matzepik | 08.09.2013 19:31 | das da?
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-09-2013
Ran by Gusti (administrator) on GUSTI-PC on 08-09-2013 19:54:54
Running from C:\Users\Gusti\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [SpeedUpMyPC] - C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe [406936 2012-09-28] (Uniblue Systems Ltd)
HKCU\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [79664 2012-06-10] (PC Utilities Pro)
HKCU\...\Run: [HP Officejet 4620 series (NET)] - C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
MountPoints2: {b2333b7b-3c91-11e1-9da9-806e6f6e6963} - D:\Setup.exe
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1535112 2012-09-12] (McAfee, Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\MUSICT~1\Datamngr\x64\mgrldr.dll [22592 2013-07-24] ()
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL c:\progra~3\browse~2\261562~1.221\{c16c1~1\browse~1.dll [2699232 2013-08-30] ()
Startup: C:\Users\Gusti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 4620 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7tjwlfr0t.lnk
ShortcutTarget: 7tjwlfr0t.lnk -> C:\PROGRA~3\t0rflwjt7.plz (Sumitomo Forestry Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825&CUI=UN19463884342894512
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=DA9116DE2BF6B2EE&affID=119357&tt=080913_nch&tsp=4999
URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: (No Name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No File
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=393&systemid=1&v=n8484-53&apn_uid=0128326373234498&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=393&systemid=1&v=n8484-53&apn_uid=0128326373234498&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=DA9116DE2BF6B2EE&affID=119357&tt=080913_nch&tsp=4999
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=DA9116DE2BF6B2EE&affID=119357&tt=080913_nch&tsp=4999
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {FFE65049-6528-4F62-8252-3F9F497EBD70} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL =
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120923120536.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: WebConnect - {2316c625-b487-4410-a1a5-ff040b65245f} - C:\Program Files (x86)\WebConnect\WebConnectbho.dll (Web Connect)
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
BHO-x32: Music Box Toolbar (Dist. by iMesh, Inc.) - {45177936-603b-4261-8d42-df6f7091d5d0} - C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll ()
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120923120536.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKLM-x32 - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Music Box Toolbar (Dist. by iMesh, Inc.) - {45177936-603b-4261-8d42-df6f7091d5d0} - C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No File
DPF: HKLM-x32 {5852F5ED-8BF4-11D4-A245-0080C6F74284} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR HomePage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=DA9116DE2BF6B2EE&affID=119357&tt=080913_nch&tsp=4999
CHR RestoreOnStartup: "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=DA9116DE2BF6B2EE&affID=119357&tt=080913_nch&tsp=4999"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Application Manager) - C:\Users\Gusti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Gusti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll (McAfee, Inc.)
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Gusti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Gusti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.11.21.5_0\plugins/np-cwmp.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.250.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (Google Docs) - C:\Users\Gusti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0
CHR Extension: (Google Drive) - C:\Users\Gusti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Gusti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Gusti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (SiteAdvisor) - C:\Users\Gusti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0
CHR Extension: (Winload) - C:\Users\Gusti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\10.14.40.128_0
CHR Extension: (Gmail) - C:\Users\Gusti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaihhnfnbnpbhpagnmoplpcjbediml] - C:\Users\Matthias\AppData\Local\imeshmusicboxtoolbar\GC\toolbar.crx
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Gusti\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [ieakfmpjhljbpbfpldjkddkjmmgjmgon] - C:\Program Files (x86)\WebConnect\ieakfmpjhljbpbfpldjkddkjmmgjmgon.crx
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Matthias\AppData\Local\Torch\Plugins\TorchPlugin.crx
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Gusti\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx
==================== Services (Whitelisted) =================
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1562.221\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2838496 2013-08-30] ()
R2 DatamngrCoordinator; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [3180608 2013-07-24] (iMesh Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [224704 2011-03-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-09-10] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-07-17] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-07-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [177144 2012-07-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 TorchCrashHandler; C:\Users\Matthias\AppData\Local\Torch\Update\TorchCrashHandler.exe [1206624 2013-07-20] (TorchMedia Inc.)
R2 Update WebConnect; C:\Program Files (x86)\WebConnect\updateWebConnect.exe [206632 2013-08-30] (WebConnect)
S3 Winmgmt; C:\PROGRA~3\7tjwlfr0t.pzz [62560 2013-09-08] (Microsoft Corporation)
S3 Winmgmt; C:\PROGRA~3\7tjwlfr0t.pzz [62560 2013-09-08] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-07-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [300392 2012-07-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [513456 2012-07-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-07-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-08 19:54 - 2013-09-08 19:54 - 01948988 _____ (Farbar) C:\Users\Gusti\Downloads\FRST64.exe
2013-09-08 19:49 - 2013-09-08 19:49 - 00000058 _____ C:\Users\Gusti\AppData\Roaming\WB.CFG
2013-09-08 19:49 - 2013-09-08 19:49 - 00000005 _____ C:\Users\Gusti\AppData\Roaming\WBPU-TTL.DAT
2013-09-08 19:43 - 2013-09-08 19:43 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-09-08 19:04 - 2013-09-08 19:04 - 00000000 ____D C:\FRST
2013-09-08 19:00 - 2013-09-08 19:00 - 00000000 ____D C:\Users\Gusti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-09-08 18:58 - 2013-09-08 18:58 - 00000000 ____D C:\Users\Gusti\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-09-08 18:55 - 2013-09-08 18:56 - 00003388 _____ C:\Windows\System32\Tasks\EPUpdater
2013-09-08 18:55 - 2013-09-08 18:55 - 00001888 _____ C:\Users\Gusti\Desktop\Search.lnk
2013-09-08 18:55 - 2013-09-08 18:55 - 00000000 ____D C:\Users\Gusti\AppData\Roaming\Delta
2013-09-08 18:55 - 2013-09-08 18:55 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-08 18:55 - 2013-09-08 18:55 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-08 18:55 - 2013-09-08 18:55 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-08 18:50 - 2013-09-08 18:52 - 00000000 ____D C:\Program Files (x86)\WebConnect
2013-09-08 18:49 - 2013-09-08 19:49 - 00000286 _____ C:\Windows\Tasks\DSite.job
2013-09-08 18:49 - 2013-09-08 18:49 - 00003226 _____ C:\Windows\System32\Tasks\DSite
2013-09-08 18:49 - 2013-09-08 18:49 - 00001114 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-09-08 18:49 - 2013-09-08 18:49 - 00000000 ____D C:\Users\Gusti\AppData\Roaming\DSite
2013-09-08 18:49 - 2013-09-08 18:49 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-09-08 17:52 - 2013-09-08 19:34 - 95025368 ____T C:\ProgramData\7tjwlfr0t.pff
2013-09-08 17:52 - 2013-09-08 18:03 - 00000000 _____ C:\ProgramData\7tjwlfr0t.ctrl
2013-09-08 17:52 - 2013-09-08 17:52 - 00160220 _____ (Sumitomo Forestry Corporation) C:\ProgramData\t0rflwjt7.plz
2013-09-08 17:52 - 2013-09-08 17:52 - 00062560 ____T (Microsoft Corporation) C:\ProgramData\7tjwlfr0t.pzz
2013-09-03 19:06 - 2013-09-03 19:06 - 00023040 _____ C:\Users\Matthias\Downloads\Termine_2014 (1).xls
2013-08-28 18:40 - 2013-08-28 18:40 - 00023040 _____ C:\Users\Matthias\Downloads\Termine_2014.xls
2013-08-21 16:54 - 2013-08-21 16:54 - 00203763 _____ C:\Users\Matthias\Downloads\attachments_20130821165357.zip
2013-08-21 15:06 - 2013-08-21 15:06 - 00000000 ____D C:\Users\Matthias\Documents\CyberLink
2013-08-21 15:06 - 2013-08-21 15:06 - 00000000 ____D C:\Users\Matthias\AppData\Local\Software
2013-08-21 15:06 - 2013-08-21 15:06 - 00000000 ____D C:\Users\Matthias\AppData\Local\Cyberlink
2013-08-20 13:02 - 2013-08-20 13:02 - 442993970 _____ C:\Windows\MEMORY.DMP
2013-08-20 13:02 - 2013-08-20 13:02 - 00262144 _____ C:\Windows\Minidump\082013-26832-01.dmp
2013-08-20 13:02 - 2013-08-20 13:02 - 00000000 ____D C:\Windows\Minidump
2013-08-18 21:27 - 2013-08-18 21:27 - 00000000 ____D C:\ProgramData\1C37E
2013-08-15 09:58 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 09:58 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 09:58 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 09:58 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 09:58 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 09:58 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 09:58 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 09:58 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 09:58 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 09:58 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 09:58 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 09:58 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 09:58 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 09:58 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 09:58 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 09:58 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 09:58 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 09:58 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 09:58 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 09:58 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 09:58 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 09:58 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 09:58 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 09:58 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 09:58 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 09:58 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 09:58 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 09:58 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 09:58 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 09:58 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 09:58 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 15:41 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 15:41 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 15:41 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 15:41 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 15:41 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 15:41 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 15:41 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 15:41 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 15:40 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 15:40 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 15:40 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 15:40 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 15:40 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 15:40 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 15:40 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 15:40 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 15:40 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 15:40 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 15:40 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 15:40 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 15:40 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 15:40 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 15:40 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 15:40 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 15:39 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 15:39 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 15:39 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
==================== One Month Modified Files and Folders =======
2013-09-08 19:57 - 2012-01-11 22:28 - 01830888 _____ C:\Windows\WindowsUpdate.log
2013-09-08 19:54 - 2013-09-08 19:54 - 01948988 _____ (Farbar) C:\Users\Gusti\Downloads\FRST64.exe
2013-09-08 19:51 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-08 19:51 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-08 19:49 - 2013-09-08 19:49 - 00000058 _____ C:\Users\Gusti\AppData\Roaming\WB.CFG
2013-09-08 19:49 - 2013-09-08 19:49 - 00000005 _____ C:\Users\Gusti\AppData\Roaming\WBPU-TTL.DAT
2013-09-08 19:49 - 2013-09-08 18:49 - 00000286 _____ C:\Windows\Tasks\DSite.job
2013-09-08 19:45 - 2013-07-24 20:42 - 00000000 ____D C:\ProgramData\Datamngr
2013-09-08 19:43 - 2013-09-08 19:43 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-09-08 19:43 - 2013-07-24 20:46 - 00000000 ____D C:\ProgramData\TorchCrashHandler
2013-09-08 19:42 - 2012-10-03 14:22 - 00000000 ____D C:\ProgramData\Browser Manager
2013-09-08 19:42 - 2010-11-21 05:47 - 00041222 _____ C:\Windows\PFRO.log
2013-09-08 19:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-08 19:42 - 2009-07-14 06:51 - 00062496 _____ C:\Windows\setupact.log
2013-09-08 19:34 - 2013-09-08 17:52 - 95025368 ____T C:\ProgramData\7tjwlfr0t.pff
2013-09-08 19:04 - 2013-09-08 19:04 - 00000000 ____D C:\FRST
2013-09-08 19:00 - 2013-09-08 19:00 - 00000000 ____D C:\Users\Gusti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-09-08 18:58 - 2013-09-08 18:58 - 00000000 ____D C:\Users\Gusti\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-09-08 18:56 - 2013-09-08 18:55 - 00003388 _____ C:\Windows\System32\Tasks\EPUpdater
2013-09-08 18:55 - 2013-09-08 18:55 - 00001888 _____ C:\Users\Gusti\Desktop\Search.lnk
2013-09-08 18:55 - 2013-09-08 18:55 - 00000000 ____D C:\Users\Gusti\AppData\Roaming\Delta
2013-09-08 18:55 - 2013-09-08 18:55 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-08 18:55 - 2013-09-08 18:55 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-08 18:55 - 2013-09-08 18:55 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-08 18:55 - 2013-06-20 08:37 - 00000000 ____D C:\Users\Gusti\AppData\Roaming\BabSolution
2013-09-08 18:52 - 2013-09-08 18:50 - 00000000 ____D C:\Program Files (x86)\WebConnect
2013-09-08 18:49 - 2013-09-08 18:49 - 00003226 _____ C:\Windows\System32\Tasks\DSite
2013-09-08 18:49 - 2013-09-08 18:49 - 00001114 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-09-08 18:49 - 2013-09-08 18:49 - 00000000 ____D C:\Users\Gusti\AppData\Roaming\DSite
2013-09-08 18:49 - 2013-09-08 18:49 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-09-08 18:03 - 2013-09-08 17:52 - 00000000 _____ C:\ProgramData\7tjwlfr0t.ctrl
2013-09-08 17:52 - 2013-09-08 17:52 - 00160220 _____ (Sumitomo Forestry Corporation) C:\ProgramData\t0rflwjt7.plz
2013-09-08 17:52 - 2013-09-08 17:52 - 00062560 ____T (Microsoft Corporation) C:\ProgramData\7tjwlfr0t.pzz
2013-09-08 13:56 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-07 11:43 - 2012-12-19 14:50 - 00000000 ____D C:\Users\Matthias\AppData\Local\Google
2013-09-04 23:08 - 2013-05-02 16:33 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\SoftGrid Client
2013-09-04 20:22 - 2012-12-19 15:13 - 00000000 ____D C:\Users\Matthias\Desktop\DIVERS schreibkram
2013-09-03 19:06 - 2013-09-03 19:06 - 00023040 _____ C:\Users\Matthias\Downloads\Termine_2014 (1).xls
2013-08-28 18:40 - 2013-08-28 18:40 - 00023040 _____ C:\Users\Matthias\Downloads\Termine_2014.xls
2013-08-21 20:40 - 2012-01-12 07:15 - 00664520 _____ C:\Windows\system32\perfh007.dat
2013-08-21 20:40 - 2012-01-12 07:15 - 00135498 _____ C:\Windows\system32\perfc007.dat
2013-08-21 20:40 - 2009-07-14 07:13 - 01527606 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-21 16:54 - 2013-08-21 16:54 - 00203763 _____ C:\Users\Matthias\Downloads\attachments_20130821165357.zip
2013-08-21 15:06 - 2013-08-21 15:06 - 00000000 ____D C:\Users\Matthias\Documents\CyberLink
2013-08-21 15:06 - 2013-08-21 15:06 - 00000000 ____D C:\Users\Matthias\AppData\Local\Software
2013-08-21 15:06 - 2013-08-21 15:06 - 00000000 ____D C:\Users\Matthias\AppData\Local\Cyberlink
2013-08-20 13:02 - 2013-08-20 13:02 - 442993970 _____ C:\Windows\MEMORY.DMP
2013-08-20 13:02 - 2013-08-20 13:02 - 00262144 _____ C:\Windows\Minidump\082013-26832-01.dmp
2013-08-20 13:02 - 2013-08-20 13:02 - 00000000 ____D C:\Windows\Minidump
2013-08-18 21:27 - 2013-08-18 21:27 - 00000000 ____D C:\ProgramData\1C37E
2013-08-18 21:27 - 2013-07-24 20:44 - 00000000 ____D C:\Users\Matthias\AppData\Local\iMesh
Files to move or delete:
====================
C:\ProgramData\7tjwlfr0t.ctrl
C:\ProgramData\t0rflwjt7.plz
C:\Users\Gusti\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Gusti\AppData\Local\Temp\install_flash_player_11_active_x_32bit.exe
C:\Users\Gusti\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Matthias\AppData\Local\Temp\vyrborockclkuoaybqh.bfg
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-22 16:07
==================== End Of Log ============================ --- --- --- |