Trojaner-Board
Seite 1 von 5 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Vista funktioniert nicht mehr (https://www.trojaner-board.de/153533-windows-vista-funktioniert-mehr.html)

schmid 07.05.2014 13:40
Windows Vista funktioniert nicht mehr
 
Hallo,

meine Eltern besitzen einen Windows Vista PC. Vor einigen Tagen schaltete sich Firewall und McAfee aus und der PC war total langsam. Nun geht aber gar nichts mehr, der PC benötigt 5 Minuten zum hochfahren und es lassen sich keine Programme mehr öffnen selbst der Task Manager braucht 10 Min. um sich zu öffen. Die CPU-Auslastung liegt durchgehend bei 100%.
Ich versuchte über einen USB Stick Malwarebytes zu installieren aber auch erfolglos.
Ich hoffe ihr könnt mir helfen und danke im vorraus!

Lg
Philipp Schmid

deeprybka 07.05.2014 13:42
:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweise: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean :daumenhoc bist.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Das dauert dann zwar ein paar Stunden länger, garantiert aber, dass Du kompetente Hilfe und geprüfte Antworten bekommst. Siehe hier...

Ich bedanke mich für Deine Geduld! :)

schmid 07.05.2014 13:51
Hallo,
danke schonmal das du mir helfen willst! :)
Ich bin mit meinem Latein am Ende..
Erste Schritte?

lg philipp schmid

deeprybka 07.05.2014 13:52
Werden gepostet sobald vom Ausbilder freigegeben... ;)

deeprybka 07.05.2014 17:25
Hallo,
um das System genauer untersuchen zu können benötigen wir Logs.

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).


schmid 07.05.2014 17:53
Nun hab ich ein kleines Problem.
Der Laptop ist schon etwas älter und wir haben keine CD mehr.
und über den Boot Manager benötige ich ein Passwort das weder ich noch meine Eltern noch wissen.
Bin total ratlos.
lg

deeprybka 07.05.2014 18:01
Zitat:
und über den Boot Manager benötige ich ein Passwort

In dieses Menü kommst Du wie in der Anleitung beschrieben mit F8. Dann Computer reparieren auswählen. Funktioniert das nicht?

schmid 07.05.2014 18:04
Doch. Wie in der bebilderten Anleitung.. das Administratorenpasswort.

lg

deeprybka 07.05.2014 18:08
Wurde eines vergeben? Sonst einfach mal Enter drücken....

Wenn Du normal bootest, in welchem Konto hattest denn dann die Symptomatik festgestellt?
Ist das nicht das Admin-Konto gewesen?

schmid 07.05.2014 18:18
Es wurde kein Passwort vergeben mit Enter hats funktioniert.

hier der Logfile der 32 bit Versionen:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-05-2014
Ran by SYSTEM on MINWINPC on 07-05-2014 19:13:30
Running from G:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-01-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation)
HKLM\...\Run: [EPSON Stylus DX4200 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE [98304 2005-03-07] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-01-27] (McAfee, Inc.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [309184 2012-03-27] (Citrix Systems, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-01-27] (McAfee, Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-01-29] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-01-29] ()
HKU\Schmid\...\Run: [TOSCDSPD] => TOSCDSPD.EXE
HKU\Schmid\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-12-28] (Google Inc.)
HKU\Schmid\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Schmid\...\Run: [ICQ] => "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4
HKU\Schmid\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Schmid\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\Schmid\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

========================== Services (Whitelisted) =================

S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
S2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] ()
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [118264 2014-03-24] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-01-27] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471592 2013-08-02] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [644088 2014-01-20] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-03-17] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [175480 2014-03-17] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61400 2014-03-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-05-07] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [134600 2014-03-17] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236480 2014-03-17] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [66408 2014-03-17] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [367776 2014-03-17] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [573968 2014-03-17] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [330248 2014-01-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81264 2014-01-20] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [214856 2014-03-17] (McAfee, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 LVRS; system32\DRIVERS\lvrs.sys [X]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [X]
S3 netr73; system32\DRIVERS\WUSB54GCx86.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pepifilter; system32\DRIVERS\lv302af.sys [X]
S3 PID_PEPI; system32\DRIVERS\LV302V32.SYS [X]
S3 tunnel; system32\DRIVERS\tunnel.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-07 19:13 - 2014-05-07 19:13 - 00000000 ____D () C:\FRST
2014-05-03 08:41 - 2014-05-07 04:16 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2014-05-03 08:40 - 2014-05-03 08:40 - 00000000 ____D () C:\Users\Schmid\AppData\Roaming\Malwarebytes
2014-05-03 08:35 - 2014-05-03 08:35 - 00000911 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-03 08:35 - 2014-05-03 08:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-03 08:35 - 2014-05-03 08:35 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-05-03 08:35 - 2013-04-04 04:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-05-03 08:08 - 2012-04-08 13:00 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2014-05-03 08:08 - 2012-04-08 13:00 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2014-05-01 20:33 - 2014-05-01 20:33 - 00000000 ____D () C:\Users\Schmid\AppData\Roaming\McAfee
2014-05-01 06:29 - 2014-05-01 06:29 - 00000000 ____D () C:\ProgramData\APN
2014-05-01 06:28 - 2014-05-01 06:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-01 06:26 - 2012-04-08 13:00 - 00153376 _____ (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2014-04-23 00:18 - 2013-09-23 03:48 - 00147912 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
2014-04-22 15:09 - 2014-04-22 15:09 - 00143064 _____ () C:\Windows\Minidump\Mini042314-01.dmp
2014-04-18 02:39 - 2014-04-18 03:05 - 00000000 ____D () C:\Users\Schmid\Desktop\Frederik
2014-04-18 02:23 - 2014-04-27 01:56 - 00000000 ____D () C:\Users\Schmid\Desktop\Urlaub Ostern2014
2014-04-18 00:43 - 2014-04-18 00:43 - 00001027 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-04-15 07:57 - 2014-04-15 07:57 - 00143064 _____ () C:\Windows\Minidump\Mini041514-01.dmp
2014-04-08 08:36 - 2014-04-22 15:09 - 00000000 ____D () C:\Windows\Minidump
2014-04-08 08:36 - 2014-04-22 15:08 - 341584728 _____ () C:\Windows\MEMORY.DMP
2014-04-08 08:36 - 2014-04-08 08:36 - 00143064 _____ () C:\Windows\Minidump\Mini040814-01.dmp

==================== One Month Modified Files and Folders =======

2014-05-07 19:13 - 2014-05-07 19:13 - 00000000 ____D () C:\FRST
2014-05-07 05:20 - 2008-01-20 23:16 - 01567488 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-05-07 04:16 - 2014-05-03 08:41 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2014-05-07 03:55 - 2006-11-02 04:47 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-07 03:55 - 2006-11-02 04:47 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-07 03:48 - 2008-02-18 07:50 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-06 03:08 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\spool
2014-05-05 20:26 - 2009-12-28 19:19 - 01685015 _____ () C:\Windows\WindowsUpdate.log
2014-05-03 08:40 - 2014-05-03 08:40 - 00000000 ____D () C:\Users\Schmid\AppData\Roaming\Malwarebytes
2014-05-03 08:35 - 2014-05-03 08:35 - 00000911 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-03 08:35 - 2014-05-03 08:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-03 08:35 - 2014-05-03 08:35 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-05-03 08:21 - 2012-02-23 08:23 - 00127978 _____ () C:\Windows\PFRO.log
2014-05-03 08:21 - 2009-12-30 05:34 - 00000000 ____D () C:\Program Files\McAfee
2014-05-03 08:08 - 2008-02-18 07:10 - 00000000 ____D () C:\Program Files\Java
2014-05-03 02:22 - 2009-12-30 05:34 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-02 05:59 - 2009-12-28 19:25 - 00000000 ____D () C:\users\Schmid
2014-05-02 05:59 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\registration
2014-05-02 05:59 - 2006-11-02 02:22 - 50855936 _____ () C:\Windows\System32\config\software_previous
2014-05-02 05:59 - 2006-11-02 02:22 - 39845888 _____ () C:\Windows\System32\config\system_previous
2014-05-02 05:59 - 2006-11-02 02:22 - 39059456 _____ () C:\Windows\System32\config\components_previous
2014-05-02 05:59 - 2006-11-02 02:22 - 00786432 _____ () C:\Windows\System32\config\default_previous
2014-05-02 05:59 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\System32\config\security_previous
2014-05-02 05:59 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\System32\config\sam_previous
2014-05-01 20:33 - 2014-05-01 20:33 - 00000000 ____D () C:\Users\Schmid\AppData\Roaming\McAfee
2014-05-01 06:29 - 2014-05-01 06:29 - 00000000 ____D () C:\ProgramData\APN
2014-05-01 06:28 - 2014-05-01 06:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-01 06:27 - 2008-02-18 07:10 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-29 15:25 - 2012-10-03 01:51 - 00001968 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-29 00:51 - 2012-04-08 10:57 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-04-29 00:51 - 2011-09-08 02:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-04-27 01:56 - 2014-04-18 02:23 - 00000000 ____D () C:\Users\Schmid\Desktop\Urlaub Ostern2014
2014-04-22 15:09 - 2014-04-22 15:09 - 00143064 _____ () C:\Windows\Minidump\Mini042314-01.dmp
2014-04-22 15:09 - 2014-04-08 08:36 - 00000000 ____D () C:\Windows\Minidump
2014-04-22 15:08 - 2014-04-08 08:36 - 341584728 _____ () C:\Windows\MEMORY.DMP
2014-04-21 07:49 - 2012-12-06 09:17 - 00000000 ____D () C:\Users\Schmid\Desktop\Mama Bilder altes Handy
2014-04-18 03:05 - 2014-04-18 02:39 - 00000000 ____D () C:\Users\Schmid\Desktop\Frederik
2014-04-18 02:12 - 2012-04-22 02:51 - 00019750 _____ () C:\Windows\setupact.log
2014-04-18 01:34 - 2010-01-10 08:36 - 00000000 ____D () C:\Steuer
2014-04-18 00:44 - 2011-05-25 08:50 - 00000000 ____D () C:\Users\Schmid\AppData\Roaming\elsterformular
2014-04-18 00:43 - 2014-04-18 00:43 - 00001027 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-04-18 00:39 - 2010-01-10 08:46 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-04-15 07:57 - 2014-04-15 07:57 - 00143064 _____ () C:\Windows\Minidump\Mini041514-01.dmp
2014-04-10 06:47 - 2013-07-24 17:00 - 00000000 ____D () C:\Windows\System32\MRT
2014-04-10 06:44 - 2006-11-02 02:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-04-08 08:36 - 2014-04-08 08:36 - 00143064 _____ () C:\Windows\Minidump\Mini040814-01.dmp

Some content of TEMP:
====================
C:\Users\Schmid\AppData\Local\Temp\APNSetup.exe
C:\Users\Schmid\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3061.22 MB
Available physical RAM: 2554.47 MB
Total Pagefile: 2768.18 MB
Available Pagefile: 2622.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.01 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:116.21 GB) (Free:49.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:115.21 GB) (Free:109.93 GB) NTFS
Drive f: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.24 GB) NTFS
Drive g: () (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 089F965A)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=115 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2014-05-05 02:51

==================== End Of Log ============================
--- --- ---

deeprybka 08.05.2014 09:19
Hi,
bitte versuch mal folgende Anleitung durchzuarbeiten. Ist mir klar, dass alles nur sehr langsam geht usw. versuche es dennoch...

Schritt 1

Clean-Boot http://deeprybka.trojaner-board.de/c...ista/vista.png

schmid 08.05.2014 09:46
Guten Morgen,

hat auf jeden Fall schonmal funktioniert: Beim Hochfahren kommt etwas von einer Systemüberprüfung bei der ein Countdown runterzählt und unterbrechen kann .. hab ich einfach mal.

Der PC ist jetzt hochgefahren und man könnte mit ihm wieder arbeiten. Ist zwar noch langsamer als gewohnt aber er würde funktionieren.

Lg

deeprybka 08.05.2014 10:12
OK, melde mich mit weiteren Anweisungen.

deeprybka 08.05.2014 11:19
OK, bitte im Cleanboot-Status einen FRST-Scan machen. ;)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


schmid 08.05.2014 13:44
hallo,

da erscheint nur die frst Textdatei:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-05-2014
Ran by Schmid (administrator) on SCHMID-LAPTOP on 08-05-2014 14:41:16
Running from C:\Users\Schmid\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Farbar) C:\Users\Schmid\Desktop\FRST (1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-179326881-4221156063-1880265402-1000\...\MountPoints2: {2259bf82-ce69-11e1-b261-87819ba72b2f} - D:\AutoRun.exe
HKU\S-1-5-21-179326881-4221156063-1880265402-1000\...\MountPoints2: {2259bfbe-ce69-11e1-b261-d906ae6baeca} - G:\AutoRun.exe
HKU\S-1-5-21-179326881-4221156063-1880265402-1000\...\MountPoints2: {69795549-3fac-11e2-94f3-8590509a03ed} - G:\Startme.exe
HKU\S-1-5-21-179326881-4221156063-1880265402-1000\...\MountPoints2: {88bfde9a-a7a6-11e0-980d-e93c509914ef} - D:\iStudio.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} -  No File
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope {9E02A28F-67EE-4DC8-8FF8-E5B940650D48} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
SearchScopes: HKLM - {9E02A28F-67EE-4DC8-8FF8-E5B940650D48} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
SearchScopes: HKCU - {3630F80F-47B1-46F1-A42D-4F6A943FB8B3} URL = hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11406&pf=V7&p2=%5EBBE%5EOSJ000%5EYY%5EDE&gct=sb&itbv=12.10.6.48&apn_uid=0CCF1475-2423-40DA-9700-FDA5A6B8911C&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=ie_8.0.6001.19507&doi=2014-05-01&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {5028B9C6-5E66-4619-9107-2815568B924B} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {4F524A2D-5637-4300-76A7-7A786E7484D7} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\9e739ybx.default
FF DefaultSearchEngine: ICQ Search
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin - C:\Program Files\Java\jre1.6.0_22\bin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Schmid\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\9e739ybx.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\9e739ybx.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\9e739ybx.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\9e739ybx.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\9e739ybx.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\9e739ybx.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Cooliris - C:\Users\Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\9e739ybx.default\Extensions\piclens@cooliris.com [2011-10-10]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\9e739ybx.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-01-10]
FF Extension: ICQ Toolbar - C:\Users\Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\9e739ybx.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011-10-10]
FF Extension: WEB.DE Toolbar - C:\Users\Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\9e739ybx.default\Extensions\toolbar@web.de.xpi [2011-08-08]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009-12-30]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2012-04-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2009-12-30]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2009-12-30]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Schmid\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
CHR Extension: (SiteAdvisor) - C:\Users\Schmid\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-05-05]
CHR Extension: (Google Wallet) - C:\Users\Schmid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

========================== Services (Whitelisted) =================

S4 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
S4 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] ()
S4 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S4 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S4 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [118264 2014-03-24] (McAfee, Inc.)
S4 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-01-28] (McAfee, Inc.)
S4 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S4 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S4 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471592 2013-08-02] (McAfee, Inc.)
S4 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S4 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [644088 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [175480 2014-03-17] (McAfee, Inc.)
S4 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S4 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S4 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61400 2014-03-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [134600 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236480 2014-03-17] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [66408 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [367776 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [573968 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [330248 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81264 2014-01-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [214856 2014-03-17] (McAfee, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 LVRS; system32\DRIVERS\lvrs.sys [X]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [X]
S3 netr73; system32\DRIVERS\WUSB54GCx86.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pepifilter; system32\DRIVERS\lv302af.sys [X]
S3 PID_PEPI; system32\DRIVERS\LV302V32.SYS [X]
S3 tunnel; system32\DRIVERS\tunnel.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-08 14:41 - 2014-05-08 14:41 - 00022812 _____ () C:\Users\Schmid\Desktop\FRST.txt
2014-05-08 14:09 - 2014-05-08 14:11 - 00019333 _____ () C:\Users\Schmid\Downloads\FRST.txt
2014-05-08 14:09 - 2014-05-08 14:09 - 01053184 _____ (Farbar) C:\Users\Schmid\Desktop\FRST (1).exe
2014-05-08 14:08 - 2014-05-08 14:09 - 01053184 _____ (Farbar) C:\Users\Schmid\Downloads\FRST.exe
2014-05-08 10:43 - 2014-05-08 10:43 - 00000000 ____D () C:\Windows\pss
2014-05-08 10:40 - 2014-05-08 10:40 - 00000000 ____D () C:\McAfee
2014-05-08 05:13 - 2014-05-08 14:41 - 00000000 ____D () C:\FRST
2014-05-05 12:58 - 2014-05-05 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-03 18:40 - 2014-05-03 18:40 - 00000000 ____D () C:\Users\Schmid\AppData\Roaming\Malwarebytes
2014-05-03 18:35 - 2014-05-03 18:35 - 00000911 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-03 18:35 - 2014-05-03 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-03 18:35 - 2014-05-03 18:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-03 18:35 - 2014-05-03 18:35 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-05-03 18:35 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-03 18:08 - 2012-04-08 23:00 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe
2014-05-03 18:08 - 2012-04-08 23:00 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\system32\java.exe
2014-05-02 06:33 - 2014-05-02 06:33 - 00000000 ____D () C:\Users\Schmid\AppData\Roaming\McAfee
2014-05-01 16:29 - 2014-05-01 16:29 - 00000000 ____D () C:\ProgramData\APN
2014-05-01 16:28 - 2014-05-01 16:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-01 16:26 - 2014-05-01 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-01 16:26 - 2012-04-08 23:00 - 00153376 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe
2014-04-23 10:18 - 2013-09-23 13:48 - 00147912 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-04-23 01:09 - 2014-04-23 01:09 - 00143064 _____ () C:\Windows\Minidump\Mini042314-01.dmp
2014-04-18 12:39 - 2014-04-18 13:05 - 00000000 ____D () C:\Users\Schmid\Desktop\Frederik
2014-04-18 12:23 - 2014-04-27 11:56 - 00000000 ____D () C:\Users\Schmid\Desktop\Urlaub Ostern2014
2014-04-18 10:43 - 2014-04-18 10:43 - 00001027 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-04-18 10:43 - 2014-04-18 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2014-04-15 17:57 - 2014-04-15 17:57 - 00143064 _____ () C:\Windows\Minidump\Mini041514-01.dmp
2014-04-08 18:36 - 2014-05-08 10:33 - 276641944 _____ () C:\Windows\MEMORY.DMP
2014-04-08 18:36 - 2014-04-23 01:09 - 00000000 ____D () C:\Windows\Minidump
2014-04-08 18:36 - 2014-04-08 18:36 - 00143064 _____ () C:\Windows\Minidump\Mini040814-01.dmp

==================== One Month Modified Files and Folders =======

2014-05-08 14:41 - 2014-05-08 14:41 - 00022812 _____ () C:\Users\Schmid\Desktop\FRST.txt
2014-05-08 14:41 - 2014-05-08 05:13 - 00000000 ____D () C:\FRST
2014-05-08 14:41 - 2011-11-03 18:20 - 00000428 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{04F04AFB-559A-4F0E-9350-C8870077823A}.job
2014-05-08 14:40 - 2012-04-08 22:59 - 00000000 ____D () C:\Users\Schmid\Desktop\OpenOffice.org 3.3 (de) Installation Files
2014-05-08 14:24 - 2014-03-31 07:12 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c9fc66d69a0.job
2014-05-08 14:24 - 2014-02-18 13:07 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2c99ad425e20.job
2014-05-08 14:19 - 2009-12-29 05:19 - 01715486 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 14:11 - 2014-05-08 14:09 - 00019333 _____ () C:\Users\Schmid\Downloads\FRST.txt
2014-05-08 14:09 - 2014-05-08 14:09 - 01053184 _____ (Farbar) C:\Users\Schmid\Desktop\FRST (1).exe
2014-05-08 14:09 - 2014-05-08 14:08 - 01053184 _____ (Farbar) C:\Users\Schmid\Downloads\FRST.exe
2014-05-08 13:45 - 2012-04-08 20:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-08 12:44 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-08 12:44 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-08 10:50 - 2008-01-21 09:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-08 10:44 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-08 10:43 - 2014-05-08 10:43 - 00000000 ____D () C:\Windows\pss
2014-05-08 10:43 - 2006-11-02 15:01 - 00032536 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-08 10:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2014-05-08 10:41 - 2013-10-01 17:36 - 00000000 ____D () C:\Users\Schmid\AppData\Roaming\ICAClient
2014-05-08 10:40 - 2014-05-08 10:40 - 00000000 ____D () C:\McAfee
2014-05-08 10:33 - 2014-04-08 18:36 - 276641944 _____ () C:\Windows\MEMORY.DMP
2014-05-08 10:33 - 2012-02-23 18:23 - 00130080 _____ () C:\Windows\PFRO.log
2014-05-07 13:48 - 2008-02-18 17:50 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-05 12:58 - 2014-05-05 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-03 18:40 - 2014-05-03 18:40 - 00000000 ____D () C:\Users\Schmid\AppData\Roaming\Malwarebytes
2014-05-03 18:35 - 2014-05-03 18:35 - 00000911 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-03 18:35 - 2014-05-03 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-03 18:35 - 2014-05-03 18:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-03 18:35 - 2014-05-03 18:35 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-05-03 18:21 - 2009-12-30 15:34 - 00000000 ____D () C:\Program Files\McAfee
2014-05-03 18:08 - 2008-02-18 17:10 - 00000000 ____D () C:\Program Files\Java
2014-05-03 12:22 - 2009-12-30 15:34 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-05-02 15:59 - 2009-12-29 05:25 - 00000000 ____D () C:\Users\Schmid
2014-05-02 15:59 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2014-05-02 15:59 - 2006-11-02 12:22 - 50855936 _____ () C:\Windows\system32\config\software_previous
2014-05-02 15:59 - 2006-11-02 12:22 - 39845888 _____ () C:\Windows\system32\config\system_previous
2014-05-02 15:59 - 2006-11-02 12:22 - 39059456 _____ () C:\Windows\system32\config\components_previous
2014-05-02 15:59 - 2006-11-02 12:22 - 00786432 _____ () C:\Windows\system32\config\default_previous
2014-05-02 15:59 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-05-02 15:59 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-05-02 06:33 - 2014-05-02 06:33 - 00000000 ____D () C:\Users\Schmid\AppData\Roaming\McAfee
2014-05-01 16:29 - 2014-05-01 16:29 - 00000000 ____D () C:\ProgramData\APN
2014-05-01 16:28 - 2014-05-01 16:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-01 16:27 - 2008-02-18 17:10 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-01 16:26 - 2014-05-01 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-30 01:25 - 2012-10-03 11:51 - 00001968 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-29 10:51 - 2012-04-08 20:57 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-29 10:51 - 2011-09-08 12:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-27 11:56 - 2014-04-18 12:23 - 00000000 ____D () C:\Users\Schmid\Desktop\Urlaub Ostern2014
2014-04-23 01:09 - 2014-04-23 01:09 - 00143064 _____ () C:\Windows\Minidump\Mini042314-01.dmp
2014-04-23 01:09 - 2014-04-08 18:36 - 00000000 ____D () C:\Windows\Minidump
2014-04-21 17:49 - 2012-12-06 19:17 - 00000000 ____D () C:\Users\Schmid\Desktop\Mama Bilder altes Handy
2014-04-18 13:05 - 2014-04-18 12:39 - 00000000 ____D () C:\Users\Schmid\Desktop\Frederik
2014-04-18 12:12 - 2012-04-22 12:51 - 00019750 _____ () C:\Windows\setupact.log
2014-04-18 11:34 - 2010-01-10 18:36 - 00000000 ____D () C:\Steuer
2014-04-18 10:44 - 2011-05-25 18:50 - 00000000 ____D () C:\Users\Schmid\AppData\Roaming\elsterformular
2014-04-18 10:43 - 2014-04-18 10:43 - 00001027 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-04-18 10:43 - 2014-04-18 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2014-04-18 10:39 - 2010-01-10 18:46 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-04-15 17:57 - 2014-04-15 17:57 - 00143064 _____ () C:\Windows\Minidump\Mini041514-01.dmp
2014-04-10 16:47 - 2013-07-25 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 16:44 - 2006-11-02 12:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-08 18:36 - 2014-04-08 18:36 - 00143064 _____ () C:\Windows\Minidump\Mini040814-01.dmp

Some content of TEMP:
====================
C:\Users\Schmid\AppData\Local\Temp\APNSetup.exe
C:\Users\Schmid\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-08 10:50

==================== End Of Log ============================
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:10 Uhr.
Seite 1 von 5 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131