744 _____ ( ) C:\Users\Jörg\Downloads\ZipExtractorSetup.exe 2014-03-11 22:20 - 2014-03-11 22:20 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-03-10 14:21 - 2014-03-10 14:21 - 00001431 _____ () C:\Users\Jörg\Desktop\sd9setup.exe.lnk 2014-03-10 14:21 - 2014-03-10 14:21 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\TestApp 2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup.exe 2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup (1).exe 2014-03-09 22:58 - 2014-03-09 22:58 - 00263332 _____ () C:\Windows\msxml4-KB2758694-enu.LOG 2014-03-09 22:42 - 2014-03-12 14:58 - 00006800 _____ () C:\Windows\PFRO.log 2014-03-09 09:00 - 2014-03-09 09:01 - 02434048 _____ () C:\Users\Jörg\Downloads\msxml.msi 2014-03-08 08:43 - 2014-03-08 08:50 - 00016778 _____ () C:\Windows\DPINST.LOG 2014-03-08 01:27 - 2014-03-12 17:08 - 00004010 _____ () C:\Windows\setupact.log 2014-03-08 01:27 - 2014-03-08 01:27 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-26 07:17 - 2014-02-27 03:11 - 01608640 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-14 03:04 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-14 03:04 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-14 03:02 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-14 03:02 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-14 03:02 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-14 03:02 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-14 03:02 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-14 03:02 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-14 03:02 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-14 03:02 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-14 03:02 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-14 03:02 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-14 03:02 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-14 03:02 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-14 03:02 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-14 03:02 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-14 03:02 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-14 03:02 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-14 03:02 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-14 03:02 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-14 03:02 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-14 03:02 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-14 03:02 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-14 03:02 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-14 03:02 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-14 03:02 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-14 03:02 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-14 03:02 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-14 03:02 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-14 03:02 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-14 03:02 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-14 03:02 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-14 03:02 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-14 03:02 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-14 03:02 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-14 03:02 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-14 03:02 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-14 03:02 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-14 03:02 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-14 03:02 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-14 03:02 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-13 21:54 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-02-13 21:54 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-13 21:54 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-02-13 21:54 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-13 21:54 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-13 21:54 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-13 21:54 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-02-13 21:54 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-02-13 21:54 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-13 21:54 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-13 21:54 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-13 21:54 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-13 21:54 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-13 21:54 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-13 21:54 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-13 21:54 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-13 21:54 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-13 21:54 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-02-13 21:54 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-02-13 21:54 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-02-13 21:54 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-02-13 21:54 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-02-13 21:54 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-02-13 21:54 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-02-13 21:54 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-02-13 21:54 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-02-13 21:54 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-02-13 21:54 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll ==================== One Month Modified Files and Folders ======= 2014-03-12 17:18 - 2014-03-12 17:17 - 00000000 ____D () C:\FRST 2014-03-12 17:18 - 2009-12-25 10:09 - 00000000 ____D () C:\Users\Jörg\Desktop\Jörg 2014-03-12 17:18 - 2009-07-14 06:10 - 01969125 _____ () C:\Windows\WindowsUpdate.log 2014-03-12 17:14 - 2014-03-12 17:14 - 00000000 _____ () C:\Users\Jörg\defogger_reenable 2014-03-12 17:14 - 2009-12-05 10:27 - 00000000 ____D () C:\Users\Jörg 2014-03-12 17:08 - 2014-03-08 01:27 - 00004010 _____ () C:\Windows\setupact.log 2014-03-12 17:02 - 2010-03-18 20:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-12 16:24 - 2014-03-12 16:24 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Malwarebytes 2014-03-12 16:24 - 2014-03-12 16:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-12 16:23 - 2014-03-12 16:23 - 00001075 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-12 16:23 - 2014-03-12 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-12 16:21 - 2014-03-12 16:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jörg\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-12 16:21 - 2014-03-12 16:21 - 00001141 _____ () C:\Users\Jörg\Desktop\Continue Zip Extractor Installation.lnk 2014-03-12 16:20 - 2012-04-04 11:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-12 16:19 - 2014-03-12 16:19 - 00687744 _____ ( ) C:\Users\Jörg\Downloads\ZipExtractorSetup.exe 2014-03-12 16:05 - 2012-04-12 19:32 - 00003486 _____ () C:\Windows\Sandboxie.ini 2014-03-12 15:49 - 2013-05-23 15:36 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask 2014-03-12 15:09 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-12 15:09 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-12 15:03 - 2014-02-08 14:37 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk 2014-03-12 15:02 - 2010-03-18 20:21 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-12 14:59 - 2009-12-05 10:27 - 00000000 ____D () C:\Users\Jörg\AppData\Local\SoftThinks 2014-03-12 14:59 - 2009-11-30 22:48 - 00000071 _____ () C:\Windows\SysWOW64\ToasterLauncherLog.log 2014-03-12 14:59 - 2009-11-30 22:22 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup 2014-03-12 14:58 - 2014-03-09 22:42 - 00006800 _____ () C:\Windows\PFRO.log 2014-03-12 14:58 - 2011-03-20 04:50 - 00000000 ____D () C:\Program Files (x86)\PC Tools Security 2014-03-12 14:58 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-12 14:56 - 2011-03-20 04:46 - 00000000 ____D () C:\ProgramData\PC Tools 2014-03-11 22:20 - 2014-03-11 22:20 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-03-11 22:20 - 2012-04-04 11:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-11 22:20 - 2012-04-04 11:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-11 22:20 - 2011-05-18 19:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-10 14:21 - 2014-03-10 14:21 - 00001431 _____ () C:\Users\Jörg\Desktop\sd9setup.exe.lnk 2014-03-10 14:21 - 2014-03-10 14:21 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\TestApp 2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup.exe 2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup (1).exe 2014-03-09 22:58 - 2014-03-09 22:58 - 00263332 _____ () C:\Windows\msxml4-KB2758694-enu.LOG 2014-03-09 22:43 - 2009-07-14 05:45 - 00319440 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-09 09:05 - 2010-01-18 01:04 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2014-03-09 09:01 - 2014-03-09 09:00 - 02434048 _____ () C:\Users\Jörg\Downloads\msxml.msi 2014-03-09 08:59 - 2010-01-06 23:12 - 00000000 ____D () C:\Users\Jörg\.gimp-2.6 2014-03-08 15:12 - 2011-03-20 04:50 - 02940846 _____ () C:\Windows\system32\Drivers\Cat.DB 2014-03-08 15:11 - 2009-11-30 22:40 - 00000000 ____D () C:\Program Files\Common Files\McAfee 2014-03-08 12:41 - 2009-12-05 10:28 - 00072368 _____ () C:\Users\Jörg\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-08 08:56 - 2009-12-25 10:10 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-03-08 08:50 - 2014-03-08 08:43 - 00016778 _____ () C:\Windows\DPINST.LOG 2014-03-08 08:50 - 2010-04-20 20:23 - 00000000 ____D () C:\ProgramData\SMART Technologies 2014-03-08 08:41 - 2012-11-26 19:11 - 00000000 ____D () C:\ProgramData\LAT 2.0 Deutsch 2014-03-08 01:27 - 2014-03-08 01:27 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-08 01:24 - 2010-01-26 23:38 - 00000000 ____D () C:\Windows\Minidump 2014-03-08 01:24 - 2009-11-30 23:38 - 00000000 ____D () C:\Windows\Panther 2014-03-08 00:57 - 2010-01-05 23:37 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-08 00:57 - 2010-01-05 23:37 - 00000000 ____D () C:\ProgramData\Skype 2014-02-27 03:11 - 2014-02-26 07:17 - 01608640 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-27 03:11 - 2009-07-14 18:58 - 00704520 _____ () C:\Windows\system32\perfh007.dat 2014-02-27 03:11 - 2009-07-14 18:58 - 00152326 _____ () C:\Windows\system32\perfc007.dat 2014-02-27 03:10 - 2009-07-14 06:13 - 01608640 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-23 20:13 - 2010-11-09 10:57 - 02967552 ___SH () C:\Users\Jörg\Desktop\Thumbs.db 2014-02-22 12:14 - 2013-05-23 15:34 - 00000000 ____D () C:\Program Files\My Dell 2014-02-22 12:14 - 2009-11-30 22:24 - 00000000 ____D () C:\ProgramData\PCDr 2014-02-17 03:08 - 2013-07-18 02:04 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-17 03:04 - 2009-12-25 19:00 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-14 04:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-02-13 14:57 - 2010-03-18 20:21 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-13 14:57 - 2010-03-18 20:21 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-12 15:56 - 2010-07-16 16:33 - 00000000 ____D () C:\Users\J�rg 2014-02-10 00:47 - 2011-08-02 10:33 - 00000000 ____D () C:\Users\Jörg\Desktop\Star Trek research Files to move or delete: ==================== C:\Users\Jörg\AmazonMP3Installer-de_DE.exe C:\Users\Jörg\gwave555.exe C:\Users\Jörg\vlc-1.1.0-win32.exe Some content of TEMP: ==================== C:\Users\Jörg\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe C:\Users\Jörg\AppData\Local\Temp\SandboxieInstall.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-11 19:44 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2014
Ran by Jörg at 2014-03-12 17:19:29
Running from C:\Users\Jörg\Desktop\Jörg
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version: - )
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0625.1811 - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4400 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0625.1812.30825 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help English (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help French (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help German (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
ccc-utility64 (Version: 2009.0625.1812.30825 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.44 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.2 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
Free Audio CD Burner version 1.4 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
GIMP 2.6.8 (HKLM-x32\...\WinGimp-2.0_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
ICQ7.6 (HKLM-x32\...\{7644E42D-B096-457F-8B5B-901238FC81AE}) (Version: 7.6 - ICQ)
Inkscape 0.47 (HKLM-x32\...\Inkscape) (Version: 0.47 - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version: - McAfee, Inc.) Hidden
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0000 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Opera 11.62 (HKLM-x32\...\Opera 11.62.1347) (Version: 11.62.1347 - Opera Software ASA)
PC Tools Registry Tool (HKLM-x32\...\PC Tools File and Registry Tool_is1) (Version: 1.0.0.14 - PC Tools Ltd.)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
PS_AIO_03_C4400_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.0 - Roxio)
Roxio Burn (x32 Version: 1.0.0 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skins (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Telekom Internet Manager (HKLM-x32\...\Telekom Internet Manager) (Version: 11.301.05.09.748 - Huawei Technologies Co.,Ltd)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VideoCam Suite 2.0 (HKLM-x32\...\{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}) (Version: 2.00.044.1031 - Panasonic Corporation)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
==================== Restore Points =========================
06-03-2014 02:02:31 Windows Update
07-03-2014 23:54:53 Removed Skype™ 6.11
08-03-2014 07:37:01 Removed SMART Notebook.
08-03-2014 07:46:40 Removed SMART Product Drivers.
08-03-2014 07:55:09 Removed Opera 11.00.
08-03-2014 07:56:56 Removed MyScript HWR (German).
09-03-2014 08:02:52 Installed MSXML 4.0 SP3 Parser
09-03-2014 21:56:38 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {052219DF-7EDE-4CB3-B5F6-C5A502F3F3BD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {4AF840D4-2DFF-4408-96A0-7A572239C85F} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {51A294B6-4EA6-4466-9BF9-8573A0D1ABDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {54984B76-92FC-4045-9581-396775EAFBC5} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {6BE2FC18-C842-467E-954F-634A34817486} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18] (Google Inc.)
Task: {9D8D3B84-87B8-4D6C-BDD7-4B38E3F23B31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18] (Google Inc.)
Task: {F6B514A7-39E1-4D1E-850C-B69C685529F9} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-01-28 05:03 - 2011-01-28 05:03 - 00344928 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2010-04-02 23:26 - 2010-03-15 10:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2009-07-02 01:54 - 2009-07-02 01:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-11-30 22:22 - 2009-09-17 20:06 - 00410864 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2009-11-13 16:15 - 2009-11-13 16:15 - 01807600 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2009-05-05 19:56 - 2009-05-05 19:56 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-11-30 22:09 - 2009-11-30 22:09 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-04-13 20:11 - 2010-04-13 20:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2009-11-30 22:22 - 2009-09-17 20:04 - 00115952 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00128240 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2009-11-30 22:22 - 2009-09-17 20:04 - 01123568 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00079088 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00234736 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00074992 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00111856 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00121072 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00025840 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00025840 ____N () C:\program files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00025840 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00275696 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-09-11 19:05 - 2009-09-11 19:05 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00046320 _____ () C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00365808 _____ () C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00152816 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2014-02-22 01:08 - 2014-02-20 02:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-22 01:08 - 2014-02-20 02:02 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
2014-02-22 01:08 - 2014-02-20 02:02 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
2014-02-22 01:08 - 2014-02-20 02:03 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-22 01:08 - 2014-02-20 02:03 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-22 01:08 - 2014-02-20 02:02 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
2014-02-22 01:08 - 2014-02-20 02:03 - 13632840 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SMART Board-Werkzeuge.lnk => C:\Windows\pss\SMART Board-Werkzeuge.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VideoCam Suite 2.0.lnk => C:\Windows\pss\VideoCam Suite 2.0.lnk.CommonStartup
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: SMART Board Service => C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
MSCONFIG\startupreg: SMART SNMP Agent => C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e
==================== Faulty Device Manager Devices =============
Name: McAfee Inc. mfeapfk
Description: McAfee Inc. mfeapfk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfeapfk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/12/2014 03:01:55 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {78faee2e-1cd9-4a3b-9cd2-822f1a51bd00}
Error: (03/12/2014 02:56:04 PM) (Source: pctsSvc.exe) (User: )
Description: Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen
Error: (03/12/2014 02:49:59 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {e5a52f7d-dbc0-42c5-8507-44dd6125c947}
Error: (03/11/2014 10:21:27 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Adobe Flash Player 12 Plugin -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action NewCustomAction1, location: C:\Windows\TEMP\InstallPlugin_12_0_0_70.exe, command: -install -msi
Error: (03/11/2014 07:48:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (03/11/2014 06:44:01 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {2ca8537c-7a79-48e0-b379-b98b3b2e8b88}
Error: (03/10/2014 01:39:46 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {0c77f532-b1fb-40b3-8aa8-a700696683cf}
Error: (03/10/2014 05:59:04 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {61fe2c2a-fc89-424d-89bf-f9c28c2fe1d4}
Error: (03/09/2014 10:45:48 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {048e4290-a633-4aad-b9c3-b36ca494cedd}
Error: (03/09/2014 02:59:59 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
System errors:
=============
Error: (03/12/2014 05:09:58 PM) (Source: ACPI) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error: (03/12/2014 03:24:58 PM) (Source: ACPI) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error: (03/12/2014 02:58:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1243
Error: (03/12/2014 02:47:53 PM) (Source: NetBT) (User: )
Description: Der Name "JTRG-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21
registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (03/12/2014 02:47:53 PM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{5FBF464A-E371-4C48-A41B-CD5755B5B45C} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (03/12/2014 02:47:47 PM) (Source: NetBT) (User: )
Description: Der Name "JÖRG-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21
registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (03/12/2014 02:47:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1243
Error: (03/12/2014 02:55:33 AM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (03/11/2014 06:50:14 PM) (Source: DCOM) (User: )
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}
Error: (03/11/2014 06:41:57 PM) (Source: NetBT) (User: )
Description: Der Name "JTRG-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21
registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Microsoft Office Sessions:
=========================
Error: (04/20/2013 01:08:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13756 seconds with 4080 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 78%
Total physical RAM: 4060.86 MB
Available physical RAM: 864.34 MB
Total Pagefile: 8119.89 MB
Available Pagefile: 2512.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:234.05 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 7ABE6F4D)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.12.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16518 Jörg :: JÖRG-PC [Administrator] Schutz: Aktiviert 12.03.2014 17:02:04 MBAM-log-2014-03-12 (17-09-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 271159 Laufzeit: 6 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\Software\AppDataLow\Software\PriceGong (PUP.Optional.PriceGong.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fheydbueyj.exe (Trojan.SpyEyes) -> Daten: C:\fheydbueyj.exe\fheydbueyj.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\fheydbueyj.exe (Trojan.SpyEyes) -> Keine Aktion durchgeführt. Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Jörg |
|
12.03.2014, 22:01
| #2 |
| /// the machine /// TB-Ausbilder    | Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware hi,
__________________Scan mit Combofix
__________________ |
|
12.03.2014, 23:38
| #3 |
| | Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware Danke erstmal! Ich habe ComboFix installiert, McAfee Total Protection vorübergehend ausgeschaltet und ComboFix gestartet. Es läuft jetzt bereits seit circa 25 Minuten und "steckt" bei "Fertiggestellt Stufe-48" fest. Der Cursor blinkt jedoch noch. Habe den Laptop die gesamten Zeit nicht abgefasst. Soll ich noch etwas länger warten?
__________________Ich war wohl etwas voreilig... Ich habe noch etwas länger gewartet und nach dem Neustart folgendes Logfile bekommen: Code:
ATTFilter ComboFix 14-03-10.01 - Jörg 12.03.2014 22:22:21.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4061.876 [GMT 1:00]
ausgeführt von:: c:\users\J÷rg\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\fheydbueyj.exe
c:\fheydbueyj.exe\fheydbueyj.exe
c:\programdata\PCDr\6426\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\5dc25d30-0116-4ea0-9e12-f329c60c603b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\667e2f17-0031-40e7-a376-b390959abbb8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6ff7e11c-29c5-4891-bc9e-fae289e9c9fe.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9a23b885-84bf-4844-bc8c-e1f4c568d95a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9c39bb99-9a2d-442b-9a53-fc7bd3d32368.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ade7fb72-009e-483b-8dbb-a94667c9efee.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b7527ad4-1a04-4fbc-82f1-59c1cfcafceb.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e6166583-b575-4093-a3ca-d9c4587d4bb7.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-02-12 bis 2014-03-12 ))))))))))))))))))))))))))))))
.
.
2014-03-12 22:12 . 2014-03-12 22:12 -------- d-----w- c:\users\Gast\AppData\Local\temp
2014-03-12 17:37 . 2014-03-12 17:37 -------- d-----w- c:\program files (x86)\7-Zip
2014-03-12 16:17 . 2014-03-12 16:21 -------- d-----w- C:\FRST
2014-03-12 15:24 . 2014-03-12 15:24 -------- d-----w- c:\users\Jörg\AppData\Roaming\Malwarebytes
2014-03-12 15:23 . 2014-03-12 15:23 -------- d-----w- c:\programdata\Malwarebytes
2014-03-12 15:23 . 2014-03-12 15:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-12 15:23 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-12 15:23 . 2014-03-12 15:23 -------- d-----w- c:\users\Jörg\AppData\Local\Programs
2014-03-11 21:20 . 2014-03-11 21:20 5777288 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-03-10 13:21 . 2014-03-10 13:21 -------- d-----w- c:\users\Jörg\AppData\Roaming\TestApp
2014-02-26 06:13 . 2014-02-26 06:13 -------- d-----w- c:\windows\Migration
2014-02-14 02:04 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-14 02:04 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 20:54 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-11 21:20 . 2012-04-04 10:59 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-11 21:20 . 2011-05-18 18:15 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-17 02:04 . 2009-12-25 18:00 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-27 07:43 . 2013-12-05 15:51 70592 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-01-27 07:37 . 2013-12-05 15:45 344688 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-01-27 07:37 . 2014-02-08 13:23 185792 ----a-w- c:\windows\system32\mfevtps.exe
2014-01-27 07:33 . 2013-09-24 19:22 783864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-01-27 07:31 . 2013-12-05 15:39 520696 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-01-27 07:30 . 2013-12-05 15:37 311600 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-01-27 07:29 . 2013-09-24 19:19 180272 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2014-01-26 10:03 . 2014-01-26 10:04 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-01-26 10:03 . 2014-01-26 10:04 312744 ----a-w- c:\windows\system32\javaws.exe
2014-01-26 10:03 . 2014-01-26 10:04 189352 ----a-w- c:\windows\system32\javaw.exe
2014-01-26 10:03 . 2014-01-26 10:04 189352 ----a-w- c:\windows\system32\java.exe
2014-01-20 17:12 . 2014-01-20 17:12 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-26 02:22 . 2013-12-26 02:22 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-26 02:22 . 2013-12-26 02:22 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-26 02:21 . 2013-12-26 02:21 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-26 02:21 . 2013-12-26 02:21 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-26 02:21 . 2013-12-26 02:21 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-26 02:21 . 2013-12-26 02:21 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-26 02:21 . 2013-12-26 02:21 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-26 02:21 . 2013-12-26 02:21 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-26 02:21 . 2013-12-26 02:21 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-26 02:21 . 2013-12-26 02:21 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-26 02:21 . 2013-12-26 02:21 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-26 02:21 . 2013-12-26 02:21 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-26 02:21 . 2013-12-26 02:21 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-26 02:21 . 2013-12-26 02:21 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-26 02:21 . 2013-12-26 02:21 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-26 02:21 . 2013-12-26 02:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-26 02:21 . 2013-12-26 02:21 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-26 02:21 . 2013-12-26 02:21 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-26 02:21 . 2013-12-26 02:21 413696 ----a-w- c:\windows\system32\html.iec
2013-12-26 02:21 . 2013-12-26 02:21 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-26 02:21 . 2013-12-26 02:21 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-26 02:21 . 2013-12-26 02:21 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-26 02:21 . 2013-12-26 02:21 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-26 02:21 . 2013-12-26 02:21 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-26 02:21 . 2013-12-26 02:21 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-26 02:21 . 2013-12-26 02:21 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-26 02:21 . 2013-12-26 02:21 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-26 02:21 . 2013-12-26 02:21 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-26 02:21 . 2013-12-26 02:21 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-26 02:21 . 2013-12-26 02:21 235520 ----a-w- c:\windows\system32\url.dll
2013-12-26 02:21 . 2013-12-26 02:21 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-26 02:21 . 2013-12-26 02:21 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-26 02:21 . 2013-12-26 02:21 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-26 02:21 . 2013-12-26 02:21 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-26 02:21 . 2013-12-26 02:21 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-26 02:21 . 2013-12-26 02:21 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-26 02:21 . 2013-12-26 02:21 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-26 02:21 . 2013-12-26 02:21 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-26 02:21 . 2013-12-26 02:21 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-26 02:21 . 2013-12-26 02:21 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-26 02:21 . 2013-12-26 02:21 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-26 02:21 . 2013-12-26 02:21 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-26 02:21 . 2013-12-26 02:21 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-26 02:21 . 2013-12-26 02:21 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-26 02:21 . 2013-12-26 02:21 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-26 02:21 . 2013-12-26 02:21 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-26 02:21 . 2013-12-26 02:21 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-26 02:21 . 2013-12-26 02:21 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-26 02:21 . 2013-12-26 02:21 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-26 02:21 . 2013-12-26 02:21 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-26 02:21 . 2013-12-26 02:21 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-26 02:21 . 2013-12-26 02:21 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-18 05:13 . 2010-01-11 22:16 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.6\ICQ.exe" [2011-10-10 127040]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2014-01-17 759496]
"HW_OPENEYE_OUC_Telekom Internet Manager"="c:\program files (x86)\Telekom\InternetManager_H\UpdateDog\ouc.exe" [2010-12-28 116064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-28 537992]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"DataCardMonitor"="c:\program files (x86)\Telekom\InternetManager_H\DataCardMonitor.exe" [2013-05-03 259424]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-28 537992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-09-17 165104]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{91120000-002F-0000-0000-0000000FF1CE}"="del" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MOBKbackup;1%;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]
R3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTMouseFilterx64.sys [x]
R3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTVHidMiniVistaAmd64.sys [x]
R3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTVTabletPCx64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys;c:\windows\SYSNATIVE\drivers\BMLoad.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys;c:\windows\SYSNATIVE\drivers\PCTCore64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys;c:\windows\SYSNATIVE\DRIVERS\MOBK.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys;c:\windows\SYSNATIVE\DRIVERS\CryptOSD.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5v64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 05:14 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:20]
.
2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 19:21]
.
2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 19:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 19:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 19:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 19:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Jörg\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Jörg\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Save YouTube Video
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.ppiwidget.com/campaigns/startrek_AR/widget/de/Plugin/DFusionHomeWebPlugIn.Installer.exe
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-fheydbueyj.exe - c:\fheydbueyj.exe\fheydbueyj.exe
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Opera 11.62.1347 - c:\program files (x86)\Opera\Opera.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\bgsvcgen.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-03-12 23:30:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-03-12 22:30
.
Vor Suchlauf: 18 Verzeichnis(se), 250.693.824.512 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 250.251.468.800 Bytes frei
.
- - End Of File - - 48F31B3995A555E4DF549EAABD6CD7DB
5C616939100B85E558DA92B899A0FC36
|
|
13.03.2014, 13:36
| #4 |
| /// the machine /// TB-Ausbilder | Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.03.2014, 21:42
| #5 |
| | Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware Alles klar, hier kommen die logs: Malwarebytes Anti-Malware : Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.13.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16518 Jörg :: JÖRG-PC [Administrator] Schutz: Aktiviert 13.03.2014 20:31:55 mbam-log-2014-03-13 (20-31-55).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 291769 Laufzeit: 15 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\Software\AppDataLow\Software\PriceGong (PUP.Optional.PriceGong.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.021 - Bericht erstellt am 13/03/2014 um 21:06:00
# Aktualisiert 10/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Jörg - JÖRG-PC
# Gestartet von : C:\Users\Jörg\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Users\Jörg\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Jörg\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Jörg\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\PriceGong
Datei Gelöscht : C:\Users\Jörg\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16518
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
-\\ Google Chrome v33.0.1750.146
[ Datei : C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [5395 octets] - [13/03/2014 20:53:38]
AdwCleaner[S0].txt - [4765 octets] - [13/03/2014 21:06:00]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4825 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by J”rg on 13.03.2014 at 21:12:17,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.03.2014 at 21:30:12,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by Jörg (administrator) on JÖRG-PC on 13-03-2014 21:33:59
Running from C:\Users\Jörg\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Huawei Technologies Co., Ltd.) C:\Users\Jörg\AppData\Roaming\Telekom Internet Manager\ouc.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-26] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl] - C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\Telekom\InternetManager_H\DataCardMonitor.exe [259424 2013-05-03] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-09-17] (Softthinks)
HKU\.DEFAULT\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.6\ICQ.exe [127040 2011-10-10] (ICQ, LLC.)
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [306688 2012-03-26] (FileHippo.com)
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] - C:\Program Files (x86)\Telekom\InternetManager_H\UpdateDog\ouc.exe [116064 2010-12-28] (Huawei Technologies Co., Ltd.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {810C5518-649C-4767-A11C-59BFFAE36D78} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE105&p={SearchTerms}
SearchScopes: HKCU - {86DB3314-17F2-4C6A-8F85-09C6A55AD9EB} URL =
SearchScopes: HKCU - {9DB5AE8D-3204-4F85-A13A-773039C1C5B4} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {E2D2B080-405E-4C81-904E-7410130A754E} URL =
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
DPF: HKLM-x32 {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} hxxp://www.ppiwidget.com/campaigns/startrek_AR/widget/de/Plugin/DFusionHomeWebPlugIn.Installer.exe
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?fr=mcafee&type=A211DE105&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (D'Fusion @Home Web Plug-In (2.10.8863)) - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (YouTube) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Adblock Plus) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-11]
CHR Extension: (Google-Suche) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (SiteAdvisor) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-11-01]
CHR Extension: (Webseite Blocher (Beta)) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2013-04-11]
CHR Extension: (Google Wallet) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-25]
CHR Extension: (Google Mail) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
==================== Services (Whitelisted) =================
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [344928 2011-01-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R3 CryptOSD; C:\Windows\System32\DRIVERS\CryptOSD.sys [431488 2009-06-25] (Phoenix Technologies)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [282440 2011-07-11] (PC Tools)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [13168 2011-07-13] (SMART Technologies ULC)
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [16368 2011-07-13] (SMART Technologies ULC)
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [24944 2011-07-13] (SMART Technologies ULC)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-13 21:33 - 2014-03-12 17:16 - 02157056 _____ (Farbar) C:\Users\Jörg\Desktop\FRST64.exe
2014-03-13 21:30 - 2014-03-13 21:30 - 00000624 _____ () C:\Users\Jörg\Desktop\JRT.txt
2014-03-13 21:12 - 2014-03-13 21:12 - 00000000 ____D () C:\Windows\ERUNT
2014-03-13 20:53 - 2014-03-13 21:06 - 00000000 ____D () C:\AdwCleaner
2014-03-13 20:50 - 2014-03-13 20:50 - 01037734 _____ (Thisisu) C:\Users\Jörg\Desktop\JRT.exe
2014-03-13 20:33 - 2014-03-13 20:33 - 01949184 _____ () C:\Users\Jörg\Desktop\adwcleaner.exe
2014-03-13 20:24 - 2014-03-13 21:30 - 00000000 ____D () C:\Users\Jörg\Desktop\Logs 13.3
2014-03-12 23:31 - 2014-03-12 23:31 - 00029088 _____ () C:\Users\Jörg\Desktop\Combofix.txt
2014-03-12 23:30 - 2014-03-12 23:30 - 00029088 _____ () C:\ComboFix.txt
2014-03-12 22:15 - 2014-03-12 23:30 - 00000000 ____D () C:\Qoobox
2014-03-12 22:15 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-12 22:15 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-12 22:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-12 22:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-12 22:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-12 22:15 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-12 22:15 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-12 22:15 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-12 22:14 - 2014-03-12 23:26 - 00000000 ____D () C:\Windows\erdnt
2014-03-12 18:49 - 2014-03-12 18:49 - 00017255 _____ () C:\Users\Jörg\Desktop\Gmer.7z
2014-03-12 18:37 - 2014-03-12 18:37 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-12 18:02 - 2014-03-12 18:02 - 00610082 _____ () C:\Users\Jörg\Desktop\Gmer.log
2014-03-12 17:19 - 2014-03-12 17:21 - 00037046 _____ () C:\Users\Jörg\Desktop\Addition.txt
2014-03-12 17:18 - 2014-03-13 21:33 - 00026520 _____ () C:\Users\Jörg\Desktop\FRST.txt
2014-03-12 17:17 - 2014-03-13 21:33 - 00000000 ____D () C:\FRST
2014-03-12 17:14 - 2014-03-12 17:14 - 00000000 _____ () C:\Users\Jörg\defogger_reenable
2014-03-12 16:24 - 2014-03-12 16:24 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Malwarebytes
2014-03-12 16:23 - 2014-03-12 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 16:23 - 2014-03-12 16:23 - 00001075 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-12 16:23 - 2014-03-12 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 16:23 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-12 16:21 - 2014-03-12 16:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jörg\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 16:21 - 2014-03-12 16:21 - 00001141 _____ () C:\Users\Jörg\Desktop\Continue Zip Extractor Installation.lnk
2014-03-12 16:19 - 2014-03-12 16:19 - 00687744 _____ ( ) C:\Users\Jörg\Downloads\ZipExtractorSetup.exe
2014-03-11 22:20 - 2014-03-11 22:20 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-10 14:21 - 2014-03-10 14:21 - 00001431 _____ () C:\Users\Jörg\Desktop\sd9setup.exe.lnk
2014-03-10 14:21 - 2014-03-10 14:21 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\TestApp
2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup.exe
2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup (1).exe
2014-03-09 22:58 - 2014-03-09 22:58 - 00263332 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-03-09 22:42 - 2014-03-12 23:39 - 00008180 _____ () C:\Windows\PFRO.log
2014-03-09 09:00 - 2014-03-09 09:01 - 02434048 _____ () C:\Users\Jörg\Downloads\msxml.msi
2014-03-08 08:43 - 2014-03-08 08:50 - 00016778 _____ () C:\Windows\DPINST.LOG
2014-03-08 01:27 - 2014-03-13 21:32 - 00005354 _____ () C:\Windows\setupact.log
2014-03-08 01:27 - 2014-03-08 01:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-26 07:17 - 2014-02-27 03:11 - 01608640 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-14 03:04 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 03:04 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-14 03:02 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 03:02 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 03:02 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 03:02 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 03:02 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 03:02 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 03:02 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 03:02 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 03:02 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 03:02 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 03:02 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 03:02 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 03:02 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-14 03:02 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 03:02 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-14 03:02 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 03:02 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 03:02 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-14 03:02 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-14 03:02 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-14 03:02 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 03:02 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-14 03:02 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-14 03:02 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 03:02 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-14 03:02 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-14 03:02 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-14 03:02 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-14 03:02 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-14 03:02 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 03:02 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 03:02 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-14 03:02 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-14 03:02 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-14 03:02 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 03:02 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-14 03:02 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 03:02 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-14 03:02 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 21:54 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 21:54 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 21:54 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 21:54 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 21:54 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 21:54 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 21:54 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 21:54 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 21:54 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 21:54 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 21:54 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 21:54 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 21:54 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 21:54 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 21:54 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 21:54 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 21:54 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 21:54 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 21:54 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 21:54 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 21:54 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 21:54 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 21:54 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 21:54 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 21:54 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 21:54 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 21:54 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 21:54 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
==================== One Month Modified Files and Folders =======
2014-03-13 21:36 - 2014-03-12 17:18 - 00026520 _____ () C:\Users\Jörg\Desktop\FRST.txt
2014-03-13 21:33 - 2014-03-12 17:17 - 00000000 ____D () C:\FRST
2014-03-13 21:32 - 2014-03-08 01:27 - 00005354 _____ () C:\Windows\setupact.log
2014-03-13 21:30 - 2014-03-13 21:30 - 00000624 _____ () C:\Users\Jörg\Desktop\JRT.txt
2014-03-13 21:30 - 2014-03-13 20:24 - 00000000 ____D () C:\Users\Jörg\Desktop\Logs 13.3
2014-03-13 21:20 - 2012-04-04 11:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 21:15 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-13 21:15 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-13 21:13 - 2014-02-08 14:37 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-03-13 21:12 - 2014-03-13 21:12 - 00000000 ____D () C:\Windows\ERUNT
2014-03-13 21:09 - 2010-03-18 20:21 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-13 21:08 - 2009-12-05 10:27 - 00000000 ____D () C:\Users\Jörg\AppData\Local\SoftThinks
2014-03-13 21:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-13 21:06 - 2014-03-13 20:53 - 00000000 ____D () C:\AdwCleaner
2014-03-13 21:06 - 2009-07-14 06:10 - 01087229 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 21:03 - 2013-05-23 15:36 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-13 21:02 - 2010-03-18 20:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-13 20:50 - 2014-03-13 20:50 - 01037734 _____ (Thisisu) C:\Users\Jörg\Desktop\JRT.exe
2014-03-13 20:33 - 2014-03-13 20:33 - 01949184 _____ () C:\Users\Jörg\Desktop\adwcleaner.exe
2014-03-12 23:39 - 2014-03-09 22:42 - 00008180 _____ () C:\Windows\PFRO.log
2014-03-12 23:31 - 2014-03-12 23:31 - 00029088 _____ () C:\Users\Jörg\Desktop\Combofix.txt
2014-03-12 23:30 - 2014-03-12 23:30 - 00029088 _____ () C:\ComboFix.txt
2014-03-12 23:30 - 2014-03-12 22:15 - 00000000 ____D () C:\Qoobox
2014-03-12 23:30 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-12 23:26 - 2014-03-12 22:14 - 00000000 ____D () C:\Windows\erdnt
2014-03-12 23:19 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-12 18:49 - 2014-03-12 18:49 - 00017255 _____ () C:\Users\Jörg\Desktop\Gmer.7z
2014-03-12 18:37 - 2014-03-12 18:37 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-12 18:37 - 2009-12-25 10:09 - 00000000 ____D () C:\Users\Jörg\Desktop\Jörg
2014-03-12 18:05 - 2009-11-30 22:48 - 00000071 _____ () C:\Windows\SysWOW64\ToasterLauncherLog.log
2014-03-12 18:05 - 2009-11-30 22:22 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-12 18:02 - 2014-03-12 18:02 - 00610082 _____ () C:\Users\Jörg\Desktop\Gmer.log
2014-03-12 17:21 - 2014-03-12 17:19 - 00037046 _____ () C:\Users\Jörg\Desktop\Addition.txt
2014-03-12 17:16 - 2014-03-13 21:33 - 02157056 _____ (Farbar) C:\Users\Jörg\Desktop\FRST64.exe
2014-03-12 17:14 - 2014-03-12 17:14 - 00000000 _____ () C:\Users\Jörg\defogger_reenable
2014-03-12 17:14 - 2009-12-05 10:27 - 00000000 ____D () C:\Users\Jörg
2014-03-12 16:24 - 2014-03-12 16:24 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Malwarebytes
2014-03-12 16:24 - 2014-03-12 16:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 16:23 - 2014-03-12 16:23 - 00001075 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-12 16:23 - 2014-03-12 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 16:21 - 2014-03-12 16:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jörg\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 16:21 - 2014-03-12 16:21 - 00001141 _____ () C:\Users\Jörg\Desktop\Continue Zip Extractor Installation.lnk
2014-03-12 16:19 - 2014-03-12 16:19 - 00687744 _____ ( ) C:\Users\Jörg\Downloads\ZipExtractorSetup.exe
2014-03-12 16:05 - 2012-04-12 19:32 - 00003486 _____ () C:\Windows\Sandboxie.ini
2014-03-12 14:58 - 2011-03-20 04:50 - 00000000 ____D () C:\Program Files (x86)\PC Tools Security
2014-03-12 14:56 - 2011-03-20 04:46 - 00000000 ____D () C:\ProgramData\PC Tools
2014-03-11 22:20 - 2014-03-11 22:20 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-11 22:20 - 2012-04-04 11:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 22:20 - 2012-04-04 11:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 22:20 - 2011-05-18 19:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-10 14:21 - 2014-03-10 14:21 - 00001431 _____ () C:\Users\Jörg\Desktop\sd9setup.exe.lnk
2014-03-10 14:21 - 2014-03-10 14:21 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\TestApp
2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup.exe
2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup (1).exe
2014-03-09 22:58 - 2014-03-09 22:58 - 00263332 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-03-09 22:43 - 2009-07-14 05:45 - 00319440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-09 09:05 - 2010-01-18 01:04 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-03-09 09:01 - 2014-03-09 09:00 - 02434048 _____ () C:\Users\Jörg\Downloads\msxml.msi
2014-03-09 08:59 - 2010-01-06 23:12 - 00000000 ____D () C:\Users\Jörg\.gimp-2.6
2014-03-08 15:12 - 2011-03-20 04:50 - 02940846 _____ () C:\Windows\system32\Drivers\Cat.DB
2014-03-08 15:11 - 2009-11-30 22:40 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-03-08 12:41 - 2009-12-05 10:28 - 00072368 _____ () C:\Users\Jörg\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-08 08:56 - 2009-12-25 10:10 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-03-08 08:50 - 2014-03-08 08:43 - 00016778 _____ () C:\Windows\DPINST.LOG
2014-03-08 08:50 - 2010-04-20 20:23 - 00000000 ____D () C:\ProgramData\SMART Technologies
2014-03-08 08:41 - 2012-11-26 19:11 - 00000000 ____D () C:\ProgramData\LAT 2.0 Deutsch
2014-03-08 01:27 - 2014-03-08 01:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-08 01:24 - 2010-01-26 23:38 - 00000000 ____D () C:\Windows\Minidump
2014-03-08 01:24 - 2009-11-30 23:38 - 00000000 ____D () C:\Windows\Panther
2014-03-08 00:57 - 2010-01-05 23:37 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-08 00:57 - 2010-01-05 23:37 - 00000000 ____D () C:\ProgramData\Skype
2014-02-27 03:11 - 2014-02-26 07:17 - 01608640 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 03:11 - 2009-07-14 18:58 - 00704520 _____ () C:\Windows\system32\perfh007.dat
2014-02-27 03:11 - 2009-07-14 18:58 - 00152326 _____ () C:\Windows\system32\perfc007.dat
2014-02-27 03:10 - 2009-07-14 06:13 - 01608640 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-23 20:13 - 2010-11-09 10:57 - 02967552 ___SH () C:\Users\Jörg\Desktop\Thumbs.db
2014-02-22 12:14 - 2013-05-23 15:34 - 00000000 ____D () C:\Program Files\My Dell
2014-02-22 12:14 - 2009-11-30 22:24 - 00000000 ____D () C:\ProgramData\PCDr
2014-02-17 03:08 - 2013-07-18 02:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 03:04 - 2009-12-25 19:00 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 04:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-13 14:57 - 2010-03-18 20:21 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 14:57 - 2010-03-18 20:21 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-12 15:56 - 2010-07-16 16:33 - 00000000 ____D () C:\Users\J�rg
Files to move or delete:
====================
C:\Users\Jörg\AmazonMP3Installer-de_DE.exe
C:\Users\Jörg\gwave555.exe
C:\Users\Jörg\vlc-1.1.0-win32.exe
Some content of TEMP:
====================
C:\Users\Jörg\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-11 19:44
==================== End Of Log ============================
--- --- --- Ich hoffe, das habe ich alles so richtig gemacht! |
|
14.03.2014, 19:15
| #6 |
| /// the machine /// TB-Ausbilder | Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-MalwareESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware |
|
15.03.2014, 12:29
| #7 |
| | Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware Alles klar, hier kommen die logs: ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6e855b49f0b03046894306b3751e6679
# engine=17452
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-14 10:01:34
# local_time=2014-03-14 11:01:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777214 66 65 550130 157644672 0 0
# compatibility_mode=5893 16776574 100 94 2971082 146464344 0 0
# scanned=375711
# found=0
# cleaned=0
# scan_time=11913
Code:
ATTFilter Results of screen317's Security Check version 0.99.80 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` McAfee Anti-Virus und Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (2.0.0.4003) Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 12.0.0.77 Adobe Reader 9 Adobe Reader XI Google Chrome 32.0.1700.107 Google Chrome 33.0.1750.117 Google Chrome 33.0.1750.146 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe McAfee Online Backup MOBKbackup.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by Jörg (administrator) on JÖRG-PC on 15-03-2014 12:21:01
Running from C:\Users\Jörg\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Huawei Technologies Co., Ltd.) C:\Users\Jörg\AppData\Roaming\Telekom Internet Manager\ouc.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-26] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl] - C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\Telekom\InternetManager_H\DataCardMonitor.exe [259424 2013-05-03] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-09-17] (Softthinks)
HKU\.DEFAULT\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.6\ICQ.exe [127040 2011-10-10] (ICQ, LLC.)
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [306688 2012-03-26] (FileHippo.com)
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] - C:\Program Files (x86)\Telekom\InternetManager_H\UpdateDog\ouc.exe [116064 2010-12-28] (Huawei Technologies Co., Ltd.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {810C5518-649C-4767-A11C-59BFFAE36D78} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE105&p={SearchTerms}
SearchScopes: HKCU - {86DB3314-17F2-4C6A-8F85-09C6A55AD9EB} URL =
SearchScopes: HKCU - {9DB5AE8D-3204-4F85-A13A-773039C1C5B4} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {E2D2B080-405E-4C81-904E-7410130A754E} URL =
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
DPF: HKLM-x32 {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} hxxp://www.ppiwidget.com/campaigns/startrek_AR/widget/de/Plugin/DFusionHomeWebPlugIn.Installer.exe
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?fr=mcafee&type=A211DE105&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (D'Fusion @Home Web Plug-In (2.10.8863)) - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (YouTube) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Adblock Plus) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-11]
CHR Extension: (Google-Suche) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (SiteAdvisor) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-11-01]
CHR Extension: (Webseite Blocher (Beta)) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2013-04-11]
CHR Extension: (Google Wallet) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-25]
CHR Extension: (Google Mail) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
==================== Services (Whitelisted) =================
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [344928 2011-01-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R3 CryptOSD; C:\Windows\System32\DRIVERS\CryptOSD.sys [431488 2009-06-25] (Phoenix Technologies)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [282440 2011-07-11] (PC Tools)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [13168 2011-07-13] (SMART Technologies ULC)
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [16368 2011-07-13] (SMART Technologies ULC)
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [24944 2011-07-13] (SMART Technologies ULC)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-14 19:30 - 2014-03-14 19:30 - 02347384 _____ (ESET) C:\Users\Jörg\Desktop\esetsmartinstaller_enu.exe
2014-03-14 19:30 - 2014-03-14 19:30 - 00987442 _____ () C:\Users\Jörg\Desktop\SecurityCheck.exe
2014-03-14 03:25 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 03:25 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 21:36 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 21:36 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 21:36 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 21:36 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 21:36 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 21:36 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 21:36 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 21:36 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 21:36 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 21:36 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 21:36 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 21:36 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 21:36 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 21:36 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 21:36 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 21:36 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 21:35 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 21:35 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 21:35 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 21:35 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 21:35 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 21:35 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 21:35 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 21:35 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 21:35 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 21:35 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 21:35 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 21:35 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 21:35 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 21:35 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 21:35 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 21:35 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 21:35 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 21:35 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 21:35 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 21:35 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 21:35 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 21:35 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 21:35 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 21:35 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 21:33 - 2014-03-12 17:16 - 02157056 _____ (Farbar) C:\Users\Jörg\Desktop\FRST64.exe
2014-03-13 21:30 - 2014-03-13 21:30 - 00000624 _____ () C:\Users\Jörg\Desktop\JRT.txt
2014-03-13 21:12 - 2014-03-13 21:12 - 00000000 ____D () C:\Windows\ERUNT
2014-03-13 20:53 - 2014-03-13 21:06 - 00000000 ____D () C:\AdwCleaner
2014-03-13 20:50 - 2014-03-13 20:50 - 01037734 _____ (Thisisu) C:\Users\Jörg\Desktop\JRT.exe
2014-03-13 20:47 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 20:47 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 20:47 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 20:47 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 20:46 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 20:46 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 20:33 - 2014-03-13 20:33 - 01949184 _____ () C:\Users\Jörg\Desktop\adwcleaner.exe
2014-03-13 20:24 - 2014-03-15 12:19 - 00000000 ____D () C:\Users\Jörg\Desktop\Logs 13.3
2014-03-12 23:31 - 2014-03-12 23:31 - 00029088 _____ () C:\Users\Jörg\Desktop\Combofix.txt
2014-03-12 23:30 - 2014-03-12 23:30 - 00029088 _____ () C:\ComboFix.txt
2014-03-12 22:15 - 2014-03-12 23:30 - 00000000 ____D () C:\Qoobox
2014-03-12 22:15 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-12 22:15 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-12 22:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-12 22:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-12 22:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-12 22:15 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-12 22:15 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-12 22:15 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-12 22:14 - 2014-03-12 23:26 - 00000000 ____D () C:\Windows\erdnt
2014-03-12 18:49 - 2014-03-12 18:49 - 00017255 _____ () C:\Users\Jörg\Desktop\Gmer.7z
2014-03-12 18:37 - 2014-03-12 18:37 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-12 18:02 - 2014-03-12 18:02 - 00610082 _____ () C:\Users\Jörg\Desktop\Gmer.log
2014-03-12 17:19 - 2014-03-12 17:21 - 00037046 _____ () C:\Users\Jörg\Desktop\Addition.txt
2014-03-12 17:18 - 2014-03-15 12:21 - 00021865 _____ () C:\Users\Jörg\Desktop\FRST.txt
2014-03-12 17:17 - 2014-03-15 12:21 - 00000000 ____D () C:\FRST
2014-03-12 17:14 - 2014-03-12 17:14 - 00000000 _____ () C:\Users\Jörg\defogger_reenable
2014-03-12 16:24 - 2014-03-12 16:24 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Malwarebytes
2014-03-12 16:23 - 2014-03-12 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 16:23 - 2014-03-12 16:23 - 00001075 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-12 16:23 - 2014-03-12 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 16:23 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-12 16:21 - 2014-03-12 16:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jörg\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 16:21 - 2014-03-12 16:21 - 00001141 _____ () C:\Users\Jörg\Desktop\Continue Zip Extractor Installation.lnk
2014-03-12 16:19 - 2014-03-12 16:19 - 00687744 _____ ( ) C:\Users\Jörg\Downloads\ZipExtractorSetup.exe
2014-03-11 22:20 - 2014-03-11 22:20 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-10 14:21 - 2014-03-10 14:21 - 00001431 _____ () C:\Users\Jörg\Desktop\sd9setup.exe.lnk
2014-03-10 14:21 - 2014-03-10 14:21 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\TestApp
2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup.exe
2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup (1).exe
2014-03-09 22:58 - 2014-03-09 22:58 - 00263332 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-03-09 22:42 - 2014-03-14 23:35 - 00009014 _____ () C:\Windows\PFRO.log
2014-03-09 09:00 - 2014-03-09 09:01 - 02434048 _____ () C:\Users\Jörg\Downloads\msxml.msi
2014-03-08 08:43 - 2014-03-08 08:50 - 00016778 _____ () C:\Windows\DPINST.LOG
2014-03-08 01:27 - 2014-03-15 12:20 - 00006978 _____ () C:\Windows\setupact.log
2014-03-08 01:27 - 2014-03-08 01:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-26 07:17 - 2014-02-27 03:11 - 01608640 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-14 03:04 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 03:04 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 21:54 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 21:54 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 21:54 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 21:54 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 21:54 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 21:54 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 21:54 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 21:54 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 21:54 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 21:54 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 21:54 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 21:54 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 21:54 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 21:54 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 21:54 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 21:54 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 21:54 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 21:54 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 21:54 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 21:54 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 21:54 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 21:54 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 21:54 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 21:54 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 21:54 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 21:54 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 21:54 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 21:54 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
==================== One Month Modified Files and Folders =======
2014-03-15 12:22 - 2014-03-12 17:18 - 00021865 _____ () C:\Users\Jörg\Desktop\FRST.txt
2014-03-15 12:21 - 2014-03-12 17:17 - 00000000 ____D () C:\FRST
2014-03-15 12:20 - 2014-03-08 01:27 - 00006978 _____ () C:\Windows\setupact.log
2014-03-15 12:20 - 2012-04-04 11:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-15 12:19 - 2014-03-13 20:24 - 00000000 ____D () C:\Users\Jörg\Desktop\Logs 13.3
2014-03-15 12:11 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-15 12:11 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-15 12:08 - 2014-02-08 14:37 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-03-15 12:07 - 2009-07-14 06:10 - 01239550 _____ () C:\Windows\WindowsUpdate.log
2014-03-15 12:04 - 2010-03-18 20:21 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-15 12:04 - 2009-12-05 10:27 - 00000000 ____D () C:\Users\Jörg\AppData\Local\SoftThinks
2014-03-15 12:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-14 23:35 - 2014-03-09 22:42 - 00009014 _____ () C:\Windows\PFRO.log
2014-03-14 23:02 - 2010-03-18 20:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-14 19:36 - 2009-07-14 18:58 - 00704520 _____ () C:\Windows\system32\perfh007.dat
2014-03-14 19:36 - 2009-07-14 18:58 - 00152326 _____ () C:\Windows\system32\perfc007.dat
2014-03-14 19:36 - 2009-07-14 06:13 - 01634360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 19:35 - 2009-11-30 22:22 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-14 19:30 - 2014-03-14 19:30 - 02347384 _____ (ESET) C:\Users\Jörg\Desktop\esetsmartinstaller_enu.exe
2014-03-14 19:30 - 2014-03-14 19:30 - 00987442 _____ () C:\Users\Jörg\Desktop\SecurityCheck.exe
2014-03-14 17:19 - 2009-11-30 22:06 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-14 15:33 - 2013-05-23 15:36 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-14 03:30 - 2009-07-14 05:45 - 00319440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 03:28 - 2012-05-09 23:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 03:28 - 2012-05-09 23:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 21:30 - 2014-03-13 21:30 - 00000624 _____ () C:\Users\Jörg\Desktop\JRT.txt
2014-03-13 21:12 - 2014-03-13 21:12 - 00000000 ____D () C:\Windows\ERUNT
2014-03-13 21:06 - 2014-03-13 20:53 - 00000000 ____D () C:\AdwCleaner
2014-03-13 21:06 - 2010-06-18 13:42 - 00000000 ____D () C:\ProgramData\ICQ
2014-03-13 20:50 - 2014-03-13 20:50 - 01037734 _____ (Thisisu) C:\Users\Jörg\Desktop\JRT.exe
2014-03-13 20:33 - 2014-03-13 20:33 - 01949184 _____ () C:\Users\Jörg\Desktop\adwcleaner.exe
2014-03-12 23:31 - 2014-03-12 23:31 - 00029088 _____ () C:\Users\Jörg\Desktop\Combofix.txt
2014-03-12 23:30 - 2014-03-12 23:30 - 00029088 _____ () C:\ComboFix.txt
2014-03-12 23:30 - 2014-03-12 22:15 - 00000000 ____D () C:\Qoobox
2014-03-12 23:30 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-12 23:26 - 2014-03-12 22:14 - 00000000 ____D () C:\Windows\erdnt
2014-03-12 23:19 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-12 18:49 - 2014-03-12 18:49 - 00017255 _____ () C:\Users\Jörg\Desktop\Gmer.7z
2014-03-12 18:37 - 2014-03-12 18:37 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-12 18:37 - 2009-12-25 10:09 - 00000000 ____D () C:\Users\Jörg\Desktop\Jörg
2014-03-12 18:05 - 2009-11-30 22:48 - 00000071 _____ () C:\Windows\SysWOW64\ToasterLauncherLog.log
2014-03-12 18:02 - 2014-03-12 18:02 - 00610082 _____ () C:\Users\Jörg\Desktop\Gmer.log
2014-03-12 17:21 - 2014-03-12 17:19 - 00037046 _____ () C:\Users\Jörg\Desktop\Addition.txt
2014-03-12 17:16 - 2014-03-13 21:33 - 02157056 _____ (Farbar) C:\Users\Jörg\Desktop\FRST64.exe
2014-03-12 17:14 - 2014-03-12 17:14 - 00000000 _____ () C:\Users\Jörg\defogger_reenable
2014-03-12 17:14 - 2009-12-05 10:27 - 00000000 ____D () C:\Users\Jörg
2014-03-12 16:24 - 2014-03-12 16:24 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Malwarebytes
2014-03-12 16:24 - 2014-03-12 16:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 16:23 - 2014-03-12 16:23 - 00001075 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-12 16:23 - 2014-03-12 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 16:21 - 2014-03-12 16:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jörg\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 16:21 - 2014-03-12 16:21 - 00001141 _____ () C:\Users\Jörg\Desktop\Continue Zip Extractor Installation.lnk
2014-03-12 16:19 - 2014-03-12 16:19 - 00687744 _____ ( ) C:\Users\Jörg\Downloads\ZipExtractorSetup.exe
2014-03-12 16:05 - 2012-04-12 19:32 - 00003486 _____ () C:\Windows\Sandboxie.ini
2014-03-12 14:58 - 2011-03-20 04:50 - 00000000 ____D () C:\Program Files (x86)\PC Tools Security
2014-03-12 14:56 - 2011-03-20 04:46 - 00000000 ____D () C:\ProgramData\PC Tools
2014-03-11 22:20 - 2014-03-11 22:20 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-11 22:20 - 2012-04-04 11:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 22:20 - 2012-04-04 11:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 22:20 - 2011-05-18 19:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-10 14:21 - 2014-03-10 14:21 - 00001431 _____ () C:\Users\Jörg\Desktop\sd9setup.exe.lnk
2014-03-10 14:21 - 2014-03-10 14:21 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\TestApp
2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup.exe
2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup (1).exe
2014-03-09 22:58 - 2014-03-09 22:58 - 00263332 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-03-09 09:05 - 2010-01-18 01:04 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-03-09 09:01 - 2014-03-09 09:00 - 02434048 _____ () C:\Users\Jörg\Downloads\msxml.msi
2014-03-09 08:59 - 2010-01-06 23:12 - 00000000 ____D () C:\Users\Jörg\.gimp-2.6
2014-03-08 15:12 - 2011-03-20 04:50 - 02940846 _____ () C:\Windows\system32\Drivers\Cat.DB
2014-03-08 15:11 - 2009-11-30 22:40 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-03-08 12:41 - 2009-12-05 10:28 - 00072368 _____ () C:\Users\Jörg\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-08 08:56 - 2009-12-25 10:10 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-03-08 08:50 - 2014-03-08 08:43 - 00016778 _____ () C:\Windows\DPINST.LOG
2014-03-08 08:50 - 2010-04-20 20:23 - 00000000 ____D () C:\ProgramData\SMART Technologies
2014-03-08 08:41 - 2012-11-26 19:11 - 00000000 ____D () C:\ProgramData\LAT 2.0 Deutsch
2014-03-08 01:27 - 2014-03-08 01:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-08 01:24 - 2010-01-26 23:38 - 00000000 ____D () C:\Windows\Minidump
2014-03-08 01:24 - 2009-11-30 23:38 - 00000000 ____D () C:\Windows\Panther
2014-03-08 00:57 - 2010-01-05 23:37 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-08 00:57 - 2010-01-05 23:37 - 00000000 ____D () C:\ProgramData\Skype
2014-03-01 07:05 - 2014-03-13 21:35 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 21:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 21:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 21:36 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 21:35 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 21:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 21:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 21:36 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 21:35 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 21:35 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 21:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 21:35 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 21:36 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 21:35 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 21:35 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 21:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 21:35 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 21:35 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 21:36 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 21:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 21:36 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 21:36 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 21:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 21:35 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 21:35 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 21:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 21:36 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 21:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 21:35 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 21:35 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 21:35 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 21:35 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 21:36 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 21:36 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 21:35 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 21:36 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 21:35 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 21:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 21:35 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 21:35 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-27 03:11 - 2014-02-26 07:17 - 01608640 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-23 20:13 - 2010-11-09 10:57 - 02967552 ___SH () C:\Users\Jörg\Desktop\Thumbs.db
2014-02-22 12:14 - 2013-05-23 15:34 - 00000000 ____D () C:\Program Files\My Dell
2014-02-22 12:14 - 2009-11-30 22:24 - 00000000 ____D () C:\ProgramData\PCDr
2014-02-17 03:08 - 2013-07-18 02:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 03:04 - 2009-12-25 19:00 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 04:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-13 14:57 - 2010-03-18 20:21 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 14:57 - 2010-03-18 20:21 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
Files to move or delete:
====================
C:\Users\Jörg\AmazonMP3Installer-de_DE.exe
C:\Users\Jörg\gwave555.exe
C:\Users\Jörg\vlc-1.1.0-win32.exe
Some content of TEMP:
====================
C:\Users\Jörg\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-11 19:44
==================== End Of Log ============================
--- --- --- Sieht gut aus? |
|
15.03.2014, 17:47
| #8 |
| /// the machine /// TB-Ausbilder | Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.03.2014, 08:31
| #9 |
| | Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware Danke, ich habe nun alles erfolgreich bereinigt. Ich habe mir auch ein paar der Programme zugelegt, die du empfohlen hast, ein paar hatte ich auch schon seit meinem letzten Trojanerbefall vor 2 Jahren auf den Rechnern. Damals wurde auch Sandboxie noch empfohlen, welches ich auch auf beiden Rechnern verwende. Kann ich das Programm auch weiterhin benutzen? Bin eigentlich zufrieden damit! Und jetzt, da der erste Schrecken vorbei ist, habe ich doch eine Frage: Warum habe ich "Glück" gehabt und musste die Festplatte nicht neu aufsetzen, wie es anderen ergangen ist, die SpyEyes auf dem PC hatten, war der Trojaner noch nicht aktiv geworden? Auf jeden Fall noch mal vielen Dank für die schnelle und freundliche Hilfe! Auf euch ist wirklich Verlass! :-) |
|
17.03.2014, 09:49
| #10 | |
| /// the machine /// TB-Ausbilder | Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware KLar kannste Sandboxie weiter nutzen. Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.03.2014, 17:52
| #11 |
| | Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware Nein, ich hatte mich nur einfach "schlau" gelesen (soll heißen wild umhergegoogelt) und bin dann ganz ehrlich etwas panisch geworden. Im Moment läuft ja alles super und ich gehe davon aus, dass zumindest dieser Laptop sein letztes schwerwiegendes Problem hatte, bald gibt es erstmal einen neuen! :-) |
|
19.03.2014, 13:54
| #12 |
| /// the machine /// TB-Ausbilder | Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware Wenn Neuaufsetzen angesagt wäre hätte ich das gesagt
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware |
| adobe, appdatalow, branding, browser, continue, converter, defender, der lokale bluetooth-adapter ist aus einem unbekannten grund fehlgeschlagen, desktop, error, excel, explorer, fehler, firefox, flash player, google, home, homepage, icreinstall, mcafee firewall, msiinstaller, netzwerk, phishing, problem, registry, scan, secunia psi, services.exe, siteadvisor, software, system, temp, winlogon.exe |
WARNUNG an die MITLESER: 
Linear-Darstellung
