So, jetzt habe ich es geschafft mit den ganzen Programmen! :daumenhoc
Hier kommen jetzt die Dateien:
mbam.txt
Malwarebytes Anti-Malware
www.malwarebytes.org Code:
Protection, 10.05.2014 17:05:48, SYSTEM, KATHRIN-PC, Protection, Malware Protection, Starting,
Protection, 10.05.2014 17:05:51, SYSTEM, KATHRIN-PC, Protection, Malware Protection, Started,
Protection, 10.05.2014 17:05:51, SYSTEM, KATHRIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2014 17:07:23, SYSTEM, KATHRIN-PC, Protection, Malicious Website Protection, Started,
Detection, 10.05.2014 17:08:04, SYSTEM, KATHRIN-PC, Protection, Malware Protection, File, PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, Quarantine, [c09fb09fe09b0e28c17af56a8a77c63a]
Protection, 10.05.2014 17:08:04, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Error, 10.05.2014 17:08:04, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Detection, 10.05.2014 17:08:16, SYSTEM, KATHRIN-PC, Protection, Malware Protection, File, PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Quarantine, [dc8327286d0e62d4736a4c08f0116e92]
Protection, 10.05.2014 17:08:16, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginService\PluginService.exe,
Error, 10.05.2014 17:08:16, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginService\PluginService.exe,
Detection, 10.05.2014 17:11:40, Kathrin, KATHRIN-PC, Protection, Malware Protection, File, PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Quarantine, [dc8327286d0e62d4736a4c08f0116e92]
Detection, 10.05.2014 17:11:40, Kathrin, KATHRIN-PC, Protection, Malware Protection, File, PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, Quarantine, [c09fb09fe09b0e28c17af56a8a77c63a]
Protection, 10.05.2014 17:11:40, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginService\PluginService.exe,
Error, 10.05.2014 17:11:40, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginService\PluginService.exe,
Protection, 10.05.2014 17:11:40, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Error, 10.05.2014 17:11:40, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Update, 10.05.2014 17:13:25, SYSTEM, KATHRIN-PC, Manual, Malware Database, 2014.5.9.11, 2014.5.10.6,
Protection, 10.05.2014 17:13:29, SYSTEM, KATHRIN-PC, Protection, Refresh, Starting,
Protection, 10.05.2014 17:13:29, SYSTEM, KATHRIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10.05.2014 17:13:29, SYSTEM, KATHRIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10.05.2014 17:13:37, SYSTEM, KATHRIN-PC, Protection, Refresh, Success,
Protection, 10.05.2014 17:13:37, SYSTEM, KATHRIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2014 17:13:38, SYSTEM, KATHRIN-PC, Protection, Malicious Website Protection, Started,
Update, 10.05.2014 17:45:26, SYSTEM, KATHRIN-PC, Scheduler, Malware Database, 2014.5.10.6, 2014.5.10.7,
Protection, 10.05.2014 17:45:28, SYSTEM, KATHRIN-PC, Protection, Refresh, Starting,
Protection, 10.05.2014 17:45:28, SYSTEM, KATHRIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10.05.2014 17:45:28, SYSTEM, KATHRIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10.05.2014 17:45:38, SYSTEM, KATHRIN-PC, Protection, Refresh, Success,
Protection, 10.05.2014 17:45:38, SYSTEM, KATHRIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2014 17:45:39, SYSTEM, KATHRIN-PC, Protection, Malicious Website Protection, Started,
Detection, 10.05.2014 19:51:55, SYSTEM, KATHRIN-PC, Protection, Malware Protection, File, PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Quarantine, [308f9eb1c8b3181e03e8bd97b54c5aa6]
Protection, 10.05.2014 19:51:55, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginService\PluginService.exe,
Error, 10.05.2014 19:51:55, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginService\PluginService.exe,
Detection, 10.05.2014 19:52:13, SYSTEM, KATHRIN-PC, Protection, Malware Protection, File, PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Quarantine, [308f9eb1c8b3181e03e8bd97b54c5aa6]
Protection, 10.05.2014 19:52:13, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginService\PluginService.exe,
Error, 10.05.2014 19:52:13, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginService\PluginService.exe,
Detection, 10.05.2014 19:52:43, SYSTEM, KATHRIN-PC, Protection, Malware Protection, File, PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Quarantine, [308f9eb1c8b3181e03e8bd97b54c5aa6]
Protection, 10.05.2014 19:52:43, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginService\PluginService.exe,
Error, 10.05.2014 19:52:43, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginService\PluginService.exe,
Update, 10.05.2014 19:53:08, SYSTEM, KATHRIN-PC, Scheduler, Malware Database, 2014.5.10.7, 2014.5.10.8,
Protection, 10.05.2014 19:53:10, SYSTEM, KATHRIN-PC, Protection, Refresh, Starting,
Protection, 10.05.2014 19:53:10, SYSTEM, KATHRIN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10.05.2014 19:53:10, SYSTEM, KATHRIN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10.05.2014 19:53:15, SYSTEM, KATHRIN-PC, Protection, Refresh, Success,
Protection, 10.05.2014 19:53:15, SYSTEM, KATHRIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2014 19:53:15, SYSTEM, KATHRIN-PC, Protection, Malicious Website Protection, Started,
Detection, 10.05.2014 19:53:39, SYSTEM, KATHRIN-PC, Protection, Malware Protection, File, PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Quarantine, [7e4295baec8f68cef1fbd77df70a738d]
Protection, 10.05.2014 19:53:39, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginService\PluginService.exe,
Error, 10.05.2014 19:53:39, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginService\PluginService.exe,
Detection, 10.05.2014 19:53:44, SYSTEM, KATHRIN-PC, Protection, Malware Protection, File, PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Quarantine, [7e4295baec8f68cef1fbd77df70a738d]
Protection, 10.05.2014 19:53:44, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginService\PluginService.exe,
Error, 10.05.2014 19:53:44, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginService\PluginService.exe,
Detection, 10.05.2014 19:54:14, SYSTEM, KATHRIN-PC, Protection, Malware Protection, File, PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Quarantine, [7e4295baec8f68cef1fbd77df70a738d]
Protection, 10.05.2014 19:54:14, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginService\PluginService.exe,
Error, 10.05.2014 19:54:14, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginService\PluginService.exe,
Detection, 10.05.2014 19:54:44, SYSTEM, KATHRIN-PC, Protection, Malware Protection, File, PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Quarantine, [7e4295baec8f68cef1fbd77df70a738d]
Protection, 10.05.2014 19:54:44, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginService\PluginService.exe,
Error, 10.05.2014 19:54:44, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginService\PluginService.exe,
Detection, 10.05.2014 19:54:51, SYSTEM, KATHRIN-PC, Protection, Malware Protection, File, PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Quarantine, [7e4295baec8f68cef1fbd77df70a738d]
Protection, 10.05.2014 19:54:51, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginService\PluginService.exe,
Error, 10.05.2014 19:54:51, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginService\PluginService.exe,
Detection, 10.05.2014 19:56:26, SYSTEM, KATHRIN-PC, Protection, Malware Protection, File, PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, Quarantine, [1fa1b39cb7c48aac4ffbb1aef40d6799]
Protection, 10.05.2014 19:56:27, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Error, 10.05.2014 19:56:27, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Detection, 10.05.2014 19:56:43, SYSTEM, KATHRIN-PC, Protection, Malware Protection, File, PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, Quarantine, [1fa1b39cb7c48aac4ffbb1aef40d6799]
Protection, 10.05.2014 19:56:43, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Error, 10.05.2014 19:56:43, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Detection, 10.05.2014 19:57:14, SYSTEM, KATHRIN-PC, Protection, Malware Protection, File, PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, Quarantine, [1fa1b39cb7c48aac4ffbb1aef40d6799]
Protection, 10.05.2014 19:57:14, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Error, 10.05.2014 19:57:14, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Detection, 10.05.2014 19:57:44, SYSTEM, KATHRIN-PC, Protection, Malware Protection, File, PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, Quarantine, [1fa1b39cb7c48aac4ffbb1aef40d6799]
Protection, 10.05.2014 19:57:44, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Error, 10.05.2014 19:57:44, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Detection, 10.05.2014 19:58:14, SYSTEM, KATHRIN-PC, Protection, Malware Protection, File, PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, Quarantine, [1fa1b39cb7c48aac4ffbb1aef40d6799]
Protection, 10.05.2014 19:58:14, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Error, 10.05.2014 19:58:14, SYSTEM, KATHRIN-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Protection, 10.05.2014 20:03:56, SYSTEM, KATHRIN-PC, Protection, Malware Protection, Starting,
Protection, 10.05.2014 20:03:56, SYSTEM, KATHRIN-PC, Protection, Malware Protection, Started,
Protection, 10.05.2014 20:03:56, SYSTEM, KATHRIN-PC, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2014 20:06:26, SYSTEM, KATHRIN-PC, Protection, Malicious Website Protection, Started,
(end) AdwCleaner Logfile: Code:
# AdwCleaner v3.207 - Bericht erstellt am 10/05/2014 um 21:49:21
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Kathrin - KATHRIN-PC
# Gestartet von : C:\Users\Kathrin\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : NewPlayerUpdaterService
Dienst Gelöscht : vosr
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Ordner Gelöscht : C:\Program Files (x86)\AnyProtectEx
Ordner Gelöscht : C:\Program Files (x86)\NewPlayer
Ordner Gelöscht : C:\Program Files (x86)\Uninstaller
Ordner Gelöscht : C:\Users\Kathrin\AppData\Local\NewPlayer
Ordner Gelöscht : C:\Users\Kathrin\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Kathrin\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\Kathrin\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Kathrin\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Kathrin\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gelöscht : C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Datei Gelöscht : C:\Users\Public\Desktop\NewPlayer.lnk
Datei Gelöscht : C:\Users\Kathrin\Desktop\Continue VuuPC Installation.lnk
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Opera.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Kathrin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Kathrin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Kathrin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\ImInstaller
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\NewPlayer
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freeven pro 1.2
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewPlayer
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\cmz16p35.default\prefs.js ]
[ Datei : C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\kg6bwyn9.default-1397912037624\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "webssearches");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "webssearches");
-\\ Google Chrome v34.0.1847.131
[ Datei : C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1398980453&from=tugs&uid=SAMSUNGXHM321HI_S26VJ9BB114619&q={searchTerms}
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Gelöscht [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
*************************
AdwCleaner[R0].txt - [7423 octets] - [10/05/2014 21:47:55]
AdwCleaner[S0].txt - [5736 octets] - [10/05/2014 21:49:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5796 octets] ########## --- --- ---
JRT.txt Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Kathrin on 10.05.2014 at 21:58:01,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\syswow64\sho929.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD485.tmp
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Kathrin\appdata\local\{C2D37E40-7D09-40F4-B26E-B2376662C094}
Successfully deleted: [Empty Folder] C:\Users\Kathrin\appdata\local\{EFF95CBE-3AF3-4A80-A154-7600E862C384}
~~~ FireFox
Emptied folder: C:\Users\Kathrin\AppData\Roaming\mozilla\firefox\profiles\kg6bwyn9.default-1397912037624\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.05.2014 at 22:08:02,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-05-2014
Ran by Kathrin (administrator) on KATHRIN-PC on 10-05-2014 22:13:45
Running from C:\Users\Kathrin\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\SamsungFastStart\SmartRestarter.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-12-01] (Realtek Semiconductor)
HKLM\...\Run: [Easy-PrintToolBox] => C:\Program Files (x86)\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [398944 2006-10-17] (CANON INC.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2817872 2012-04-25] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {2711DEA4-A169-4F8C-97EA-3B9C426BA0C0} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE585&p={SearchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: W2PBrowser Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 10 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog5-x64 10 %ProgramFiles%\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\kg6bwyn9.default-1397912037624
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Users\Kathrin\Downloads\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-30]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-03-23]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-23]
Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=ds&ts=1398980453&from=tugs&uid=SAMSUNGXHM321HI_S26VJ9BB114619&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Users\Kathrin\Downloads\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (No Name) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-03-31]
CHR Extension: (SiteAdvisor) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-03-31]
CHR Extension: (Google Wallet) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-31]
==================== Services (Whitelisted) =================
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\48230029.sys [119512 2014-05-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-01-24] (Windows (R) 2003 DDK 3790 provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-10 22:13 - 2014-05-10 22:13 - 00000000 ____D () C:\Users\Kathrin\Downloads\FRST-OlderVersion
2014-05-10 22:08 - 2014-05-10 22:08 - 00001117 _____ () C:\Users\Kathrin\Desktop\JRT.txt
2014-05-10 21:57 - 2014-05-10 21:57 - 01016261 _____ (Thisisu) C:\Users\Kathrin\Downloads\JRT.exe
2014-05-10 21:57 - 2014-05-10 21:57 - 00000000 ____D () C:\Windows\ERUNT
2014-05-10 21:56 - 2014-05-10 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-10 21:52 - 2014-05-10 21:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-05-10 21:51 - 2014-05-10 21:51 - 00005884 _____ () C:\Users\Kathrin\Desktop\AdwCleaner[S0].txt
2014-05-10 21:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-10 21:47 - 2014-05-10 21:49 - 00000000 ____D () C:\AdwCleaner
2014-05-10 21:47 - 2014-05-10 21:47 - 01316991 _____ () C:\Users\Kathrin\Downloads\adwcleaner.exe
2014-05-10 20:08 - 2014-05-10 20:08 - 00011129 _____ () C:\Users\Kathrin\Desktop\mbam.txt
2014-05-07 05:52 - 2014-05-07 05:52 - 00000000 ___SD () C:\ComboFix
2014-05-07 03:18 - 2014-05-07 03:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 21:38 - 2014-05-10 21:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 21:37 - 2014-05-06 21:37 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-06 21:37 - 2014-05-06 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-06 21:37 - 2014-05-06 21:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 21:37 - 2014-05-06 21:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-06 21:37 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-06 21:37 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-06 21:37 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-06 21:34 - 2014-05-06 21:35 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Kathrin\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-06 21:30 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 21:30 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-05 21:50 - 2014-05-05 21:50 - 00020685 _____ () C:\ComboFix.txt
2014-05-05 21:21 - 2014-05-07 05:52 - 00000000 ____D () C:\Qoobox
2014-05-05 21:21 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-05 21:21 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-05 21:21 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-05 21:21 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-05 21:21 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-05 21:21 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-05 21:21 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-05 21:21 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-05 21:20 - 2014-05-05 21:47 - 00000000 ____D () C:\Windows\erdnt
2014-05-05 21:14 - 2014-05-05 21:15 - 05199940 ____R (Swearware) C:\Users\Kathrin\Desktop\ComboFix.exe
2014-05-04 21:13 - 2014-05-04 21:17 - 00039314 _____ () C:\Users\Kathrin\Downloads\Addition.txt
2014-05-04 21:10 - 2014-05-10 22:13 - 00018193 _____ () C:\Users\Kathrin\Downloads\FRST.txt
2014-05-04 21:10 - 2014-05-10 22:13 - 00000000 ____D () C:\FRST
2014-05-04 21:09 - 2014-05-10 22:13 - 02065408 _____ (Farbar) C:\Users\Kathrin\Downloads\FRST64.exe
2014-05-03 23:53 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 23:53 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 23:53 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 23:53 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-01 23:43 - 2014-05-01 23:43 - 00000000 ____D () C:\Users\Kathrin\AppData\Local\com
2014-04-29 22:42 - 2014-04-30 09:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-29 09:19 - 2014-04-29 09:19 - 17338544 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-22 21:43 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-04-19 14:54 - 2014-04-19 14:54 - 00000000 ____D () C:\Users\Kathrin\Desktop\Alte Firefox-Daten
2014-04-19 14:45 - 2014-04-19 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-19 14:45 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-19 14:45 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-19 14:45 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-19 14:45 - 2013-06-28 14:12 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-19 14:44 - 2014-04-19 14:45 - 00003668 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-18 22:18 - 2014-04-30 09:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird.bak
2014-04-18 22:18 - 2014-04-29 21:42 - 00000000 ____D () C:\Users\Kathrin\AppData\Local\Thunderbird
2014-04-18 22:18 - 2014-04-18 22:18 - 00002098 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-04-18 22:18 - 2014-04-18 22:18 - 00002086 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-04-18 22:18 - 2014-04-18 22:18 - 00000000 ____D () C:\Users\Kathrin\AppData\Roaming\Thunderbird
2014-04-18 22:10 - 2014-04-18 22:12 - 21987424 _____ (Mozilla) C:\Users\Kathrin\Downloads\Thunderbird_Setup_de24.4.0.exe
2014-04-13 22:11 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-13 22:11 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-13 22:11 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-13 22:11 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-13 22:11 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-13 22:11 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-13 22:11 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-13 22:11 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-13 22:11 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-13 22:11 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-13 22:11 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-13 22:11 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-13 22:11 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-13 22:11 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-13 22:11 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-13 22:11 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-13 22:11 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-13 22:11 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-13 22:11 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-13 22:11 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-13 22:11 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-13 22:11 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-13 22:11 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-13 22:11 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-13 22:11 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-13 22:10 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-13 22:10 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-13 22:10 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-13 22:10 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-13 22:10 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-13 22:10 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-13 22:10 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-13 22:10 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-13 22:10 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-13 22:10 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-13 22:10 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-13 22:10 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-13 22:10 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-13 22:10 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-13 22:10 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-13 22:10 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-13 22:10 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-13 22:10 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-13 22:10 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-10 21:05 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 21:05 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 21:05 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 21:05 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 21:05 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 21:05 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 21:05 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 21:05 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 21:05 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 21:05 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 21:05 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 21:05 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 21:05 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 21:05 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 21:05 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 21:05 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 21:05 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
==================== One Month Modified Files and Folders =======
2014-05-10 22:14 - 2014-05-04 21:10 - 00018193 _____ () C:\Users\Kathrin\Downloads\FRST.txt
2014-05-10 22:13 - 2014-05-10 22:13 - 00000000 ____D () C:\Users\Kathrin\Downloads\FRST-OlderVersion
2014-05-10 22:13 - 2014-05-04 21:10 - 00000000 ____D () C:\FRST
2014-05-10 22:13 - 2014-05-04 21:09 - 02065408 _____ (Farbar) C:\Users\Kathrin\Downloads\FRST64.exe
2014-05-10 22:08 - 2014-05-10 22:08 - 00001117 _____ () C:\Users\Kathrin\Desktop\JRT.txt
2014-05-10 22:02 - 2011-10-29 23:48 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-10 21:59 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-10 21:59 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-10 21:57 - 2014-05-10 21:57 - 01016261 _____ (Thisisu) C:\Users\Kathrin\Downloads\JRT.exe
2014-05-10 21:57 - 2014-05-10 21:57 - 00000000 ____D () C:\Windows\ERUNT
2014-05-10 21:56 - 2014-05-10 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-10 21:56 - 2014-03-23 18:14 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-05-10 21:53 - 2011-07-12 19:41 - 00546905 _____ () C:\Users\Kathrin\DesktopStCenter.txt
2014-05-10 21:52 - 2014-05-10 21:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-05-10 21:52 - 2014-05-06 21:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-10 21:51 - 2014-05-10 21:51 - 00005884 _____ () C:\Users\Kathrin\Desktop\AdwCleaner[S0].txt
2014-05-10 21:51 - 2011-10-29 23:48 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-10 21:50 - 2013-07-07 09:13 - 00038475 _____ () C:\Windows\setupact.log
2014-05-10 21:50 - 2010-12-17 07:48 - 00431394 _____ () C:\Windows\PFRO.log
2014-05-10 21:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-10 21:49 - 2014-05-10 21:47 - 00000000 ____D () C:\AdwCleaner
2014-05-10 21:49 - 2012-03-01 18:53 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-10 21:49 - 2012-03-01 18:53 - 00001049 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-10 21:49 - 2011-10-29 23:49 - 00001278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-10 21:49 - 2011-10-29 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-10 21:49 - 2011-10-29 23:42 - 00000975 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-05-10 21:49 - 2011-10-29 23:42 - 00000963 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-05-10 21:49 - 2011-07-12 17:55 - 00000999 _____ () C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-10 21:49 - 2010-12-17 23:29 - 01412191 _____ () C:\Windows\WindowsUpdate.log
2014-05-10 21:47 - 2014-05-10 21:47 - 01316991 _____ () C:\Users\Kathrin\Downloads\adwcleaner.exe
2014-05-10 21:47 - 2011-07-12 19:41 - 00000000 ____D () C:\Users\Kathrin\AppData\Roaming\FRITZ!
2014-05-10 21:18 - 2012-04-11 21:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-10 20:08 - 2014-05-10 20:08 - 00011129 _____ () C:\Users\Kathrin\Desktop\mbam.txt
2014-05-10 20:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-05-09 22:57 - 2011-10-29 23:48 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 22:57 - 2011-10-29 23:48 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 05:52 - 2014-05-07 05:52 - 00000000 ___SD () C:\ComboFix
2014-05-07 05:52 - 2014-05-05 21:21 - 00000000 ____D () C:\Qoobox
2014-05-07 03:18 - 2014-05-07 03:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 03:07 - 2013-09-02 20:27 - 00000000 ____D () C:\Windows\rescache
2014-05-06 21:37 - 2014-05-06 21:37 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-06 21:37 - 2014-05-06 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-06 21:37 - 2014-05-06 21:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 21:37 - 2014-05-06 21:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-06 21:35 - 2014-05-06 21:34 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Kathrin\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-05 21:50 - 2014-05-05 21:50 - 00020685 _____ () C:\ComboFix.txt
2014-05-05 21:48 - 2011-07-12 17:55 - 00000000 ___RD () C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-05 21:47 - 2014-05-05 21:20 - 00000000 ____D () C:\Windows\erdnt
2014-05-05 21:37 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-05 21:15 - 2014-05-05 21:14 - 05199940 ____R (Swearware) C:\Users\Kathrin\Desktop\ComboFix.exe
2014-05-04 21:17 - 2014-05-04 21:13 - 00039314 _____ () C:\Users\Kathrin\Downloads\Addition.txt
2014-05-04 12:21 - 2013-11-01 22:01 - 00000036 _____ () C:\Users\Kathrin\AppData\Roaming\WB.CFG
2014-05-03 20:46 - 2014-03-23 18:12 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-05-01 23:43 - 2014-05-01 23:43 - 00000000 ____D () C:\Users\Kathrin\AppData\Local\com
2014-04-30 22:20 - 2014-03-23 16:26 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-04-30 22:01 - 2012-05-05 10:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-30 09:07 - 2014-04-29 22:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-30 09:07 - 2014-04-18 22:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird.bak
2014-04-29 21:42 - 2014-04-18 22:18 - 00000000 ____D () C:\Users\Kathrin\AppData\Local\Thunderbird
2014-04-29 16:01 - 2014-05-03 23:53 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-03 23:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-03 23:53 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-03 23:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 09:19 - 2014-04-29 09:19 - 17338544 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-29 09:19 - 2012-04-11 21:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 09:19 - 2012-04-11 21:47 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 09:19 - 2011-10-29 23:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-19 14:54 - 2014-04-19 14:54 - 00000000 ____D () C:\Users\Kathrin\Desktop\Alte Firefox-Daten
2014-04-19 14:52 - 2013-10-20 00:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-19 14:45 - 2014-04-19 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-19 14:45 - 2014-04-19 14:44 - 00003668 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-19 14:45 - 2013-06-28 14:12 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-18 22:18 - 2014-04-18 22:18 - 00002098 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-04-18 22:18 - 2014-04-18 22:18 - 00002086 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-04-18 22:18 - 2014-04-18 22:18 - 00000000 ____D () C:\Users\Kathrin\AppData\Roaming\Thunderbird
2014-04-18 22:12 - 2014-04-18 22:10 - 21987424 _____ (Mozilla) C:\Users\Kathrin\Downloads\Thunderbird_Setup_de24.4.0.exe
2014-04-18 21:25 - 2013-07-22 20:46 - 00000600 _____ () C:\winscp.rnd
2014-04-18 21:25 - 2013-07-22 20:42 - 00000000 ____D () C:\Program Files\Hanold_Bestellsystem
2014-04-15 16:53 - 2011-07-12 17:50 - 00000000 ____D () C:\Users\Kathrin\AppData\Local\Adobe
2014-04-14 20:05 - 2014-04-19 14:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-19 14:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-19 14:45 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-14 04:24 - 2014-05-06 21:30 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-06 21:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-13 22:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-12 18:17 - 2010-12-17 23:56 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-04-12 18:17 - 2010-12-17 23:56 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-04-12 18:17 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-11 08:31 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-11 08:12 - 2013-08-01 21:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 08:09 - 2011-07-12 22:11 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Kathrin\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-10 20:26
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- --- |