Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall

Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall


Log-Analyse und Auswertung: Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 10.10.2014, 14:01   #1
usoche
 
Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall - Standard

Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall


Die Startseite im Browser meines Administrator-Users wurde verändert zu
"hxxp://search.fbdownloader.com/?channel=de"

Da ich normalerweise nicht als Administrator arbeite, kann ich nicht genau sagen, wie lange die Veränderung schon besteht.
Möglich, dass ein Zusammenhang mit einem Virenfund von McAfee vom 04.09.2014 besteht. Gefunden und isoliert wurde damals:

1) C:\Users\admuser\AppData\Roaming\SCheck\ntcrxinst.exe
Entdeckte Bedrohung: RDN/Generic.dx!dfb (Trojaner)

2) C:\Users\admuser\AppData\Local\Temp\nsg739E.tmp\netset\ntcrxinst.exe
Entdeckte Bedrohung: RDN/Generic.dx!dfb (Trojaner)

3) C:\Users\admuser\AppData\Roaming\Snz\Snz.exe
Entdeckte Bedrohung: RDN/Generic.dx!dfb (Trojaner)

Gefunden wurde dies beim ersten Einloggen als Admin nach der Installation von McAfee Total Protection
(vorher war McAfee Internet Security installiert)
Mein Virenscanner "McAfee Total Protection" hat danach nichts mehr gefunden.

Aktueller Befund von quickscan.bitdefender.com:
"Ihr System wurde infiziert mit Gen:Adware.Heur.lu8@Yfys1Lli."

Zusatzinfo: Auch auf diesem Rechner sind 3 mir unbekannten Netzwerke unter "Firewall --> Meine Netzwerkverbindungen"
eingetragen gewesen und von mir gelöscht worden, nach ein paar Tagen wieder erschienen und jetzt von mir blockiert worden.
(vgl. dazu den Thread für meinen anderen Rechner:
http://www.trojaner-board.de/159595-...-gefunden.html )

Außerdem zeigt der Rechner bisweilen eine starke Festplattenaktivität und es dauert insb. beim Mail-Client
Thunderbird teilweise sehr lange, bis dieser reagiert.

Vielen Dank schon mal vorab für eure Hilfe!

Die Logs zu diesem Rechner hänge ich hier an.

--defogger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:28 on 10/10/2014 (fbroot)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
--FRST.txt
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014 01
Ran by admuser (administrator) on NBNIC on 10-10-2014 14:47:31
Running from C:\Users\user1\Desktop
Loaded Profiles: admuser & user1 (Available profiles: admuser & user1 & user2 & user3 & user4 & user5 & user6)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [533872 2014-09-04] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Run: [SSync] => C:\Users\admuser\AppData\Roaming\SSync\SSync.exe [37376 2013-12-09] ()
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Run: [SCheck] => C:\Users\admuser\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Run: [Snoozer] => C:\Users\admuser\AppData\Roaming\Snz\Snz.exe [1620853 2014-09-29] ()
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Run: [DataMgr] => C:\Users\admuser\AppData\Roaming\DataMgr\DataMgr.exe [168824 2014-03-04] (HTTO Group, Ltd.)
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Run: [Intermediate] => C:\Users\admuser\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Run: [Sixth] => C:\Users\admuser\AppData\Roaming\Sixth\Sixth.exe [63624 2014-08-04] ()
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Run: [Seventh] => C:\Users\admuser\AppData\Roaming\Seventh\Seventh.exe [83648 2014-08-04] ()
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2648181823-2077256216-1403455524-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2648181823-2077256216-1403455524-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk
ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> D:\Programme\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\Users\Default.alt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\admuser\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicyUsers\S-1-5-21-2648181823-2077256216-1403455524-1021\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2648181823-2077256216-1403455524-1020\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2648181823-2077256216-1403455524-1019\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2648181823-2077256216-1403455524-1006\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2648181823-2077256216-1403455524-1005\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://wisersearch.com/?channel=de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
SearchScopes: HKCU - {9BD969E1-5957-4CFA-B27F-11F01A8CF9BF} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Simple New Tab Bho -> {5C2DD58F-613F-4580-8AC0-F10D760AF938} -> C:\Users\admuser\AppData\Local\simple_new_tab\simple_new_tab.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.110\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.110\npchrome_frame.dll (Google Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF Homepage: hxxp://wisersearch.com/?channel=de
FF Keyword.URL: hxxp://wisersearch.com/search.php?channel=de&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default\searchplugins\search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: McAfee SafeKey - C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default\Extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B} [2014-10-09]
FF Extension: Bitdefender QuickScan - C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-10-10]
FF Extension: OfferMosquito - C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default\Extensions\om@offermosquito.com.xpi [2014-04-02]
FF Extension: Simple New Tab - C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default\Extensions\snt@dotlabs.co.xpi [2013-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-08-27]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-08-27]

Chrome: 
=======
CHR HomePage: Default -> http:\/\/wisersearch.com\/?channel=de
CHR StartupUrls: Default -> "http:\/\/wisersearch.com\/?channel=de"
CHR Profile: C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (Google Drive) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (Google Search) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (SiteAdvisor) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-07-18]
CHR Extension: (OfferMosquito) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk [2014-08-27]
CHR Extension: (Google Wallet) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]
CHR Extension: (Gmail) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]
CHR Extension: (Simple New Tab) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga [2014-09-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-09-25]
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2014-08-27]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-01-20] (Atheros Commnucations) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 k57nd; C:\Windows\System32\DRIVERS\k57amd64.sys [343080 2010-05-14] (Broadcom Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2014-08-26] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
U3 pxldqpod; \??\C:\Users\admuser\AppData\Local\Temp\pxldqpod.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 14:47 - 2014-10-10 14:48 - 00023035 _____ () C:\Users\user1\Desktop\FRST.txt
2014-10-10 13:44 - 2014-10-10 14:13 - 00000000 ____D () C:\Temp
2014-10-10 13:30 - 2014-10-10 14:47 - 00000000 ____D () C:\FRST
2014-10-10 13:29 - 2014-10-10 13:43 - 00000000 ____D () C:\Users\user1\Desktop\Protokolle
2014-10-10 13:28 - 2014-10-10 13:28 - 00000000 _____ () C:\Users\admuser\defogger_reenable
2014-10-10 13:26 - 2014-10-10 11:14 - 00380416 _____ () C:\Users\user1\Desktop\Gmer-19357.exe
2014-10-10 13:26 - 2014-10-10 11:13 - 02109952 _____ (Farbar) C:\Users\user1\Desktop\FRST64.exe
2014-10-10 13:26 - 2014-10-10 11:11 - 00050477 _____ () C:\Users\user1\Desktop\Defogger.exe
2014-10-10 10:39 - 2014-10-10 10:43 - 00000000 ____D () C:\Users\user1\AppData\Roaming\QuickScan
2014-10-10 01:18 - 2014-10-10 10:45 - 00000000 ____D () C:\Users\admuser\AppData\Roaming\QuickScan
2014-10-09 23:21 - 2014-10-09 23:21 - 00000000 ____D () C:\Users\admuser\AppData\Local\Macromedia
2014-10-04 20:55 - 2014-10-04 20:55 - 00000000 ____D () C:\Users\admuser\AppData\Roaming\Snz
2014-10-01 22:55 - 2014-08-26 12:50 - 00076064 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2014-10-01 22:55 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-10-01 08:54 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 08:54 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-25 21:09 - 2014-09-25 21:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 11:13 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 11:13 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-10 16:31 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 16:31 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 16:31 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 16:31 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 16:31 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 16:31 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 16:31 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 16:31 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 16:31 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 16:31 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 16:31 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 16:31 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 16:31 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 16:31 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 16:31 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 16:31 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 16:31 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 16:31 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 16:31 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 16:31 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 16:31 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 16:31 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 16:31 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 16:31 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 16:31 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 16:31 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 16:31 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 16:31 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 16:31 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 16:31 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 16:31 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 16:31 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 16:31 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 16:31 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 16:31 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 16:31 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 16:31 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 16:31 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 16:31 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 16:31 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 16:31 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 16:31 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 16:31 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 16:31 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 16:31 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 16:31 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 16:31 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 16:31 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 16:31 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 16:31 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 16:31 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 16:31 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 16:31 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 16:31 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 16:31 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 16:31 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 16:12 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 16:12 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 15:05 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 15:05 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 15:02 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 15:02 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 15:02 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 15:02 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 15:02 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 15:02 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 15:02 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 15:01 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 15:01 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 14:46 - 2011-05-23 01:13 - 01936054 _____ () C:\Windows\WindowsUpdate.log
2014-10-10 14:29 - 2014-08-27 15:46 - 00000000 __RSD () C:\Users\user1\Documents\McAfee-Tresore
2014-10-10 14:29 - 2011-08-03 15:41 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-10 14:03 - 2014-05-11 13:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6d095ccc96cc.job
2014-10-10 13:59 - 2012-04-01 16:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-10 13:28 - 2011-05-22 13:19 - 00000000 ____D () C:\Users\admuser
2014-10-10 10:46 - 2014-08-27 15:29 - 00000000 __RSD () C:\Users\admuser\Documents\McAfee-Tresore
2014-10-10 10:44 - 2014-08-27 18:41 - 00000000 ____D () C:\Users\admuser\AppData\Roaming\Seventh
2014-10-10 10:36 - 2009-07-14 06:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-10 10:36 - 2009-07-14 06:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-10 10:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-10 10:29 - 2009-07-14 06:51 - 00258159 _____ () C:\Windows\setupact.log
2014-10-09 23:05 - 2013-12-06 21:39 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-10-09 17:56 - 2013-04-25 16:36 - 00000000 ____D () C:\Users\user4\AppData\Roaming\.minecraft
2014-10-09 17:52 - 2014-08-27 15:57 - 00000000 __RSD () C:\Users\user4\Documents\McAfee-Tresore
2014-10-09 17:37 - 2014-08-28 09:25 - 00000000 __RSD () C:\Users\user2\Documents\McAfee-Tresore
2014-10-09 17:35 - 2012-04-15 20:28 - 00000000 ____D () C:\Users\user2\AppData\Roaming\Dropbox
2014-10-09 15:02 - 2010-11-21 08:50 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-10-09 15:02 - 2010-11-21 08:50 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-10-09 15:02 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-09 12:16 - 2014-08-30 16:34 - 00000000 __RSD () C:\Users\user6\Documents\McAfee-Tresore
2014-10-08 13:55 - 2014-08-31 18:43 - 00000000 __RSD () C:\Users\user3\Documents\McAfee-Tresore
2014-10-08 11:35 - 2014-08-27 16:29 - 00000000 __RSD () C:\Users\user5\Documents\McAfee-Tresore
2014-10-04 21:05 - 2012-05-28 14:00 - 00000000 ____D () C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-04 20:55 - 2014-03-14 00:31 - 00000000 ____D () C:\Users\admuser\AppData\Roaming\DataMgr
2014-10-02 09:05 - 2014-08-27 15:28 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-10-01 22:56 - 2014-08-27 15:16 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-09-30 16:01 - 2011-05-31 16:09 - 00004678 __RSH () C:\Users\user3\ntuser.pol
2014-09-30 16:01 - 2011-05-31 16:09 - 00000000 ____D () C:\Users\user3
2014-09-28 15:28 - 2012-05-28 11:08 - 00001328 __RSH () C:\Users\user5\ntuser.pol
2014-09-28 15:28 - 2012-05-28 11:08 - 00000000 ____D () C:\Users\user5
2014-09-28 14:14 - 2014-06-08 11:37 - 00001326 __RSH () C:\Users\user6\ntuser.pol
2014-09-28 14:14 - 2014-06-08 11:37 - 00000000 ____D () C:\Users\user6
2014-09-28 12:49 - 2011-05-22 22:59 - 00001108 __RSH () C:\Users\user2\ntuser.pol
2014-09-28 12:49 - 2011-05-22 22:59 - 00000000 ____D () C:\Users\user2
2014-09-27 20:13 - 2013-03-02 15:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-27 20:10 - 2011-05-22 22:28 - 00000680 __RSH () C:\Users\user1\ntuser.pol
2014-09-27 20:10 - 2011-05-22 15:22 - 00000000 ____D () C:\Users\user1
2014-09-26 19:35 - 2012-05-28 11:07 - 00004682 __RSH () C:\Users\user4\ntuser.pol
2014-09-26 19:35 - 2012-05-28 11:07 - 00000000 ____D () C:\Users\user4
2014-09-26 19:33 - 2011-05-22 16:40 - 00000680 __RSH () C:\Users\admuser\ntuser.pol
2014-09-26 19:32 - 2014-06-07 22:00 - 00000000 ____D () C:\Users\admuser\AppData\Roaming\SCheck
2014-09-26 19:32 - 2011-05-22 13:19 - 00000000 ____D () C:\Users\admuser\AppData\Local\VirtualStore
2014-09-26 09:21 - 2010-11-21 05:47 - 00411868 _____ () C:\Windows\PFRO.log
2014-09-25 21:16 - 2012-08-19 13:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 17:16 - 2012-04-01 16:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-25 14:59 - 2012-04-01 16:20 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-25 14:59 - 2011-06-04 12:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 13:26 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-24 09:26 - 2011-06-06 09:56 - 00000000 ____D () C:\Users\user2\QMS Abtei-Apotheke
2014-09-23 19:56 - 2014-06-19 17:02 - 00000000 ____D () C:\Users\user4\AppData\Roaming\edu.media.mit.Scratch2Editor
2014-09-22 17:15 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-22 17:11 - 2013-03-19 16:54 - 00000000 ____D () C:\Users\user3\Documents\Gymnasium
2014-09-22 16:09 - 2014-07-18 11:31 - 00000000 ____D () C:\Users\user4\Documents\Scratch Projects
2014-09-20 17:53 - 2013-02-19 19:41 - 00000000 ____D () C:\Windows\rescache
2014-09-18 08:36 - 2012-05-28 14:12 - 00001017 _____ () C:\Users\user2\Desktop\Dropbox.lnk
2014-09-11 15:44 - 2014-03-05 21:09 - 00000000 ____D () C:\Users\user3\AppData\Local\Google
2014-09-10 16:30 - 2011-05-22 15:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 16:29 - 2014-01-29 10:55 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 16:28 - 2013-08-11 23:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 16:13 - 2011-05-22 16:04 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 16:12 - 2014-05-06 18:00 - 00000000 ___SD () C:\Windows\system32\CompatTel

Some content of TEMP:
====================
C:\Users\admuser\AppData\Local\Temp\ose00000.exe
C:\Users\user2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjk8m6c.dll
C:\Users\user4\AppData\Local\Temp\UnityWebPlayer7574248470200475468.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-20 17:45

==================== End Of Log ============================
--Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-10-2014 01
Ran by admuser at 2014-10-10 14:48:33
Running from C:\Users\user1\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.56 - Atheros Communications)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon iP4800 series Benutzerregistrierung (HKLM-x32\...\Canon iP4800 series Benutzerregistrierung) (Version:  - )
Canon iP4800 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
DynaGeo 3.8b (HKLM-x32\...\DynaGeo_is1) (Version:  - Roland Mechling)
EaseUS Partition Master 9.2.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Chrome Frame (HKLM-x32\...\{4F2EAFFD-6D9A-3804-A77B-5A450D3201F6}) (Version: 65.107.16494 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
LEGO MINDSTORMS EV3 (HKLM-x32\...\LEGO_SW.{5B0CB826-E499-4E6B-94F0-75B6327ED934}) (Version: 1.0.0 - The LEGO Group)
LEGO MINDSTORMS EV3 Home Content (x32 Version: 1.0.259 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Home deutscher Support (x32 Version: 1.0.228 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Home Edition (x32 Version: 1.0.346 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Uninstaller (x32 Version: 1.0.11 - The LEGO Group) Hidden
LEGO MINDSTORMS NXT x64 Driver (HKLM\...\{A0831C28-A6FA-49A3-86AE-B5AE3C9EE19C}) (Version: 1.20.115.0 - LEGO)
McAfee All Access – Total Protection (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.1.10 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 5.1 (x32 Version: 5.1.4001 - National Instruments) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
NI .NET Framework 4 (x32 Version: 4.00.49152 - National Instruments) Hidden
NI EulaDepot (x32 Version: 3.11.190 - National Instruments) Hidden
NI MDF Support (x32 Version: 3.11.190 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) Hidden
NI Uninstaller (x32 Version: 3.11.190 - National Instruments) Hidden
NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden
NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
Saturn Fotoservice (HKLM-x32\...\Saturn Fotoservice) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Scratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
Scratch 2 Offline Editor (HKLM-x32\...\edu.media.mit.Scratch2Editor) (Version: 404 - MIT Media Lab)
Scratch 2 Offline Editor (x32 Version: 255 - MIT Media Lab) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
XMedia Recode Version 3.1.7.6 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.6 - XMedia Recode)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2648181823-2077256216-1403455524-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2648181823-2077256216-1403455524-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2648181823-2077256216-1403455524-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2648181823-2077256216-1403455524-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00287E99-7F0D-4EA3-9A04-C293FA657C29} - System32\Tasks\Fifth => C:\Users\admuser\AppData\Roaming\Fifth\Fifth.exe [2014-05-07] () <==== ATTENTION
Task: {3F90B54B-F506-4C23-B230-843268F1FD59} - System32\Tasks\OMESupervisor => C:\Users\admuser\AppData\Local\omesuperv.exe [2014-05-07] () <==== ATTENTION
Task: {5B32EB14-B86C-46BE-86B4-179891DAEE55} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6d095ccc96cc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03] (Google Inc.)
Task: {5F2B684D-A0C0-49F0-A5C3-467824816706} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03] (Google Inc.)
Task: {948D6ABE-C8B9-4B13-BF96-B555467DB0A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6d095ccc96cc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-04-13 20:11 - 2010-04-13 20:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2014-09-10 17:49 - 2014-09-10 17:49 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\dd49b882285401662f1addb58b7d0ce6\IsdiInterop.ni.dll
2011-05-22 14:18 - 2010-04-13 09:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-09-25 21:09 - 2014-09-25 21:09 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-04 23:25 - 2014-09-04 23:25 - 01012224 _____ () C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\i0kq8f1y.default\extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B}\platform\WINNT_x86-msvc\components\mcxpcom.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\user3\Documents\Halloween.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2648181823-2077256216-1403455524-500 - Administrator - Disabled)
admuser (S-1-5-21-2648181823-2077256216-1403455524-1000 - Administrator - Enabled) => C:\Users\admuser
user1 (S-1-5-21-2648181823-2077256216-1403455524-1003 - Limited - Enabled) => C:\Users\user1
Gast (S-1-5-21-2648181823-2077256216-1403455524-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2648181823-2077256216-1403455524-1002 - Limited - Enabled)
user3 (S-1-5-21-2648181823-2077256216-1403455524-1006 - Limited - Enabled) => C:\Users\user3
user5 (S-1-5-21-2648181823-2077256216-1403455524-1020 - Limited - Enabled) => C:\Users\user5
user2 (S-1-5-21-2648181823-2077256216-1403455524-1005 - Limited - Enabled) => C:\Users\user2
user6 (S-1-5-21-2648181823-2077256216-1403455524-1021 - Limited - Enabled) => C:\Users\user6
user4 (S-1-5-21-2648181823-2077256216-1403455524-1019 - Limited - Enabled) => C:\Users\user4

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2014 10:31:42 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {901c2646-15dd-4949-91b6-670a39c6e029}

Error: (10/10/2014 10:31:42 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2648181823-2077256216-1403455524-1003.old)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {0a74d42d-f699-4cb5-857b-cf35ad93a210}

Error: (10/10/2014 10:31:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 11:19:59 PM) (Source: MsiInstaller) (EventID: 11925) (User: nbnic)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1925.Sie besitzen keine ausreichenden Berechtigungen, um diese Installation für alle Benutzer dieses Computers auszuführen. Melden Sie sich als Administrator an, und wiederholen Sie diese Installation.

Error: (10/09/2014 08:56:22 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {3860913c-02ab-4152-a108-f1532e6bf07c}

Error: (10/09/2014 08:56:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2648181823-2077256216-1403455524-1003.old)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {c219143e-6c68-49be-afb2-473c66a1d487}

Error: (10/09/2014 08:55:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 05:51:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2648181823-2077256216-1403455524-1003.old)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {1de3be56-a49b-4bfa-9635-033f79bda73b}

Error: (10/09/2014 05:51:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {825843b3-fab8-43ea-bb05-586fe84da3e3}

Error: (10/09/2014 05:51:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/10/2014 11:32:56 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{5CE786F6-9CFE-4D1E-BAE9-02508515207C}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (10/10/2014 10:44:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {211EBA3A-EA5A-496B-A021-5C6BEB365E4C}

Error: (10/09/2014 10:16:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/09/2014 10:47:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1062

Error: (10/09/2014 10:47:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Server" wurde mit folgendem Fehler beendet: 
%%14

Error: (10/08/2014 01:54:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC}

Error: (10/08/2014 01:41:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B77C4C36-0154-4C52-AB49-FAA03837E47F}

Error: (10/07/2014 01:19:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC}

Error: (10/05/2014 05:29:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC}

Error: (10/04/2014 08:55:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC}


Microsoft Office Sessions:
=========================
Error: (10/10/2014 10:31:42 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {901c2646-15dd-4949-91b6-670a39c6e029}

Error: (10/10/2014 10:31:42 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2648181823-2077256216-1403455524-1003.old)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {0a74d42d-f699-4cb5-857b-cf35ad93a210}

Error: (10/10/2014 10:31:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 11:19:59 PM) (Source: MsiInstaller) (EventID: 11925) (User: nbnic)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1925.Sie besitzen keine ausreichenden Berechtigungen, um diese Installation für alle Benutzer dieses Computers auszuführen. Melden Sie sich als Administrator an, und wiederholen Sie diese Installation.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/09/2014 08:56:22 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {3860913c-02ab-4152-a108-f1532e6bf07c}

Error: (10/09/2014 08:56:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2648181823-2077256216-1403455524-1003.old)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {c219143e-6c68-49be-afb2-473c66a1d487}

Error: (10/09/2014 08:55:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2014 05:51:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2648181823-2077256216-1403455524-1003.old)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {1de3be56-a49b-4bfa-9635-033f79bda73b}

Error: (10/09/2014 05:51:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {825843b3-fab8-43ea-bb05-586fe84da3e3}

Error: (10/09/2014 05:51:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-10-01 22:55:13.827
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_4_6\VSC3870.tmp\vscore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-01 22:55:13.827
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_4_6\VSC3870.tmp\vscore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-01 22:55:13.827
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_4_6\VSC3870.tmp\vscore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-01 22:55:13.827
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_4_6\VSC3870.tmp\vscore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-05 21:55:18.713
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSCA6E9.tmp\vscore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-05 21:55:18.713
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSCA6E9.tmp\vscore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-05 21:55:18.713
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSCA6E9.tmp\vscore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-05 21:55:18.703
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSCA6E9.tmp\vscore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 45%
Total physical RAM: 4025.97 MB
Available physical RAM: 2187.57 MB
Total Pagefile: 5048.15 MB
Available Pagefile: 3135.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:67.47 GB) (Free:21.25 GB) NTFS
Drive d: () (Fixed) (Total:165.31 GB) (Free:92.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 24532453)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=67.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=165.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--gmer.txt
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-10 14:27:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB2O 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\admuser\AppData\Local\Temp\pxldqpod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                        fffff800033c1000 63 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592                                                        fffff800033c1040 13 bytes [01, 80, AC, 16, A0, F8, FF, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[1456] C:\Windows\system32\kernel32.dll!LoadLibraryW  0000000077646440 5 bytes JMP 00000001734be4b0
.text     C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[1456] C:\Windows\system32\kernel32.dll!LoadLibraryA  0000000077646530 5 bytes JMP 00000001734be390

---- EOF - GMER 2.1 ----

 

Themen zu Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall
alternate, association, blockiert, bluescreen 0x80070005, browser, canon, farbar, fehler, fehlercode 0x5, fehlercode windows, flash player, homepage, install.exe, internet, mcafee firewall, mozilla, national, nicht gefunden, plug-in, pup.optional.datamgr.a, pup.optional.offermosquito.a, pup.optional.simplenewtab.a, pup.optional.softonic.a, rdn/generic.dx!dfb, services.exe, seventh.exe, siteadvisor, snoozer, software, svchost.exe, trojaner, windows


« Windows 7: Browser Highjacker eingefangen? | Windows-7 64bit Anwendungs Programme starten nicht mehr nach einiger Zeit »


Ähnliche Themen: Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall


  1. Windows 8.1 Wlan keine Netzwerke gefunden
    Alles rund um Windows - 18.11.2015 (18)
  2. Windows 8.1: Adware im Steam-Browser!
    Plagegeister aller Art und deren Bekämpfung - 18.10.2015 (7)
  3. Windows 7: Firewall meldet Adware/Spyware
    Log-Analyse und Auswertung - 11.03.2015 (9)
  4. Windows 7: Adware oder ähnliches. Browser und steam betroffen
    Log-Analyse und Auswertung - 18.12.2014 (7)
  5. Windows 7: Fremde Netzwerke unter "Meine Netzwerkverbindungen" in Firewall gefunden
    Log-Analyse und Auswertung - 12.10.2014 (17)
  6. Kaspersky Adware HEUR:AdWare.Script.Generic
    Plagegeister aller Art und deren Bekämpfung - 09.10.2014 (1)
  7. Hab mir Adware Bettersurf Win32 eingefangen, eine Adware die unerwünschte Werbungen im Browser aufzeigt, siehe Beschreibung
    Log-Analyse und Auswertung - 10.03.2014 (1)
  8. HProblem nach Maleware-Infektion - Windows Update/Firewall/Defender
    Plagegeister aller Art und deren Bekämpfung - 14.12.2013 (5)
  9. Windows 8 b1search.org browser hijacker Infektion
    Log-Analyse und Auswertung - 14.11.2013 (17)
  10. ADWARE/InstallCore.Gen' + Adware/Vittalia.AB + TR/Agent.887358 Infektion !
    Plagegeister aller Art und deren Bekämpfung - 29.09.2013 (8)
  11. APPL/Downloader.Gen6 [program] & ADWARE/InstallCore.DA.19 [adware] Infektion
    Plagegeister aller Art und deren Bekämpfung - 15.07.2013 (7)
  12. Windows Server 2008R2 - Firewall Zugriff verweigert und Gefunden Adware.Adon und InstallCore.D
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (16)
  13. unbekannte trojaner /rootkit Infektion
    Log-Analyse und Auswertung - 20.07.2012 (4)
  14. Trojaner Infektion: u.A. HEUR:Backdoor.Win64.Generic
    Log-Analyse und Auswertung - 04.06.2012 (13)
  15. firewall findet 2 netzwerke
    Antiviren-, Firewall- und andere Schutzprogramme - 17.04.2011 (6)
  16. trojaner-infektion, firewall kaputt?!
    Log-Analyse und Auswertung - 16.11.2008 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall - Die Startseite im Browser meines Administrator-Users wurde verändert zu "hxxp://search.fbdownloader.com/?channel=de" Da ich normalerweise nicht als Administrator arbeite, kann ich nicht genau sagen, wie lange die Veränderung schon besteht. Möglich, dass - Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall...
Archiv
Du betrachtest: Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130