![]() |
|
Log-Analyse und Auswertung: Windows 8 - Browsereingaben werden auf Werbung umgeleitetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() ![]() | ![]() Windows 8 - Browsereingaben werden auf Werbung umgeleitet Hallo, bereits zum zweiten Mal muss ich dieses Forum mit meinen Problemen belästigen: Alle installierten Browser (IE, Firefox und Opera, zuletzt auch Google Chrome) versagen ihren Dienst. Nach Eingabe erfolgt eine Weiterleitung auf eine Werbeseite. Oft werden Programme angeboten um Mal- oder andere Schadsoftware zu entfernen. Auch sind die richtigen Seiten, wenn mal geöffnet, übersät von Werbebannern. Heute kam es mehrfach vor, dass Mails während des Schreibens plötzlich verschwanden. Der Scan mit GMER hat erst im zweiten Anlauf funktioniert. Beim ersten mal stürzte der komplette PC ab und musste neu gestartet werden. Ich hoffe, man kann mir hier - wie beim letzten Mal - weiterhelfen. Hier die Logfiles (eigene habe ich nicht!) DEFOGGER: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 18:51 on 04/02/2015 (Jürgen) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 Ran by Jürgen (administrator) on JUES-LINKER-PC on 04-02-2015 18:54:39 Running from C:\Users\Jürgen\Downloads Loaded Profiles: Jürgen (Available profiles: Jürgen) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (deltra Business Software GmbH & Co. KG) C:\orgaMAX\orgamaxmobil_service.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Sysinternals - www.sysinternals.com) C:\Users\Jürgen\Downloads\Desktops2\Desktops.exe (Comfort Software Group) C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) F:\Programme\Office15\ONENOTEM.EXE (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe (Microsoft Corporation) F:\Programme\Office15\OUTLOOK.EXE (deltra Business Software GmbH & Co KG) C:\orgaMAX\orgaMAX.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe (Microsoft Corporation) F:\Programme\Office15\EXCEL.EXE (Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe (Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxTrayapp.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-03-08] (Realtek Semiconductor) HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64 HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.) HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2004-08-27] (Ulead Systems, Inc.) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-02-10] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-02-10] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications)) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Sysinternals Desktops] => C:\Users\Jürgen\Downloads\Desktops2\Desktops.exe [116824 2012-10-17] (Sysinternals - www.sysinternals.com) HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit) HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [FreeCT] => C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe [2432280 2014-02-25] (Comfort Software Group) HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Amazon Music] => C:\Users\Jürgen\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] () HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) IFEO\asctray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\dropboxuninstaller.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\isuspm.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\paprport.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\pppagevw.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\ppscandr.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\scannerwizardu.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> F:\Programme\Office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> DefaultScope {458A82B9-CC63-4CFB-B419-E882E45AAE5F} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE662D20140130&p={SearchTerms} SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> {458A82B9-CC63-4CFB-B419-E882E45AAE5F} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE662D20140130&p={SearchTerms} SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> {7139F5BB-2061-40E5-AF0D-6FADC7BA4AFE} URL = BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> F:\Programme\Office15\OCHelper.dll (Microsoft Corporation) BHO: SMartCOmpArre -> {3ba224c4-2a46-402d-aeba-748f8e824494} -> C:\ProgramData\SMartCOmpArre\JcKCGrbB2uh9yv.x64.dll () BHO: KiingCoUpeoonn -> {3e1a9f93-d41b-4561-8949-30ade70e70bb} -> C:\Program Files (x86)\KiingCoUpeoonn\nqu4pouMyztZzH.x64.dll () BHO: ExtraShopper -> {4cc67542-bea2-437a-a5b5-250b35d73051} -> C:\ProgramData\ExtraShopper\EQvjM1QU0kzZ2g.x64.dll () BHO: CCouPScaananer -> {7ed4bc59-05d0-47bc-9339-047a64f91823} -> C:\ProgramData\CCouPScaananer\lEX3oQIoQ2hnWg.x64.dll () BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO: TicTaCoupon -> {b5020b2d-494a-4c9f-bc0a-b1b8a778359b} -> C:\ProgramData\TicTaCoupon\wsyLT7jBeRhNIn.x64.dll () BHO: BetteerPPriCeChEco -> {cb88c086-d521-4ab7-b384-2b98b81c975b} -> C:\ProgramData\BetteerPPriCeChEco\8tYd5KMAX9JC58.x64.dll () BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: ApptoU -> {d7e27882-1545-44e4-ba10-18a5ca11d053} -> C:\ProgramData\ApptoU\tkvwBlYvSpiy67.x64.dll () BHO: SofTCOup -> {da90a060-22d7-473d-a0e1-e056a0709e94} -> C:\ProgramData\SofTCOup\XkLKDhJFiZy8xT.x64.dll () BHO: FlashCouponu -> {e3c1f8ff-652e-4eb4-89a0-4e63cf982439} -> C:\ProgramData\FlashCouponu\e54O7BVCn5RfMs.x64.dll () BHO: dealpeak -> {e5d45e03-27b5-4ed3-b51a-127efd16e258} -> C:\ProgramData\dealpeak\oN0bqJBElzWVkV.x64.dll () BHO: toopbbuyer -> {fcf9b259-6a6a-464d-9a2d-569451a77b07} -> C:\ProgramData\toopbbuyer\0pFsb93x9csNuQ.x64.dll () BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: SMartCOmpArre -> {3ba224c4-2a46-402d-aeba-748f8e824494} -> C:\ProgramData\SMartCOmpArre\JcKCGrbB2uh9yv.dll () BHO-x32: KiingCoUpeoonn -> {3e1a9f93-d41b-4561-8949-30ade70e70bb} -> C:\Program Files (x86)\KiingCoUpeoonn\nqu4pouMyztZzH.dll () BHO-x32: CCouPScaananer -> {7ed4bc59-05d0-47bc-9339-047a64f91823} -> C:\ProgramData\CCouPScaananer\lEX3oQIoQ2hnWg.dll No File BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO-x32: BetteerPPriCeChEco -> {cb88c086-d521-4ab7-b384-2b98b81c975b} -> C:\ProgramData\BetteerPPriCeChEco\8tYd5KMAX9JC58.dll () BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: SofTCOup -> {da90a060-22d7-473d-a0e1-e056a0709e94} -> C:\ProgramData\SofTCOup\XkLKDhJFiZy8xT.dll () BHO-x32: FlashCouponu -> {e3c1f8ff-652e-4eb4-89a0-4e63cf982439} -> C:\ProgramData\FlashCouponu\e54O7BVCn5RfMs.dll () BHO-x32: toopbbuyer -> {fcf9b259-6a6a-464d-9a2d-569451a77b07} -> C:\ProgramData\toopbbuyer\0pFsb93x9csNuQ.dll No File Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.) DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Programme\Office15\MSOSB.DLL (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\mcsniepl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll () FF Plugin: @microsoft.com/SharePoint,version=14.0 -> F:\PROGRA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll () FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\forestle-de.xml FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\webde-suche.xml FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\ascsurfingprotection@iobit.com [2014-09-17] FF Extension: Cliqz Beta - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\cliqz@cliqz.com [2014-11-05] FF Extension: ProShopper - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\LRp@nFpmQ.org [2014-11-05] FF Extension: Clean the junk - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\cleanjunk@netmaster.com.ua.xpi [2014-04-21] FF Extension: Adblock Plus - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-16] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-31] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-10-31] FF HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\cliqz@cliqz.com FF Extension: No Name - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\cleanjunk@netmaster.com.ua.xpi [Not Found] FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found] FF Extension: No Name - c:\program files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (SiteAdvisor) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-09-21] CHR Extension: (Save to Google Drive) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-11-05] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-30] CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-30] Opera: ======= OPR Extension: (HQ-Video-Pro-1.9) - C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Extensions\deghekbbihbapplmbffglehkdhkeibbm [2014-04-25] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit) S4 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe [738304 2014-12-19] (Sirrix AG) [File not signed] S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-12-17] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-17] (Creative Labs) [File not signed] R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-11-13] (Freemake) [File not signed] R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-19] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.) S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation) R2 orgaMAXMobileService; C:\orgaMAX\orgamaxmobil_service.exe [4125864 2012-03-27] (deltra Business Software GmbH & Co. KG) [File not signed] S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-02-10] (Nuance Communications, Inc.) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S2 4d49a557; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\funtoshop\discountcoupons.dll",serv ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-05-09] (AVG Technologies) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-01] (Microsoft Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.) R3 debutfilter; C:\Windows\system32\DRIVERS\debutfilterx64.sys [34512 2014-09-17] () R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [468240 2014-03-08] (Intel Corporation) U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 18:54 - 2015-02-04 18:54 - 00030607 _____ () C:\Users\Jürgen\Downloads\FRST.txt 2015-02-04 18:54 - 2015-02-04 18:54 - 00000000 ____D () C:\FRST 2015-02-04 18:53 - 2015-02-04 18:53 - 02131968 _____ (Farbar) C:\Users\Jürgen\Downloads\FRST64.exe 2015-02-04 18:51 - 2015-02-04 18:51 - 00000474 _____ () C:\Users\Jürgen\Downloads\defogger_disable.log 2015-02-04 18:51 - 2015-02-04 18:51 - 00000000 _____ () C:\Users\Jürgen\defogger_reenable 2015-02-04 18:50 - 2015-02-04 18:50 - 00050477 _____ () C:\Users\Jürgen\Downloads\Defogger.exe 2015-02-04 18:32 - 2015-02-04 18:32 - 00001247 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box.lnk 2015-02-04 18:32 - 2015-02-04 18:32 - 00001235 _____ () C:\Users\Public\Desktop\Browser in the Box.lnk 2015-02-04 18:32 - 2015-02-04 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box 2015-02-04 18:32 - 2014-12-12 16:02 - 00915864 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2015-02-04 18:32 - 2014-12-12 16:01 - 00127408 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2015-02-04 17:57 - 2015-02-04 18:26 - 528783976 _____ (Sirrix AG) C:\Users\Jürgen\Downloads\Browser_In_The_Box.4.0.0-r30.firefox.Archive.exe 2015-02-02 20:51 - 2015-02-02 20:51 - 00000000 ____D () C:\Program Files (x86)\Search Slate 2015-02-02 20:51 - 2015-02-02 20:51 - 00000000 ____D () C:\Program Files (x86)\RRoyaliCCoauppon 2015-02-02 20:51 - 2015-02-02 20:51 - 00000000 ____D () C:\Program Files (x86)\KiingCoUpeoonn 2015-02-02 19:33 - 2014-10-01 12:18 - 00189920 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe 2015-02-02 19:28 - 2015-02-02 19:28 - 00001864 _____ () C:\Users\Public\Desktop\McAfee LiveSafe – Internet Security.lnk 2015-02-02 19:28 - 2015-02-02 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2015-02-02 19:11 - 2015-02-02 19:11 - 00000000 ____D () C:\Users\Jürgen\Downloads\BitBoxScreenshots 2015-02-02 17:46 - 2015-01-24 21:20 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-02 17:46 - 2015-01-24 21:20 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-02 17:13 - 2015-02-02 17:47 - 1028629988 _____ () C:\Users\Jürgen\Downloads\Strafsache_4_Ks_2_63_Der_Prozess_Auschwitz_vor_dem_Frankfurter_Schwurgeri_2015-02-02_0230_465367.mp4 2015-01-29 09:59 - 2015-01-29 09:59 - 00001542 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Calculator (2).lnk 2015-01-29 09:34 - 2015-01-29 09:34 - 00001542 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Calculator.lnk 2015-01-28 19:11 - 2015-01-28 19:11 - 00000000 ____D () C:\Users\Jürgen\Documents\Fax 2015-01-14 04:31 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 04:31 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 04:31 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys 2015-01-14 04:31 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 04:31 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2015-01-14 04:31 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-01-14 04:31 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2015-01-14 04:31 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2015-01-14 04:31 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2015-01-14 04:31 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-01-14 04:31 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe 2015-01-14 04:31 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe 2015-01-14 04:31 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-01-14 04:31 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 04:31 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2015-01-14 04:31 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2015-01-14 04:31 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2015-01-14 04:31 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-01-14 04:31 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-01-14 04:31 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-01-14 04:31 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-01-14 04:31 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2015-01-14 04:31 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2015-01-14 04:31 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-01-14 04:31 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-01-14 04:31 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-01-14 04:31 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2015-01-14 04:31 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll 2015-01-14 04:31 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-01-14 04:31 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-01-14 04:31 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-06 12:27 - 2015-02-02 18:16 - 00000000 ____D () C:\ProgramData\toopbbuyer 2015-01-06 12:27 - 2015-02-02 18:15 - 00000000 ____D () C:\ProgramData\CCouPScaananer ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 18:54 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-02-04 18:51 - 2014-01-30 19:09 - 00000000 ____D () C:\Users\Jürgen 2015-02-04 18:50 - 2014-02-22 14:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-04 18:47 - 2014-02-15 14:58 - 00000000 ____D () C:\Users\Jürgen\Documents\Outlook-Dateien 2015-02-04 18:40 - 2014-02-02 11:21 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\CrashDumps 2015-02-04 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF 2015-02-04 18:37 - 2014-01-30 19:14 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1791603094-1891881837-2934167099-1002 2015-02-04 18:32 - 2014-11-05 09:47 - 00000000 ____D () C:\ProgramData\Sirrix AG 2015-02-04 18:32 - 2014-11-05 09:47 - 00000000 ____D () C:\Program Files (x86)\Sirrix AG 2015-02-04 18:32 - 2013-12-17 09:34 - 01944324 _____ () C:\Windows\WindowsUpdate.log 2015-02-04 18:18 - 2014-02-15 14:15 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Deployment 2015-02-04 18:09 - 2014-10-09 19:37 - 00000000 ____D () C:\ProgramData\firebird 2015-02-04 18:09 - 2014-04-23 17:03 - 00000000 ____D () C:\orgaMAX 2015-02-04 18:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2015-02-04 18:00 - 2014-12-10 17:42 - 00005058 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jues-linker-PC-Jürgen Jues-linker-PC 2015-02-04 17:55 - 2013-12-14 21:12 - 00764340 _____ () C:\Windows\system32\perfh007.dat 2015-02-04 17:55 - 2013-12-14 21:12 - 00159160 _____ () C:\Windows\system32\perfc007.dat 2015-02-04 17:55 - 2013-10-31 04:21 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-04 17:50 - 2014-12-02 16:09 - 00008984 _____ () C:\Windows\setupact.log 2015-02-04 17:49 - 2013-12-17 09:48 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-02-04 17:49 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-04 17:16 - 2014-11-21 11:40 - 00000000 ____D () C:\Program Files (x86)\FuntoShop 2015-02-04 17:02 - 2014-11-09 15:58 - 00268150 _____ () C:\Windows\PFRO.log 2015-02-04 14:06 - 2014-01-30 20:15 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{38F4835D-E6D6-4DEB-A393-1A67AC725234} 2015-02-03 09:40 - 2014-01-31 20:49 - 00000000 ____D () C:\ProgramData\TuneUp Software 2015-02-03 08:28 - 2014-02-16 18:38 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0 2015-02-03 08:23 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-02-02 20:51 - 2014-12-13 20:34 - 00000000 ____D () C:\ProgramData\16724744141051052375 2015-02-02 19:34 - 2013-10-31 04:30 - 00000000 ____D () C:\ProgramData\McAfee 2015-02-02 19:33 - 2013-10-31 04:30 - 00000000 ____D () C:\Program Files\Common Files\mcafee 2015-02-02 19:33 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP 2015-02-02 17:46 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-02-01 17:17 - 2014-01-30 19:09 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Packages 2015-02-01 16:50 - 2014-02-22 14:52 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-01 16:30 - 2014-02-22 15:13 - 00318976 ___SH () C:\Users\Jürgen\Desktop\Thumbs.db 2015-01-29 19:21 - 2014-08-03 09:51 - 00000000 ____D () C:\Users\Jürgen\Documents\CyberLink 2015-01-29 19:21 - 2013-12-17 10:04 - 00000000 ____D () C:\Users\Public\CyberLink 2015-01-29 19:21 - 2013-12-17 10:04 - 00000000 ____D () C:\ProgramData\CyberLink 2015-01-29 19:21 - 2013-12-17 09:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-29 19:12 - 2014-05-10 10:42 - 00000000 ____D () C:\ProgramData\ProductData 2015-01-29 19:11 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-01-29 12:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\FxsTmp 2015-01-28 19:46 - 2014-02-23 19:36 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory 2015-01-26 16:11 - 2014-02-08 16:41 - 00001193 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk 2015-01-26 16:11 - 2014-02-08 16:41 - 00001169 _____ () C:\Users\Public\Desktop\GOM Player.lnk 2015-01-26 16:11 - 2014-02-08 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player 2015-01-14 08:57 - 2014-01-31 06:04 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 08:55 - 2014-01-31 06:04 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 08:55 - 2014-01-30 19:10 - 00000000 ____D () C:\Users\Jürgen\Documents\Bluetooth Folder 2015-01-12 20:42 - 2014-05-03 08:33 - 00797696 ___SH () C:\Users\Jürgen\Downloads\Thumbs.db 2015-01-07 04:47 - 2014-11-05 03:11 - 00000000 ____D () C:\ProgramData\e81a3a2f4ea4c157 ==================== Files in the root of some directories ======= 2014-03-02 14:27 - 2014-05-09 07:07 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml 2014-09-17 09:15 - 2014-10-25 16:20 - 0000096 _____ () C:\Users\Jürgen\AppData\Roaming\Camdata.ini 2014-09-17 09:15 - 2014-10-25 16:20 - 0000408 _____ () C:\Users\Jürgen\AppData\Roaming\CamLayout.ini 2014-09-17 09:15 - 2014-10-25 16:20 - 0000408 _____ () C:\Users\Jürgen\AppData\Roaming\CamShapes.ini 2014-09-17 09:15 - 2014-10-25 16:20 - 0004535 _____ () C:\Users\Jürgen\AppData\Roaming\CamStudio.cfg 2014-09-17 09:39 - 2014-09-17 09:39 - 0001167 _____ () C:\Users\Jürgen\AppData\Roaming\trace_FilterInstaller.txt 2014-09-17 09:39 - 2014-09-17 09:39 - 0000000 _____ () C:\Users\Jürgen\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt 2014-09-17 08:47 - 2014-10-25 16:20 - 0000096 _____ () C:\Users\Jürgen\AppData\Roaming\version2.xml 2014-04-19 14:04 - 2014-04-19 14:04 - 0005062 _____ () C:\ProgramData\uxxadbmu.rlu ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-29 05:53 ==================== End Of Log ============================ Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 Ran by Jürgen (administrator) on JUES-LINKER-PC on 04-02-2015 18:54:39 Running from C:\Users\Jürgen\Downloads Loaded Profiles: Jürgen (Available profiles: Jürgen) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (deltra Business Software GmbH & Co. KG) C:\orgaMAX\orgamaxmobil_service.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Sysinternals - www.sysinternals.com) C:\Users\Jürgen\Downloads\Desktops2\Desktops.exe (Comfort Software Group) C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) F:\Programme\Office15\ONENOTEM.EXE (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe (Microsoft Corporation) F:\Programme\Office15\OUTLOOK.EXE (deltra Business Software GmbH & Co KG) C:\orgaMAX\orgaMAX.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe (Microsoft Corporation) F:\Programme\Office15\EXCEL.EXE (Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe (Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxTrayapp.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-03-08] (Realtek Semiconductor) HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64 HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.) HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2004-08-27] (Ulead Systems, Inc.) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-02-10] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-02-10] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications)) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Sysinternals Desktops] => C:\Users\Jürgen\Downloads\Desktops2\Desktops.exe [116824 2012-10-17] (Sysinternals - www.sysinternals.com) HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit) HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [FreeCT] => C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe [2432280 2014-02-25] (Comfort Software Group) HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Amazon Music] => C:\Users\Jürgen\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] () HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) IFEO\asctray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\dropboxuninstaller.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\isuspm.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\paprport.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\pppagevw.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\ppscandr.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\scannerwizardu.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> F:\Programme\Office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> DefaultScope {458A82B9-CC63-4CFB-B419-E882E45AAE5F} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE662D20140130&p={SearchTerms} SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> {458A82B9-CC63-4CFB-B419-E882E45AAE5F} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE662D20140130&p={SearchTerms} SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> {7139F5BB-2061-40E5-AF0D-6FADC7BA4AFE} URL = BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> F:\Programme\Office15\OCHelper.dll (Microsoft Corporation) BHO: SMartCOmpArre -> {3ba224c4-2a46-402d-aeba-748f8e824494} -> C:\ProgramData\SMartCOmpArre\JcKCGrbB2uh9yv.x64.dll () BHO: KiingCoUpeoonn -> {3e1a9f93-d41b-4561-8949-30ade70e70bb} -> C:\Program Files (x86)\KiingCoUpeoonn\nqu4pouMyztZzH.x64.dll () BHO: ExtraShopper -> {4cc67542-bea2-437a-a5b5-250b35d73051} -> C:\ProgramData\ExtraShopper\EQvjM1QU0kzZ2g.x64.dll () BHO: CCouPScaananer -> {7ed4bc59-05d0-47bc-9339-047a64f91823} -> C:\ProgramData\CCouPScaananer\lEX3oQIoQ2hnWg.x64.dll () BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO: TicTaCoupon -> {b5020b2d-494a-4c9f-bc0a-b1b8a778359b} -> C:\ProgramData\TicTaCoupon\wsyLT7jBeRhNIn.x64.dll () BHO: BetteerPPriCeChEco -> {cb88c086-d521-4ab7-b384-2b98b81c975b} -> C:\ProgramData\BetteerPPriCeChEco\8tYd5KMAX9JC58.x64.dll () BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: ApptoU -> {d7e27882-1545-44e4-ba10-18a5ca11d053} -> C:\ProgramData\ApptoU\tkvwBlYvSpiy67.x64.dll () BHO: SofTCOup -> {da90a060-22d7-473d-a0e1-e056a0709e94} -> C:\ProgramData\SofTCOup\XkLKDhJFiZy8xT.x64.dll () BHO: FlashCouponu -> {e3c1f8ff-652e-4eb4-89a0-4e63cf982439} -> C:\ProgramData\FlashCouponu\e54O7BVCn5RfMs.x64.dll () BHO: dealpeak -> {e5d45e03-27b5-4ed3-b51a-127efd16e258} -> C:\ProgramData\dealpeak\oN0bqJBElzWVkV.x64.dll () BHO: toopbbuyer -> {fcf9b259-6a6a-464d-9a2d-569451a77b07} -> C:\ProgramData\toopbbuyer\0pFsb93x9csNuQ.x64.dll () BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: SMartCOmpArre -> {3ba224c4-2a46-402d-aeba-748f8e824494} -> C:\ProgramData\SMartCOmpArre\JcKCGrbB2uh9yv.dll () BHO-x32: KiingCoUpeoonn -> {3e1a9f93-d41b-4561-8949-30ade70e70bb} -> C:\Program Files (x86)\KiingCoUpeoonn\nqu4pouMyztZzH.dll () BHO-x32: CCouPScaananer -> {7ed4bc59-05d0-47bc-9339-047a64f91823} -> C:\ProgramData\CCouPScaananer\lEX3oQIoQ2hnWg.dll No File BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO-x32: BetteerPPriCeChEco -> {cb88c086-d521-4ab7-b384-2b98b81c975b} -> C:\ProgramData\BetteerPPriCeChEco\8tYd5KMAX9JC58.dll () BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: SofTCOup -> {da90a060-22d7-473d-a0e1-e056a0709e94} -> C:\ProgramData\SofTCOup\XkLKDhJFiZy8xT.dll () BHO-x32: FlashCouponu -> {e3c1f8ff-652e-4eb4-89a0-4e63cf982439} -> C:\ProgramData\FlashCouponu\e54O7BVCn5RfMs.dll () BHO-x32: toopbbuyer -> {fcf9b259-6a6a-464d-9a2d-569451a77b07} -> C:\ProgramData\toopbbuyer\0pFsb93x9csNuQ.dll No File Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.) DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Programme\Office15\MSOSB.DLL (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\mcsniepl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll () FF Plugin: @microsoft.com/SharePoint,version=14.0 -> F:\PROGRA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll () FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\forestle-de.xml FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\webde-suche.xml FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\ascsurfingprotection@iobit.com [2014-09-17] FF Extension: Cliqz Beta - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\cliqz@cliqz.com [2014-11-05] FF Extension: ProShopper - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\LRp@nFpmQ.org [2014-11-05] FF Extension: Clean the junk - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\cleanjunk@netmaster.com.ua.xpi [2014-04-21] FF Extension: Adblock Plus - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-16] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-31] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-10-31] FF HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\cliqz@cliqz.com FF Extension: No Name - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\cleanjunk@netmaster.com.ua.xpi [Not Found] FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found] FF Extension: No Name - c:\program files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (SiteAdvisor) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-09-21] CHR Extension: (Save to Google Drive) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-11-05] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-30] CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-30] Opera: ======= OPR Extension: (HQ-Video-Pro-1.9) - C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Extensions\deghekbbihbapplmbffglehkdhkeibbm [2014-04-25] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit) S4 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe [738304 2014-12-19] (Sirrix AG) [File not signed] S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-12-17] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-17] (Creative Labs) [File not signed] R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-11-13] (Freemake) [File not signed] R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-19] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.) S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation) R2 orgaMAXMobileService; C:\orgaMAX\orgamaxmobil_service.exe [4125864 2012-03-27] (deltra Business Software GmbH & Co. KG) [File not signed] S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-02-10] (Nuance Communications, Inc.) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S2 4d49a557; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\funtoshop\discountcoupons.dll",serv ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-05-09] (AVG Technologies) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-01] (Microsoft Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.) R3 debutfilter; C:\Windows\system32\DRIVERS\debutfilterx64.sys [34512 2014-09-17] () R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [468240 2014-03-08] (Intel Corporation) U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 18:54 - 2015-02-04 18:54 - 00030607 _____ () C:\Users\Jürgen\Downloads\FRST.txt 2015-02-04 18:54 - 2015-02-04 18:54 - 00000000 ____D () C:\FRST 2015-02-04 18:53 - 2015-02-04 18:53 - 02131968 _____ (Farbar) C:\Users\Jürgen\Downloads\FRST64.exe 2015-02-04 18:51 - 2015-02-04 18:51 - 00000474 _____ () C:\Users\Jürgen\Downloads\defogger_disable.log 2015-02-04 18:51 - 2015-02-04 18:51 - 00000000 _____ () C:\Users\Jürgen\defogger_reenable 2015-02-04 18:50 - 2015-02-04 18:50 - 00050477 _____ () C:\Users\Jürgen\Downloads\Defogger.exe 2015-02-04 18:32 - 2015-02-04 18:32 - 00001247 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box.lnk 2015-02-04 18:32 - 2015-02-04 18:32 - 00001235 _____ () C:\Users\Public\Desktop\Browser in the Box.lnk 2015-02-04 18:32 - 2015-02-04 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box 2015-02-04 18:32 - 2014-12-12 16:02 - 00915864 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2015-02-04 18:32 - 2014-12-12 16:01 - 00127408 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2015-02-04 17:57 - 2015-02-04 18:26 - 528783976 _____ (Sirrix AG) C:\Users\Jürgen\Downloads\Browser_In_The_Box.4.0.0-r30.firefox.Archive.exe 2015-02-02 20:51 - 2015-02-02 20:51 - 00000000 ____D () C:\Program Files (x86)\Search Slate 2015-02-02 20:51 - 2015-02-02 20:51 - 00000000 ____D () C:\Program Files (x86)\RRoyaliCCoauppon 2015-02-02 20:51 - 2015-02-02 20:51 - 00000000 ____D () C:\Program Files (x86)\KiingCoUpeoonn 2015-02-02 19:33 - 2014-10-01 12:18 - 00189920 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe 2015-02-02 19:28 - 2015-02-02 19:28 - 00001864 _____ () C:\Users\Public\Desktop\McAfee LiveSafe – Internet Security.lnk 2015-02-02 19:28 - 2015-02-02 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2015-02-02 19:11 - 2015-02-02 19:11 - 00000000 ____D () C:\Users\Jürgen\Downloads\BitBoxScreenshots 2015-02-02 17:46 - 2015-01-24 21:20 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-02 17:46 - 2015-01-24 21:20 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-02 17:13 - 2015-02-02 17:47 - 1028629988 _____ () C:\Users\Jürgen\Downloads\Strafsache_4_Ks_2_63_Der_Prozess_Auschwitz_vor_dem_Frankfurter_Schwurgeri_2015-02-02_0230_465367.mp4 2015-01-29 09:59 - 2015-01-29 09:59 - 00001542 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Calculator (2).lnk 2015-01-29 09:34 - 2015-01-29 09:34 - 00001542 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Calculator.lnk 2015-01-28 19:11 - 2015-01-28 19:11 - 00000000 ____D () C:\Users\Jürgen\Documents\Fax 2015-01-14 04:31 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 04:31 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 04:31 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys 2015-01-14 04:31 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 04:31 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2015-01-14 04:31 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-01-14 04:31 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2015-01-14 04:31 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2015-01-14 04:31 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2015-01-14 04:31 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-01-14 04:31 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe 2015-01-14 04:31 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe 2015-01-14 04:31 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-01-14 04:31 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 04:31 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2015-01-14 04:31 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2015-01-14 04:31 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2015-01-14 04:31 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-01-14 04:31 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-01-14 04:31 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-01-14 04:31 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-01-14 04:31 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2015-01-14 04:31 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2015-01-14 04:31 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-01-14 04:31 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-01-14 04:31 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-01-14 04:31 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2015-01-14 04:31 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll 2015-01-14 04:31 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-01-14 04:31 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-01-14 04:31 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-06 12:27 - 2015-02-02 18:16 - 00000000 ____D () C:\ProgramData\toopbbuyer 2015-01-06 12:27 - 2015-02-02 18:15 - 00000000 ____D () C:\ProgramData\CCouPScaananer ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 18:54 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-02-04 18:51 - 2014-01-30 19:09 - 00000000 ____D () C:\Users\Jürgen 2015-02-04 18:50 - 2014-02-22 14:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-04 18:47 - 2014-02-15 14:58 - 00000000 ____D () C:\Users\Jürgen\Documents\Outlook-Dateien 2015-02-04 18:40 - 2014-02-02 11:21 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\CrashDumps 2015-02-04 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF 2015-02-04 18:37 - 2014-01-30 19:14 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1791603094-1891881837-2934167099-1002 2015-02-04 18:32 - 2014-11-05 09:47 - 00000000 ____D () C:\ProgramData\Sirrix AG 2015-02-04 18:32 - 2014-11-05 09:47 - 00000000 ____D () C:\Program Files (x86)\Sirrix AG 2015-02-04 18:32 - 2013-12-17 09:34 - 01944324 _____ () C:\Windows\WindowsUpdate.log 2015-02-04 18:18 - 2014-02-15 14:15 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Deployment 2015-02-04 18:09 - 2014-10-09 19:37 - 00000000 ____D () C:\ProgramData\firebird 2015-02-04 18:09 - 2014-04-23 17:03 - 00000000 ____D () C:\orgaMAX 2015-02-04 18:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2015-02-04 18:00 - 2014-12-10 17:42 - 00005058 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jues-linker-PC-Jürgen Jues-linker-PC 2015-02-04 17:55 - 2013-12-14 21:12 - 00764340 _____ () C:\Windows\system32\perfh007.dat 2015-02-04 17:55 - 2013-12-14 21:12 - 00159160 _____ () C:\Windows\system32\perfc007.dat 2015-02-04 17:55 - 2013-10-31 04:21 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-04 17:50 - 2014-12-02 16:09 - 00008984 _____ () C:\Windows\setupact.log 2015-02-04 17:49 - 2013-12-17 09:48 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-02-04 17:49 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-04 17:16 - 2014-11-21 11:40 - 00000000 ____D () C:\Program Files (x86)\FuntoShop 2015-02-04 17:02 - 2014-11-09 15:58 - 00268150 _____ () C:\Windows\PFRO.log 2015-02-04 14:06 - 2014-01-30 20:15 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{38F4835D-E6D6-4DEB-A393-1A67AC725234} 2015-02-03 09:40 - 2014-01-31 20:49 - 00000000 ____D () C:\ProgramData\TuneUp Software 2015-02-03 08:28 - 2014-02-16 18:38 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0 2015-02-03 08:23 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-02-02 20:51 - 2014-12-13 20:34 - 00000000 ____D () C:\ProgramData\16724744141051052375 2015-02-02 19:34 - 2013-10-31 04:30 - 00000000 ____D () C:\ProgramData\McAfee 2015-02-02 19:33 - 2013-10-31 04:30 - 00000000 ____D () C:\Program Files\Common Files\mcafee 2015-02-02 19:33 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP 2015-02-02 17:46 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-02-01 17:17 - 2014-01-30 19:09 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Packages 2015-02-01 16:50 - 2014-02-22 14:52 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-01 16:30 - 2014-02-22 15:13 - 00318976 ___SH () C:\Users\Jürgen\Desktop\Thumbs.db 2015-01-29 19:21 - 2014-08-03 09:51 - 00000000 ____D () C:\Users\Jürgen\Documents\CyberLink 2015-01-29 19:21 - 2013-12-17 10:04 - 00000000 ____D () C:\Users\Public\CyberLink 2015-01-29 19:21 - 2013-12-17 10:04 - 00000000 ____D () C:\ProgramData\CyberLink 2015-01-29 19:21 - 2013-12-17 09:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-29 19:12 - 2014-05-10 10:42 - 00000000 ____D () C:\ProgramData\ProductData 2015-01-29 19:11 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-01-29 12:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\FxsTmp 2015-01-28 19:46 - 2014-02-23 19:36 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory 2015-01-26 16:11 - 2014-02-08 16:41 - 00001193 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk 2015-01-26 16:11 - 2014-02-08 16:41 - 00001169 _____ () C:\Users\Public\Desktop\GOM Player.lnk 2015-01-26 16:11 - 2014-02-08 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player 2015-01-14 08:57 - 2014-01-31 06:04 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 08:55 - 2014-01-31 06:04 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 08:55 - 2014-01-30 19:10 - 00000000 ____D () C:\Users\Jürgen\Documents\Bluetooth Folder 2015-01-12 20:42 - 2014-05-03 08:33 - 00797696 ___SH () C:\Users\Jürgen\Downloads\Thumbs.db 2015-01-07 04:47 - 2014-11-05 03:11 - 00000000 ____D () C:\ProgramData\e81a3a2f4ea4c157 ==================== Files in the root of some directories ======= 2014-03-02 14:27 - 2014-05-09 07:07 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml 2014-09-17 09:15 - 2014-10-25 16:20 - 0000096 _____ () C:\Users\Jürgen\AppData\Roaming\Camdata.ini 2014-09-17 09:15 - 2014-10-25 16:20 - 0000408 _____ () C:\Users\Jürgen\AppData\Roaming\CamLayout.ini 2014-09-17 09:15 - 2014-10-25 16:20 - 0000408 _____ () C:\Users\Jürgen\AppData\Roaming\CamShapes.ini 2014-09-17 09:15 - 2014-10-25 16:20 - 0004535 _____ () C:\Users\Jürgen\AppData\Roaming\CamStudio.cfg 2014-09-17 09:39 - 2014-09-17 09:39 - 0001167 _____ () C:\Users\Jürgen\AppData\Roaming\trace_FilterInstaller.txt 2014-09-17 09:39 - 2014-09-17 09:39 - 0000000 _____ () C:\Users\Jürgen\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt 2014-09-17 08:47 - 2014-10-25 16:20 - 0000096 _____ () C:\Users\Jürgen\AppData\Roaming\version2.xml 2014-04-19 14:04 - 2014-04-19 14:04 - 0005062 _____ () C:\ProgramData\uxxadbmu.rlu ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-29 05:53 ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-02-04 20:06:21 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000036 TOSHIBA_THNSNH128GMCT rev.HTCAN102 119,24GB Running: mm3j1gcq.exe; Driver: C:\Users\JRGEN~1\AppData\Local\Temp\kglyiaoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\dwm.exe[612] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd2e6f169a 4 bytes [6F, 2E, FD, 7F] .text C:\Windows\system32\dwm.exe[612] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd2e6f16a2 4 bytes [6F, 2E, FD, 7F] .text C:\Windows\system32\dwm.exe[612] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd2e6f181a 4 bytes [6F, 2E, FD, 7F] .text C:\Windows\system32\dwm.exe[612] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd2e6f1832 4 bytes [6F, 2E, FD, 7F] .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd2e6f169a 4 bytes [6F, 2E, FD, 7F] .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd2e6f16a2 4 bytes [6F, 2E, FD, 7F] .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd2e6f181a 4 bytes [6F, 2E, FD, 7F] .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd2e6f1832 4 bytes [6F, 2E, FD, 7F] .text C:\Windows\Explorer.EXE[1996] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd2e6f169a 4 bytes [6F, 2E, FD, 7F] .text C:\Windows\Explorer.EXE[1996] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd2e6f16a2 4 bytes [6F, 2E, FD, 7F] .text C:\Windows\Explorer.EXE[1996] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd2e6f181a 4 bytes [6F, 2E, FD, 7F] .text C:\Windows\Explorer.EXE[1996] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd2e6f1832 4 bytes [6F, 2E, FD, 7F] .text C:\Windows\system32\mfevtps.exe[2196] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffd2e6f169a 4 bytes [6F, 2E, FD, 7F] .text C:\Windows\system32\mfevtps.exe[2196] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffd2e6f16a2 4 bytes [6F, 2E, FD, 7F] .text C:\Windows\system32\mfevtps.exe[2196] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffd2e6f181a 4 bytes [6F, 2E, FD, 7F] .text C:\Windows\system32\mfevtps.exe[2196] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffd2e6f1832 4 bytes [6F, 2E, FD, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe[2544] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd2e6f169a 4 bytes [6F, 2E, FD, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe[2544] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd2e6f16a2 4 bytes [6F, 2E, FD, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe[2544] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd2e6f181a 4 bytes [6F, 2E, FD, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe[2544] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd2e6f1832 4 bytes [6F, 2E, FD, 7F] .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2636] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd2e6f169a 4 bytes [6F, 2E, FD, 7F] .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2636] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd2e6f16a2 4 bytes [6F, 2E, FD, 7F] .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2636] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd2e6f181a 4 bytes [6F, 2E, FD, 7F] .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2636] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd2e6f1832 4 bytes [6F, 2E, FD, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[2928] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd2e6f169a 4 bytes [6F, 2E, FD, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[2928] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd2e6f16a2 4 bytes [6F, 2E, FD, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[2928] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd2e6f181a 4 bytes [6F, 2E, FD, 7F] .text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[2928] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd2e6f1832 4 bytes [6F, 2E, FD, 7F] .text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4764] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffd18451f6a 4 bytes [45, 18, FD, 7F] .text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4764] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffd18451f82 4 bytes [45, 18, FD, 7F] .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[5012] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffd2e6f169a 4 bytes [6F, 2E, FD, 7F] .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[5012] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffd2e6f16a2 4 bytes [6F, 2E, FD, 7F] .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[5012] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffd2e6f181a 4 bytes [6F, 2E, FD, 7F] .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[5012] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffd2e6f1832 4 bytes [6F, 2E, FD, 7F] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1632] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffd18451f6a 4 bytes [45, 18, FD, 7F] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1632] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffd18451f82 4 bytes [45, 18, FD, 7F] .text C:\Program Files\Common Files\mcafee\platform\McUICnt.exe[5560] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd2e6f169a 4 bytes [6F, 2E, FD, 7F] .text C:\Program Files\Common Files\mcafee\platform\McUICnt.exe[5560] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd2e6f16a2 4 bytes [6F, 2E, FD, 7F] .text C:\Program Files\Common Files\mcafee\platform\McUICnt.exe[5560] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd2e6f181a 4 bytes [6F, 2E, FD, 7F] .text C:\Program Files\Common Files\mcafee\platform\McUICnt.exe[5560] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd2e6f1832 4 bytes [6F, 2E, FD, 7F] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [804:856] fffff960008bcb90 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (*** suspicious ***) @ C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [1400] (FreemakeUtilsService/Freemake)(2014-11-20 12:27:12) 0000000000d60000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Jürgen |