Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.03.2014, 17:54   #1
FLT1980
 
Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware - Standard

Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware



Hallo liebe Helfer!

Ich habe vorhin seit langem mal wieder Malwarebytes Anti-Malware durchlaufen lassen und dabei leider zweimal einen Befall mit Trojan-SpyEyes gefunden. Ich habe zunächst bei MBAM nichts unternommen und die anderen 3 Programme durchlaufen lassen. Bei Defogger gab es kein Problem und daher auch keinen Bericht. Die beiden Berichte von FRST und GMER sowie den ursprünglichen Bericht von MBAM habe ich hier gepostet.

FRST:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by Jörg (administrator) on JÖRG-PC on 12-03-2014 17:18:01
Running from C:\Users\Jörg\Desktop\Jörg
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Huawei Technologies Co., Ltd.) C:\Users\Jörg\AppData\Roaming\Telekom Internet Manager\ouc.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-26] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] - "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM-x32\...\Run: [RemoteControl] - C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\Telekom\InternetManager_H\DataCardMonitor.exe [259424 2013-05-03] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-09-17] (Softthinks)
HKLM-x32\...\RunOnce: [STToasterLauncher] - C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-09-17] ()
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKU\.DEFAULT\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [fheydbueyj.exe] - C:\fheydbueyj.exe\fheydbueyj.exe
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.6\ICQ.exe [127040 2011-10-10] (ICQ, LLC.)
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [306688 2012-03-26] (FileHippo.com)
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] - C:\Program Files (x86)\Telekom\InternetManager_H\UpdateDog\ouc.exe [116064 2010-12-28] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\MountPoints2: {30fd19bd-7bc8-11e0-93b7-904ce5f5dda9} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\MountPoints2: {3896c37a-3e37-11df-a8dd-0026b911bb0f} - E:\EasySuite.exe
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\MountPoints2: {6d37b00c-b3fd-11e2-9846-0026b911bb0f} - E:\AutoRun.exe
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\MountPoints2: {6d37b01c-b3fd-11e2-9846-0026b911bb0f} - E:\AutoRun.exe
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\MountPoints2: {cbbe3de7-098f-11df-b382-0026b911bb0f} - E:\EasySuite.exe
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\MountPoints2: {ebb8898e-075e-11df-b8b8-904ce5f5dda9} - F:\EasySuite.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
URLSearchHook: HKCU - QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Jörg\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - DefaultScope {810C5518-649C-4767-A11C-59BFFAE36D78} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE105&p={SearchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {810C5518-649C-4767-A11C-59BFFAE36D78} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE105&p={SearchTerms}
SearchScopes: HKCU - {86DB3314-17F2-4C6A-8F85-09C6A55AD9EB} URL = 
SearchScopes: HKCU - {9DB5AE8D-3204-4F85-A13A-773039C1C5B4} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {E2D2B080-405E-4C81-904E-7410130A754E} URL = 
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Jörg\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: HKLM-x32 {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} hxxp://www.ppiwidget.com/campaigns/startrek_AR/widget/de/Plugin/DFusionHomeWebPlugIn.Installer.exe
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?fr=mcafee&type=A211DE105&p={searchTerms}
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (D'Fusion @Home Web Plug-In (2.10.8863)) - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (YouTube) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Adblock Plus) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-11]
CHR Extension: (Google-Suche) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (SiteAdvisor) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-11-01]
CHR Extension: (Webseite Blocher (Beta)) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2013-04-11]
CHR Extension: (Google Wallet) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-25]
CHR Extension: (Google Mail) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]

==================== Services (Whitelisted) =================

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [344928 2011-01-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R3 CryptOSD; C:\Windows\System32\DRIVERS\CryptOSD.sys [431488 2009-06-25] (Phoenix Technologies)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [282440 2011-07-11] (PC Tools)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [13168 2011-07-13] (SMART Technologies ULC)
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [16368 2011-07-13] (SMART Technologies ULC)
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [24944 2011-07-13] (SMART Technologies ULC)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-12 17:17 - 2014-03-12 17:18 - 00000000 ____D () C:\FRST
2014-03-12 17:14 - 2014-03-12 17:14 - 00000000 _____ () C:\Users\Jörg\defogger_reenable
2014-03-12 16:24 - 2014-03-12 16:24 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Malwarebytes
2014-03-12 16:23 - 2014-03-12 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 16:23 - 2014-03-12 16:23 - 00001075 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-12 16:23 - 2014-03-12 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 16:23 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-12 16:21 - 2014-03-12 16:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jörg\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 16:21 - 2014-03-12 16:21 - 00001141 _____ () C:\Users\Jörg\Desktop\Continue Zip Extractor Installation.lnk
2014-03-12 16:19 - 2014-03-12 16:19 - 00687744 _____ ( ) C:\Users\Jörg\Downloads\ZipExtractorSetup.exe
2014-03-11 22:20 - 2014-03-11 22:20 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-10 14:21 - 2014-03-10 14:21 - 00001431 _____ () C:\Users\Jörg\Desktop\sd9setup.exe.lnk
2014-03-10 14:21 - 2014-03-10 14:21 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\TestApp
2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup.exe
2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup (1).exe
2014-03-09 22:58 - 2014-03-09 22:58 - 00263332 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-03-09 22:42 - 2014-03-12 14:58 - 00006800 _____ () C:\Windows\PFRO.log
2014-03-09 09:00 - 2014-03-09 09:01 - 02434048 _____ () C:\Users\Jörg\Downloads\msxml.msi
2014-03-08 08:43 - 2014-03-08 08:50 - 00016778 _____ () C:\Windows\DPINST.LOG
2014-03-08 01:27 - 2014-03-12 17:08 - 00004010 _____ () C:\Windows\setupact.log
2014-03-08 01:27 - 2014-03-08 01:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-26 07:17 - 2014-02-27 03:11 - 01608640 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-14 03:04 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 03:04 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-14 03:02 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 03:02 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 03:02 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 03:02 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 03:02 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 03:02 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 03:02 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 03:02 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 03:02 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 03:02 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 03:02 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 03:02 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 03:02 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-14 03:02 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 03:02 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-14 03:02 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 03:02 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 03:02 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-14 03:02 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-14 03:02 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-14 03:02 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 03:02 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-14 03:02 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-14 03:02 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 03:02 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-14 03:02 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-14 03:02 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-14 03:02 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-14 03:02 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-14 03:02 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 03:02 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 03:02 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-14 03:02 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-14 03:02 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-14 03:02 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 03:02 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-14 03:02 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 03:02 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-14 03:02 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 21:54 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 21:54 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 21:54 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 21:54 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 21:54 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 21:54 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 21:54 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 21:54 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 21:54 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 21:54 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 21:54 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 21:54 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 21:54 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 21:54 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 21:54 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 21:54 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 21:54 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 21:54 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 21:54 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 21:54 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 21:54 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 21:54 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 21:54 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 21:54 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 21:54 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 21:54 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 21:54 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 21:54 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-12 17:18 - 2014-03-12 17:17 - 00000000 ____D () C:\FRST
2014-03-12 17:18 - 2009-12-25 10:09 - 00000000 ____D () C:\Users\Jörg\Desktop\Jörg
2014-03-12 17:18 - 2009-07-14 06:10 - 01969125 _____ () C:\Windows\WindowsUpdate.log
2014-03-12 17:14 - 2014-03-12 17:14 - 00000000 _____ () C:\Users\Jörg\defogger_reenable
2014-03-12 17:14 - 2009-12-05 10:27 - 00000000 ____D () C:\Users\Jörg
2014-03-12 17:08 - 2014-03-08 01:27 - 00004010 _____ () C:\Windows\setupact.log
2014-03-12 17:02 - 2010-03-18 20:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-12 16:24 - 2014-03-12 16:24 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Malwarebytes
2014-03-12 16:24 - 2014-03-12 16:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 16:23 - 2014-03-12 16:23 - 00001075 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-12 16:23 - 2014-03-12 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 16:21 - 2014-03-12 16:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jörg\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 16:21 - 2014-03-12 16:21 - 00001141 _____ () C:\Users\Jörg\Desktop\Continue Zip Extractor Installation.lnk
2014-03-12 16:20 - 2012-04-04 11:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-12 16:19 - 2014-03-12 16:19 - 00687744 _____ ( ) C:\Users\Jörg\Downloads\ZipExtractorSetup.exe
2014-03-12 16:05 - 2012-04-12 19:32 - 00003486 _____ () C:\Windows\Sandboxie.ini
2014-03-12 15:49 - 2013-05-23 15:36 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-12 15:09 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-12 15:09 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-12 15:03 - 2014-02-08 14:37 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-03-12 15:02 - 2010-03-18 20:21 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-12 14:59 - 2009-12-05 10:27 - 00000000 ____D () C:\Users\Jörg\AppData\Local\SoftThinks
2014-03-12 14:59 - 2009-11-30 22:48 - 00000071 _____ () C:\Windows\SysWOW64\ToasterLauncherLog.log
2014-03-12 14:59 - 2009-11-30 22:22 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-12 14:58 - 2014-03-09 22:42 - 00006800 _____ () C:\Windows\PFRO.log
2014-03-12 14:58 - 2011-03-20 04:50 - 00000000 ____D () C:\Program Files (x86)\PC Tools Security
2014-03-12 14:58 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-12 14:56 - 2011-03-20 04:46 - 00000000 ____D () C:\ProgramData\PC Tools
2014-03-11 22:20 - 2014-03-11 22:20 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-11 22:20 - 2012-04-04 11:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 22:20 - 2012-04-04 11:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 22:20 - 2011-05-18 19:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-10 14:21 - 2014-03-10 14:21 - 00001431 _____ () C:\Users\Jörg\Desktop\sd9setup.exe.lnk
2014-03-10 14:21 - 2014-03-10 14:21 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\TestApp
2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup.exe
2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup (1).exe
2014-03-09 22:58 - 2014-03-09 22:58 - 00263332 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-03-09 22:43 - 2009-07-14 05:45 - 00319440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-09 09:05 - 2010-01-18 01:04 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-03-09 09:01 - 2014-03-09 09:00 - 02434048 _____ () C:\Users\Jörg\Downloads\msxml.msi
2014-03-09 08:59 - 2010-01-06 23:12 - 00000000 ____D () C:\Users\Jörg\.gimp-2.6
2014-03-08 15:12 - 2011-03-20 04:50 - 02940846 _____ () C:\Windows\system32\Drivers\Cat.DB
2014-03-08 15:11 - 2009-11-30 22:40 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-03-08 12:41 - 2009-12-05 10:28 - 00072368 _____ () C:\Users\Jörg\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-08 08:56 - 2009-12-25 10:10 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-03-08 08:50 - 2014-03-08 08:43 - 00016778 _____ () C:\Windows\DPINST.LOG
2014-03-08 08:50 - 2010-04-20 20:23 - 00000000 ____D () C:\ProgramData\SMART Technologies
2014-03-08 08:41 - 2012-11-26 19:11 - 00000000 ____D () C:\ProgramData\LAT 2.0 Deutsch
2014-03-08 01:27 - 2014-03-08 01:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-08 01:24 - 2010-01-26 23:38 - 00000000 ____D () C:\Windows\Minidump
2014-03-08 01:24 - 2009-11-30 23:38 - 00000000 ____D () C:\Windows\Panther
2014-03-08 00:57 - 2010-01-05 23:37 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-08 00:57 - 2010-01-05 23:37 - 00000000 ____D () C:\ProgramData\Skype
2014-02-27 03:11 - 2014-02-26 07:17 - 01608640 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 03:11 - 2009-07-14 18:58 - 00704520 _____ () C:\Windows\system32\perfh007.dat
2014-02-27 03:11 - 2009-07-14 18:58 - 00152326 _____ () C:\Windows\system32\perfc007.dat
2014-02-27 03:10 - 2009-07-14 06:13 - 01608640 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-23 20:13 - 2010-11-09 10:57 - 02967552 ___SH () C:\Users\Jörg\Desktop\Thumbs.db
2014-02-22 12:14 - 2013-05-23 15:34 - 00000000 ____D () C:\Program Files\My Dell
2014-02-22 12:14 - 2009-11-30 22:24 - 00000000 ____D () C:\ProgramData\PCDr
2014-02-17 03:08 - 2013-07-18 02:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 03:04 - 2009-12-25 19:00 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 04:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-13 14:57 - 2010-03-18 20:21 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 14:57 - 2010-03-18 20:21 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-12 15:56 - 2010-07-16 16:33 - 00000000 ____D () C:\Users\J�rg
2014-02-10 00:47 - 2011-08-02 10:33 - 00000000 ____D () C:\Users\Jörg\Desktop\Star Trek research

Files to move or delete:
====================
C:\Users\Jörg\AmazonMP3Installer-de_DE.exe
C:\Users\Jörg\gwave555.exe
C:\Users\Jörg\vlc-1.1.0-win32.exe


Some content of TEMP:
====================
C:\Users\Jörg\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\Jörg\AppData\Local\Temp\SandboxieInstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-11 19:44

==================== End Of Log ============================
         
Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2014
Ran by Jörg at 2014-03-12 17:19:29
Running from C:\Users\Jörg\Desktop\Jörg
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version:  - )
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0625.1811 - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4400 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0625.1812.30825 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help English (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help French (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help German (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
ccc-utility64 (Version: 2009.0625.1812.30825 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.44 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.2 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Free Audio CD Burner version 1.4 (HKLM-x32\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
GIMP 2.6.8 (HKLM-x32\...\WinGimp-2.0_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
ICQ7.6 (HKLM-x32\...\{7644E42D-B096-457F-8B5B-901238FC81AE}) (Version: 7.6 - ICQ)
Inkscape 0.47 (HKLM-x32\...\Inkscape) (Version: 0.47 - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0000 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Opera 11.62 (HKLM-x32\...\Opera 11.62.1347) (Version: 11.62.1347 - Opera Software ASA)
PC Tools Registry Tool (HKLM-x32\...\PC Tools File and Registry Tool_is1) (Version: 1.0.0.14 - PC Tools Ltd.)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
PS_AIO_03_C4400_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.0 - Roxio)
Roxio Burn (x32 Version: 1.0.0 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skins (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Telekom Internet Manager (HKLM-x32\...\Telekom Internet Manager) (Version: 11.301.05.09.748 - Huawei Technologies Co.,Ltd)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VideoCam Suite 2.0 (HKLM-x32\...\{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}) (Version: 2.00.044.1031 - Panasonic Corporation)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Restore Points  =========================

06-03-2014 02:02:31 Windows Update
07-03-2014 23:54:53 Removed Skype™ 6.11
08-03-2014 07:37:01 Removed SMART Notebook.
08-03-2014 07:46:40 Removed SMART Product Drivers.
08-03-2014 07:55:09 Removed Opera 11.00.
08-03-2014 07:56:56 Removed MyScript HWR (German).
09-03-2014 08:02:52 Installed MSXML 4.0 SP3 Parser
09-03-2014 21:56:38 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {052219DF-7EDE-4CB3-B5F6-C5A502F3F3BD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {4AF840D4-2DFF-4408-96A0-7A572239C85F} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {51A294B6-4EA6-4466-9BF9-8573A0D1ABDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {54984B76-92FC-4045-9581-396775EAFBC5} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {6BE2FC18-C842-467E-954F-634A34817486} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18] (Google Inc.)
Task: {9D8D3B84-87B8-4D6C-BDD7-4B38E3F23B31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18] (Google Inc.)
Task: {F6B514A7-39E1-4D1E-850C-B69C685529F9} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-01-28 05:03 - 2011-01-28 05:03 - 00344928 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2010-04-02 23:26 - 2010-03-15 10:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2009-07-02 01:54 - 2009-07-02 01:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-11-30 22:22 - 2009-09-17 20:06 - 00410864 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2009-11-13 16:15 - 2009-11-13 16:15 - 01807600 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2009-05-05 19:56 - 2009-05-05 19:56 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-11-30 22:09 - 2009-11-30 22:09 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-04-13 20:11 - 2010-04-13 20:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2009-11-30 22:22 - 2009-09-17 20:04 - 00115952 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00128240 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2009-11-30 22:22 - 2009-09-17 20:04 - 01123568 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00079088 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00234736 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00074992 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00111856 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00121072 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00025840 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00025840 ____N () C:\program files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00025840 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00275696 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-09-11 19:05 - 2009-09-11 19:05 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00046320 _____ () C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00365808 _____ () C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00152816 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2014-02-22 01:08 - 2014-02-20 02:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-22 01:08 - 2014-02-20 02:02 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
2014-02-22 01:08 - 2014-02-20 02:02 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
2014-02-22 01:08 - 2014-02-20 02:03 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-22 01:08 - 2014-02-20 02:03 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-22 01:08 - 2014-02-20 02:02 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
2014-02-22 01:08 - 2014-02-20 02:03 - 13632840 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SMART Board-Werkzeuge.lnk => C:\Windows\pss\SMART Board-Werkzeuge.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VideoCam Suite 2.0.lnk => C:\Windows\pss\VideoCam Suite 2.0.lnk.CommonStartup
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: SMART Board Service => C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
MSCONFIG\startupreg: SMART SNMP Agent => C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e

==================== Faulty Device Manager Devices =============

Name: McAfee Inc. mfeapfk
Description: McAfee Inc. mfeapfk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mfeapfk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2014 03:01:55 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {78faee2e-1cd9-4a3b-9cd2-822f1a51bd00}

Error: (03/12/2014 02:56:04 PM) (Source: pctsSvc.exe) (User: )
Description: Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen

Error: (03/12/2014 02:49:59 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e5a52f7d-dbc0-42c5-8507-44dd6125c947}

Error: (03/11/2014 10:21:27 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Adobe Flash Player 12 Plugin -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action NewCustomAction1, location: C:\Windows\TEMP\InstallPlugin_12_0_0_70.exe, command: -install -msi

Error: (03/11/2014 07:48:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (03/11/2014 06:44:01 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {2ca8537c-7a79-48e0-b379-b98b3b2e8b88}

Error: (03/10/2014 01:39:46 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {0c77f532-b1fb-40b3-8aa8-a700696683cf}

Error: (03/10/2014 05:59:04 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {61fe2c2a-fc89-424d-89bf-f9c28c2fe1d4}

Error: (03/09/2014 10:45:48 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {048e4290-a633-4aad-b9c3-b36ca494cedd}

Error: (03/09/2014 02:59:59 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.


System errors:
=============
Error: (03/12/2014 05:09:58 PM) (Source: ACPI) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (03/12/2014 03:24:58 PM) (Source: ACPI) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (03/12/2014 02:58:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1243

Error: (03/12/2014 02:47:53 PM) (Source: NetBT) (User: )
Description: Der Name "JTRG-PC        :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21
registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/12/2014 02:47:53 PM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{5FBF464A-E371-4C48-A41B-CD5755B5B45C} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (03/12/2014 02:47:47 PM) (Source: NetBT) (User: )
Description: Der Name "JÖRG-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21
registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/12/2014 02:47:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1243

Error: (03/12/2014 02:55:33 AM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (03/11/2014 06:50:14 PM) (Source: DCOM) (User: )
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (03/11/2014 06:41:57 PM) (Source: NetBT) (User: )
Description: Der Name "JTRG-PC        :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21
registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.


Microsoft Office Sessions:
=========================
Error: (04/20/2013 01:08:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13756 seconds with 4080 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 78%
Total physical RAM: 4060.86 MB
Available physical RAM: 864.34 MB
Total Pagefile: 8119.89 MB
Available Pagefile: 2512.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:234.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 7ABE6F4D)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Der GMER log war zu lang und befindet sch im Anhang. Hier noch der ursprüngliche MBAM Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.12.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Jörg :: JÖRG-PC [Administrator]

Schutz: Aktiviert

12.03.2014 17:02:04
MBAM-log-2014-03-12 (17-09-15).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 271159
Laufzeit: 6 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\AppDataLow\Software\PriceGong (PUP.Optional.PriceGong.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fheydbueyj.exe (Trojan.SpyEyes) -> Daten: C:\fheydbueyj.exe\fheydbueyj.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\fheydbueyj.exe (Trojan.SpyEyes) -> Keine Aktion durchgeführt.

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Ich bin gespannt, wie es jetzt weitergeht. Auf jeden Fall schon mal vielen Dank für die Unterstützung!

Jörg

Alt 12.03.2014, 21:01   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware - Standard

Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 12.03.2014, 22:38   #3
FLT1980
 
Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware - Standard

Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware



Danke erstmal! Ich habe ComboFix installiert, McAfee Total Protection vorübergehend ausgeschaltet und ComboFix gestartet. Es läuft jetzt bereits seit circa 25 Minuten und "steckt" bei "Fertiggestellt Stufe-48" fest. Der Cursor blinkt jedoch noch. Habe den Laptop die gesamten Zeit nicht abgefasst. Soll ich noch etwas länger warten?

Ich war wohl etwas voreilig...

Ich habe noch etwas länger gewartet und nach dem Neustart folgendes Logfile bekommen:

Code:
ATTFilter
ComboFix 14-03-10.01 - Jörg 12.03.2014  22:22:21.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4061.876 [GMT 1:00]
ausgeführt von:: c:\users\J÷rg\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\fheydbueyj.exe
c:\fheydbueyj.exe\fheydbueyj.exe
c:\programdata\PCDr\6426\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\5dc25d30-0116-4ea0-9e12-f329c60c603b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\667e2f17-0031-40e7-a376-b390959abbb8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6ff7e11c-29c5-4891-bc9e-fae289e9c9fe.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9a23b885-84bf-4844-bc8c-e1f4c568d95a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9c39bb99-9a2d-442b-9a53-fc7bd3d32368.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ade7fb72-009e-483b-8dbb-a94667c9efee.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b7527ad4-1a04-4fbc-82f1-59c1cfcafceb.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e6166583-b575-4093-a3ca-d9c4587d4bb7.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-02-12 bis 2014-03-12  ))))))))))))))))))))))))))))))
.
.
2014-03-12 22:12 . 2014-03-12 22:12	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2014-03-12 17:37 . 2014-03-12 17:37	--------	d-----w-	c:\program files (x86)\7-Zip
2014-03-12 16:17 . 2014-03-12 16:21	--------	d-----w-	C:\FRST
2014-03-12 15:24 . 2014-03-12 15:24	--------	d-----w-	c:\users\Jörg\AppData\Roaming\Malwarebytes
2014-03-12 15:23 . 2014-03-12 15:23	--------	d-----w-	c:\programdata\Malwarebytes
2014-03-12 15:23 . 2014-03-12 15:24	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-12 15:23 . 2013-04-04 13:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-03-12 15:23 . 2014-03-12 15:23	--------	d-----w-	c:\users\Jörg\AppData\Local\Programs
2014-03-11 21:20 . 2014-03-11 21:20	5777288	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-03-10 13:21 . 2014-03-10 13:21	--------	d-----w-	c:\users\Jörg\AppData\Roaming\TestApp
2014-02-26 06:13 . 2014-02-26 06:13	--------	d-----w-	c:\windows\Migration
2014-02-14 02:04 . 2013-12-21 08:56	454656	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-02-14 02:04 . 2013-12-21 09:53	548864	----a-w-	c:\windows\system32\vbscript.dll
2014-02-13 20:54 . 2013-12-06 02:30	2048	----a-w-	c:\windows\system32\msxml3r.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-11 21:20 . 2012-04-04 10:59	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-11 21:20 . 2011-05-18 18:15	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-17 02:04 . 2009-12-25 18:00	88567024	----a-w-	c:\windows\system32\MRT.exe
2014-01-27 07:43 . 2013-12-05 15:51	70592	----a-w-	c:\windows\system32\drivers\cfwids.sys
2014-01-27 07:37 . 2013-12-05 15:45	344688	----a-w-	c:\windows\system32\drivers\mfewfpk.sys
2014-01-27 07:37 . 2014-02-08 13:23	185792	----a-w-	c:\windows\system32\mfevtps.exe
2014-01-27 07:33 . 2013-09-24 19:22	783864	----a-w-	c:\windows\system32\drivers\mfehidk.sys
2014-01-27 07:31 . 2013-12-05 15:39	520696	----a-w-	c:\windows\system32\drivers\mfefirek.sys
2014-01-27 07:30 . 2013-12-05 15:37	311600	----a-w-	c:\windows\system32\drivers\mfeavfk.sys
2014-01-27 07:29 . 2013-09-24 19:19	180272	----a-w-	c:\windows\system32\drivers\mfeapfk.sys
2014-01-26 10:03 . 2014-01-26 10:04	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2014-01-26 10:03 . 2014-01-26 10:04	312744	----a-w-	c:\windows\system32\javaws.exe
2014-01-26 10:03 . 2014-01-26 10:04	189352	----a-w-	c:\windows\system32\javaw.exe
2014-01-26 10:03 . 2014-01-26 10:04	189352	----a-w-	c:\windows\system32\java.exe
2014-01-20 17:12 . 2014-01-20 17:12	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-26 02:22 . 2013-12-26 02:22	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-26 02:22 . 2013-12-26 02:22	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-12-26 02:21 . 2013-12-26 02:21	942592	----a-w-	c:\windows\system32\jsIntl.dll
2013-12-26 02:21 . 2013-12-26 02:21	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-12-26 02:21 . 2013-12-26 02:21	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-12-26 02:21 . 2013-12-26 02:21	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-12-26 02:21 . 2013-12-26 02:21	81408	----a-w-	c:\windows\system32\icardie.dll
2013-12-26 02:21 . 2013-12-26 02:21	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-12-26 02:21 . 2013-12-26 02:21	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-26 02:21 . 2013-12-26 02:21	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-26 02:21 . 2013-12-26 02:21	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2013-12-26 02:21 . 2013-12-26 02:21	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-12-26 02:21 . 2013-12-26 02:21	61952	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2013-12-26 02:21 . 2013-12-26 02:21	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2013-12-26 02:21 . 2013-12-26 02:21	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-12-26 02:21 . 2013-12-26 02:21	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-12-26 02:21 . 2013-12-26 02:21	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-12-26 02:21 . 2013-12-26 02:21	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2013-12-26 02:21 . 2013-12-26 02:21	413696	----a-w-	c:\windows\system32\html.iec
2013-12-26 02:21 . 2013-12-26 02:21	40448	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-26 02:21 . 2013-12-26 02:21	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-12-26 02:21 . 2013-12-26 02:21	34816	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-26 02:21 . 2013-12-26 02:21	337408	----a-w-	c:\windows\SysWow64\html.iec
2013-12-26 02:21 . 2013-12-26 02:21	30208	----a-w-	c:\windows\system32\licmgr10.dll
2013-12-26 02:21 . 2013-12-26 02:21	296960	----a-w-	c:\windows\system32\dxtrans.dll
2013-12-26 02:21 . 2013-12-26 02:21	263376	----a-w-	c:\windows\system32\iedkcs32.dll
2013-12-26 02:21 . 2013-12-26 02:21	247808	----a-w-	c:\windows\system32\msls31.dll
2013-12-26 02:21 . 2013-12-26 02:21	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-12-26 02:21 . 2013-12-26 02:21	243200	----a-w-	c:\windows\system32\webcheck.dll
2013-12-26 02:21 . 2013-12-26 02:21	235520	----a-w-	c:\windows\system32\url.dll
2013-12-26 02:21 . 2013-12-26 02:21	235008	----a-w-	c:\windows\system32\elshyph.dll
2013-12-26 02:21 . 2013-12-26 02:21	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2013-12-26 02:21 . 2013-12-26 02:21	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-12-26 02:21 . 2013-12-26 02:21	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2013-12-26 02:21 . 2013-12-26 02:21	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2013-12-26 02:21 . 2013-12-26 02:21	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2013-12-26 02:21 . 2013-12-26 02:21	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-12-26 02:21 . 2013-12-26 02:21	1228800	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-12-26 02:21 . 2013-12-26 02:21	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-12-26 02:21 . 2013-12-26 02:21	105984	----a-w-	c:\windows\system32\iesysprep.dll
2013-12-26 02:21 . 2013-12-26 02:21	1051136	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-12-26 02:21 . 2013-12-26 02:21	84992	----a-w-	c:\windows\system32\mshtmled.dll
2013-12-26 02:21 . 2013-12-26 02:21	83968	----a-w-	c:\windows\system32\MshtmlDac.dll
2013-12-26 02:21 . 2013-12-26 02:21	774144	----a-w-	c:\windows\system32\jscript.dll
2013-12-26 02:21 . 2013-12-26 02:21	62464	----a-w-	c:\windows\system32\pngfilt.dll
2013-12-26 02:21 . 2013-12-26 02:21	48128	----a-w-	c:\windows\system32\imgutil.dll
2013-12-26 02:21 . 2013-12-26 02:21	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-12-26 02:21 . 2013-12-26 02:21	147968	----a-w-	c:\windows\system32\occache.dll
2013-12-26 02:21 . 2013-12-26 02:21	143872	----a-w-	c:\windows\system32\wextract.exe
2013-12-26 02:21 . 2013-12-26 02:21	13824	----a-w-	c:\windows\system32\mshta.exe
2013-12-26 02:21 . 2013-12-26 02:21	135680	----a-w-	c:\windows\system32\iepeers.dll
2013-12-26 02:21 . 2013-12-26 02:21	101376	----a-w-	c:\windows\system32\inseng.dll
2013-12-18 05:13 . 2010-01-11 22:16	270496	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.6\ICQ.exe" [2011-10-10 127040]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2014-01-17 759496]
"HW_OPENEYE_OUC_Telekom Internet Manager"="c:\program files (x86)\Telekom\InternetManager_H\UpdateDog\ouc.exe" [2010-12-28 116064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-28 537992]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"DataCardMonitor"="c:\program files (x86)\Telekom\InternetManager_H\DataCardMonitor.exe" [2013-05-03 259424]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-28 537992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-09-17 165104]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{91120000-002F-0000-0000-0000000FF1CE}"="del" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MOBKbackup;1%;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]
R3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTMouseFilterx64.sys [x]
R3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTVHidMiniVistaAmd64.sys [x]
R3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTVTabletPCx64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys;c:\windows\SYSNATIVE\drivers\BMLoad.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys;c:\windows\SYSNATIVE\drivers\PCTCore64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys;c:\windows\SYSNATIVE\DRIVERS\MOBK.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys;c:\windows\SYSNATIVE\DRIVERS\CryptOSD.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5v64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 05:14	1150280	----a-w-	c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:20]
.
2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 19:21]
.
2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 19:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 19:11	3816248	----a-w-	c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 19:11	3816248	----a-w-	c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 19:11	3816248	----a-w-	c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Jörg\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Jörg\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Save YouTube Video
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.ppiwidget.com/campaigns/startrek_AR/widget/de/Plugin/DFusionHomeWebPlugIn.Installer.exe
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-fheydbueyj.exe - c:\fheydbueyj.exe\fheydbueyj.exe
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Opera 11.62.1347 - c:\program files (x86)\Opera\Opera.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\bgsvcgen.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-03-12  23:30:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-03-12 22:30
.
Vor Suchlauf: 18 Verzeichnis(se), 250.693.824.512 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 250.251.468.800 Bytes frei
.
- - End Of File - - 48F31B3995A555E4DF549EAABD6CD7DB
5C616939100B85E558DA92B899A0FC36
         
Sandboxie läuft im Moment nicht, vielleicht wird das ja nach einem Neustart behoben.
__________________

Alt 13.03.2014, 12:36   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware - Standard

Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.03.2014, 20:42   #5
FLT1980
 
Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware - Standard

Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware



Alles klar, hier kommen die logs:

Malwarebytes Anti-Malware :

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.13.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Jörg :: JÖRG-PC [Administrator]

Schutz: Aktiviert

13.03.2014 20:31:55
mbam-log-2014-03-13 (20-31-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 291769
Laufzeit: 15 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\AppDataLow\Software\PriceGong (PUP.Optional.PriceGong.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
AdwCleaner:

Code:
ATTFilter
# AdwCleaner v3.021 - Bericht erstellt am 13/03/2014 um 21:06:00
# Aktualisiert 10/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Jörg - JÖRG-PC
# Gestartet von : C:\Users\Jörg\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Users\Jörg\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Jörg\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Jörg\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\PriceGong
Datei Gelöscht : C:\Users\Jörg\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll 

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Google Chrome v33.0.1750.146

[ Datei : C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5395 octets] - [13/03/2014 20:53:38]
AdwCleaner[S0].txt - [4765 octets] - [13/03/2014 21:06:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4825 octets] ##########
         
Junkware Removal Tool:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by J”rg on 13.03.2014 at 21:12:17,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.03.2014 at 21:30:12,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und ein neues FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by Jörg (administrator) on JÖRG-PC on 13-03-2014 21:33:59
Running from C:\Users\Jörg\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Huawei Technologies Co., Ltd.) C:\Users\Jörg\AppData\Roaming\Telekom Internet Manager\ouc.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-26] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl] - C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\Telekom\InternetManager_H\DataCardMonitor.exe [259424 2013-05-03] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-09-17] (Softthinks)
HKU\.DEFAULT\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.6\ICQ.exe [127040 2011-10-10] (ICQ, LLC.)
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [306688 2012-03-26] (FileHippo.com)
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] - C:\Program Files (x86)\Telekom\InternetManager_H\UpdateDog\ouc.exe [116064 2010-12-28] (Huawei Technologies Co., Ltd.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {810C5518-649C-4767-A11C-59BFFAE36D78} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE105&p={SearchTerms}
SearchScopes: HKCU - {86DB3314-17F2-4C6A-8F85-09C6A55AD9EB} URL = 
SearchScopes: HKCU - {9DB5AE8D-3204-4F85-A13A-773039C1C5B4} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {E2D2B080-405E-4C81-904E-7410130A754E} URL = 
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: HKLM-x32 {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} hxxp://www.ppiwidget.com/campaigns/startrek_AR/widget/de/Plugin/DFusionHomeWebPlugIn.Installer.exe
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?fr=mcafee&type=A211DE105&p={searchTerms}
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (D'Fusion @Home Web Plug-In (2.10.8863)) - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (YouTube) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Adblock Plus) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-11]
CHR Extension: (Google-Suche) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (SiteAdvisor) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-11-01]
CHR Extension: (Webseite Blocher (Beta)) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2013-04-11]
CHR Extension: (Google Wallet) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-25]
CHR Extension: (Google Mail) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]

==================== Services (Whitelisted) =================

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [344928 2011-01-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R3 CryptOSD; C:\Windows\System32\DRIVERS\CryptOSD.sys [431488 2009-06-25] (Phoenix Technologies)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [282440 2011-07-11] (PC Tools)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [13168 2011-07-13] (SMART Technologies ULC)
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [16368 2011-07-13] (SMART Technologies ULC)
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [24944 2011-07-13] (SMART Technologies ULC)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-13 21:33 - 2014-03-12 17:16 - 02157056 _____ (Farbar) C:\Users\Jörg\Desktop\FRST64.exe
2014-03-13 21:30 - 2014-03-13 21:30 - 00000624 _____ () C:\Users\Jörg\Desktop\JRT.txt
2014-03-13 21:12 - 2014-03-13 21:12 - 00000000 ____D () C:\Windows\ERUNT
2014-03-13 20:53 - 2014-03-13 21:06 - 00000000 ____D () C:\AdwCleaner
2014-03-13 20:50 - 2014-03-13 20:50 - 01037734 _____ (Thisisu) C:\Users\Jörg\Desktop\JRT.exe
2014-03-13 20:33 - 2014-03-13 20:33 - 01949184 _____ () C:\Users\Jörg\Desktop\adwcleaner.exe
2014-03-13 20:24 - 2014-03-13 21:30 - 00000000 ____D () C:\Users\Jörg\Desktop\Logs 13.3
2014-03-12 23:31 - 2014-03-12 23:31 - 00029088 _____ () C:\Users\Jörg\Desktop\Combofix.txt
2014-03-12 23:30 - 2014-03-12 23:30 - 00029088 _____ () C:\ComboFix.txt
2014-03-12 22:15 - 2014-03-12 23:30 - 00000000 ____D () C:\Qoobox
2014-03-12 22:15 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-12 22:15 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-12 22:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-12 22:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-12 22:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-12 22:15 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-12 22:15 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-12 22:15 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-12 22:14 - 2014-03-12 23:26 - 00000000 ____D () C:\Windows\erdnt
2014-03-12 18:49 - 2014-03-12 18:49 - 00017255 _____ () C:\Users\Jörg\Desktop\Gmer.7z
2014-03-12 18:37 - 2014-03-12 18:37 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-12 18:02 - 2014-03-12 18:02 - 00610082 _____ () C:\Users\Jörg\Desktop\Gmer.log
2014-03-12 17:19 - 2014-03-12 17:21 - 00037046 _____ () C:\Users\Jörg\Desktop\Addition.txt
2014-03-12 17:18 - 2014-03-13 21:33 - 00026520 _____ () C:\Users\Jörg\Desktop\FRST.txt
2014-03-12 17:17 - 2014-03-13 21:33 - 00000000 ____D () C:\FRST
2014-03-12 17:14 - 2014-03-12 17:14 - 00000000 _____ () C:\Users\Jörg\defogger_reenable
2014-03-12 16:24 - 2014-03-12 16:24 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Malwarebytes
2014-03-12 16:23 - 2014-03-12 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 16:23 - 2014-03-12 16:23 - 00001075 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-12 16:23 - 2014-03-12 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 16:23 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-12 16:21 - 2014-03-12 16:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jörg\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 16:21 - 2014-03-12 16:21 - 00001141 _____ () C:\Users\Jörg\Desktop\Continue Zip Extractor Installation.lnk
2014-03-12 16:19 - 2014-03-12 16:19 - 00687744 _____ ( ) C:\Users\Jörg\Downloads\ZipExtractorSetup.exe
2014-03-11 22:20 - 2014-03-11 22:20 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-10 14:21 - 2014-03-10 14:21 - 00001431 _____ () C:\Users\Jörg\Desktop\sd9setup.exe.lnk
2014-03-10 14:21 - 2014-03-10 14:21 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\TestApp
2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup.exe
2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup (1).exe
2014-03-09 22:58 - 2014-03-09 22:58 - 00263332 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-03-09 22:42 - 2014-03-12 23:39 - 00008180 _____ () C:\Windows\PFRO.log
2014-03-09 09:00 - 2014-03-09 09:01 - 02434048 _____ () C:\Users\Jörg\Downloads\msxml.msi
2014-03-08 08:43 - 2014-03-08 08:50 - 00016778 _____ () C:\Windows\DPINST.LOG
2014-03-08 01:27 - 2014-03-13 21:32 - 00005354 _____ () C:\Windows\setupact.log
2014-03-08 01:27 - 2014-03-08 01:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-26 07:17 - 2014-02-27 03:11 - 01608640 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-14 03:04 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 03:04 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-14 03:02 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 03:02 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 03:02 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 03:02 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 03:02 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 03:02 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 03:02 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 03:02 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 03:02 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 03:02 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 03:02 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 03:02 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 03:02 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-14 03:02 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 03:02 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-14 03:02 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 03:02 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 03:02 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-14 03:02 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-14 03:02 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-14 03:02 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 03:02 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-14 03:02 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-14 03:02 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 03:02 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-14 03:02 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-14 03:02 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-14 03:02 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-14 03:02 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-14 03:02 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 03:02 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 03:02 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-14 03:02 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-14 03:02 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-14 03:02 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 03:02 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-14 03:02 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 03:02 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-14 03:02 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 21:54 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 21:54 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 21:54 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 21:54 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 21:54 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 21:54 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 21:54 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 21:54 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 21:54 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 21:54 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 21:54 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 21:54 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 21:54 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 21:54 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 21:54 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 21:54 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 21:54 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 21:54 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 21:54 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 21:54 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 21:54 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 21:54 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 21:54 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 21:54 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 21:54 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 21:54 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 21:54 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 21:54 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-13 21:36 - 2014-03-12 17:18 - 00026520 _____ () C:\Users\Jörg\Desktop\FRST.txt
2014-03-13 21:33 - 2014-03-12 17:17 - 00000000 ____D () C:\FRST
2014-03-13 21:32 - 2014-03-08 01:27 - 00005354 _____ () C:\Windows\setupact.log
2014-03-13 21:30 - 2014-03-13 21:30 - 00000624 _____ () C:\Users\Jörg\Desktop\JRT.txt
2014-03-13 21:30 - 2014-03-13 20:24 - 00000000 ____D () C:\Users\Jörg\Desktop\Logs 13.3
2014-03-13 21:20 - 2012-04-04 11:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 21:15 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-13 21:15 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-13 21:13 - 2014-02-08 14:37 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-03-13 21:12 - 2014-03-13 21:12 - 00000000 ____D () C:\Windows\ERUNT
2014-03-13 21:09 - 2010-03-18 20:21 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-13 21:08 - 2009-12-05 10:27 - 00000000 ____D () C:\Users\Jörg\AppData\Local\SoftThinks
2014-03-13 21:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-13 21:06 - 2014-03-13 20:53 - 00000000 ____D () C:\AdwCleaner
2014-03-13 21:06 - 2009-07-14 06:10 - 01087229 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 21:03 - 2013-05-23 15:36 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-13 21:02 - 2010-03-18 20:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-13 20:50 - 2014-03-13 20:50 - 01037734 _____ (Thisisu) C:\Users\Jörg\Desktop\JRT.exe
2014-03-13 20:33 - 2014-03-13 20:33 - 01949184 _____ () C:\Users\Jörg\Desktop\adwcleaner.exe
2014-03-12 23:39 - 2014-03-09 22:42 - 00008180 _____ () C:\Windows\PFRO.log
2014-03-12 23:31 - 2014-03-12 23:31 - 00029088 _____ () C:\Users\Jörg\Desktop\Combofix.txt
2014-03-12 23:30 - 2014-03-12 23:30 - 00029088 _____ () C:\ComboFix.txt
2014-03-12 23:30 - 2014-03-12 22:15 - 00000000 ____D () C:\Qoobox
2014-03-12 23:30 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-12 23:26 - 2014-03-12 22:14 - 00000000 ____D () C:\Windows\erdnt
2014-03-12 23:19 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-12 18:49 - 2014-03-12 18:49 - 00017255 _____ () C:\Users\Jörg\Desktop\Gmer.7z
2014-03-12 18:37 - 2014-03-12 18:37 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-12 18:37 - 2009-12-25 10:09 - 00000000 ____D () C:\Users\Jörg\Desktop\Jörg
2014-03-12 18:05 - 2009-11-30 22:48 - 00000071 _____ () C:\Windows\SysWOW64\ToasterLauncherLog.log
2014-03-12 18:05 - 2009-11-30 22:22 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-12 18:02 - 2014-03-12 18:02 - 00610082 _____ () C:\Users\Jörg\Desktop\Gmer.log
2014-03-12 17:21 - 2014-03-12 17:19 - 00037046 _____ () C:\Users\Jörg\Desktop\Addition.txt
2014-03-12 17:16 - 2014-03-13 21:33 - 02157056 _____ (Farbar) C:\Users\Jörg\Desktop\FRST64.exe
2014-03-12 17:14 - 2014-03-12 17:14 - 00000000 _____ () C:\Users\Jörg\defogger_reenable
2014-03-12 17:14 - 2009-12-05 10:27 - 00000000 ____D () C:\Users\Jörg
2014-03-12 16:24 - 2014-03-12 16:24 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Malwarebytes
2014-03-12 16:24 - 2014-03-12 16:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 16:23 - 2014-03-12 16:23 - 00001075 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-12 16:23 - 2014-03-12 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 16:21 - 2014-03-12 16:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jörg\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 16:21 - 2014-03-12 16:21 - 00001141 _____ () C:\Users\Jörg\Desktop\Continue Zip Extractor Installation.lnk
2014-03-12 16:19 - 2014-03-12 16:19 - 00687744 _____ ( ) C:\Users\Jörg\Downloads\ZipExtractorSetup.exe
2014-03-12 16:05 - 2012-04-12 19:32 - 00003486 _____ () C:\Windows\Sandboxie.ini
2014-03-12 14:58 - 2011-03-20 04:50 - 00000000 ____D () C:\Program Files (x86)\PC Tools Security
2014-03-12 14:56 - 2011-03-20 04:46 - 00000000 ____D () C:\ProgramData\PC Tools
2014-03-11 22:20 - 2014-03-11 22:20 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-11 22:20 - 2012-04-04 11:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 22:20 - 2012-04-04 11:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 22:20 - 2011-05-18 19:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-10 14:21 - 2014-03-10 14:21 - 00001431 _____ () C:\Users\Jörg\Desktop\sd9setup.exe.lnk
2014-03-10 14:21 - 2014-03-10 14:21 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\TestApp
2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup.exe
2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup (1).exe
2014-03-09 22:58 - 2014-03-09 22:58 - 00263332 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-03-09 22:43 - 2009-07-14 05:45 - 00319440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-09 09:05 - 2010-01-18 01:04 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-03-09 09:01 - 2014-03-09 09:00 - 02434048 _____ () C:\Users\Jörg\Downloads\msxml.msi
2014-03-09 08:59 - 2010-01-06 23:12 - 00000000 ____D () C:\Users\Jörg\.gimp-2.6
2014-03-08 15:12 - 2011-03-20 04:50 - 02940846 _____ () C:\Windows\system32\Drivers\Cat.DB
2014-03-08 15:11 - 2009-11-30 22:40 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-03-08 12:41 - 2009-12-05 10:28 - 00072368 _____ () C:\Users\Jörg\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-08 08:56 - 2009-12-25 10:10 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-03-08 08:50 - 2014-03-08 08:43 - 00016778 _____ () C:\Windows\DPINST.LOG
2014-03-08 08:50 - 2010-04-20 20:23 - 00000000 ____D () C:\ProgramData\SMART Technologies
2014-03-08 08:41 - 2012-11-26 19:11 - 00000000 ____D () C:\ProgramData\LAT 2.0 Deutsch
2014-03-08 01:27 - 2014-03-08 01:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-08 01:24 - 2010-01-26 23:38 - 00000000 ____D () C:\Windows\Minidump
2014-03-08 01:24 - 2009-11-30 23:38 - 00000000 ____D () C:\Windows\Panther
2014-03-08 00:57 - 2010-01-05 23:37 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-08 00:57 - 2010-01-05 23:37 - 00000000 ____D () C:\ProgramData\Skype
2014-02-27 03:11 - 2014-02-26 07:17 - 01608640 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 03:11 - 2009-07-14 18:58 - 00704520 _____ () C:\Windows\system32\perfh007.dat
2014-02-27 03:11 - 2009-07-14 18:58 - 00152326 _____ () C:\Windows\system32\perfc007.dat
2014-02-27 03:10 - 2009-07-14 06:13 - 01608640 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-23 20:13 - 2010-11-09 10:57 - 02967552 ___SH () C:\Users\Jörg\Desktop\Thumbs.db
2014-02-22 12:14 - 2013-05-23 15:34 - 00000000 ____D () C:\Program Files\My Dell
2014-02-22 12:14 - 2009-11-30 22:24 - 00000000 ____D () C:\ProgramData\PCDr
2014-02-17 03:08 - 2013-07-18 02:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 03:04 - 2009-12-25 19:00 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 04:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-13 14:57 - 2010-03-18 20:21 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 14:57 - 2010-03-18 20:21 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-12 15:56 - 2010-07-16 16:33 - 00000000 ____D () C:\Users\J�rg

Files to move or delete:
====================
C:\Users\Jörg\AmazonMP3Installer-de_DE.exe
C:\Users\Jörg\gwave555.exe
C:\Users\Jörg\vlc-1.1.0-win32.exe


Some content of TEMP:
====================
C:\Users\Jörg\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-11 19:44

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Ich hoffe, das habe ich alles so richtig gemacht!


Alt 14.03.2014, 18:15   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware - Standard

Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware

Alt 15.03.2014, 11:29   #7
FLT1980
 
Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware - Standard

Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware



Alles klar, hier kommen die logs:

ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6e855b49f0b03046894306b3751e6679
# engine=17452
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-14 10:01:34
# local_time=2014-03-14 11:01:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777214 66 65 550130 157644672 0 0
# compatibility_mode=5893 16776574 100 94 2971082 146464344 0 0
# scanned=375711
# found=0
# cleaned=0
# scan_time=11913
         
SecurityCheck:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
McAfee Anti-Virus und Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (2.0.0.4003)   
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 12.0.0.77  
 Adobe Reader 9  
 Adobe Reader XI  
 Google Chrome 32.0.1700.107  
 Google Chrome 33.0.1750.117  
 Google Chrome 33.0.1750.146  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 McAfee Online Backup MOBKbackup.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by Jörg (administrator) on JÖRG-PC on 15-03-2014 12:21:01
Running from C:\Users\Jörg\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Huawei Technologies Co., Ltd.) C:\Users\Jörg\AppData\Roaming\Telekom Internet Manager\ouc.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-26] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl] - C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\Telekom\InternetManager_H\DataCardMonitor.exe [259424 2013-05-03] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-09-17] (Softthinks)
HKU\.DEFAULT\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.6\ICQ.exe [127040 2011-10-10] (ICQ, LLC.)
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [306688 2012-03-26] (FileHippo.com)
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] - C:\Program Files (x86)\Telekom\InternetManager_H\UpdateDog\ouc.exe [116064 2010-12-28] (Huawei Technologies Co., Ltd.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {810C5518-649C-4767-A11C-59BFFAE36D78} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE105&p={SearchTerms}
SearchScopes: HKCU - {86DB3314-17F2-4C6A-8F85-09C6A55AD9EB} URL = 
SearchScopes: HKCU - {9DB5AE8D-3204-4F85-A13A-773039C1C5B4} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {E2D2B080-405E-4C81-904E-7410130A754E} URL = 
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: HKLM-x32 {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} hxxp://www.ppiwidget.com/campaigns/startrek_AR/widget/de/Plugin/DFusionHomeWebPlugIn.Installer.exe
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?fr=mcafee&type=A211DE105&p={searchTerms}
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (D'Fusion @Home Web Plug-In (2.10.8863)) - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (YouTube) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Adblock Plus) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-11]
CHR Extension: (Google-Suche) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (SiteAdvisor) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-11-01]
CHR Extension: (Webseite Blocher (Beta)) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2013-04-11]
CHR Extension: (Google Wallet) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-25]
CHR Extension: (Google Mail) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]

==================== Services (Whitelisted) =================

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [344928 2011-01-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R3 CryptOSD; C:\Windows\System32\DRIVERS\CryptOSD.sys [431488 2009-06-25] (Phoenix Technologies)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [282440 2011-07-11] (PC Tools)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [13168 2011-07-13] (SMART Technologies ULC)
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [16368 2011-07-13] (SMART Technologies ULC)
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [24944 2011-07-13] (SMART Technologies ULC)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-14 19:30 - 2014-03-14 19:30 - 02347384 _____ (ESET) C:\Users\Jörg\Desktop\esetsmartinstaller_enu.exe
2014-03-14 19:30 - 2014-03-14 19:30 - 00987442 _____ () C:\Users\Jörg\Desktop\SecurityCheck.exe
2014-03-14 03:25 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 03:25 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 21:36 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 21:36 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 21:36 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 21:36 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 21:36 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 21:36 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 21:36 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 21:36 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 21:36 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 21:36 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 21:36 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 21:36 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 21:36 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 21:36 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 21:36 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 21:36 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 21:35 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 21:35 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 21:35 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 21:35 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 21:35 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 21:35 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 21:35 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 21:35 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 21:35 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 21:35 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 21:35 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 21:35 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 21:35 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 21:35 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 21:35 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 21:35 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 21:35 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 21:35 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 21:35 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 21:35 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 21:35 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 21:35 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 21:35 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 21:35 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 21:33 - 2014-03-12 17:16 - 02157056 _____ (Farbar) C:\Users\Jörg\Desktop\FRST64.exe
2014-03-13 21:30 - 2014-03-13 21:30 - 00000624 _____ () C:\Users\Jörg\Desktop\JRT.txt
2014-03-13 21:12 - 2014-03-13 21:12 - 00000000 ____D () C:\Windows\ERUNT
2014-03-13 20:53 - 2014-03-13 21:06 - 00000000 ____D () C:\AdwCleaner
2014-03-13 20:50 - 2014-03-13 20:50 - 01037734 _____ (Thisisu) C:\Users\Jörg\Desktop\JRT.exe
2014-03-13 20:47 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 20:47 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 20:47 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 20:47 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 20:46 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 20:46 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 20:33 - 2014-03-13 20:33 - 01949184 _____ () C:\Users\Jörg\Desktop\adwcleaner.exe
2014-03-13 20:24 - 2014-03-15 12:19 - 00000000 ____D () C:\Users\Jörg\Desktop\Logs 13.3
2014-03-12 23:31 - 2014-03-12 23:31 - 00029088 _____ () C:\Users\Jörg\Desktop\Combofix.txt
2014-03-12 23:30 - 2014-03-12 23:30 - 00029088 _____ () C:\ComboFix.txt
2014-03-12 22:15 - 2014-03-12 23:30 - 00000000 ____D () C:\Qoobox
2014-03-12 22:15 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-12 22:15 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-12 22:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-12 22:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-12 22:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-12 22:15 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-12 22:15 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-12 22:15 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-12 22:14 - 2014-03-12 23:26 - 00000000 ____D () C:\Windows\erdnt
2014-03-12 18:49 - 2014-03-12 18:49 - 00017255 _____ () C:\Users\Jörg\Desktop\Gmer.7z
2014-03-12 18:37 - 2014-03-12 18:37 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-12 18:02 - 2014-03-12 18:02 - 00610082 _____ () C:\Users\Jörg\Desktop\Gmer.log
2014-03-12 17:19 - 2014-03-12 17:21 - 00037046 _____ () C:\Users\Jörg\Desktop\Addition.txt
2014-03-12 17:18 - 2014-03-15 12:21 - 00021865 _____ () C:\Users\Jörg\Desktop\FRST.txt
2014-03-12 17:17 - 2014-03-15 12:21 - 00000000 ____D () C:\FRST
2014-03-12 17:14 - 2014-03-12 17:14 - 00000000 _____ () C:\Users\Jörg\defogger_reenable
2014-03-12 16:24 - 2014-03-12 16:24 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Malwarebytes
2014-03-12 16:23 - 2014-03-12 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 16:23 - 2014-03-12 16:23 - 00001075 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-12 16:23 - 2014-03-12 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 16:23 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-12 16:21 - 2014-03-12 16:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jörg\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 16:21 - 2014-03-12 16:21 - 00001141 _____ () C:\Users\Jörg\Desktop\Continue Zip Extractor Installation.lnk
2014-03-12 16:19 - 2014-03-12 16:19 - 00687744 _____ ( ) C:\Users\Jörg\Downloads\ZipExtractorSetup.exe
2014-03-11 22:20 - 2014-03-11 22:20 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-10 14:21 - 2014-03-10 14:21 - 00001431 _____ () C:\Users\Jörg\Desktop\sd9setup.exe.lnk
2014-03-10 14:21 - 2014-03-10 14:21 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\TestApp
2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup.exe
2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup (1).exe
2014-03-09 22:58 - 2014-03-09 22:58 - 00263332 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-03-09 22:42 - 2014-03-14 23:35 - 00009014 _____ () C:\Windows\PFRO.log
2014-03-09 09:00 - 2014-03-09 09:01 - 02434048 _____ () C:\Users\Jörg\Downloads\msxml.msi
2014-03-08 08:43 - 2014-03-08 08:50 - 00016778 _____ () C:\Windows\DPINST.LOG
2014-03-08 01:27 - 2014-03-15 12:20 - 00006978 _____ () C:\Windows\setupact.log
2014-03-08 01:27 - 2014-03-08 01:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-26 07:17 - 2014-02-27 03:11 - 01608640 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-14 03:04 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 03:04 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 21:54 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 21:54 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 21:54 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 21:54 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 21:54 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 21:54 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 21:54 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 21:54 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 21:54 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 21:54 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 21:54 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 21:54 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 21:54 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 21:54 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 21:54 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 21:54 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 21:54 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 21:54 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 21:54 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 21:54 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 21:54 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 21:54 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 21:54 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 21:54 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 21:54 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 21:54 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 21:54 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 21:54 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-15 12:22 - 2014-03-12 17:18 - 00021865 _____ () C:\Users\Jörg\Desktop\FRST.txt
2014-03-15 12:21 - 2014-03-12 17:17 - 00000000 ____D () C:\FRST
2014-03-15 12:20 - 2014-03-08 01:27 - 00006978 _____ () C:\Windows\setupact.log
2014-03-15 12:20 - 2012-04-04 11:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-15 12:19 - 2014-03-13 20:24 - 00000000 ____D () C:\Users\Jörg\Desktop\Logs 13.3
2014-03-15 12:11 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-15 12:11 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-15 12:08 - 2014-02-08 14:37 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-03-15 12:07 - 2009-07-14 06:10 - 01239550 _____ () C:\Windows\WindowsUpdate.log
2014-03-15 12:04 - 2010-03-18 20:21 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-15 12:04 - 2009-12-05 10:27 - 00000000 ____D () C:\Users\Jörg\AppData\Local\SoftThinks
2014-03-15 12:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-14 23:35 - 2014-03-09 22:42 - 00009014 _____ () C:\Windows\PFRO.log
2014-03-14 23:02 - 2010-03-18 20:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-14 19:36 - 2009-07-14 18:58 - 00704520 _____ () C:\Windows\system32\perfh007.dat
2014-03-14 19:36 - 2009-07-14 18:58 - 00152326 _____ () C:\Windows\system32\perfc007.dat
2014-03-14 19:36 - 2009-07-14 06:13 - 01634360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 19:35 - 2009-11-30 22:22 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-14 19:30 - 2014-03-14 19:30 - 02347384 _____ (ESET) C:\Users\Jörg\Desktop\esetsmartinstaller_enu.exe
2014-03-14 19:30 - 2014-03-14 19:30 - 00987442 _____ () C:\Users\Jörg\Desktop\SecurityCheck.exe
2014-03-14 17:19 - 2009-11-30 22:06 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-14 15:33 - 2013-05-23 15:36 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-14 03:30 - 2009-07-14 05:45 - 00319440 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 03:28 - 2012-05-09 23:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 03:28 - 2012-05-09 23:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 21:30 - 2014-03-13 21:30 - 00000624 _____ () C:\Users\Jörg\Desktop\JRT.txt
2014-03-13 21:12 - 2014-03-13 21:12 - 00000000 ____D () C:\Windows\ERUNT
2014-03-13 21:06 - 2014-03-13 20:53 - 00000000 ____D () C:\AdwCleaner
2014-03-13 21:06 - 2010-06-18 13:42 - 00000000 ____D () C:\ProgramData\ICQ
2014-03-13 20:50 - 2014-03-13 20:50 - 01037734 _____ (Thisisu) C:\Users\Jörg\Desktop\JRT.exe
2014-03-13 20:33 - 2014-03-13 20:33 - 01949184 _____ () C:\Users\Jörg\Desktop\adwcleaner.exe
2014-03-12 23:31 - 2014-03-12 23:31 - 00029088 _____ () C:\Users\Jörg\Desktop\Combofix.txt
2014-03-12 23:30 - 2014-03-12 23:30 - 00029088 _____ () C:\ComboFix.txt
2014-03-12 23:30 - 2014-03-12 22:15 - 00000000 ____D () C:\Qoobox
2014-03-12 23:30 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-12 23:26 - 2014-03-12 22:14 - 00000000 ____D () C:\Windows\erdnt
2014-03-12 23:19 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-12 18:49 - 2014-03-12 18:49 - 00017255 _____ () C:\Users\Jörg\Desktop\Gmer.7z
2014-03-12 18:37 - 2014-03-12 18:37 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-12 18:37 - 2009-12-25 10:09 - 00000000 ____D () C:\Users\Jörg\Desktop\Jörg
2014-03-12 18:05 - 2009-11-30 22:48 - 00000071 _____ () C:\Windows\SysWOW64\ToasterLauncherLog.log
2014-03-12 18:02 - 2014-03-12 18:02 - 00610082 _____ () C:\Users\Jörg\Desktop\Gmer.log
2014-03-12 17:21 - 2014-03-12 17:19 - 00037046 _____ () C:\Users\Jörg\Desktop\Addition.txt
2014-03-12 17:16 - 2014-03-13 21:33 - 02157056 _____ (Farbar) C:\Users\Jörg\Desktop\FRST64.exe
2014-03-12 17:14 - 2014-03-12 17:14 - 00000000 _____ () C:\Users\Jörg\defogger_reenable
2014-03-12 17:14 - 2009-12-05 10:27 - 00000000 ____D () C:\Users\Jörg
2014-03-12 16:24 - 2014-03-12 16:24 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Malwarebytes
2014-03-12 16:24 - 2014-03-12 16:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 16:23 - 2014-03-12 16:23 - 00001075 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-12 16:23 - 2014-03-12 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 16:21 - 2014-03-12 16:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jörg\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 16:21 - 2014-03-12 16:21 - 00001141 _____ () C:\Users\Jörg\Desktop\Continue Zip Extractor Installation.lnk
2014-03-12 16:19 - 2014-03-12 16:19 - 00687744 _____ ( ) C:\Users\Jörg\Downloads\ZipExtractorSetup.exe
2014-03-12 16:05 - 2012-04-12 19:32 - 00003486 _____ () C:\Windows\Sandboxie.ini
2014-03-12 14:58 - 2011-03-20 04:50 - 00000000 ____D () C:\Program Files (x86)\PC Tools Security
2014-03-12 14:56 - 2011-03-20 04:46 - 00000000 ____D () C:\ProgramData\PC Tools
2014-03-11 22:20 - 2014-03-11 22:20 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-11 22:20 - 2012-04-04 11:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 22:20 - 2012-04-04 11:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 22:20 - 2011-05-18 19:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-10 14:21 - 2014-03-10 14:21 - 00001431 _____ () C:\Users\Jörg\Desktop\sd9setup.exe.lnk
2014-03-10 14:21 - 2014-03-10 14:21 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\TestApp
2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup.exe
2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup (1).exe
2014-03-09 22:58 - 2014-03-09 22:58 - 00263332 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-03-09 09:05 - 2010-01-18 01:04 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-03-09 09:01 - 2014-03-09 09:00 - 02434048 _____ () C:\Users\Jörg\Downloads\msxml.msi
2014-03-09 08:59 - 2010-01-06 23:12 - 00000000 ____D () C:\Users\Jörg\.gimp-2.6
2014-03-08 15:12 - 2011-03-20 04:50 - 02940846 _____ () C:\Windows\system32\Drivers\Cat.DB
2014-03-08 15:11 - 2009-11-30 22:40 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-03-08 12:41 - 2009-12-05 10:28 - 00072368 _____ () C:\Users\Jörg\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-08 08:56 - 2009-12-25 10:10 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-03-08 08:50 - 2014-03-08 08:43 - 00016778 _____ () C:\Windows\DPINST.LOG
2014-03-08 08:50 - 2010-04-20 20:23 - 00000000 ____D () C:\ProgramData\SMART Technologies
2014-03-08 08:41 - 2012-11-26 19:11 - 00000000 ____D () C:\ProgramData\LAT 2.0 Deutsch
2014-03-08 01:27 - 2014-03-08 01:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-08 01:24 - 2010-01-26 23:38 - 00000000 ____D () C:\Windows\Minidump
2014-03-08 01:24 - 2009-11-30 23:38 - 00000000 ____D () C:\Windows\Panther
2014-03-08 00:57 - 2010-01-05 23:37 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-08 00:57 - 2010-01-05 23:37 - 00000000 ____D () C:\ProgramData\Skype
2014-03-01 07:05 - 2014-03-13 21:35 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 21:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 21:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 21:36 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 21:35 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 21:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 21:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 21:36 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 21:35 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 21:35 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 21:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 21:35 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 21:36 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 21:35 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 21:35 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 21:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 21:35 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 21:35 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 21:36 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 21:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 21:36 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 21:36 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 21:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 21:35 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 21:35 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 21:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 21:36 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 21:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 21:35 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 21:35 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 21:35 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 21:35 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 21:36 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 21:36 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 21:35 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 21:36 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 21:35 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 21:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 21:35 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 21:35 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-27 03:11 - 2014-02-26 07:17 - 01608640 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-23 20:13 - 2010-11-09 10:57 - 02967552 ___SH () C:\Users\Jörg\Desktop\Thumbs.db
2014-02-22 12:14 - 2013-05-23 15:34 - 00000000 ____D () C:\Program Files\My Dell
2014-02-22 12:14 - 2009-11-30 22:24 - 00000000 ____D () C:\ProgramData\PCDr
2014-02-17 03:08 - 2013-07-18 02:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 03:04 - 2009-12-25 19:00 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 04:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-13 14:57 - 2010-03-18 20:21 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 14:57 - 2010-03-18 20:21 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Files to move or delete:
====================
C:\Users\Jörg\AmazonMP3Installer-de_DE.exe
C:\Users\Jörg\gwave555.exe
C:\Users\Jörg\vlc-1.1.0-win32.exe


Some content of TEMP:
====================
C:\Users\Jörg\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-11 19:44

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Sieht gut aus?

Alt 15.03.2014, 16:47   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware - Standard

Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.03.2014, 07:31   #9
FLT1980
 
Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware - Standard

Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware



Danke, ich habe nun alles erfolgreich bereinigt. Ich habe mir auch ein paar der Programme zugelegt, die du empfohlen hast, ein paar hatte ich auch schon seit meinem letzten Trojanerbefall vor 2 Jahren auf den Rechnern. Damals wurde auch Sandboxie noch empfohlen, welches ich auch auf beiden Rechnern verwende. Kann ich das Programm auch weiterhin benutzen? Bin eigentlich zufrieden damit!

Und jetzt, da der erste Schrecken vorbei ist, habe ich doch eine Frage: Warum habe ich "Glück" gehabt und musste die Festplatte nicht neu aufsetzen, wie es anderen ergangen ist, die SpyEyes auf dem PC hatten, war der Trojaner noch nicht aktiv geworden?

Auf jeden Fall noch mal vielen Dank für die schnelle und freundliche Hilfe! Auf euch ist wirklich Verlass! :-)

Alt 17.03.2014, 08:49   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware - Standard

Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware



KLar kannste Sandboxie weiter nutzen.

Zitat:
Warum habe ich "Glück" gehabt und musste die Festplatte nicht neu aufsetzen, wie es anderen ergangen ist,
Haste dazu ein konretes Beispiel, wer Neuaufsetzen musste?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.03.2014, 16:52   #11
FLT1980
 
Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware - Standard

Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware



Nein, ich hatte mich nur einfach "schlau" gelesen (soll heißen wild umhergegoogelt) und bin dann ganz ehrlich etwas panisch geworden. Im Moment läuft ja alles super und ich gehe davon aus, dass zumindest dieser Laptop sein letztes schwerwiegendes Problem hatte, bald gibt es erstmal einen neuen! :-)

Alt 19.03.2014, 12:54   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware - Standard

Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware



Wenn Neuaufsetzen angesagt wäre hätte ich das gesagt
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware
adobe, appdatalow, branding, browser, continue, converter, defender, der lokale bluetooth-adapter ist aus einem unbekannten grund fehlgeschlagen, desktop, error, excel, explorer, fehler, firefox, flash player, google, home, homepage, icreinstall, mcafee firewall, msiinstaller, netzwerk, phishing, problem, registry, scan, secunia psi, services.exe, siteadvisor, software, system, temp, winlogon.exe



Ähnliche Themen: Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware


  1. Malwarebytes Anti-Malware Fund: PUP.Optional.Conduit.A
    Plagegeister aller Art und deren Bekämpfung - 02.08.2015 (9)
  2. Malwarebytes Anti-Malware meldet beim Scan Funde!
    Plagegeister aller Art und deren Bekämpfung - 30.11.2014 (11)
  3. Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2
    Plagegeister aller Art und deren Bekämpfung - 13.08.2014 (15)
  4. PUP Funde nach Scan mit Malwarebytes Anti-Malware
    Plagegeister aller Art und deren Bekämpfung - 25.04.2014 (15)
  5. Fund bei Suchlauf mit Malwarebytes Anti-Malware
    Plagegeister aller Art und deren Bekämpfung - 15.12.2013 (15)
  6. Malwarebytes Anti-Malware Scan findet zwei Viren
    Log-Analyse und Auswertung - 07.12.2013 (25)
  7. Full Scan Malwarebytes Anti-Malware findet 2 infizierte Datein
    Log-Analyse und Auswertung - 04.10.2013 (1)
  8. 60 Infizierte Objekte bei MalwareBytes Anti-Malware Scan :-(
    Plagegeister aller Art und deren Bekämpfung - 15.09.2013 (7)
  9. Malwarebytes Anti-Malware meldet 218 infizierte Objekte im Quick-Scan
    Log-Analyse und Auswertung - 10.09.2013 (12)
  10. MyStart by IncrediBar.com / Ergebnis des Scan mit Malwarebytes Anti-Malware
    Log-Analyse und Auswertung - 28.12.2012 (21)
  11. PUP.Blabbers bei Malwarebytes Anti-Malware Scan gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (14)
  12. 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware Scan
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (43)
  13. Logfile nach Scan mit Malwarebytes Anti-Malware
    Log-Analyse und Auswertung - 27.07.2012 (1)
  14. Geldaufforderung während Scan von Malwarebytes Anti-Malware
    Plagegeister aller Art und deren Bekämpfung - 16.12.2011 (20)
  15. Malwarebytes' Anti-Malware hat Trojan.ZbotR.Gen, Trojan.Agent und Malware.Trace entdeckt - und nun?
    Log-Analyse und Auswertung - 18.07.2011 (32)
  16. Mehrere Funde mit Malwarebytes: Malware.Packer.Gen, Spyware.SpyEyes (3x), Trojan.Agent (2x)
    Plagegeister aller Art und deren Bekämpfung - 10.08.2010 (29)
  17. Malwarebytes Anti-Malware 1.46 lässt sich nach dem Scan nichtmehr öffnen
    Plagegeister aller Art und deren Bekämpfung - 30.07.2010 (1)

Zum Thema Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware - Hallo liebe Helfer! Ich habe vorhin seit langem mal wieder Malwarebytes Anti-Malware durchlaufen lassen und dabei leider zweimal einen Befall mit Trojan-SpyEyes gefunden. Ich habe zunächst bei MBAM nichts unternommen - Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware...
Archiv
Du betrachtest: Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.