Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
PWS-Zbot.a: Heftiger Angriff bei Online Banking/Webbrowser

PWS-Zbot.a: Heftiger Angriff bei Online Banking/Webbrowser


Log-Analyse und Auswertung: PWS-Zbot.a: Heftiger Angriff bei Online Banking/Webbrowser

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 27.11.2014, 17:50   #1
frontdog
 
PWS-Zbot.a: Heftiger Angriff bei Online Banking/Webbrowser - Standard

PWS-Zbot.a: Heftiger Angriff bei Online Banking/Webbrowser


hallo admin, angriff beim onlinebanking über browser. totaler scan mit McAfee I/Security ausgeführt. 2 trojaner gefunden. PWS-Zbot.a!env und Generic-FAVO! . Generell keine wahrnehmbaren unregelmäßigkeiten bei der Ops. des PCs vorher festgestellt, auch jetzt nicht. McAfee schiebt findings in quarantäne. keine direkten logfiles. Ereignisse wurden im "Sicherheitsverlauf" und in "IsolierteElemente" abgelegt.
Im "Sicherheitsverlauf" sind "verdächtige eingehende Netzwerkverbindungen blockiert" worden die auf unterschiedliche" TCP ports" zugreifen wollten. Ein Versuch gelang und schleuste den trojaner ein. nachträglich mit "Dr.Web Cureit" gescannt -einen "backdoor" gefunden wurde in quarantäne geschoben. keine logfiles vorhanden. oder ich weiss nicht wo sie abgelgt wurden, da das programm nicht installiert wurde.
ich habe versucht mich von da an, an euren "leitfaden" zu halten, so es geht hier die angaben.
Danke schon jetzt für euren support.

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by juezie (administrator) on OPTI755 on 27-11-2014 10:58:25
Running from C:\Users\juezie\Desktop
Loaded Profile: juezie (Available profiles: juezie)
Platform: Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Safer-Networking Ltd.) D:\programme\Spybot - Search & Destroy\TeaTimer.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Google Inc.) C:\Users\juezie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\juezie\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [5039400 2013-10-23] (O&O Software GmbH)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [497792 2014-08-05] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-870471159-2228910714-4138821581-1000\...\Run: [SpybotSD TeaTimer] => D:\programme\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-870471159-2228910714-4138821581-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-870471159-2228910714-4138821581-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-870471159-2228910714-4138821581-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-870471159-2228910714-4138821581-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-870471159-2228910714-4138821581-1000\...\Policies\Explorer: [NoControlPanel] 0
IFEO\oodcnt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{28BA9F7E-AEAA-4CC1-9F13-B1CCD284C8CE}\DefragIcon.exe ()
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\programme\office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\programme\office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\programme\office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\programme\office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\programme\office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-870471159-2228910714-4138821581-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> D:\programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\programme\office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\programme\office 2007\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\juezie\AppData\Roaming\Mozilla\Firefox\Profiles\plhwo2u6.default-1343411678026
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> D:\programme\downloaderSP\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> D:\programme\downloaderSP\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-870471159-2228910714-4138821581-1000: @tools.google.com/Google Update;version=3 -> C:\Users\juezie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-870471159-2228910714-4138821581-1000: @tools.google.com/Google Update;version=9 -> C:\Users\juezie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\juezie\AppData\Roaming\Mozilla\Firefox\Profiles\oola12rk.default\user.js
FF SearchPlugin: C:\Users\juezie\AppData\Roaming\Mozilla\Firefox\Profiles\plhwo2u6.default-1343411678026\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\juezie\AppData\Roaming\Mozilla\Firefox\Profiles\plhwo2u6.default-1343411678026\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\juezie\AppData\Roaming\Mozilla\Firefox\Profiles\plhwo2u6.default-1343411678026\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\juezie\AppData\Roaming\Mozilla\Firefox\Profiles\plhwo2u6.default-1343411678026\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\juezie\AppData\Roaming\Mozilla\Firefox\Profiles\plhwo2u6.default-1343411678026\searchplugins\webde-suche.xml
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\juezie\AppData\Roaming\Mozilla\Firefox\Profiles\oola12rk.default\Extensions\LogMeInClient@logmein.com [2012-06-27]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\juezie\AppData\Roaming\Mozilla\Firefox\Profiles\oola12rk.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-10-30]
FF Extension: FoxClocks - C:\Users\juezie\AppData\Roaming\Mozilla\Firefox\Profiles\oola12rk.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2012-07-09]
FF Extension: Add-on Compatibility Reporter - C:\Users\juezie\AppData\Roaming\Mozilla\Firefox\Profiles\oola12rk.default\Extensions\compatibility@addons.mozilla.org.xpi [2012-06-19]
FF Extension: eSnipe.com SnipeIt! - C:\Users\juezie\AppData\Roaming\Mozilla\Firefox\Profiles\oola12rk.default\Extensions\esnipesnipeit@esnipe.com.xpi [2012-04-04]
FF Extension: Adblock Plus - C:\Users\juezie\AppData\Roaming\Mozilla\Firefox\Profiles\oola12rk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-30]
FF Extension: BetterPrivacy - C:\Users\juezie\AppData\Roaming\Mozilla\Firefox\Profiles\oola12rk.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-04-02]
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\juezie\AppData\Roaming\Mozilla\Firefox\Profiles\plhwo2u6.default-1343411678026\Extensions\LogMeInClient@logmein.com [2014-11-10]
FF Extension: YouTube Unblocker - C:\Users\juezie\AppData\Roaming\Mozilla\Firefox\Profiles\plhwo2u6.default-1343411678026\Extensions\youtubeunblocker@unblocker(5).yt [2013-10-10]
FF Extension: No Name - C:\Users\juezie\AppData\Roaming\Mozilla\Firefox\Profiles\plhwo2u6.default-1343411678026\Extensions\helper@savefrom.net.xpi [2013-06-26]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-11-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-10-25]
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-03-08]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\juezie\AppData\Local\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\juezie\AppData\Local\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\juezie\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\juezie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\juezie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-26]
CHR Extension: (RealDownloader) - C:\Users\juezie\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-12]
CHR Extension: (Google Wallet) - C:\Users\juezie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0175631417077861mcinstcleanup; C:\Windows\TEMP\017563~1.EXE [851136 2014-08-08] (McAfee, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-09-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-07-18] (McAfee, Inc.)
S3 Microsoft Office Groove Audit Service; D:\programme\office 2007\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
S3 NBService; D:\programme\nero\Nero 7\Nero BackItUp\NBService.exe [724992 2006-10-09] (Nero AG) [File not signed]
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2034472 2013-10-23] (O&O Software GmbH)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S2 SkypeUpdate; D:\programme\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [120616 2013-11-26] (SlySoft, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-07-18] (McAfee, Inc.)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S3 GUCI_AVS; C:\Windows\System32\DRIVERS\GUCI_AVS.sys [560128 2008-09-02] (PixArt Imaging Incorporation)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238368 2014-07-18] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371288 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575984 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-07-18] (McAfee, Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software)
S3 IpInIp; No ImagePath
S4 LMIRfsClientNP; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S3 SANDRA; \??\D:\programme\SiSoftware Sandra Lite 2011.SP5\WNt500x86\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-27 10:58 - 2014-11-27 10:59 - 00020449 _____ () C:\Users\juezie\Desktop\FRST.txt
2014-11-27 10:58 - 2014-11-27 10:58 - 00000000 ____D () C:\FRST
2014-11-27 10:56 - 2014-11-27 10:56 - 01109504 _____ (Farbar) C:\Users\juezie\Desktop\FRST.exe
2014-11-27 10:52 - 2014-11-27 10:54 - 00000474 _____ () C:\Users\juezie\Desktop\defogger_disable.log
2014-11-27 10:52 - 2014-11-27 10:52 - 00000000 _____ () C:\Users\juezie\defogger_reenable
2014-11-27 10:46 - 2014-11-27 10:46 - 00050477 _____ () C:\Users\juezie\Desktop\Defogger.exe
2014-11-27 09:41 - 2014-11-27 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-26 22:22 - 2014-11-26 22:22 - 00000000 ____D () C:\ProgramData\Doctor Web
2014-11-26 21:58 - 2014-11-26 22:24 - 00000000 ____D () C:\Users\juezie\Doctor Web
2014-11-26 21:55 - 2014-11-26 21:56 - 157194904 _____ () C:\Users\juezie\Desktop\d56ldhsb.exe
2014-11-26 18:53 - 2014-11-26 18:53 - 00000466 __RSH () C:\ProgramData\ntuser.pol
2014-11-26 16:05 - 2014-11-26 16:05 - 00347816 _____ (Microsoft Corporation) C:\Users\juezie\Desktop\MicrosoftFixit.wu.Run.exe
2014-11-26 16:05 - 2014-11-26 16:05 - 00000000 ____D () C:\Program Files\Microsoft ATS
2014-11-26 15:02 - 2014-11-26 17:37 - 00000000 ____D () C:\Users\juezie\AppData\Roaming\Voub
2014-11-26 15:02 - 2014-11-26 15:45 - 00000000 ____D () C:\Users\juezie\AppData\Roaming\Heyvm
2014-11-25 14:44 - 2014-11-25 14:44 - 00000000 ____D () C:\Users\juezie\Desktop\HDI
2014-11-21 08:05 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 12:22 - 2014-11-19 12:22 - 00094108 _____ () C:\Users\juezie\Desktop\email_11_20141119 farinato .eml
2014-11-13 16:20 - 2014-11-27 09:38 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff554c73127b.job
2014-11-13 10:35 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 10:35 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 10:35 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 10:35 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 10:34 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 10:34 - 2014-09-19 01:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 10:34 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 10:34 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 10:32 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 10:32 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 10:32 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 10:32 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 10:32 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 10:31 - 2014-10-18 02:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 10:26 - 2014-10-13 00:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 10:25 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 10:25 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 10:25 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 10:25 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 10:25 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 10:25 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 10:25 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-13 10:25 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 10:25 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 10:25 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-13 10:25 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 10:25 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 10:25 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 10:25 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 10:25 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 10:25 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 10:25 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 10:25 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-13 10:25 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-13 10:25 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-13 10:25 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 07:27 - 2014-11-12 07:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-27 10:52 - 2011-10-25 20:44 - 00000000 ____D () C:\Users\juezie
2014-11-27 10:25 - 2014-05-07 07:03 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf69ba102e6cc2.job
2014-11-27 10:11 - 2014-06-22 18:54 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-870471159-2228910714-4138821581-1000UA1cf8e42fe192187.job
2014-11-27 09:44 - 2014-08-18 13:36 - 00000000 ____D () C:\Program Files\McAfee
2014-11-27 09:43 - 2008-01-21 02:39 - 01109900 _____ () C:\Windows\WindowsUpdate.log
2014-11-27 09:38 - 2013-12-11 08:45 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef644eadb106b.job
2014-11-27 09:37 - 2011-11-19 12:06 - 08112254 _____ () C:\Windows\PFRO.log
2014-11-27 09:37 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-27 09:37 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-27 09:37 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-26 22:39 - 2006-11-02 14:01 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-26 19:32 - 2013-10-01 13:59 - 00000000 ____D () C:\Program Files\jv16 PowerTools 2014
2014-11-26 18:53 - 2006-11-02 12:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-26 14:16 - 2014-08-01 08:37 - 00000000 ____D () C:\Users\juezie\Documents\Syncios
2014-11-26 13:55 - 2012-12-26 15:13 - 00000000 ____D () C:\Users\juezie\AppData\Roaming\KastorAllVideoDownloader
2014-11-26 13:11 - 2014-04-02 13:43 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-870471159-2228910714-4138821581-1000Core1cf4e711fa432f5.job
2014-11-25 14:37 - 2006-11-02 11:33 - 01427406 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-25 13:08 - 2012-04-16 07:58 - 00000000 ____D () C:\Users\juezie\Documents\schriftverkehr 2
2014-11-22 09:26 - 2012-09-04 18:04 - 00000000 ____D () C:\Users\juezie\AppData\Roaming\Dropbox
2014-11-21 11:31 - 2012-09-04 18:05 - 00000000 ____D () C:\Users\juezie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-19 08:51 - 2013-10-15 08:21 - 00000000 ____D () C:\Users\juezie\AppData\Roaming\vlc
2014-11-19 08:45 - 2011-10-28 07:01 - 00108032 _____ () C:\Users\juezie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-19 07:41 - 2011-11-05 19:38 - 00000000 ____D () C:\Users\juezie\AppData\Roaming\Skype
2014-11-19 07:32 - 2012-04-01 07:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-19 07:32 - 2011-10-26 09:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-13 11:09 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-13 10:57 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-11-13 10:38 - 2014-05-14 11:15 - 00373792 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 10:36 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-11-13 10:35 - 2011-10-30 09:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 10:31 - 2013-07-11 10:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 10:26 - 2006-11-02 11:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-13 10:14 - 2014-01-28 09:31 - 00360448 _____ () C:\Windows\system32\config\DEFAULT.jv16pt_bak
2014-11-13 10:14 - 2014-01-28 09:30 - 48312320 _____ () C:\Windows\system32\config\SOFTWARE.jv16pt_bak
2014-11-13 05:38 - 2013-06-25 11:00 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-04 14:30 - 2012-05-07 09:16 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\juezie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptuguxl.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-27 09:43

==================== End Of Log ============================


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-11-2014 01
Ran by juezie at 2014-11-27 10:59:14
Running from C:\Users\juezie\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.3.9.0 - SlySoft)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics Registry Cleaner (HKLM\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 3.5.4.0 - Auslogics Labs Pty Ltd)
Banking Browser 2011 -Testversion- (HKLM\...\BankingBrowser 2011_is1) (Version:  - SRWare)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden
CanoScan Toolbox Ver4.5 (HKLM\...\{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}) (Version:  - )
CloneCD (HKLM\...\CloneCD) (Version:  - SlySoft)
CloneDVD2 (HKLM\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
Dell Driver Download Manager (HKU\S-1-5-21-870471159-2228910714-4138821581-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.10.0000 - Ihr Firmenname)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-870471159-2228910714-4138821581-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FastStone Capture 5.3 (HKLM\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
Google Chrome (HKU\S-1-5-21-870471159-2228910714-4138821581-1000\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
hp deskjet 5800 (HKLM\...\{D9C04F80-677F-42EC-9907-6132025CD478}) (Version: 1.00.0000 - Hewlett-Packard)
iCloud (HKLM\...\{925F1DB6-E86E-4378-9091-D1F68B0583C9}) (Version: 2.1.2.8 - Apple Inc.)
iFunbox (v2.6.2375.747), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.6.2375.747 - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java(TM) 6 Update 33 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
jv16 PowerTools 2014 (HKLM\...\jv16 PowerTools 2014) (Version:  - Macecraft Software)
Kastor - All Video Downloader V 5.9.2 (HKLM\...\{CB84FEF5-C573-4328-B9AF-B28568A4E10E}_is1) (Version: 5.9.2.0 - KastorSoft)
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LogMeIn (HKLM\...\{CB7AF84A-1B7F-4C6B-8A58-EB7CDE48C23A}) (Version: 4.1.3268 - LogMeIn, Inc.)
Manual CanoScan LiDE 35 (HKLM\...\{6AA4C799-BF98-4573-9C83-0C8E4EA46D14}) (Version:  - )
McAfee Internet Security (HKLM\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version:  - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 33.1 (x86 de) (HKLM\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Nero 7 Ultra Edition (HKLM\...\{F14B8ECC-BDA0-4987-9201-D7B7DBE11031}) (Version: 7.02.0936 - Nero AG)
O&O Defrag Professional (HKLM\...\{28BA9F7E-AEAA-4CC1-9F13-B1CCD284C8CE}) (Version: 16.0.367 - O&O Software GmbH)
OmniPage SE 2.0 (HKLM\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0000 - ScanSoft, Inc.)
PrintScreen (HKLM\...\{CFD1B282-555D-494d-8231-4175C2AF08C2}) (Version: 5.30.0.131 - Hewlett-Packard)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Registry Trash Keys Finder (Freeware) (HKLM\...\Registry Trash Keys Finder) (Version: 3.9.1.1 - SNC)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Special Uninstaller version 2.0 (HKLM\...\{46744C87-EE41-4BA3-A444-C2DECC145FC0}_is1) (Version: 2.0 - hxxp://www.specialuninstaller.com/)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syncios version 2.1.2 (HKLM\...\{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1) (Version: 2.1.2 - Anvsoft, Inc.)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Tinypic 3.18 (HKLM\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.340 - TuneUp Software) Hidden
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
USB2.0 PC Camera (HKLM\...\{C6A0FD8A-F107-44CA-AA1B-49341936F76A}) (Version: 1.0.22 - Ihr Firmenname)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\juezie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\juezie\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\juezie\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\juezie\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\juezie\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\juezie\AppData\Local\Google\Chrome\Application\39.0.2171.71\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{AC7B8464-A896-4A6E-993D-1A816A56C541}\InprocServer32 -> C:\Program Files\Hewlett-Packard\webreg\bin\hpqconn.dll ()
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\juezie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\juezie\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\juezie\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{DAEF8078-EA44-4338-B4A0-67E957601676}\InprocServer32 -> C:\Program Files\Hewlett-Packard\HP Software Update\HPWUIOCli.dll (Hewlett-Packard)
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\juezie\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\juezie\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\juezie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\juezie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\juezie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\juezie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\juezie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\juezie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\juezie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-870471159-2228910714-4138821581-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\juezie\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

18-11-2014 07:30:14 Geplanter Prüfpunkt
19-11-2014 13:59:33 Geplanter Prüfpunkt
20-11-2014 08:29:17 Geplanter Prüfpunkt
21-11-2014 07:04:39 Windows Update
22-11-2014 12:14:49 Geplanter Prüfpunkt
23-11-2014 09:48:10 Geplanter Prüfpunkt
24-11-2014 08:36:19 Geplanter Prüfpunkt
25-11-2014 15:46:22 Geplanter Prüfpunkt
26-11-2014 10:51:41 Geplanter Prüfpunkt
26-11-2014 15:07:01 Wiederherstellungspunkt vor Fehlerhafte Patchregistrierungsschlüssel
26-11-2014 15:42:38 Windows Update
26-11-2014 20:37:34 punkt vor reinigung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A6DC02B-8100-4754-B39F-ADE1058D88A7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-870471159-2228910714-4138821581-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {249056B4-A046-4D27-8931-FD028E1FB9B2} - System32\Tasks\Google Updater and Installer => C:\Users\juezie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-06] (Google Inc.)
Task: {328EE2B1-4666-4A7B-98C5-D696BA5F00EB} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-870471159-2228910714-4138821581-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-29] (RealNetworks, Inc.)
Task: {405837C5-4372-43C2-A142-4CB95DCC6F2D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-870471159-2228910714-4138821581-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {4A695F7B-399C-45A8-BC1E-23B89826B605} - System32\Tasks\GoogleUpdateTaskMachineUA1cf69ba102e6cc2 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {5D4279EE-B361-443C-84C9-7874AF38EBA9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-870471159-2228910714-4138821581-1000UA1cf8e42fe192187 => C:\Users\juezie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-06] (Google Inc.)
Task: {61FA5BF7-F845-4D86-B781-693536E8F53A} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: {66A1EACD-2565-4E90-B50E-E9607EC4C1EC} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {7291DC7A-4CDB-4CF3-9887-F1A62B8FC754} - System32\Tasks\GoogleUpdateTaskMachineCore1cfff554c73127b => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {779E132F-2C21-4B26-BC57-C6248DB6BA5D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-870471159-2228910714-4138821581-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {851CE2B3-E74E-4DA8-A120-93839CD19494} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {8585E4C2-38FF-4557-9D16-B56186AC49B5} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe
Task: {A92A503F-6549-4298-A9FA-ADD8975F9DB1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-870471159-2228910714-4138821581-1000Core1cf4e711fa432f5 => C:\Users\juezie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-06] (Google Inc.)
Task: {A94239E5-E3A1-421C-B5DD-364C60FF16D4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-870471159-2228910714-4138821581-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {BDF1ECAC-8D55-4E8B-8BE6-B0E8EBEEF0DD} - System32\Tasks\GoogleUpdateTaskMachineCore1cef644eadb106b => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {CD159193-52E6-4718-A2D6-2A16C2218E8E} - System32\Tasks\{F20FEB83-10BB-4554-9E9B-98B7DDB971E9} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.6.0.110/de/abandoninstall?page=tsOptions&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {E54C6D5A-DD73-49B4-9444-0A1FEE7B03AE} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => D:\programme\downloaderSP\Update\realsched.exe [2013-03-08] (RealNetworks, Inc.)
Task: {E5D41908-BD1D-43E4-994D-7FD1B4130AAF} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-870471159-2228910714-4138821581-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {E5F7E14D-F5CC-46AC-9185-BFB76BC2DCC5} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-870471159-2228910714-4138821581-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef644eadb106b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfff554c73127b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf69ba102e6cc2.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-870471159-2228910714-4138821581-1000Core1cf4e711fa432f5.job => C:\Users\juezie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-870471159-2228910714-4138821581-1000UA1cf8e42fe192187.job => C:\Users\juezie\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-29 20:31 - 2012-11-29 20:31 - 00038608 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-07-16 09:24 - 2014-07-16 09:24 - 00585528 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2011-10-29 21:55 - 2007-09-20 17:34 - 00129024 _____ () D:\programme\winRAR\rarext.dll
2014-11-26 14:16 - 2014-11-25 07:39 - 09009480 _____ () C:\Users\juezie\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-26 14:16 - 2014-11-25 07:39 - 01677128 _____ () C:\Users\juezie\AppData\Local\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:2151713BB55D0435
AlternateDataStreams: C:\Users\juezie\Desktop\email_11_20141119 farinato .eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AdobeARM.exe => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CloneCDTray.exe => "D:\programme\slysoft div\CloneCD\CloneCDTray.exe" /s
MSCONFIG\startupreg: GrooveMonitor.exe => "D:\programme\office 2007\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HPWuSchd.exe => "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
MSCONFIG\startupreg: NeroCheck.exe => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: oodtray.exe => 
MSCONFIG\startupreg: sidebar.exe => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

========================= Accounts: ==========================

Administrator (S-1-5-21-870471159-2228910714-4138821581-500 - Administrator - Disabled)
Gast (S-1-5-21-870471159-2228910714-4138821581-501 - Limited - Disabled)
juezie (S-1-5-21-870471159-2228910714-4138821581-1000 - Administrator - Enabled) => C:\Users\juezie

==================== Faulty Device Manager Devices =============

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Serieller PCI-Anschluss
Description: Serieller PCI-Anschluss
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/27/2014 09:39:56 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE INTERNET SECURITY.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (11/27/2014 09:39:56 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE INTERNET SECURITY.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (11/27/2014 09:38:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2014 09:07:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2014 08:54:25 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE INTERNET SECURITY.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (11/26/2014 08:54:25 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE INTERNET SECURITY.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (11/26/2014 08:47:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2014 07:49:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2014 07:01:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2014 06:59:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (11/27/2014 09:38:25 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (11/26/2014 09:07:28 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (11/26/2014 08:46:51 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (11/26/2014 07:49:13 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (11/26/2014 07:00:54 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (11/26/2014 06:56:55 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (11/26/2014 06:49:36 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (11/26/2014 04:41:00 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (11/26/2014 04:28:57 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (11/26/2014 04:26:24 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}


Microsoft Office Sessions:
=========================
Error: (10/24/2014 08:35:33 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/23/2014 00:45:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/16/2013 05:46:46 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/13/2013 11:41:37 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/12/2012 08:35:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2012-07-25 12:49:32.492
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-25 12:49:19.113
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-25 12:48:58.668
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-25 12:48:16.987
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-25 12:47:44.650
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-25 12:47:03.992
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-25 12:46:21.118
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-06-28 09:14:42.641
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-06-28 09:14:41.695
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-06-28 09:14:41.639
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 59%
Total physical RAM: 2019.88 MB
Available physical RAM: 817.2 MB
Total Pagefile: 4276.76 MB
Available Pagefile: 2796.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:63.48 GB) (Free:23.19 GB) NTFS
Drive d: () (Fixed) (Total:169.35 GB) (Free:139.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: FF38A315)
Partition 1: (Not Active) - (Size=63.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=169.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


ok, die 2 logfiles wie in mail gefordert. danke

 

Themen zu PWS-Zbot.a: Heftiger Angriff bei Online Banking/Webbrowser
askbar, backdoor, blockiert, defender, ebanking, fehlercode 0x0, fehlercode 28, fehlercode windows, flash player, google, homepage, iexplore.exe, java/exploit.agent.nci, js/securitydisabler.a.gen, onlinebanking trojaner, programm, remote access, rundll, safer networking, services.exe, software, svchost.exe, system, the drivers for this device are not installed. (code 28), trojaner, windows


« Iminent Chrome startup url | hatte keine Internetverbundung und habe mit FRST was versucht und weiß nicht weiter »


Ähnliche Themen: PWS-Zbot.a: Heftiger Angriff bei Online Banking/Webbrowser


  1. Secure Banking - Online Banking auf der sicheren Seite!
    Archiv - 29.08.2016 (471)
  2. Angriff auf Datennetz des Bundestags wohl heftiger als angenommen
    Nachrichten - 20.05.2015 (0)
  3. Playstation- und Xbox-Dienste nach Angriff wieder online
    Nachrichten - 27.12.2014 (0)
  4. Online Banking; sms-TAN
    Plagegeister aller Art und deren Bekämpfung - 30.10.2013 (1)
  5. Trojan.Zbot während Online-Banking
    Log-Analyse und Auswertung - 02.06.2013 (15)
  6. Sparkassen Onlin Banking Virus (Zbot.HEEP, Agent.MIXC, Zbot, Agent.ED)
    Plagegeister aller Art und deren Bekämpfung - 18.05.2013 (21)
  7. Win32/Spy.Zbot.AAO: Online-Banking Trojaner? Firefox reagiert nicht, tidu.exe im Task-Manager
    Log-Analyse und Auswertung - 11.05.2013 (27)
  8. Online-Banking-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (14)
  9. Telekombrief ZeuS/ZBot (Online-Banking-Trojaner)
    Log-Analyse und Auswertung - 29.11.2012 (37)
  10. Angriff auf Online-Banking
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (7)
  11. Online-Banking-Trojaner bzw schädliche ZeuS/ZBot-Software
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (9)
  12. Online Banking gesperrt-Zeus2/Zbot- Formatierung empfohlen?
    Log-Analyse und Auswertung - 01.11.2012 (5)
  13. Müll aus Secure Banking - Online Banking auf der sicheren Seite!
    Mülltonne - 04.10.2012 (0)
  14. Facebook reagiert gelassen auf angedrohten Online-Angriff
    Nachrichten - 04.11.2011 (0)
  15. Online Banking - TAN Abfrage beim Banking - Trojaner?
    Log-Analyse und Auswertung - 12.08.2011 (3)
  16. Trojaner Angriff auf Online Bankkonto (TR/Jorik.SpyEyes.no)
    Log-Analyse und Auswertung - 28.06.2011 (30)
  17. Online Banking
    Log-Analyse und Auswertung - 16.12.2009 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema PWS-Zbot.a: Heftiger Angriff bei Online Banking/Webbrowser - hallo admin, angriff beim onlinebanking über browser. totaler scan mit McAfee I/Security ausgeführt. 2 trojaner gefunden. PWS-Zbot.a!env und Generic-FAVO! . Generell keine wahrnehmbaren unregelmäßigkeiten bei der Ops. des PCs vorher - PWS-Zbot.a: Heftiger Angriff bei Online Banking/Webbrowser...
Archiv
Du betrachtest: PWS-Zbot.a: Heftiger Angriff bei Online Banking/Webbrowser auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131