Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: WIN 8: Trojan.Zbot aus Spam-Mail

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.04.2014, 16:41   #1
broko
 
WIN 8: Trojan.Zbot aus Spam-Mail - Standard

WIN 8: Trojan.Zbot aus Spam-Mail



Liebes Trojaner-Board,

mein Vater war unachtsam und hat vor ein paar Tagen eine .exe einer SPAM-Mail geöffnet. Seitdem hat er keine Einschränkungen am PC festgestellt.

Der McAfee Virenscanner meldet "keine Bedrohung", allerdings hat er drei Trojaner festgetellt.

Daraufhin habe ich Malwarebytes heruntergeladen. Der log zeigt einige vedächtige Dateien. Unter anderem der Trojan.Zbot, der sich bei den Downloads als Rechnung.exe verbirgt. Was die .exe angerichtet hat, würde ich nun gerne mit Euch herausfinden. Wäre toll, wenn uns jemand helfen könnte. Vielen Dank im voraus!

Gruß,
Marco

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 20.04.2014
Scan Time: 12:27:11
Logfile: 20042014.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.20.03
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Peter

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 245324
Time Elapsed: 1 hr, 38 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, , [256ec963017ae3539374af9e20e2d62a], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, , [256ec963017ae3539374af9e20e2d62a], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-3406209320-4008881683-4255431915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, , [0d86e943f6853bfbdfb4e435f1114db3], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-3406209320-4008881683-4255431915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, , [0d86e943f6853bfbdfb4e435f1114db3], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.Wajam, C:\Users\Peter\AppData\Local\Temp\DLG_aRJy\exe\wajam-internet-technologies-wajam-1.0-de-de\wajam_download.exe, , [890a5dcf7209d363ec7553cbc63aae52], 
PUP.Optional.Conduit.A, C:\Users\Peter\AppData\Local\Temp\DLG_aRJy\requirements\SPIdentifier.exe, , [a3f03def7902d56160f557b0857c9070], 
PUP.Optional.Breitschopp, C:\Users\Peter\Downloads\agsetup183se.exe, , [2370ca623c3f61d570e80e0dc1430af6], 
Trojan.Zbot, C:\Users\Peter\Downloads\Rechnung.exe, , [e9aa0f1d14672e08ee9a204da16009f7], 

Physical Sectors: 0
(No malicious items detected)


(end)
         
Die von Euch gewünschten logs habe ich durchgefürt.

defogger:
Code:
ATTFilter
 
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:19 on 20/04/2014 (Peter)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Farbar's Recovery Scan Tool

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014
Ran by Peter (administrator) on DAGMAR on 20-04-2014 15:22:04
Running from C:\Users\Peter\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-02-01] (Dell Inc.)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3406209320-4008881683-4255431915-1001\...\Run: [BrowserChoice] => C:\Windows\BrowserChoice\browserchoice.exe [86696 2012-08-15] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKLM - DefaultScope {F478D88F-5D13-4723-9FE3-52113C979269} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {F478D88F-5D13-4723-9FE3-52113C979269} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope {F478D88F-5D13-4723-9FE3-52113C979269} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {F478D88F-5D13-4723-9FE3-52113C979269} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {F478D88F-5D13-4723-9FE3-52113C979269} URL = 
SearchScopes: HKCU - {F478D88F-5D13-4723-9FE3-52113C979269} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\6mpq2kr1.default
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-05-01]

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-20] (Malwarebytes Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-20 15:22 - 2014-04-20 15:22 - 00014052 _____ () C:\Users\Peter\Downloads\FRST.txt
2014-04-20 15:21 - 2014-04-20 15:22 - 00000000 ____D () C:\FRST
2014-04-20 15:20 - 2014-04-20 15:20 - 02055680 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2014-04-20 15:19 - 2014-04-20 15:19 - 00050477 _____ () C:\Users\Peter\Downloads\Defogger.exe
2014-04-20 15:19 - 2014-04-20 15:19 - 00000472 _____ () C:\Users\Peter\Downloads\defogger_disable.log
2014-04-20 15:19 - 2014-04-20 15:19 - 00000000 _____ () C:\Users\Peter\defogger_reenable
2014-04-20 12:28 - 2014-04-20 12:28 - 00020992 ___SH () C:\Users\Peter\Downloads\Thumbs.db
2014-04-20 12:27 - 2014-04-20 12:27 - 00002258 _____ () C:\20042014.txt
2014-04-20 12:22 - 2014-04-20 12:22 - 00122976 _____ (Kaspersky Lab ZAO) C:\Users\Peter\Downloads\zbotkiller.exe
2014-04-20 12:18 - 2014-04-20 12:29 - 00014884 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 12:12 - 2014-04-20 12:12 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-20 12:12 - 2014-04-20 12:12 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-20 12:12 - 2014-04-20 12:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-20 12:11 - 2014-04-20 12:12 - 03710504 _____ (Piriform Ltd) C:\Users\Peter\Downloads\ccsetup412_slim.exe
2014-04-20 10:54 - 2014-04-20 10:54 - 00000000 ____D () C:\ProgramData\softthinks
2014-04-20 10:54 - 2013-05-24 03:37 - 00000094 ____H () C:\DBAR_Ver.txt
2014-04-20 10:48 - 2014-04-20 10:48 - 00000000 ___RD () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-20 10:20 - 2014-04-20 10:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 10:20 - 2014-04-20 10:20 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-20 10:19 - 2014-04-20 10:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-20 10:19 - 2014-04-20 10:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-20 10:19 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-20 10:19 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-20 10:19 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-20 08:51 - 2014-04-20 08:51 - 00325704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-15 20:17 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-15 20:17 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-15 20:17 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-15 20:17 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-15 20:17 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-15 20:17 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-15 20:17 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-15 20:17 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-15 20:17 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-15 20:17 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-15 20:17 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-15 20:17 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-15 20:17 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-15 20:17 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-15 20:17 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-15 20:17 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-15 20:17 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-15 20:17 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-15 20:17 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-15 20:17 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-15 20:14 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-15 20:14 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-15 20:14 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-15 20:14 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-30 21:18 - 2014-03-30 21:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-23 14:22 - 2014-03-24 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2014-04-20 15:22 - 2014-04-20 15:22 - 00014052 _____ () C:\Users\Peter\Downloads\FRST.txt
2014-04-20 15:22 - 2014-04-20 15:21 - 00000000 ____D () C:\FRST
2014-04-20 15:20 - 2014-04-20 15:20 - 02055680 _____ (Farbar) C:\Users\Peter\Downloads\FRST64.exe
2014-04-20 15:19 - 2014-04-20 15:19 - 00050477 _____ () C:\Users\Peter\Downloads\Defogger.exe
2014-04-20 15:19 - 2014-04-20 15:19 - 00000472 _____ () C:\Users\Peter\Downloads\defogger_disable.log
2014-04-20 15:19 - 2014-04-20 15:19 - 00000000 _____ () C:\Users\Peter\defogger_reenable
2014-04-20 15:19 - 2013-07-05 19:48 - 00000000 ____D () C:\Users\Peter
2014-04-20 15:06 - 2013-10-03 07:20 - 00043520 ___SH () C:\Users\Peter\Desktop\Thumbs.db
2014-04-20 13:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-20 12:29 - 2014-04-20 12:18 - 00014884 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 12:28 - 2014-04-20 12:28 - 00020992 ___SH () C:\Users\Peter\Downloads\Thumbs.db
2014-04-20 12:27 - 2014-04-20 12:27 - 00002258 _____ () C:\20042014.txt
2014-04-20 12:22 - 2014-04-20 12:22 - 00122976 _____ (Kaspersky Lab ZAO) C:\Users\Peter\Downloads\zbotkiller.exe
2014-04-20 12:14 - 2013-07-31 07:39 - 00000000 ____D () C:\Users\Peter\AppData\Local\CrashDumps
2014-04-20 12:14 - 2013-05-02 05:43 - 00000000 ____D () C:\Windows\Panther
2014-04-20 12:12 - 2014-04-20 12:12 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-20 12:12 - 2014-04-20 12:12 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-20 12:12 - 2014-04-20 12:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-20 12:12 - 2014-04-20 12:11 - 03710504 _____ (Piriform Ltd) C:\Users\Peter\Downloads\ccsetup412_slim.exe
2014-04-20 11:29 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-04-20 11:11 - 2013-08-18 09:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-20 11:08 - 2013-07-14 10:53 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-20 10:54 - 2014-04-20 10:54 - 00000000 ____D () C:\ProgramData\softthinks
2014-04-20 10:54 - 2013-07-05 20:23 - 00000000 ____D () C:\Users\Peter\AppData\Local\softthinks
2014-04-20 10:54 - 2013-05-01 21:48 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-04-20 10:52 - 2012-07-26 12:27 - 00754172 _____ () C:\Windows\system32\perfh007.dat
2014-04-20 10:52 - 2012-07-26 12:27 - 00156362 _____ () C:\Windows\system32\perfc007.dat
2014-04-20 10:52 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-20 10:48 - 2014-04-20 10:48 - 00000000 ___RD () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-20 10:48 - 2014-04-20 10:20 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 10:46 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 10:45 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-20 10:26 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-04-20 10:20 - 2014-04-20 10:20 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-20 10:19 - 2014-04-20 10:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-20 10:19 - 2014-04-20 10:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-20 09:06 - 2013-07-05 19:51 - 00000000 ____D () C:\Users\Peter\Documents\Bluetooth Folder
2014-04-20 08:58 - 2013-07-05 19:50 - 00000000 ___RD () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-20 08:58 - 2013-07-05 19:50 - 00000000 ___RD () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-20 08:53 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-20 08:53 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-20 08:52 - 2013-05-01 21:53 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-04-20 08:51 - 2014-04-20 08:51 - 00325704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-20 08:50 - 2013-07-13 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-15 20:41 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-13 23:02 - 2013-07-05 19:58 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-04-03 09:51 - 2014-04-20 10:19 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-20 10:19 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-20 10:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 06:20 - 2013-07-16 22:49 - 00000000 ____D () C:\Users\Peter\AppData\Local\Windows Live
2014-04-03 00:15 - 2013-07-14 11:57 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-03-31 23:18 - 2013-11-17 12:05 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2013-11-17 12:05 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-30 21:18 - 2014-03-30 21:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-24 20:50 - 2014-03-23 14:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-22 11:10 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-22 11:10 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-22 11:10 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-22 11:10 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

Some content of TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-07 07:16

==================== End Of Log ============================
         


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2014
Ran by Peter at 2014-04-20 15:23:10
Running from C:\Users\Peter\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon MG4200 series Benutzerregistrierung (HKLM-x32\...\Canon MG4200 series Benutzerregistrierung) (Version:  - Canon Inc.‎)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
Canon MG4200 series On-screen Manual (HKLM-x32\...\Canon MG4200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.2417 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2413 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4828.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.5.618 - Foxit Corporation)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version: 3.8.0.0 - Ifolor AG)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4605.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.017 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

02-04-2014 20:26:14 Geplanter Prüfpunkt
15-04-2014 18:17:44 Windows Update
20-04-2014 09:05:06 Windows Update

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {07DAF570-ABC4-4B82-B3AC-CF7A6BF2DFCE} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {1AA14FE8-9ECC-4EA4-ABBA-750EF73CDDDB} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {46BDB02D-5646-4932-A295-CA3AF21A280B} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {4BC34443-4226-44FD-A4AD-DC071E02AB71} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: {4D5535B9-877F-4950-8870-D0B616B02408} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {6A641042-6F4E-4989-87E7-54F839278B88} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {6B70CD78-D1A4-4EB2-8D12-7C7392D3FF5F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {6B965CC2-1534-4F3C-8829-4B8BD23A224D} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {78E12D59-1C95-4CB5-B9CA-567A4C8875DB} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8C19EA27-8B01-4771-A53B-647DDE29CB5C} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {ABFE222D-79EB-4B22-9D99-B717251E2672} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

==================== Loaded Modules (whitelisted) =============

2014-03-22 11:24 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-07-05 19:58 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-05-01 21:46 - 2012-04-25 04:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-05-02 05:59 - 2013-01-03 00:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-12-28 13:39 - 2012-12-28 13:39 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-28 13:36 - 2012-12-28 13:36 - 00084480 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2012-12-28 13:41 - 2012-12-28 13:41 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2013-05-02 06:03 - 2012-10-16 12:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-06 18:09 - 2013-04-20 00:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-07-06 18:09 - 2013-04-20 00:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2014-02-19 17:11 - 2014-02-19 17:11 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\5baeeabc4ba71e8eeb8ccc7162c475b2\PSIClient.ni.dll
2013-05-01 21:44 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-05-01 21:34 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-07-06 18:09 - 2013-05-03 01:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll
2014-03-30 21:18 - 2014-03-30 21:18 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Peter\Documents\Vogel 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Peter\Documents\Vogel 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Peter\Documents\Vogel 1.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Peter\Documents\Vogel 1.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Peter\Documents\Vogel 2.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Peter\Documents\Vogel 2.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Peter\Documents\vogel 3.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Peter\Documents\vogel 3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Peter\Documents\vogel 4.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Peter\Documents\vogel 4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Peter\Documents\vogel 5.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Peter\Documents\vogel 5.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Peter\Documents\vogel 6.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Peter\Documents\vogel 6.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2014 09:00:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: DAGMAR)
Description: Bei der Aktivierung der App „McAfeeInc.01.McAfeeSecurityAdvisorforDell_n49tcsmxt2t2c!SecurityAdvisor“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/20/2014 09:00:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: DAGMAR)
Description: Die App „McAfeeInc.01.McAfeeSecurityAdvisorforDell_n49tcsmxt2t2c!SecurityAdvisor“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.

Error: (04/15/2014 09:17:07 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (04/14/2014 04:56:45 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (04/10/2014 05:57:48 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TOASTER.EXE, Version: 1.0.0.44, Zeitstempel: 0x50b3754f
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0572ad5f
ID des fehlerhaften Prozesses: 0xfa8
Startzeit der fehlerhaften Anwendung: 0xTOASTER.EXE0
Pfad der fehlerhaften Anwendung: TOASTER.EXE1
Pfad des fehlerhaften Moduls: TOASTER.EXE2
Berichtskennung: TOASTER.EXE3
Vollständiger Name des fehlerhaften Pakets: TOASTER.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TOASTER.EXE5

Error: (04/10/2014 05:57:46 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: TOASTER.EXE
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.Run()
   bei System.Windows.Application.RunDispatcher(System.Object)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run(System.Windows.Window)
   bei Toaster.App.Main()

Error: (04/10/2014 05:57:46 PM) (Source: TOASTER.EXE) (User: )
Description: An Unhandled Exception occured.
Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Toaster.Helper.GetDelayBeforeReminders(ObservableCollection`1 notificationHelpers)
   bei Toaster.ToasterTimerManager.SetNextNotification()
   bei Toaster.ToasterTimerManager.UpdateAllTimers()
   bei Toaster.ToasterTimerManager.InitTimers()
   bei Toaster.ToasterTimerManager.GetInstance()
   bei Toaster.MainWindowViewModel..ctor()
   bei Toaster.App.OnStartup(StartupEventArgs e)
   bei System.Windows.Application.<.ctor>b__1(Object unused)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (04/10/2014 05:04:19 PM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (04/07/2014 09:16:45 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (04/07/2014 07:23:13 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: McUpdate.exe, Version: 12.8.934.0, Zeitstempel: 0x52e74787
Name des fehlerhaften Moduls: McUpdate.exe, Version: 12.8.934.0, Zeitstempel: 0x52e74787
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000007ba91
ID des fehlerhaften Prozesses: 0x221c
Startzeit der fehlerhaften Anwendung: 0xMcUpdate.exe0
Pfad der fehlerhaften Anwendung: McUpdate.exe1
Pfad des fehlerhaften Moduls: McUpdate.exe2
Berichtskennung: McUpdate.exe3
Vollständiger Name des fehlerhaften Pakets: McUpdate.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: McUpdate.exe5


System errors:
=============
Error: (04/20/2014 10:46:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1243

Error: (04/20/2014 09:41:07 AM) (Source: Service Control Manager) (User: )
Description: Dienst "SoftThinks Agent Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/20/2014 08:57:34 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1243

Error: (04/20/2014 08:56:29 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueBasic

Error: (04/20/2014 08:56:29 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueNegotiate

Error: (04/20/2014 08:56:29 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueNTLM

Error: (04/20/2014 08:56:29 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueWDigest

Error: (04/20/2014 08:55:28 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SoftThinks Agent Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/20/2014 08:55:28 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SoftThinks Agent Service erreicht.

Error: (04/20/2014 08:52:09 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1243


Microsoft Office Sessions:
=========================
Error: (04/20/2014 09:00:13 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: DAGMAR)
Description: McAfeeInc.01.McAfeeSecurityAdvisorforDell_n49tcsmxt2t2c!SecurityAdvisor-2144927142

Error: (04/20/2014 09:00:11 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: DAGMAR)
Description: McAfeeInc.01.McAfeeSecurityAdvisorforDell_n49tcsmxt2t2c!SecurityAdvisor

Error: (04/15/2014 09:17:07 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (04/14/2014 04:56:45 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (04/10/2014 05:57:48 PM) (Source: Application Error)(User: )
Description: TOASTER.EXE1.0.0.4450b3754funknown0.0.0.000000000c00000050572ad5ffa801cf54d59d34bd97C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXEunknowndc448c7b-c0c8-11e3-be7b-1c3e84977c8e

Error: (04/10/2014 05:57:46 PM) (Source: .NET Runtime)(User: )
Description: Anwendung: TOASTER.EXE
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.Run()
   bei System.Windows.Application.RunDispatcher(System.Object)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run(System.Windows.Window)
   bei Toaster.App.Main()

Error: (04/10/2014 05:57:46 PM) (Source: TOASTER.EXE)(User: )
Description: An Unhandled Exception occured.
Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Toaster.Helper.GetDelayBeforeReminders(ObservableCollection`1 notificationHelpers)
   bei Toaster.ToasterTimerManager.SetNextNotification()
   bei Toaster.ToasterTimerManager.UpdateAllTimers()
   bei Toaster.ToasterTimerManager.InitTimers()
   bei Toaster.ToasterTimerManager.GetInstance()
   bei Toaster.MainWindowViewModel..ctor()
   bei Toaster.App.OnStartup(StartupEventArgs e)
   bei System.Windows.Application.<.ctor>b__1(Object unused)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (04/10/2014 05:04:19 PM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d

Error: (04/07/2014 09:16:45 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (04/07/2014 07:23:13 AM) (Source: Application Error)(User: )
Description: McUpdate.exe12.8.934.052e74787McUpdate.exe12.8.934.052e7478740000015000000000007ba91221c01cf521ccc856ed3C:\Program Files\mcafee.com\agent\McUpdate.exeC:\Program Files\mcafee.com\agent\McUpdate.exeb66718de-be14-11e3-be7b-1c3e84977c8e


==================== Memory info =========================== 

Percentage of memory in use: 56%
Total physical RAM: 3965.27 MB
Available physical RAM: 1711.61 MB
Total Pagefile: 4669.27 MB
Available Pagefile: 2425.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.02 GB) (Free:412.36 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: F6E63F39)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Gmer:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-20 15:45:35
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000035 Hitachi_HTS545050A7E380 rev.GG2OA950 465,76GB
Running: zdm529y6.exe; Driver: C:\Users\Peter\AppData\Local\Temp\ufloapoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                    000007f8fdb24401 8 bytes JMP 000007f9fdb10501
.text   C:\Windows\system32\csrss.exe[524] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                             000007f8fdb531c4 5 bytes JMP 000007f9fdb10430
.text   C:\Windows\system32\csrss.exe[524] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                     000007f8fb0abee0 5 bytes JMP 000007f8fdb106a3
.text   C:\Windows\system32\csrss.exe[524] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                     000007f8fb0d1850 12 bytes JMP 000007f8fdb105d2
.text   C:\Windows\system32\csrss.exe[524] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                          000007f8fb63aa90 6 bytes JMP 000007f8fdb10845
.text   C:\Windows\system32\csrss.exe[524] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                   000007f8fb64bc60 6 bytes JMP 000007f8fdb10774
.text   C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                          000007f8fdb531c4 5 bytes JMP 000007f9fdb10430
.text   C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                    000007f8fdb24401 8 bytes JMP 000007f9fdb10501
.text   C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                             000007f8fdb531c4 5 bytes JMP 000007f9fdb10430
.text   C:\Windows\system32\csrss.exe[624] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                     000007f8fb0abee0 5 bytes JMP 000007f8fdb106a3
.text   C:\Windows\system32\csrss.exe[624] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                     000007f8fb0d1850 12 bytes JMP 000007f8fdb105d2
.text   C:\Windows\system32\csrss.exe[624] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                          000007f8fb63aa90 6 bytes JMP 000007f8fdb10845
.text   C:\Windows\system32\csrss.exe[624] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                   000007f8fb64bc60 6 bytes JMP 000007f8fdb10774
.text   C:\Windows\system32\winlogon.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                 000007f8fdb24401 8 bytes JMP 000007f9fdb10501
.text   C:\Windows\system32\winlogon.exe[660] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                          000007f8fdb531c4 5 bytes JMP 000007f9fdb10430
.text   C:\Windows\system32\winlogon.exe[660] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                  000007f8fb0abee0 5 bytes JMP 000007f8fdb106a3
.text   C:\Windows\system32\winlogon.exe[660] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                  000007f8fb0d1850 12 bytes JMP 000007f8fdb105d2
.text   C:\Windows\system32\winlogon.exe[660] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                       000007f8fb63aa90 6 bytes JMP 000007f8fdb10845
.text   C:\Windows\system32\winlogon.exe[660] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                000007f8fb64bc60 6 bytes JMP 000007f8fdb10774
.text   C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                    000007f8fdb24401 8 bytes JMP 000007f9fdb10501
.text   C:\Windows\system32\lsass.exe[688] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                             000007f8fdb531c4 5 bytes JMP 000007f9fdb10430
.text   C:\Windows\system32\lsass.exe[688] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                          000007f8fb63aa90 6 bytes JMP 000007f8fdb106a3
.text   C:\Windows\system32\lsass.exe[688] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                   000007f8fb64bc60 6 bytes JMP 000007f8fdb105d2
.text   C:\Windows\system32\lsass.exe[688] C:\Windows\system32\lsasrv.dll!LsarLookupSids                                                        000007f8fa67aec0 5 bytes JMP 000007f8fdb10845
.text   C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                  000007f8fdb24401 8 bytes JMP 000007f9fda70501
.text   C:\Windows\system32\svchost.exe[796] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                           000007f8fdb531c4 5 bytes JMP 000007f9fda70430
.text   C:\Windows\system32\svchost.exe[796] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                        000007f8fb63aa90 6 bytes JMP 000007f8fda706a3
.text   C:\Windows\system32\svchost.exe[796] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                 000007f8fb64bc60 6 bytes JMP 000007f8fda705d2
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                  000007f8fdb24401 8 bytes JMP 000007f9fda70501
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                           000007f8fdb531c4 5 bytes JMP 000007f9fda70430
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                        000007f8fb63aa90 6 bytes JMP 000007f8fda706a3
.text   C:\Windows\system32\svchost.exe[948] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                 000007f8fb64bc60 6 bytes JMP 000007f8fda705d2
.text   C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                  000007f8fdb24401 8 bytes JMP 000007f9fda70501
.text   C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                           000007f8fdb531c4 5 bytes JMP 000007f9fda70430
.text   C:\Windows\System32\svchost.exe[344] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                        000007f8fb63aa90 6 bytes JMP 000007f8fda70845
.text   C:\Windows\System32\svchost.exe[344] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                 000007f8fb64bc60 6 bytes JMP 000007f8fda70774
.text   C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW                                                   000007f8fb0abee0 5 bytes JMP 000007f8fda706a3
.text   C:\Windows\System32\svchost.exe[344] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA                                                   000007f8fb0d1850 12 bytes JMP 000007f8fda705d2
.text   C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                  000007f8fdb24401 8 bytes JMP 000007f9fd7c0501
.text   C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                           000007f8fdb531c4 5 bytes JMP 000007f9fd7c0430
.text   C:\Windows\system32\svchost.exe[532] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                        000007f8fb63aa90 6 bytes JMP 000007f8fd7c0845
.text   C:\Windows\system32\svchost.exe[532] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                 000007f8fb64bc60 6 bytes JMP 000007f8fd7c0774
.text   C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW                                                   000007f8fb0abee0 5 bytes JMP 000007f8fd7c06a3
.text   C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA                                                   000007f8fb0d1850 12 bytes JMP 000007f8fd7c05d2
.text   C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                  000007f8fdb24401 8 bytes JMP 000007f9fda70501
.text   C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                           000007f8fdb531c4 5 bytes JMP 000007f9fda70430
.text   C:\Windows\system32\svchost.exe[732] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                        000007f8fb63aa90 6 bytes JMP 000007f8fda70845
.text   C:\Windows\system32\svchost.exe[732] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                 000007f8fb64bc60 6 bytes JMP 000007f8fda70774
.text   C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW                                                   000007f8fb0abee0 5 bytes JMP 000007f8fda706a3
.text   C:\Windows\system32\svchost.exe[732] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA                                                   000007f8fb0d1850 12 bytes JMP 000007f8fda705d2
.text   C:\Windows\System32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                  000007f8fdb24401 8 bytes JMP 000007f9fd7c0501
.text   C:\Windows\System32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                           000007f8fdb531c4 5 bytes JMP 000007f9fd7c0430
.text   C:\Windows\System32\svchost.exe[868] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                        000007f8fb63aa90 6 bytes JMP 000007f8fd7c0845
.text   C:\Windows\System32\svchost.exe[868] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                 000007f8fb64bc60 6 bytes JMP 000007f8fd7c0774
.text   C:\Windows\System32\svchost.exe[868] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW                                                   000007f8fb0abee0 5 bytes JMP 000007f8fd7c06a3
.text   C:\Windows\System32\svchost.exe[868] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA                                                   000007f8fb0d1850 12 bytes JMP 000007f8fd7c05d2
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1108] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                 000007f8f6df1532 4 bytes [DF, F6, F8, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1108] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                 000007f8f6df153a 4 bytes [DF, F6, F8, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1108] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                               000007f8f6df165a 4 bytes [DF, F6, F8, 07]
.text   C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                 000007f8fdb24401 8 bytes JMP 000007f9fda70501
.text   C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                          000007f8fdb531c4 5 bytes JMP 000007f9fda70430
.text   C:\Windows\system32\svchost.exe[1132] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                       000007f8fb63aa90 6 bytes JMP 000007f8fda70845
.text   C:\Windows\system32\svchost.exe[1132] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                000007f8fb64bc60 6 bytes JMP 000007f8fda70774
.text   C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW                                                  000007f8fb0abee0 5 bytes JMP 000007f8fda706a3
.text   C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA                                                  000007f8fb0d1850 12 bytes JMP 000007f8fda705d2
.text   C:\Windows\System32\spoolsv.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                 000007f8fdb24401 8 bytes JMP 000007f9fdb10501
.text   C:\Windows\System32\spoolsv.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                          000007f8fdb531c4 5 bytes JMP 000007f9fdb10430
.text   C:\Windows\System32\spoolsv.exe[1436] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                  000007f8fb0abee0 5 bytes JMP 000007f8fdb106a3
.text   C:\Windows\System32\spoolsv.exe[1436] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                  000007f8fb0d1850 12 bytes JMP 000007f8fdb105d2
.text   C:\Windows\System32\spoolsv.exe[1436] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                       000007f8fb63aa90 6 bytes JMP 000007f8fdb10845
.text   C:\Windows\System32\spoolsv.exe[1436] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                000007f8fb64bc60 6 bytes JMP 000007f8fdb10774
.text   C:\Windows\System32\spoolsv.exe[1436] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                      000007f8fd7c177a 4 bytes [7C, FD, F8, 07]
.text   C:\Windows\System32\spoolsv.exe[1436] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                      000007f8fd7c1782 4 bytes [7C, FD, F8, 07]
.text   C:\Windows\system32\svchost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                 000007f8fdb24401 8 bytes JMP 000007f9fda70501
.text   C:\Windows\system32\svchost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                          000007f8fdb531c4 5 bytes JMP 000007f9fda70430
.text   C:\Windows\system32\svchost.exe[1488] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                       000007f8fb63aa90 6 bytes JMP 000007f8fda70845
.text   C:\Windows\system32\svchost.exe[1488] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                000007f8fb64bc60 6 bytes JMP 000007f8fda70774
.text   C:\Windows\system32\svchost.exe[1488] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW                                                  000007f8fb0abee0 5 bytes JMP 000007f8fda706a3
.text   C:\Windows\system32\svchost.exe[1488] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA                                                  000007f8fb0d1850 12 bytes JMP 000007f8fda705d2
.text   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1668] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306  000007f8fd7c177a 4 bytes [7C, FD, F8, 07]
.text   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1668] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314  000007f8fd7c1782 4 bytes [7C, FD, F8, 07]
.text   C:\Windows\system32\mfevtps.exe[1868] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306                                      000007f8fd7c177a 4 bytes [7C, FD, F8, 07]
.text   C:\Windows\system32\mfevtps.exe[1868] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314                                      000007f8fd7c1782 4 bytes [7C, FD, F8, 07]
.text   C:\Windows\system32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                 000007f8fdb24401 8 bytes JMP 000007f9fd7c0501
.text   C:\Windows\system32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                          000007f8fdb531c4 5 bytes JMP 000007f9fd7c0430
.text   C:\Windows\system32\svchost.exe[1732] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                       000007f8fb63aa90 6 bytes JMP 000007f8fd7c0845
.text   C:\Windows\system32\svchost.exe[1732] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                000007f8fb64bc60 6 bytes JMP 000007f8fd7c0774
.text   C:\Windows\system32\svchost.exe[1732] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                  000007f8fb0abee0 5 bytes JMP 000007f8fd7c06a3
.text   C:\Windows\system32\svchost.exe[1732] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                  000007f8fb0d1850 12 bytes JMP 000007f8fd7c05d2
.text   C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2108] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306             000007f8fd7c177a 4 bytes [7C, FD, F8, 07]
.text   C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2108] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314             000007f8fd7c1782 4 bytes [7C, FD, F8, 07]
.text   C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                 000007f8fdb24401 8 bytes JMP 000007f9fda70501
.text   C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                          000007f8fdb531c4 5 bytes JMP 000007f9fda70430
.text   C:\Windows\system32\svchost.exe[2512] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                       000007f8fb63aa90 6 bytes JMP 000007f8fda70845
.text   C:\Windows\system32\svchost.exe[2512] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                000007f8fb64bc60 6 bytes JMP 000007f8fda70774
.text   C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW                                                  000007f8fb0abee0 5 bytes JMP 000007f8fda706a3
.text   C:\Windows\system32\svchost.exe[2512] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA                                                  000007f8fb0d1850 12 bytes JMP 000007f8fda705d2
.text   C:\Windows\system32\svchost.exe[2700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                 000007f8fdb24401 8 bytes JMP 000007f9fda70501
.text   C:\Windows\system32\svchost.exe[2700] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                          000007f8fdb531c4 5 bytes JMP 000007f9fda70430
.text   C:\Windows\system32\svchost.exe[2700] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                       000007f8fb63aa90 6 bytes JMP 000007f8fda706a3
.text   C:\Windows\system32\svchost.exe[2700] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                000007f8fb64bc60 6 bytes JMP 000007f8fda705d2
.text   C:\Windows\System32\svchost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                 000007f8fdb24401 8 bytes JMP 000007f9fdb10501
.text   C:\Windows\System32\svchost.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                          000007f8fdb531c4 5 bytes JMP 000007f9fdb10430
.text   C:\Windows\System32\svchost.exe[2636] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                       000007f8fb63aa90 6 bytes JMP 000007f8fdb10845
.text   C:\Windows\System32\svchost.exe[2636] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                000007f8fb64bc60 6 bytes JMP 000007f8fdb10774
.text   C:\Windows\System32\svchost.exe[2636] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                  000007f8fb0abee0 5 bytes JMP 000007f8fdb106a3
.text   C:\Windows\System32\svchost.exe[2636] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                  000007f8fb0d1850 12 bytes JMP 000007f8fdb105d2
.text   C:\Windows\system32\DllHost.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                          000007f8fdb531c4 5 bytes JMP 000007f9fdb10430
.text   C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject                                                         000007f8fdb24401 8 bytes JMP 000007f9fdb10501
.text   C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                  000007f8fdb531c4 5 bytes JMP 000007f9fdb10430
.text   C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                          000007f8fb0abee0 5 bytes JMP 000007f8fdb106a3
.text   C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                          000007f8fb0d1850 12 bytes JMP 000007f8fdb105d2
.text   C:\Windows\Explorer.EXE[1880] C:\Windows\system32\RPCRT4.dll!NdrStubCall2                                                               000007f8fb63aa90 6 bytes JMP 000007f8fdb10845
.text   C:\Windows\Explorer.EXE[1880] C:\Windows\system32\RPCRT4.dll!NdrServerInitialize                                                        000007f8fb64bc60 6 bytes JMP 000007f8fdb10774
.text   C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                        000007f8f6df1532 4 bytes [DF, F6, F8, 07]
.text   C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                        000007f8f6df153a 4 bytes [DF, F6, F8, 07]
.text   C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                      000007f8f6df165a 4 bytes [DF, F6, F8, 07]
.text   C:\Windows\Explorer.EXE[1880] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306                                              000007f8fd7c177a 4 bytes [7C, FD, F8, 07]
.text   C:\Windows\Explorer.EXE[1880] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314                                              000007f8fd7c1782 4 bytes [7C, FD, F8, 07]
.text   C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4352] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690              000007f8f6df1532 4 bytes [DF, F6, F8, 07]
.text   C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4352] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698              000007f8f6df153a 4 bytes [DF, F6, F8, 07]
.text   C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4352] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246            000007f8f6df165a 4 bytes [DF, F6, F8, 07]
.text   C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4352] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                  000007f8f1061b32 4 bytes [06, F1, F8, 07]
.text   C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4352] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                  000007f8f1061b3a 4 bytes [06, F1, F8, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4376] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                        000007f8fd7c177a 4 bytes [7C, FD, F8, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4376] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                        000007f8fd7c1782 4 bytes [7C, FD, F8, 07]
.text   C:\Windows\System32\igfxpers.exe[4556] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                     000007f8fd7c177a 4 bytes [7C, FD, F8, 07]
.text   C:\Windows\System32\igfxpers.exe[4556] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                     000007f8fd7c1782 4 bytes [7C, FD, F8, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4676] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                     000007f8fd7c177a 4 bytes [7C, FD, F8, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4676] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                     000007f8fd7c1782 4 bytes [7C, FD, F8, 07]
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[5920] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                       000007f8fdb531c4 5 bytes JMP 000007f9fdb10430
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[5920] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                 000007f8f1061b32 4 bytes [06, F1, F8, 07]
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[5920] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                 000007f8f1061b3a 4 bytes [06, F1, F8, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [624:636]                                                                                                 fffff960009075e8

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                   unknown MBR code

---- EOF - GMER 2.1 ----
         

Alt 20.04.2014, 18:41   #2
schrauber
/// the machine
/// TB-Ausbilder
 

WIN 8: Trojan.Zbot aus Spam-Mail - Standard

WIN 8: Trojan.Zbot aus Spam-Mail



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 20.04.2014, 20:29   #3
broko
 
WIN 8: Trojan.Zbot aus Spam-Mail - Standard

WIN 8: Trojan.Zbot aus Spam-Mail



Vielen Dank!
Combfix hat dreimal den gleichen Fehler gemeldet - zu Beginn, während des Autoscans nach Stufe 2 und am Ende:
"Application error: Exception EAccess Violation in module ERUNT.3XE at 00003A38..."


Code:
ATTFilter
ComboFix 14-04-20.01 - Peter 20.04.2014  19:33:46.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.3965.1431 [GMT 2:00]
ausgeführt von:: c:\users\Peter\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6426\AddOnDownloaded\32c9d170-59a5-4003-94c6-80a6c9dd3953.dll
c:\programdata\PCDr\6426\AddOnDownloaded\39e74b65-3eda-422b-bbb4-2b208419be67.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9a23b885-84bf-4844-bc8c-e1f4c568d95a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9a4d2a9e-ce47-421d-bbd6-98fd72255fed.dll
c:\users\Peter\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-03-20 bis 2014-04-20  ))))))))))))))))))))))))))))))
.
.
2014-04-20 17:45 . 2014-04-20 17:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-04-20 15:24 . 2013-09-23 11:49	197704	----a-w-	c:\windows\system32\drivers\HipShieldK.sys
2014-04-20 13:21 . 2014-04-20 13:24	--------	d-----w-	C:\FRST
2014-04-20 10:12 . 2014-04-20 10:12	--------	d-----w-	c:\program files\CCleaner
2014-04-20 08:54 . 2014-04-20 08:54	--------	d-----w-	c:\programdata\softthinks
2014-04-20 08:20 . 2014-04-20 17:26	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-20 08:19 . 2014-04-03 07:51	63192	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-04-20 08:19 . 2014-04-03 07:51	88280	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-04-20 08:19 . 2014-04-03 07:50	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-04-20 08:19 . 2014-04-20 08:19	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-04-20 08:19 . 2014-04-20 08:19	--------	d-----w-	c:\programdata\Malwarebytes
2014-04-20 08:19 . 2014-04-20 08:19	--------	d-----w-	c:\users\Peter\AppData\Local\Programs
2014-04-15 18:14 . 2014-02-05 23:41	978432	----a-w-	c:\windows\system32\KernelBase.dll
2014-04-15 18:14 . 2014-02-05 23:41	1257984	----a-w-	c:\windows\system32\kernel32.dll
2014-04-15 18:14 . 2014-02-05 23:26	666112	----a-w-	c:\windows\SysWow64\KernelBase.dll
2014-03-23 12:22 . 2014-03-24 18:50	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2014-03-23 08:34 . 2014-04-13 20:43	254640	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10236.bin
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-20 09:08 . 2013-07-14 08:53	90655440	----a-w-	c:\windows\system32\MRT.exe
2014-04-13 20:33 . 2013-07-05 18:01	578256	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-03-31 21:18 . 2013-11-17 10:05	78296	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-31 21:18 . 2013-11-17 10:05	694232	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-17 17:02 . 2012-11-09 04:40	70592	----a-w-	c:\windows\system32\drivers\cfwids.sys
2014-03-17 16:54 . 2012-11-09 04:37	345456	----a-w-	c:\windows\system32\drivers\mfewfpk.sys
2014-03-17 16:54 . 2013-05-01 19:53	185792	----a-w-	c:\windows\system32\mfevtps.exe
2014-03-17 16:49 . 2012-11-09 04:35	783864	----a-w-	c:\windows\system32\drivers\mfehidk.sys
2014-03-17 16:47 . 2012-11-09 04:34	522360	----a-w-	c:\windows\system32\drivers\mfefirek.sys
2014-03-17 16:45 . 2014-03-17 16:45	311600	----a-w-	c:\windows\system32\drivers\mfeavfk.sys
2014-03-17 16:44 . 2012-11-09 04:33	180272	----a-w-	c:\windows\system32\drivers\mfeapfk.sys
2014-03-17 16:25 . 2012-11-09 04:35	69344	----a-w-	c:\windows\system32\drivers\mfeelamk.sys
2014-02-23 08:13 . 2014-03-13 18:38	51712	----a-w-	c:\windows\system32\ie4uinit.exe
2014-02-23 08:13 . 2014-03-13 18:38	2241536	----a-w-	c:\windows\system32\wininet.dll
2014-02-23 08:13 . 2014-03-13 18:38	915968	----a-w-	c:\windows\system32\uxtheme.dll
2014-02-23 08:13 . 2014-03-13 18:38	53760	----a-w-	c:\windows\system32\UXInit.dll
2014-02-23 08:13 . 2014-03-13 18:38	1365504	----a-w-	c:\windows\system32\urlmon.dll
2014-02-23 08:12 . 2014-03-13 18:38	197120	----a-w-	c:\windows\system32\msrating.dll
2014-02-23 08:12 . 2014-03-13 18:38	19273216	----a-w-	c:\windows\system32\mshtml.dll
2014-02-23 08:12 . 2014-03-13 18:38	603136	----a-w-	c:\windows\system32\msfeeds.dll
2014-02-23 08:11 . 2014-03-13 18:38	855552	----a-w-	c:\windows\system32\jscript.dll
2014-02-23 08:11 . 2014-03-13 18:38	3960320	----a-w-	c:\windows\system32\jscript9.dll
2014-02-23 08:11 . 2014-03-13 18:38	53760	----a-w-	c:\windows\system32\jsproxy.dll
2014-02-23 08:11 . 2014-03-13 18:38	2648576	----a-w-	c:\windows\system32\iertutil.dll
2014-02-23 08:11 . 2014-03-13 18:38	136704	----a-w-	c:\windows\system32\iesysprep.dll
2014-02-23 08:11 . 2014-03-13 18:38	67072	----a-w-	c:\windows\system32\iesetup.dll
2014-02-23 08:11 . 2014-03-13 18:38	15404032	----a-w-	c:\windows\system32\ieframe.dll
2014-02-23 08:11 . 2014-03-13 18:38	39936	----a-w-	c:\windows\system32\iernonce.dll
2014-02-23 06:54 . 2014-03-13 18:38	1767936	----a-w-	c:\windows\SysWow64\wininet.dll
2014-02-23 06:54 . 2014-03-13 18:38	44032	----a-w-	c:\windows\SysWow64\UXInit.dll
2014-02-23 06:53 . 2014-03-13 18:38	2877952	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-02-23 06:53 . 2014-03-13 18:38	109056	----a-w-	c:\windows\SysWow64\iesysprep.dll
2014-02-23 06:53 . 2014-03-13 18:38	61440	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-02-23 06:35 . 2014-03-13 18:38	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2014-02-23 06:31 . 2014-03-13 18:38	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-02-23 04:06 . 2014-03-13 18:38	534528	----a-w-	c:\windows\SysWow64\uxtheme.dll
2014-02-08 04:34 . 2014-03-13 18:39	4036608	----a-w-	c:\windows\system32\win32k.sys
2014-02-05 23:41 . 2014-03-13 18:37	595968	----a-w-	c:\windows\system32\qedit.dll
2014-02-05 23:37 . 2014-03-13 18:37	496640	----a-w-	c:\windows\SysWow64\qedit.dll
2014-01-31 00:48 . 2014-03-13 18:37	1339392	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-01-31 00:06 . 2014-03-13 18:37	1628160	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-01-27 07:37 . 2013-05-01 19:53	185792	----a-w-	c:\windows\system32\mfevtps.exe.6a9a.deleteme
2014-01-21 02:50 . 2014-01-21 02:50	11336	----a-w-	c:\windows\system32\drivers\mfeclnrk.sys
2014-01-21 02:50 . 2014-01-21 02:50	96592	----a-w-	c:\windows\system32\drivers\mfencrk.sys
2014-01-21 02:50 . 2014-01-21 02:50	422712	----a-w-	c:\windows\system32\drivers\mfencbdc.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-05 18:06	220632	----a-w-	c:\users\Peter\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-05 18:06	220632	----a-w-	c:\users\Peter\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-05 18:06	220632	----a-w-	c:\users\Peter\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrowserChoice"="c:\windows\BrowserChoice\browserchoice.exe" [2012-08-15 86696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-10-23 102928]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-27 537992]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]
R2 0326461398007160mcinstcleanup;McAfee Application Installer Cleanup (0326461398007160);c:\windows\TEMP\032646~1.EXE;c:\windows\TEMP\032646~1.EXE [x]
R3 DellRbtn;Airplane Mode Switch;c:\windows\System32\drivers\DellRbtn.sys;c:\windows\SYSNATIVE\drivers\DellRbtn.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 WSDScan;WSD-Scanunterstützung;c:\windows\System32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R4 McOobeSv2;McAfee OOBE Service2;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage-Technologie;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\sftservice.exe;c:\program files (x86)\Dell Backup and Recovery\sftservice.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-05 18:06	244696	----a-w-	c:\users\Peter\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-05 18:06	244696	----a-w-	c:\users\Peter\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-05 18:06	244696	----a-w-	c:\users\Peter\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-04-13 20:40	2333400	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-04-13 20:40	2333400	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-04-13 20:40	2333400	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-20 6846096]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-11-19 1253520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-16 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-16 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-16 441888]
"BtPreLoad"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe" [2012-12-28 64640]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://dell13.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\6mpq2kr1.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
Zeit der Fertigstellung: 2014-04-20  20:08:41
ComboFix-quarantined-files.txt  2014-04-20 18:08
.
Vor Suchlauf: 18 Verzeichnis(se), 442.283.941.888 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 442.165.063.680 Bytes frei
.
- - End Of File - - 4FA1123159AD2E7020DDA87D6F3ABC2E
         
__________________

Alt 21.04.2014, 21:10   #4
schrauber
/// the machine
/// TB-Ausbilder
 

WIN 8: Trojan.Zbot aus Spam-Mail - Standard

WIN 8: Trojan.Zbot aus Spam-Mail



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu WIN 8: Trojan.Zbot aus Spam-Mail
adobe, ccsetup, dllhost.exe, error, explorer, firefox, installation, kaspersky, mcafee firewall, mozilla, pup.optional.breitschopp, pup.optional.conduit.a, pup.optional.wajam, pup.optional.wajam.a, scan, services.exe, software, svchost.exe, temp, trojan.zbot, winlogon.exe



Ähnliche Themen: WIN 8: Trojan.Zbot aus Spam-Mail


  1. Spam-Mail als Teil einer abgeschlossenen E-Mail-Konversation!
    Überwachung, Datenschutz und Spam - 23.01.2015 (1)
  2. Android: ELSTER-Spam-Mail geöffnet (angebliche Mail v. Finanzamt)
    Plagegeister aller Art und deren Bekämpfung - 24.09.2014 (3)
  3. ELSTER Spam-Mail geöffnet (angebliche Mail v. Finanzamt)
    Smartphone, Tablet & Handy Security - 23.09.2014 (5)
  4. Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.-
    Plagegeister aller Art und deren Bekämpfung - 12.04.2014 (23)
  5. E-mail Account verschickt Spam Mail mit Viren Anhang an alle Kontakte
    Log-Analyse und Auswertung - 29.10.2013 (16)
  6. Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7
    Plagegeister aller Art und deren Bekämpfung - 21.07.2013 (23)
  7. SPAM Elektroshop Wagner - TR/Spy.Abvier.A und TR/Spy.ZBot.PR
    Log-Analyse und Auswertung - 23.05.2013 (9)
  8. Ominöse Mail (mit Trojaner) in meinem GMX-Spam-Mail-Ordner
    Überwachung, Datenschutz und Spam - 07.04.2013 (3)
  9. Trojan.Agent.IET / IPH.Trojan.Zbot.Rke / 100er Tan Abfrage OnlineBanking Deutsche Bank
    Log-Analyse und Auswertung - 27.03.2013 (10)
  10. Mail delivery failed-SPAM Mails. E-Mail-Acc kompromittiert?
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (1)
  11. Trojan.ZBot.SXGen nach E-Mail von abuse-telekom gefunden! Was nun?
    Plagegeister aller Art und deren Bekämpfung - 22.11.2012 (4)
  12. Spam mails vom computer? Trojan.sirefef, Trojan.dropper, trojan.small, etc.etc.
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (13)
  13. Spam-Mail von meiner web.de-E-Mail-Adresse an alle Kontakte gesendet
    Log-Analyse und Auswertung - 22.02.2012 (27)
  14. Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy
    Plagegeister aller Art und deren Bekämpfung - 28.12.2011 (18)
  15. spam-mail über mein web.de-account versendet, spam-mail auch im gesendet Ordner
    Log-Analyse und Auswertung - 16.11.2011 (3)
  16. Spyware.Zbot/Trojan Downloader/Trojan.Hiloti Viren Problem!
    Plagegeister aller Art und deren Bekämpfung - 04.10.2010 (3)
  17. Spam-Mail mit eigener E-Mail Adresse
    Plagegeister aller Art und deren Bekämpfung - 09.01.2009 (2)

Zum Thema WIN 8: Trojan.Zbot aus Spam-Mail - Liebes Trojaner-Board, mein Vater war unachtsam und hat vor ein paar Tagen eine .exe einer SPAM-Mail geöffnet. Seitdem hat er keine Einschränkungen am PC festgestellt. Der McAfee Virenscanner meldet "keine - WIN 8: Trojan.Zbot aus Spam-Mail...
Archiv
Du betrachtest: WIN 8: Trojan.Zbot aus Spam-Mail auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.