Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 7: wie entferne ich Profiler.gen.ac und Win32/Matsnu.L? (https://www.trojaner-board.de/162725-windows-7-entferne-profiler-gen-ac-win32-matsnu-l.html)

Riela15 13.01.2015 16:51
Windows 7: wie entferne ich Profiler.gen.ac und Win32/Matsnu.L?
 
Hallo,
unser PC ist seit einiger Zeit sehr langsam geworden. Das Antivirusprogramm McAfee meldet bei jedem Neustart den Trojaner Profiler.gen.ac, allerdings immer an einem anderen Ort.
Im Nachhinein weiß ich, dass wir eine eMail mit einer Mahnung aufgemacht haben...
Das Schlimmste ist, wir können beim OnlineBanking uns zwar einloggen, aber dann kommt eine Meldung (eine Maske, die nicht zu schließen ist), die wir nicht übergehen können. Es wird verlangt etweder sofort 4.850 Euro zurück zu überweisen oder den Zugriff auf das komplette Konto zu erlauben.

Auf den anderen Trojaner Win 32/Matsnu.L hat mich "Microsoft Tools zum Entfernen bösartiger Software" aufmerksam gemacht, wenn es denn eine echte Microsoftmeldung war.

Ich habe die Informationen zusammengestellt, allerdings wurde GMER plötzlich abgebrochen mit dem z.Z. häufigem Hinweis "Programm funktioniert jetzt nicht mehr".

Bitte, wenn Ihr etwas für uns tun könnt... Danke!

defogger_disable.txt
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:20 on 13/01/2015 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST.txt
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by ***** (administrator) on PAULUSSCHWESTER on 13-01-2015 15:32:52
Running from C:\Users\*****\Desktop
Loaded Profile: ***** (Available profiles: *****)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
() C:\Program Files\MaxUp Video Downloader\maxup.exe
(EasyBits Software AS) C:\ProgramData\GameXN\GameXNGO.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\authority_key_identifier\search_icon.exe
() C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\health_record.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Windows\System32\find.exe
(Microsoft Corporation) C:\Windows\System32\label.exe
(Microsoft Corporation) C:\Windows\System32\attrib.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\diskperf.exe
(Microsoft Corporation) C:\Windows\System32\runonce.exe
(Microsoft Corporation) C:\Windows\System32\doskey.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
() C:\Users\*****\Desktop\Defogger.exe
(Ipswitch) C:\Program Files\WS_FTP Pro\WsftpCOMHelper.exe
(Company 'gora-sah') C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\live_export.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [514832 2014-10-06] (McAfee, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [MaxUp Video Downloader] => C:\Program Files\MaxUp Video Downloader\maxup.exe [30720 2010-02-11] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [GameXN GO] => C:\ProgramData\GameXN\GameXNGO.exe [347008 2012-02-25] (EasyBits Software AS)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [kkiiweuu] => C:\Users\*****\AppData\Local\Lpsgds\kvsewweuu.exe [80384 2014-10-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [sfjeyykp] => C:\Users\*****\AppData\Local\Temp\Gubfc\ctthhrpyykp.exe [58880 2014-10-11] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [uvkvdwyw] => C:\Users\*****\AppData\Local\Gorebxesay\elenidwyw.exe [58880 2014-10-11] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ohpjimak] => C:\Users\*****\AppData\Local\Temp\Khybp\cqgfcimak.exe [179200 2015-01-10] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [cmomffmv] => C:\Users\*****\AppData\Local\Temp\Piaiohqqbm\pgwcyqfffmv.exe [64512 2014-10-13] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [scriptplugin32] => C:\Users\*****\AppData\Roaming\Script\scriptplugin32.exe [135168 2014-10-30] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [script-dll] => C:\Users\*****\AppData\Roaming\Script\script-dll.exe [55808 2014-10-31] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [update] => C:\Users\*****\AppData\Roaming\Update\update.exe [72704 2014-11-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [updateservice32] => C:\Users\*****\AppData\Local\Temp\Update\updateservice32.exe [72704 2014-11-10] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [updatestage] => C:\Users\*****\AppData\Local\Temp\Update\updatestage.exe [71680 2014-11-06] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [sim_pin] => C:\Program Files\Adobe\Reader 11.0\Reader\Browser\question\social_updates.exe [150016 2012-10-23] (American Megatrends, Inc)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [run] => C:\Users\*****\AppData\Roaming\Run\run.exe [90112 2014-11-22] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [loader-help] => C:\Users\*****\AppData\Roaming\Loader\loader-help.exe [90112 2014-11-22] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [firefox64-print64] => C:\Users\*****\AppData\Local\Firefox64\firefox64-print64.exe [78336 2014-11-24] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [avira32frame] => C:\Users\*****\AppData\Roaming\Avira32\avira32frame.exe [78336 2014-11-24] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] (Лаборатория Касперского НО ПУТИН ВСЕ РАВНО ХУЙЛО)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [data_sense] => C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1031-7B44-AB0000000001}\mjgbgq\inventory_order\refresh.exe [336384 2010-10-19] (Glarysoft Ltd)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mortgage-plant] => C:\Users\*****\AppData\Roaming\Mortgage_imagine\mortgage_station.exe [151040 2015-01-10] (Лаборатория Касперского НО ПУТИН ВСЕ РАВНО ХУЙЛО)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mountain-choose] => C:\Users\*****\AppData\Local\Temp\Mountain-task\mountain_appear.exe [251904 2015-01-13] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [space] => C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\authority_key_identifier\search_icon.exe [255488 2014-09-12] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [emergency_room] => C:\ProgramData\GameXN\Chat\windows_calendar\web_filtering.exe [350208 2011-09-19] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [validation] => C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\health_record.exe [350208 2014-12-28] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] (Лаборатория Касперского НО ПУТИН ВСЕ РАВНО ХУЙЛО)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [mortgage-plant] => C:\Users\*****\AppData\Roaming\Mortgage_imagine\mortgage_station.exe [151040 2015-01-10] (Лаборатория Касперского НО ПУТИН ВСЕ РАВНО ХУЙЛО)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [mountain-choose] => C:\Users\*****\AppData\Local\Temp\Mountain-task\mountain_appear.exe [251904 2015-01-13] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\MountPoints2: {e9c492e8-c7fe-11e1-b6ec-002421af38dd} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000 -> DefaultScope {3A28514C-0D87-4C90-A786-E1FE060B9784} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140325&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000 -> {3A28514C-0D87-4C90-A786-E1FE060B9784} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140325&p={SearchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {142DC14B-63E4-453E-8B4B-AE36A52BF049} hxxp://appdown.naver.com/naver/sports/Cabs/NLiveCastX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\5hgb4j72.default
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Homepage: hxxp://www.paulus-schwestern.de
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE0D20140325&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/O1DPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-12-10]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-03-25]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-25]
FF HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-12-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\Mcafee\ActWiz\McAWFwk.exe [287728 2013-04-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [40448 2009-08-28] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 15:32 - 2015-01-13 15:34 - 00023550 _____ () C:\Users\*****\Desktop\FRST.txt
2015-01-13 15:32 - 2015-01-13 15:32 - 00000000 ____D () C:\FRST
2015-01-13 15:31 - 2015-01-13 15:31 - 01115648 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2015-01-13 15:20 - 2015-01-13 15:20 - 00000496 _____ () C:\Users\*****\Desktop\defogger_disable.log
2015-01-13 15:20 - 2015-01-13 15:20 - 00000000 _____ () C:\Users\*****\defogger_reenable
2015-01-13 15:18 - 2015-01-13 15:18 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2015-01-10 16:14 - 2015-01-10 16:14 - 00000000 ___HD () C:\Users\*****\AppData\Local\Price-deposit
2015-01-10 15:55 - 2015-01-10 15:55 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage_imagine
2015-01-09 09:15 - 2015-01-09 09:15 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-command
2015-01-09 09:06 - 2015-01-09 09:06 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-joke
2015-01-08 09:23 - 2015-01-08 09:28 - 00785408 _____ () C:\Users\*****\Desktop\Formular Inventur Düsseldorf 2014.xls
2015-01-08 09:12 - 2015-01-10 16:16 - 00000000 ___HD () C:\Users\*****\AppData\Local\Cpecwmjid
2015-01-08 08:40 - 2015-01-08 08:40 - 00000000 ___HD () C:\Users\*****\AppData\Local\Pin-phase
2015-01-06 10:37 - 2015-01-08 17:17 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Farmer-cook
2015-01-05 18:40 - 2015-01-05 18:40 - 00005816 _____ () C:\Users\*****\AppData\Roaming\out.bin
2015-01-05 15:18 - 2015-01-05 15:18 - 00182784 _____ () C:\Users\*****\AppData\Roaming\salmagundis.c
2015-01-02 08:17 - 2015-01-02 08:17 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-golf
2014-12-26 08:26 - 2015-01-05 10:00 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Ppqbxpput
2014-12-19 21:10 - 2014-12-23 20:56 - 00000000 ____D () C:\Users\*****\Desktop\Presentazione Düsseldorf -
2014-12-19 09:26 - 2014-12-19 09:26 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-shoulder
2014-12-18 11:08 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:47 - 2014-12-18 11:23 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Fbkkan
2014-12-18 10:45 - 2014-12-18 10:47 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Wiyuws
2014-12-18 10:35 - 2014-12-18 10:45 - 00000000 ___HD () C:\Users\*****\AppData\Local\Nfnbbvqez
2014-12-15 10:05 - 2014-12-18 10:35 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Ktaqfpqp
2014-12-15 09:55 - 2014-12-24 10:46 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage-explain

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 15:31 - 2012-02-25 19:45 - 00000000 ____D () C:\ProgramData\GameXN
2015-01-13 15:29 - 2010-12-12 13:09 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA.job
2015-01-13 15:27 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 15:27 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 15:20 - 2009-12-11 11:59 - 00000000 ____D () C:\Users\*****
2015-01-13 15:18 - 2009-12-11 11:40 - 01382871 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 15:11 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 15:10 - 2009-12-11 12:35 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-13 15:10 - 2009-12-11 12:10 - 00853394 _____ () C:\Windows\PFRO.log
2015-01-13 15:10 - 2009-07-14 05:39 - 00251262 _____ () C:\Windows\setupact.log
2015-01-13 15:04 - 2009-12-11 14:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2015-01-13 14:03 - 2014-10-16 15:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Win
2015-01-13 13:56 - 2012-02-25 19:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\go
2015-01-12 17:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-10 21:32 - 2013-08-15 09:14 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-10 16:35 - 2009-12-11 14:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Apple Computer
2015-01-06 15:46 - 2009-12-11 11:54 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 18:34 - 2014-10-10 14:47 - 00000000 ____D () C:\ProgramData\kjsdym
2014-12-22 14:50 - 2013-06-23 09:48 - 00000000 ____D () C:\Users\*****\Documents\Agnes
2014-12-20 16:55 - 2012-10-27 09:57 - 00000000 ____D () C:\Users\*****\Documents\Gabriela
2014-12-19 10:33 - 2013-02-27 13:02 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-12-19 10:33 - 2011-12-04 21:26 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-15 16:07 - 2011-10-20 21:01 - 00000000 ____D () C:\Users\*****\Desktop\gemeinschaft

Files to move or delete:
====================
C:\Users\*****\AppData\Local\Temp\Gubfc\ctthhrpyykp.exe
C:\Users\*****\AppData\Local\Temp\Khybp\cqgfcimak.exe
C:\Users\*****\AppData\Local\Temp\Piaiohqqbm\pgwcyqfffmv.exe
C:\Users\*****\AppData\Local\Temp\Update\updateservice32.exe
C:\Users\*****\AppData\Local\Temp\Update\updatestage.exe
C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe
C:\Users\*****\AppData\Local\Temp\Mountain-task\mountain_appear.exe
C:\Users\*****\install_reader11_de_ltr5x32d_awc_aih.exe


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\camera.exe
C:\Users\*****\AppData\Local\Temp\contentDATs.exe
C:\Users\*****\AppData\Local\Temp\FileSystemView.dll
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate08.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate09.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate10.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate11.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate12.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate13.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate14.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate15.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate16.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate17.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate18.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate19.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate20.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate21.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate22.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate23.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate24.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate25.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate26.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate27.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate28.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate29.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate30.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate31.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate32.exe
C:\Users\*****\AppData\Local\Temp\GUR5F06.exe
C:\Users\*****\AppData\Local\Temp\GUR98D5.exe
C:\Users\*****\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\*****\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\_is11FB.exe
C:\Users\*****\AppData\Local\Temp\_is37A.exe
C:\Users\*****\AppData\Local\Temp\_is453B.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-12 17:07

==================== End Of Log ============================



Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02
Ran by Paulus Schwestern at 2015-01-13 15:35:00
Running from C:\Users\Paulus Schwestern\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
d71kibj5usy (HKLM\...\{2028b740-5aa6-4f26-b77c-db4d43d458a2}.sdb) (Version:  - )
Epson Easy Photo Print 2 (HKLM\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Stylus Office BX300F_TX300F Handbuch (HKLM\...\EPSON Stylus Office BX300F_TX300F Benutzerhandbuch) (Version:  - )
GameXN GO (HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Game Organizer) (Version:  - GameXN AS)
Garmin City Navigator Europe NT 2010.31 Update (HKLM\...\{D22F5242-773E-4270-AB1F-492021BCABBE}) (Version: 13.31.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{15F4085A-BC98-4590-AFFD-03BBBE49524E}) (Version: 2.9.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Ipswitch WS_FTP 12 (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.4 - Ipswitch)
Ipswitch WS_FTP Pro Uninstall (HKLM\...\WS_FTPPro) (Version:  - )
iTunes (HKLM\...\{81063354-9060-42B2-A000-1EBE96778AA9}) (Version: 9.0.3.15 - Apple Inc.)
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
MaxUp Video Downloader 1.0 (HKLM\...\MaxUp Video Downloader_is1) (Version:  - )
McAfee Internet Security (HKLM\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero 7 Essentials (HKLM\...\{F17F7703-1E72-40C1-A0DD-E5B365661031}) (Version: 7.02.0794 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
oryvs1aqn (HKLM\...\{9d31bfce-bd21-4218-bb95-90d535e179ad}.sdb) (Version:  - )
Pacchetto di compatibilità per Office System 2007 (HKLM\...\{90120000-0020-0410-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skype Toolbars (HKLM\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.19045 - TeamViewer)
Voipwise (HKLM\...\Voipwise_is1) (Version: 4.04 build 550 - Finarea S.A. Switzerland)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

09-08-2014 08:56:16 Windows Update
10-08-2014 02:00:42 Windows Update
13-08-2014 08:13:20 Windows Update
13-08-2014 11:42:12 Windows Update
14-08-2014 15:45:31 Windows Update
15-08-2014 02:00:59 Windows Update
15-08-2014 06:39:58 Windows Update
15-08-2014 08:56:54 Windows Update
15-08-2014 15:46:44 Windows Update
15-08-2014 18:52:37 Windows Update
16-08-2014 15:21:32 Windows Update
16-08-2014 17:29:54 Windows Update
24-08-2014 14:29:40 Windows Update
24-08-2014 16:58:16 Windows Update
25-08-2014 19:56:20 Windows Update
26-08-2014 04:55:22 Windows Update
26-08-2014 20:07:12 Windows Update
27-08-2014 03:41:53 Windows Update
27-08-2014 11:03:58 Windows Update
27-08-2014 11:19:31 Windows Update
27-08-2014 17:48:37 Windows Update
28-08-2014 11:03:42 Windows Update
28-08-2014 12:06:41 Windows Update
28-08-2014 15:41:36 Windows Update
28-08-2014 19:15:34 Windows Update
28-08-2014 20:18:58 Windows Update
29-08-2014 08:11:48 Windows Update
29-08-2014 18:57:49 Windows Update
30-08-2014 09:36:02 Windows Update
30-08-2014 17:54:55 Windows Update
31-08-2014 09:25:08 Windows Update
31-08-2014 17:07:02 Windows Update
01-09-2014 10:50:30 Windows Update
01-09-2014 18:26:52 Windows Update
02-09-2014 18:45:20 Windows Update
03-09-2014 17:21:59 Windows Update
04-09-2014 10:50:38 Windows Update
04-09-2014 19:08:12 Windows Update
05-09-2014 10:58:22 Windows Update
05-09-2014 16:46:13 Windows Update
05-09-2014 17:28:20 Windows Update
06-09-2014 18:48:51 Windows Update
07-09-2014 05:58:34 Windows Update
07-09-2014 11:08:41 Windows Update
07-09-2014 18:05:49 Windows Update
08-09-2014 06:57:55 Windows Update
08-09-2014 07:46:53 Windows Update
08-09-2014 19:23:15 Windows Update
10-09-2014 02:00:40 Windows Update
11-09-2014 09:48:30 Windows Update
19-09-2014 18:28:52 Geplanter Prüfpunkt
24-09-2014 13:25:20 Windows Update
01-10-2014 17:52:13 Windows Update
09-10-2014 17:36:19 Geplanter Prüfpunkt
17-10-2014 10:53:55 Windows Update
28-10-2014 11:30:44 Geplanter Prüfpunkt
10-11-2014 09:42:48 Geplanter Prüfpunkt
23-11-2014 16:49:01 Windows Update
09-12-2014 12:41:10 Geplanter Prüfpunkt
11-12-2014 17:16:41 Windows Update
12-12-2014 11:19:46 Windows Update
18-12-2014 11:56:46 Windows Update
12-01-2015 17:15:48 Geplanter Prüfpunkt
13-01-2015 14:55:35 Pacchetto di compatibilità per Office System 2007 rimosso

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {206CE3E2-8524-4F1C-B7FF-CDE721B58C9E} - System32\Tasks\{B442546E-03F9-4483-BC3C-58AA2C567E8A} => C:\Program Files\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {43404FC0-9F2A-45FE-AD73-62205FC36867} - System32\Tasks\{7146788D-B689-4C90-9E0F-54F548C2E2C3} => pcalua.exe -a "C:\Users\Paulus Schwestern\Desktop\garmin_rmu_cneunt2010_30c.exe" -d "C:\Users\Paulus Schwestern\Desktop"
Task: {6D19F507-D68A-44A8-8607-57C33CAA7633} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA => C:\Users\Paulus Schwestern\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {99AE1380-A9DE-4929-ABEC-236142A35B77} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9DFC69C3-8097-41C6-B432-ED2B1334BB5C} - System32\Tasks\{EBF9F240-B55D-44CE-B449-5BF99E3F757B} => pcalua.exe -a "E:\WS_FTP Pro 6.0 GER\wsftpsup.exe" -d "E:\WS_FTP Pro 6.0 GER"
Task: {F21621DF-23FF-4F93-B32B-9B421CF7A1FE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core => C:\Users\Paulus Schwestern\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {F5C0661C-94A5-4F91-92D3-2EA7CFEE4519} - System32\Tasks\{579295C0-AD4F-418C-A9F7-C0C85BCB4C22} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {F7BF453F-D5E8-4E5E-8ECB-C7A3E9BFC313} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core.job => C:\Users\Paulus Schwestern\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA.job => C:\Users\Paulus Schwestern\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
1999-07-23 08:08 - 1999-07-23 08:08 - 00045568 _____ () C:\Program Files\WS_FTP Pro\nsftpch.dll
2014-04-22 18:06 - 2012-10-12 15:39 - 06622288 _____ () C:\Program Files\WS_FTP Pro\res0407.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-07-16 15:34 - 2009-07-16 15:34 - 02140944 _____ () C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 07704336 _____ () C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00968976 _____ () C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00475408 _____ () C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00363792 _____ () C:\Program Files\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00199952 _____ () C:\Program Files\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00027408 _____ () C:\Program Files\Logitech\Logitech Vid\SDL.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 11311888 _____ () C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00291600 _____ () C:\Program Files\Logitech\Logitech Vid\phonon4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00028944 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00035088 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00138000 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 00181592 _____ () C:\Program Files\Common Files\LogiShrd\LvApi11\LvApi11.dll
2010-04-11 12:45 - 2010-02-11 22:26 - 00030720 _____ () C:\Program Files\MaxUp Video Downloader\maxup.exe
2010-04-11 12:45 - 2009-11-03 13:03 - 00043008 _____ () C:\Program Files\MaxUp Video Downloader\_socket.pyd
2010-04-11 12:45 - 2009-11-03 13:03 - 00805376 _____ () C:\Program Files\MaxUp Video Downloader\_ssl.pyd
2010-04-11 12:45 - 2009-11-20 17:23 - 01169920 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtCore.pyd
2010-04-11 12:45 - 2009-10-22 19:52 - 01951744 _____ () C:\Program Files\MaxUp Video Downloader\QtCore4.dll
2010-04-11 12:45 - 2009-11-20 17:10 - 00059904 _____ () C:\Program Files\MaxUp Video Downloader\sip.pyd
2010-04-11 12:45 - 2009-11-20 17:28 - 04477952 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtGui.pyd
2010-04-11 12:45 - 2009-10-22 20:00 - 07236608 _____ () C:\Program Files\MaxUp Video Downloader\QtGui4.dll
2010-04-11 12:45 - 2009-11-20 17:29 - 00151040 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtWebKit.pyd
2010-04-11 12:45 - 2009-10-22 20:38 - 08476672 _____ () C:\Program Files\MaxUp Video Downloader\QtWebKit4.dll
2010-04-11 12:45 - 2009-10-22 20:04 - 00241664 _____ () C:\Program Files\MaxUp Video Downloader\phonon4.dll
2010-04-11 12:45 - 2009-10-22 19:53 - 00875520 _____ () C:\Program Files\MaxUp Video Downloader\QtNetwork4.dll
2010-04-11 12:45 - 2009-11-20 17:28 - 00343040 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtNetwork.pyd
2010-04-11 12:45 - 2009-11-03 12:35 - 00092160 _____ () C:\Program Files\MaxUp Video Downloader\win32api.pyd
2010-04-11 12:45 - 2009-11-03 13:04 - 00107520 _____ () C:\Program Files\MaxUp Video Downloader\pywintypes26.dll
2010-04-11 12:45 - 2009-11-03 13:04 - 00353792 _____ () C:\Program Files\MaxUp Video Downloader\pythoncom26.dll
2010-04-11 12:45 - 2009-11-03 12:43 - 00244736 _____ () C:\Program Files\MaxUp Video Downloader\win32com.shell.shell.pyd
2010-01-23 11:22 - 2014-09-12 08:20 - 00255488 _____ () C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\authority_key_identifier\search_icon.exe
2014-12-17 05:57 - 2014-12-28 09:48 - 00350208 _____ () C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\health_record.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-12-10 10:18 - 2014-12-10 10:18 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-01-13 15:18 - 2015-01-13 15:18 - 00050477 _____ () C:\Users\Paulus Schwestern\Desktop\Defogger.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2950267747-3488905677-2633809525-500 - Administrator - Disabled)
Gast (S-1-5-21-2950267747-3488905677-2633809525-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2950267747-3488905677-2633809525-1005 - Limited - Enabled)
Paulus Schwestern (S-1-5-21-2950267747-3488905677-2633809525-1000 - Administrator - Enabled) => C:\Users\Paulus Schwestern

==================== Faulty Device Manager Devices =============

Name: H:\
Description: Multi-Card     
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2015 03:15:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17496, Zeitstempel: 0x546fddcc
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000001
ID des fehlerhaften Prozesses: 0x22d8
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (01/13/2015 03:13:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mortgage_station.exe, Version: 8.5.0.7, Zeitstempel: 0x54775874
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x8d8
Startzeit der fehlerhaften Anwendung: 0xmortgage_station.exe0
Pfad der fehlerhaften Anwendung: mortgage_station.exe1
Pfad des fehlerhaften Moduls: mortgage_station.exe2
Berichtskennung: mortgage_station.exe3

Error: (01/13/2015 03:05:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: lodctr.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc107
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7ff80050
ID des fehlerhaften Prozesses: 0x2184
Startzeit der fehlerhaften Anwendung: 0xlodctr.exe0
Pfad der fehlerhaften Anwendung: lodctr.exe1
Pfad des fehlerhaften Moduls: lodctr.exe2
Berichtskennung: lodctr.exe3

Error: (01/13/2015 03:05:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chkntfs.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bbff9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7ff80050
ID des fehlerhaften Prozesses: 0x718
Startzeit der fehlerhaften Anwendung: 0xchkntfs.exe0
Pfad der fehlerhaften Anwendung: chkntfs.exe1
Pfad des fehlerhaften Moduls: chkntfs.exe2
Berichtskennung: chkntfs.exe3

Error: (01/13/2015 03:05:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wiaacmgr.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bce11
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7ff80050
ID des fehlerhaften Prozesses: 0x1d3c
Startzeit der fehlerhaften Anwendung: 0xwiaacmgr.exe0
Pfad der fehlerhaften Anwendung: wiaacmgr.exe1
Pfad des fehlerhaften Moduls: wiaacmgr.exe2
Berichtskennung: wiaacmgr.exe3

Error: (01/13/2015 03:05:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: expand.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bbf6d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7ff80050
ID des fehlerhaften Prozesses: 0x1a44
Startzeit der fehlerhaften Anwendung: 0xexpand.exe0
Pfad der fehlerhaften Anwendung: expand.exe1
Pfad des fehlerhaften Moduls: expand.exe2
Berichtskennung: expand.exe3

Error: (01/13/2015 03:04:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475e0b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000001
ID des fehlerhaften Prozesses: 0x1c68
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (01/13/2015 03:04:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475e0b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000001
ID des fehlerhaften Prozesses: 0x304
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (01/13/2015 03:04:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475e0b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000001
ID des fehlerhaften Prozesses: 0xd1c
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (01/13/2015 03:03:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mortgage_station.exe, Version: 8.5.0.7, Zeitstempel: 0x54775874
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x10b4
Startzeit der fehlerhaften Anwendung: 0xmortgage_station.exe0
Pfad der fehlerhaften Anwendung: mortgage_station.exe1
Pfad des fehlerhaften Moduls: mortgage_station.exe2
Berichtskennung: mortgage_station.exe3


System errors:
=============
Error: (01/13/2015 03:15:08 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (01/13/2015 03:14:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/13/2015 03:14:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.

Error: (01/13/2015 03:04:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (01/13/2015 03:04:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/13/2015 03:04:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.

Error: (01/13/2015 03:03:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (01/13/2015 03:02:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht.

Error: (01/13/2015 02:08:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/13/2015 02:08:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.


Microsoft Office Sessions:
=========================
Error: (01/13/2015 03:15:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17496546fddccunknown0.0.0.000000000c00000050000000122d801d02f3b62ea44eeC:\Program Files\Internet Explorer\iexplore.exeunknownab61c98c-9b2e-11e4-a070-002421af38dd

Error: (01/13/2015 03:13:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mortgage_station.exe8.5.0.754775874unknown0.0.0.000000000c0000005000000008d801d02f3ae0d6ef0eC:\Users\Paulus Schwestern\AppData\Roaming\Mortgage_imagine\mortgage_station.exeunknown61b09291-9b2e-11e4-a070-002421af38dd

Error: (01/13/2015 03:05:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: lodctr.exe6.1.7600.163854a5bc107unknown0.0.0.000000000c00000057ff80050218401d02f39e518cd3aC:\Windows\system32\lodctr.exeunknown45b083e6-9b2d-11e4-afc1-002421af38dd

Error: (01/13/2015 03:05:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chkntfs.exe6.1.7600.163854a5bbff9unknown0.0.0.000000000c00000057ff8005071801d02f39df01b8d5C:\Windows\system32\chkntfs.exeunknown439479ce-9b2d-11e4-afc1-002421af38dd

Error: (01/13/2015 03:05:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wiaacmgr.exe6.1.7600.163854a5bce11unknown0.0.0.000000000c00000057ff800501d3c01d02f39de6130bcC:\Windows\system32\wiaacmgr.exeunknown404b0edc-9b2d-11e4-afc1-002421af38dd

Error: (01/13/2015 03:05:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: expand.exe6.1.7600.163854a5bbf6dunknown0.0.0.000000000c00000057ff800501a4401d02f39de786293C:\Windows\system32\expand.exeunknown3edc373d-9b2d-11e4-afc1-002421af38dd

Error: (01/13/2015 03:04:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe34.0.5.54435475e0b9unknown0.0.0.000000000c0000005000000011c6801d02f39b872663bC:\Program Files\Mozilla Firefox\firefox.exeunknown0bd359e0-9b2d-11e4-afc1-002421af38dd

Error: (01/13/2015 03:04:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe34.0.5.54435475e0b9unknown0.0.0.000000000c00000050000000130401d02f39984b7d86C:\Program Files\Mozilla Firefox\firefox.exeunknown0a29c255-9b2d-11e4-afc1-002421af38dd

Error: (01/13/2015 03:04:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe34.0.5.54435475e0b9unknown0.0.0.000000000c000000500000001d1c01d02f3997e0d346C:\Program Files\Mozilla Firefox\firefox.exeunknown08aba83d-9b2d-11e4-afc1-002421af38dd

Error: (01/13/2015 03:03:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mortgage_station.exe8.5.0.754775874unknown0.0.0.000000000c00000050000000010b401d02f395efe87acC:\Users\Paulus Schwestern\AppData\Roaming\Mortgage_imagine\mortgage_station.exeunknown01deaeaf-9b2d-11e4-afc1-002421af38dd


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 47%
Total physical RAM: 3070.18 MB
Available physical RAM: 1622.18 MB
Total Pagefile: 6138.65 MB
Available Pagefile: 4087.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1875.79 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:583.49 GB) (Free:468.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.67 GB) (Free:1.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=583.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 13.01.2015 17:01
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Riela15 13.01.2015 21:41
Danke, cosinus, das war superschnell. :)
Ich bin ein Anfänger, wo krieg ich die logs her?
Soll ich den McAfee deinstallieren, dafür eine der angegebenen (eg. ESET Online Scan) installieren? McAfee selbst zeigt mir nur im Sicherheitsbericht, da: "Gesamtaktivität" an, dass er 93 Trojaner entfernt hat...
Was ich mir seit vorgestern notiert habee, als die Meldung von McAfee kam, waren:
Code:
C:\users\*****\appdata\local\price-deposit\price-claset.exe
Code:
C:\users\*****\appdata\local\moutainshoot\mountainlack.exe
Code:
C:\users\*****\appdata\local\farmer-joke\farmer-manage.exe

cosinus 13.01.2015 23:11
Bitte ein Log mit MBAR machen:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Riela15 14.01.2015 21:15
Habe drei Scans durchgeführt, nach jedem CleanUp betätigt. Beim Vierten keine Bedrohung mehr gefunden. Hier die Logfiles:
Code:
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.14.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
***** :: +++++ [administrator]

14.01.2015 17:04:26
mbar-log-2015-01-14 (17-04-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 319659
Time elapsed: 23 minute(s),

Memory Processes Detected: 1
C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\office_web_apps.exe (Trojan.Downloader) -> 5840 -> Delete on reboot. [df70c7309fea92a4a525eb12d62b9769]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 16
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kkiiweuu (Trojan.Agent.EAJGen) -> Data: C:\Users\*****\AppData\Local\Lpsgds\kvsewweuu.exe -> Delete on reboot. [dc731fd86e1b5adc2b1e14cb7e830af6]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sfjeyykp (Trojan.Agent.EAJGen) -> Data: C:\Users\*****\AppData\Local\Temp\Gubfc\ctthhrpyykp.exe -> Delete on reboot. [a5aabd3a6c1d3df991ba7a652ed3f010]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uvkvdwyw (Trojan.Agent.EAJGen) -> Data: C:\Users\*****\AppData\Local\Gorebxesay\elenidwyw.exe -> Delete on reboot. [8ec104f3f4959c9a53f889569968c13f]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cmomffmv (Trojan.Agent.EAJGen) -> Data: C:\Users\*****\AppData\Local\Temp\Piaiohqqbm\pgwcyqfffmv.exe -> Delete on reboot. [eb64f403f29766d04a942ab5d9282bd5]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|scriptplugin32 (Trojan.Agent.WSTGen) -> Data: C:\Users\*****\AppData\Roaming\Script\scriptplugin32.exe -> Delete on reboot. [e56a19de5d2cee482dfce702837ee31d]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|script-dll (Trojan.Krypt) -> Data: C:\Users\*****\AppData\Roaming\Script\script-dll.exe -> Delete on reboot. [1e3100f7becbc67022514a9f04fd1de3]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|update (Trojan.Krypt) -> Data: C:\Users\*****\AppData\Roaming\Update\update.exe -> Delete on reboot. [cd82b146553480b6501be507e0210df3]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|updateservice32 (Trojan.Krypt) -> Data: C:\Users\PAULUS~1\AppData\Local\Temp\Update\updateservice32.exe -> Delete on reboot. [88c7ca2d46433105412abc307988cf31]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|updatestage (Trojan.Krypt) -> Data: C:\Users\PAULUS~1\AppData\Local\Temp\Update\updatestage.exe -> Delete on reboot. [b69947b0dbae142297d459936b96e020]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sim_pin (Trojan.Agent) -> Data: C:\Program Files\Adobe\Reader 11.0\Reader\Browser\question\social_updates.exe -> Delete on reboot. [024d07f0068356e093e220c36f92946c]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|run (Spyware.Citadel) -> Data: C:\Users\*****\AppData\Roaming\Run\run.exe -> Delete on reboot. [46099b5c8504b0866eb7c72c6e931ae6]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|loader-help (Spyware.Citadel) -> Data: C:\Users\*****\AppData\Roaming\Loader\loader-help.exe -> Delete on reboot. [5af5fff8fa8f3df968bdfef5e120a55b]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|firefox64-print64 (Trojan.Inject) -> Data: C:\Users\*****\AppData\Local\Firefox64\firefox64-print64.exe -> Delete on reboot. [fc53797e1178a393cd0267f8c23e8a76]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|avira32frame (Trojan.Inject) -> Data: C:\Users\*****\AppData\Roaming\Avira32\avira32frame.exe -> Delete on reboot. [8ec1797ef79259dd25aa72ed0ef2a759]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|data_sense (Trojan.Tinba) -> Data: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1031-7B44-AB0000000001}\mjgbgq\inventory_order\refresh.exe -> Delete on reboot. [0d42787f1a6fb77fd4cf9a63e02146ba]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|space (Backdoor.Bot) -> Data: C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\authority_key_identifier\search_icon.exe -> Delete on reboot. [c7886b8c2366f640218e54b20cf66e92]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 87
C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\office_web_apps.exe (Trojan.Downloader) -> Delete on reboot. [df70c7309fea92a4a525eb12d62b9769]
C:\Users\*****\AppData\Local\Lpsgds\kvsewweuu.exe (Trojan.Agent.EAJGen) -> Delete on reboot. [dc731fd86e1b5adc2b1e14cb7e830af6]
C:\Users\*****\AppData\Local\Temp\Gubfc\ctthhrpyykp.exe (Trojan.Agent.EAJGen) -> Delete on reboot. [a5aabd3a6c1d3df991ba7a652ed3f010]
C:\Users\*****\AppData\Local\Gorebxesay\elenidwyw.exe (Trojan.Agent.EAJGen) -> Delete on reboot. [8ec104f3f4959c9a53f889569968c13f]
C:\Users\*****\AppData\Local\Temp\Piaiohqqbm\pgwcyqfffmv.exe (Trojan.Agent.EAJGen) -> Delete on reboot. [eb64f403f29766d04a942ab5d9282bd5]
C:\Users\*****\AppData\Roaming\Script\scriptplugin32.exe (Trojan.Agent.WSTGen) -> Delete on reboot. [e56a19de5d2cee482dfce702837ee31d]
C:\Users\*****\AppData\Roaming\Script\script-dll.exe (Trojan.Krypt) -> Delete on reboot. [1e3100f7becbc67022514a9f04fd1de3]
C:\Users\*****\AppData\Roaming\Update\update.exe (Trojan.Krypt) -> Delete on reboot. [cd82b146553480b6501be507e0210df3]
C:\Users\*****\AppData\Local\Temp\Update\updateservice32.exe (Trojan.Krypt) -> Delete on reboot. [88c7ca2d46433105412abc307988cf31]
C:\Users\*****\AppData\Local\Temp\Update\updatestage.exe (Trojan.Krypt) -> Delete on reboot. [b69947b0dbae142297d459936b96e020]
C:\Program Files\Adobe\Reader 11.0\Reader\Browser\question\social_updates.exe (Trojan.Agent) -> Delete on reboot. [024d07f0068356e093e220c36f92946c]
C:\Users\*****\AppData\Roaming\Run\run.exe (Spyware.Citadel) -> Delete on reboot. [46099b5c8504b0866eb7c72c6e931ae6]
C:\Users\*****\AppData\Roaming\Loader\loader-help.exe (Spyware.Citadel) -> Delete on reboot. [5af5fff8fa8f3df968bdfef5e120a55b]
C:\Users\*****\AppData\Local\Firefox64\firefox64-print64.exe (Trojan.Inject) -> Delete on reboot. [fc53797e1178a393cd0267f8c23e8a76]
C:\Users\*****\AppData\Roaming\Avira32\avira32frame.exe (Trojan.Inject) -> Delete on reboot. [8ec1797ef79259dd25aa72ed0ef2a759]
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1031-7B44-AB0000000001}\mjgbgq\inventory_order\refresh.exe (Trojan.Tinba) -> Delete on reboot. [0d42787f1a6fb77fd4cf9a63e02146ba]
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\authority_key_identifier\search_icon.exe (Backdoor.Bot) -> Delete on reboot. [c7886b8c2366f640218e54b20cf66e92]
C:\Users\*****\AppData\Roaming\Farmer_picture\farmer_roof.exe (Backdoor.Agent.STL) -> Delete on reboot. [92bdac4bf396c96d20ee33c9de2326da]
C:\Users\*****\AppData\Roaming\Office7reg\win.exe (Trojan.Inject) -> Delete on reboot. [f25d22d519705adc9e31342b42be2bd5]
C:\Users\*****\AppData\Local\Temp\14B9.tmp (Trojan.Krypt) -> Delete on reboot. [94bb1ed90f7a3303c642558ae71a52ae]
C:\Users\*****\AppData\Local\Temp\1B4E.tmp (Trojan.Krypt) -> Delete on reboot. [242b3bbc08817fb709ff7c630cf5d22e]
C:\Users\*****\AppData\Local\Temp\1B8C.tmp (Trojan.Agent.ED) -> Delete on reboot. [d07f0ee94f3ac76fabaf02fd719018e8]
C:\Users\*****\AppData\Local\Temp\27EA.tmp (Trojan.Agent.ED) -> Delete on reboot. [1d32589f325787af2a304fb0d62bb24e]
C:\Users\*****\AppData\Local\Temp\2A2B.tmp (Trojan.Downloader) -> Delete on reboot. [e46b4ea9acdda0964486a459fc057a86]
C:\Users\*****\AppData\Local\Temp\C11.tmp (Trojan.Agent) -> Delete on reboot. [6ce3a552147524127afbbd2648b91be5]
C:\Users\*****\AppData\Local\Temp\C255.tmp (Trojan.Downloader) -> Delete on reboot. [d17eee094940af87b416b34a4fb247b9]
C:\Users\*****\AppData\Local\Temp\C39D.tmp (Trojan.Agent.ED) -> Delete on reboot. [8bc425d26128e155ce8cf20daf52946c]
C:\Users\*****\AppData\Local\Temp\C7A4.tmp (Trojan.Agent.ED) -> Delete on reboot. [fd52b3446a1faf8732284cb337ca7789]
C:\Users\*****\AppData\Local\Temp\C9D4.tmp (Spyware.Password) -> Delete on reboot. [e16ef9feacdd9e98add856a7a65b32ce]
C:\Users\*****\AppData\Local\Temp\camera.exe (Trojan.Agent.ED) -> Delete on reboot. [ada2f1066029ce68aeace8179869fe02]
C:\Users\*****\AppData\Local\Temp\D972.tmp (Trojan.Agent.ED) -> Delete on reboot. [d37cf8ffb4d57eb87bdf8d7240c1a957]
C:\Users\*****\AppData\Local\Temp\DD92.tmp (Trojan.Downloader) -> Delete on reboot. [eb6419de67224de98149da238180c43c]
C:\Users\*****\AppData\Local\Temp\586B.tmp (Spyware.Password) -> Delete on reboot. [4807f6012663d264de7aca36ba4841bf]
C:\Users\*****\AppData\Local\Temp\5C81.tmp (Trojan.Agent.ED) -> Delete on reboot. [3916bf38583152e4a7b337c820e140c0]
C:\Users\*****\AppData\Local\Temp\5E35.tmp (Trojan.Downloader) -> Delete on reboot. [69e63eb9355477bfac1e9865a859b54b]
C:\Users\*****\AppData\Local\Temp\5EA4.tmp (Trojan.Krypt) -> Delete on reboot. [afa0cc2bc3c654e2ca3e2cb34ab7f907]
C:\Users\*****\AppData\Local\Temp\6962.tmp (Spyware.Password) -> Delete on reboot. [a0af43b42e5b3402df79c93728da1ce4]
C:\Users\*****\AppData\Local\Temp\6BFC.tmp (Trojan.Agent.ED) -> Delete on reboot. [e46b6097f3967fb7ca9058a7b74a58a8]
C:\Users\*****\AppData\Local\Temp\6D52.tmp (Trojan.Agent.ED) -> Delete on reboot. [9db2f9fe622739fd0d4ddf20c23fcd33]
C:\Users\*****\AppData\Local\Temp\B6B2.tmp (Trojan.FakeAdobe.ED) -> Delete on reboot. [0c43f304a1e8b185e88f1de208f9936d]
C:\Users\*****\AppData\Local\Temp\BC1F.tmp (Trojan.Downloader) -> Delete on reboot. [4906ee09e4a551e504c624d9956c817f]
C:\Users\*****\AppData\Local\Temp\{00000083-EBE5-FC76} (Trojan.Agent.WSTGen) -> Delete on reboot. [f45b29ceacddc27427ca9851827fa45c]
c:\Users\*****\AppData\Local\Temp\{000004ef-4bfa-ae2d} (Trojan.Agent.ED) -> Delete on reboot. [85cacc2b36532610fb450fda946d33cd]
C:\Users\*****\AppData\Local\Temp\{000017FC-E9C0-92A9} (Trojan.Downloader) -> Delete on reboot. [1d32a651c2c7f442bf0b40bdf40d16ea]
C:\Users\*****\AppData\Local\Temp\{00001DB9-2C57-79FF} (Trojan.Agent) -> Delete on reboot. [57f8f403b5d4a78f3c398d56a958966a]
C:\Users\*****\AppData\Local\Temp\{00004135-627D-B9A} (Trojan.Agent.ED) -> Delete on reboot. [1738a7500a7fe650c4c549baff03dc24]
C:\Users\*****\AppData\Local\Temp\{00004C57-8CF7-DC6E} (Trojan.Agent.WSTGen) -> Delete on reboot. [74db8275addcbf77c928c42521e040c0]
C:\Users\*****\AppData\Local\Temp\{00006FB3-C6C9-842A} (Trojan.Agent.ED) -> Delete on reboot. [aba436c14049122476c86288e41d40c0]
C:\Users\*****\AppData\Local\Temp\E0EE.tmp (Trojan.Agent.ED) -> Delete on reboot. [27284fa8b6d38fa768b9f3f5e71a1de3]
C:\Users\*****\AppData\Local\Temp\E523.tmp (Trojan.Agent.ED) -> Delete on reboot. [ff509f585732f343fb4504e5ad54a65a]
C:\Users\*****\AppData\Local\Temp\E9C3.tmp (Trojan.Krypt) -> Delete on reboot. [50ff3abdfc8d1d19c93f5887867bbb45]
C:\Users\*****\AppData\Local\Temp\EA19.tmp (Trojan.Downloader) -> Delete on reboot. [64ebe71072178babf3d7ba437d8445bb]
C:\Users\*****\AppData\Local\Temp\ECF.tmp (Trojan.Krypt) -> Delete on reboot. [1b341cdb6a1f9d998187508f4eb35fa1]
C:\Users\*****\AppData\Local\Temp\EDF.tmp (Trojan.Agent.ED) -> Delete on reboot. [6de29265f29776c07b94d8273ec37e82]
C:\Users\*****\AppData\Local\Temp\fqjmyvktlq.pre (Trojan.Agent.WSTGen) -> Delete on reboot. [57f8c433ec9d22149b8e638634cd1ee2]
C:\Users\*****\AppData\Local\Temp\CB69.tmp (Trojan.Agent.ED) -> Delete on reboot. [d976e215d2b7bb7b5a00ef109e63738d]
C:\Users\*****\AppData\Local\Temp\81FC.tmp (Trojan.Agent.ED) -> Delete on reboot. [fc53f8ff58315dd9da808c730cf59c64]
C:\Users\*****\AppData\Local\Temp\8BB0.tmp (Trojan.Agent.ED) -> Delete on reboot. [94bb896e89007cbaec6edf209f62c040]
C:\Users\*****\AppData\Local\Temp\8CE4.tmp (Trojan.Agent.ED) -> Delete on reboot. [dd729e59cebbe452d08a7f80da2737c9]
C:\Users\*****\AppData\Local\Temp\904F.tmp (Trojan.Agent.ED) -> Delete on reboot. [212edd1ae8a11224a23e4fa4b34e7b85]
C:\Users\*****\AppData\Local\Temp\93D6.tmp (Trojan.Downloader) -> Delete on reboot. [db74e80fb2d70f27ca002cd1ac55de22]
C:\Users\*****\AppData\Local\Temp\9434.tmp (Trojan.Krypt) -> Delete on reboot. [d47bc4337c0da393699f4b941ce5d62a]
C:\Users\*****\AppData\Local\Temp\9EDD.tmp (Spyware.Password) -> Delete on reboot. [084702f5226750e6cd8b14eccd3517e9]
C:\Users\*****\AppData\Local\Temp\9EFD.tmp (Trojan.Agent.ED) -> Delete on reboot. [cd82c6318cfdee483921cc337d8421df]
C:\Users\*****\AppData\Local\Temp\A46A.tmp (Trojan.Krypt) -> Delete on reboot. [2a25a15619701323cd3b88574cb5aa56]
C:\Users\*****\AppData\Local\Temp\ABF.tmp (Spyware.Password) -> Delete on reboot. [a2add91e44457eb8bb9dcb35d13106fa]
C:\Users\*****\AppData\Local\Temp\35C1.tmp (Trojan.Agent.ED) -> Delete on reboot. [2827c92ecdbcac8a5ce4b2372dd423dd]
C:\Users\*****\AppData\Local\Temp\36E8.tmp (Trojan.Agent.ED) -> Delete on reboot. [99b6c6318405ff37dd441fc9976a916f]
C:\Users\*****\AppData\Local\Temp\F68F.tmp (Trojan.Agent.ED) -> Delete on reboot. [8ac5d720d1b8979f3d03ae3bd130936d]
C:\Users\*****\AppData\Local\Temp\F824.tmp (Trojan.Agent.ED) -> Delete on reboot. [a9a64baca2e7e155fc5e54abbe435ea2]
C:\Users\*****\AppData\Local\Temp\FAB3.tmp (Spyware.Password) -> Delete on reboot. [9eb1de1985044de94d0bd12f946ea858]
C:\Users\*****\AppData\Local\Temp\FD8.tmp (Trojan.Downloader) -> Delete on reboot. [2926cb2c335664d2c70356a702ff6d93]
C:\Users\*****\AppData\Local\Temp\FDC0.tmp (Trojan.Agent.ED) -> Delete on reboot. [63ecac4bbacfab8b71e9af5018e9ac54]
C:\Users\*****\AppData\Local\Temp\7AE.tmp (Trojan.Agent) -> Delete on reboot. [a3ac7e798efbd95dee8715ce33cea957]
c:\Users\*****\AppData\Local\Temp\{000095d1-cab1-5a2e} (Trojan.Agent.ED) -> Delete on reboot. [08471bdc4643aa8c934d3bb8ad5432ce]
c:\Users\*****\AppData\Local\Temp\{0000aad6-f152-336} (Trojan.Agent.ED) -> Delete on reboot. [ef60cb2cb8d1a19564dc3cadb74a1ce4]
C:\Users\*****\AppData\Local\Temp\{0000D09C-2AFE-5B50} (Trojan.Agent.ED) -> Delete on reboot. [5df2a94e137642f4471017eac0427789]
C:\Users\*****\AppData\Local\Temp\DFA4.tmp (Trojan.Agent.ED) -> Delete on reboot. [d37c8f68048582b481d98976c9388a76]
C:\Users\*****\AppData\Local\Temp\40E6.tmp (Trojan.Agent.ED) -> Delete on reboot. [c9864daa3e4b181e1d3db847a55cbf41]
C:\Users\*****\AppData\Local\Temp\4144.tmp (Trojan.Agent.ED) -> Delete on reboot. [4c03d225fe8b63d39dbde51a51b0768a]
C:\Users\*****\AppData\Local\Temp\47AA.tmp (Spyware.Password) -> Delete on reboot. [fa55ee097d0ce4520e4ad62aa959e917]
C:\Users\*****\AppData\Local\Temp\4CA9.tmp (Trojan.Downloader) -> Delete on reboot. [59f61fd8454489adb812ab52c43d946c]
C:\Users\*****\AppData\Local\Temp\4FF3.tmp (Trojan.Agent.ED) -> Delete on reboot. [d679fef9f59467cff7631ae5b54cb44c]
C:\Users\*****\AppData\Local\Temp\Doctor-thank\doctor-project.exe (Backdoor.Agent.STL) -> Delete on reboot. [b699bb3caddcd95d66815ea0669b06fa]
C:\Users\*****\AppData\Local\Doctor-shoulder\doctor_enjoy.exe (Backdoor.Agent.STL) -> Delete on reboot. [ce812bcc29601c1aac3b7f7fe51c966a]
C:\Users\*****\AppData\Local\Rnepwrqbck\uinnimak.exe (Trojan.Agent.WSTGen) -> Delete on reboot. [004f42b503863df9ae947c799a67639d]
C:\Users\*****\AppData\Local\Farmer-golf\farmer_distance.exe (Backdoor.Agent.STLGen) -> Delete on reboot. [9eb144b38aff82b4fa849c6adc26fb05]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Code:
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.14.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
***** :: +++++ [administrator]

14.01.2015 17:39:37
mbar-log-2015-01-14 (17-39-37).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 319473
Time elapsed: 17 minute(s), 27 second(s)

Memory Processes Detected: 1
C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\navigation_pane.exe (Trojan.Downloader) -> 13048 -> Delete on reboot. [58f7a0576326ed492e9ceb12a9585ba5]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\navigation_pane.exe (Trojan.Downloader) -> Delete on reboot. [58f7a0576326ed492e9ceb12a9585ba5]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Code:
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.14.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
***** :: +++++ [administrator]

14.01.2015 20:22:00
mbar-log-2015-01-14 (20-22-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 319344
Time elapsed: 15 minute(s), 27 second(s)

Memory Processes Detected: 1
C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\people_tags.exe (Trojan.Downloader) -> 4744 -> Delete on reboot. [cc85b83f1b6e48ee70606796d829dc24]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\people_tags.exe (Trojan.Downloader) -> Delete on reboot. [cc85b83f1b6e48ee70606796d829dc24]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus 14.01.2015 21:44
Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Riela15 15.01.2015 00:07
Code:
# AdwCleaner v4.107 - Bericht erstellt am 14/01/2015 um 23:07:01
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : ***** - +++++
# Gestartet von : C:\Users\*****\Desktop\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 de)


*************************

AdwCleaner[R0].txt - [1132 octets] - [14/01/2015 23:00:38]
AdwCleaner[S0].txt - [1054 octets] - [14/01/2015 23:07:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1114 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x86
Ran by ***** on 14.01.2015 at 23:18:03,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\DRIVERQUERY.EXE-DAB827CD.pf



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.01.2015 at 23:20:17,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-01-2015 01
Ran by ***** (administrator) on +++++ on 14-01-2015 23:40:42
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** (Available profiles: *****)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe
() C:\Program Files\MaxUp Video Downloader\maxup.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(EasyBits Software AS) C:\ProgramData\GameXN\GameXNGO.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(Microsoft Corporation) C:\Windows\System32\runas.exe
(Microsoft Corporation) C:\Windows\System32\dxdiag.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\Core\mchost.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [514832 2014-10-06] (McAfee, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [110348472 2015-01-14] (Microsoft Corporation)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [MaxUp Video Downloader] => C:\Program Files\MaxUp Video Downloader\maxup.exe [30720 2010-02-11] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [GameXN GO] => C:\ProgramData\GameXN\GameXNGO.exe [347008 2012-02-25] (EasyBits Software AS)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ohpjimak] => C:\Users\*****\AppData\Roaming\Cmqyzsh\ypedimak.exe [117248 2015-01-14] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] (Лаборатория Касперского НО ПУТИН ВСЕ РАВНО ХУЙЛО)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mountain-choose] => C:\Users\*****\AppData\Local\Temp\Mountain-task\mountain_appear.exe [251904 2015-01-13] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [emergency_room] => C:\ProgramData\GameXN\Chat\windows_calendar\prepopulation.exe [434176 2014-08-26] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [validation] => C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\handwriting.exe [434176 2012-08-08] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\MountPoints2: {e9c492e8-c7fe-11e1-b6ec-002421af38dd} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000 -> {3A28514C-0D87-4C90-A786-E1FE060B9784} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140325&p={SearchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {142DC14B-63E4-453E-8B4B-AE36A52BF049} hxxp://appdown.naver.com/naver/sports/Cabs/NLiveCastX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\5hgb4j72.default
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Homepage: hxxp://www.******.de
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE0D20140325&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/O1DPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-12-10]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-03-25]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-25]
FF HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-12-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\Mcafee\ActWiz\McAWFwk.exe [287728 2013-04-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [40448 2009-08-28] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 23:40 - 2015-01-14 23:40 - 00000000 ____D () C:\Users\*****\Desktop\FRST-OlderVersion
2015-01-14 23:20 - 2015-01-14 23:40 - 00000705 _____ () C:\Users\*****\Desktop\JRT.txt
2015-01-14 23:18 - 2015-01-14 23:18 - 00000000 ____D () C:\Windows\ERUNT
2015-01-14 23:17 - 2015-01-14 23:17 - 01707939 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2015-01-14 23:04 - 2015-01-14 23:04 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Cmqyzsh
2015-01-14 23:00 - 2015-01-14 23:07 - 00000000 ____D () C:\AdwCleaner
2015-01-14 22:59 - 2015-01-14 22:59 - 02191360 _____ () C:\Users\*****\Desktop\AdwCleaner_4.107.exe
2015-01-14 17:04 - 2015-01-14 22:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-14 17:04 - 2015-01-14 20:47 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 17:04 - 2015-01-14 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 17:01 - 2015-01-14 20:46 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 17:00 - 2015-01-14 21:01 - 00000000 ____D () C:\Users\*****\Desktop\mbar
2015-01-14 16:58 - 2015-01-14 16:59 - 16448208 _____ (Malwarebytes Corp.) C:\Users\*****\Desktop\mbar-1.08.2.1001.exe
2015-01-14 12:04 - 2015-01-14 12:04 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2015-01-14 12:03 - 2015-01-14 12:03 - 00000000 ____D () C:\3172b0be09dd49095d85
2015-01-14 09:27 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:27 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:27 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 09:27 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:27 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:27 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:26 - 2015-01-13 16:49 - 00000236 _____ () C:\Users\*****\Desktop\defogger_disable.txt
2015-01-13 15:56 - 2015-01-13 15:56 - 00152400 _____ () C:\Windows\Minidump\011315-24242-01.dmp
2015-01-13 15:38 - 2015-01-13 15:38 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2015-01-13 15:35 - 2015-01-13 15:35 - 00038436 _____ () C:\Users\*****\Desktop\Addition.txt
2015-01-13 15:32 - 2015-01-14 23:40 - 00018620 _____ () C:\Users\*****\Desktop\FRST.txt
2015-01-13 15:32 - 2015-01-14 23:40 - 00000000 ____D () C:\FRST
2015-01-13 15:31 - 2015-01-14 23:40 - 01116672 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2015-01-13 15:20 - 2015-01-13 16:49 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log
2015-01-13 15:20 - 2015-01-13 15:20 - 00000000 _____ () C:\Users\*****\defogger_reenable
2015-01-13 15:18 - 2015-01-13 15:18 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2015-01-10 16:14 - 2015-01-10 16:14 - 00000000 ___HD () C:\Users\*****\AppData\Local\Price-deposit
2015-01-10 15:55 - 2015-01-10 15:55 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage_imagine
2015-01-09 09:15 - 2015-01-09 09:15 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-command
2015-01-09 09:06 - 2015-01-09 09:06 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-joke
2015-01-08 09:23 - 2015-01-08 09:28 - 00785408 _____ () C:\Users\*****\Desktop\Formular Inventur Düsseldorf 2014.xls
2015-01-08 09:12 - 2015-01-10 16:16 - 00000000 ___HD () C:\Users\*****\AppData\Local\Cpecwmjid
2015-01-08 08:40 - 2015-01-08 08:40 - 00000000 ___HD () C:\Users\*****\AppData\Local\Pin-phase
2015-01-06 10:37 - 2015-01-08 17:17 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Farmer-cook
2015-01-05 18:40 - 2015-01-05 18:40 - 00005816 _____ () C:\Users\*****\AppData\Roaming\out.bin
2015-01-05 15:18 - 2015-01-05 15:18 - 00182784 _____ () C:\Users\*****\AppData\Roaming\salmagundis.c
2015-01-02 08:17 - 2015-01-14 17:29 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-golf
2014-12-26 08:26 - 2015-01-05 10:00 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Ppqbxpput
2014-12-19 21:10 - 2014-12-23 20:56 - 00000000 ____D () C:\Users\*****\Desktop\Presentazione Düsseldorf -
2014-12-19 09:26 - 2015-01-14 17:29 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-shoulder
2014-12-18 11:08 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:47 - 2014-12-18 11:23 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Fbkkan
2014-12-18 10:45 - 2014-12-18 10:47 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Wiyuws
2014-12-18 10:35 - 2014-12-18 10:45 - 00000000 ___HD () C:\Users\*****\AppData\Local\Nfnbbvqez
2014-12-15 10:05 - 2014-12-18 10:35 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Ktaqfpqp
2014-12-15 09:55 - 2014-12-24 10:46 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage-explain

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 23:41 - 2012-02-25 19:45 - 00000000 ____D () C:\ProgramData\GameXN
2015-01-14 23:29 - 2010-12-12 13:09 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA.job
2015-01-14 23:17 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 23:17 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 23:14 - 2009-12-11 14:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2015-01-14 23:08 - 2009-12-11 12:10 - 00880956 _____ () C:\Windows\PFRO.log
2015-01-14 23:08 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 23:08 - 2009-07-14 05:39 - 00251822 _____ () C:\Windows\setupact.log
2015-01-14 23:07 - 2009-12-11 11:40 - 01646037 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 20:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-14 20:29 - 2010-12-12 13:09 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core.job
2015-01-14 17:33 - 2012-02-25 19:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\go
2015-01-14 17:32 - 2014-11-24 21:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Avira32
2015-01-14 17:32 - 2014-11-24 16:42 - 00000000 ___HD () C:\Users\*****\AppData\Local\Firefox64
2015-01-14 17:32 - 2014-11-22 19:41 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Loader
2015-01-14 17:32 - 2014-11-22 19:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Run
2015-01-14 17:32 - 2014-10-16 12:24 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Script
2015-01-14 17:32 - 2014-10-11 10:21 - 00000000 ___HD () C:\Users\*****\AppData\Local\Gorebxesay
2015-01-14 17:32 - 2014-10-10 10:12 - 00000000 ___HD () C:\Users\*****\AppData\Local\Lpsgds
2015-01-14 17:29 - 2014-12-13 05:22 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Farmer_picture
2015-01-14 17:29 - 2014-11-24 16:13 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Office7reg
2015-01-14 17:29 - 2014-11-22 20:22 - 00000000 ___HD () C:\Users\*****\AppData\Local\Rnepwrqbck
2015-01-14 17:29 - 2014-10-17 09:43 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Update
2015-01-14 12:03 - 2013-08-15 09:14 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 12:03 - 2009-12-11 12:06 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 15:56 - 2014-08-07 10:26 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 15:56 - 2014-08-07 10:25 - 380116606 _____ () C:\Windows\MEMORY.DMP
2015-01-13 15:20 - 2009-12-11 11:59 - 00000000 ____D () C:\Users\*****
2015-01-13 15:10 - 2009-12-11 12:35 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-13 14:03 - 2014-10-16 15:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Win
2015-01-12 17:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-10 16:35 - 2009-12-11 14:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Apple Computer
2015-01-06 15:46 - 2009-12-11 11:54 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 18:34 - 2014-10-10 14:47 - 00000000 ____D () C:\ProgramData\kjsdym
2014-12-22 14:50 - 2013-06-23 09:48 - 00000000 ____D () C:\Users\*****\Documents\Agnes
2014-12-20 16:55 - 2012-10-27 09:57 - 00000000 ____D () C:\Users\*****\Documents\Gabriela
2014-12-19 10:33 - 2013-02-27 13:02 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-12-19 10:33 - 2011-12-04 21:26 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-15 16:07 - 2011-10-20 21:01 - 00000000 ____D () C:\Users\*****\Desktop\gemeinschaft

Files to move or delete:
====================
C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe
C:\Users\*****\AppData\Local\Temp\Mountain-task\mountain_appear.exe
C:\Users\*****\install_reader11_de_ltr5x32d_awc_aih.exe


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\contentDATs.exe
C:\Users\*****\AppData\Local\Temp\FileSystemView.dll
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate08.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate09.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate10.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate11.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate12.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate13.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate14.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate15.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate16.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate17.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate18.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate19.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate20.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate21.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate22.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate23.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate24.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate25.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate26.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate27.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate28.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate29.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate30.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate31.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate32.exe
C:\Users\*****\AppData\Local\Temp\GUR5F06.exe
C:\Users\*****\AppData\Local\Temp\GUR98D5.exe
C:\Users\*****\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.dll
C:\Users\*****\AppData\Local\Temp\_is11FB.exe
C:\Users\*****\AppData\Local\Temp\_is37A.exe
C:\Users\*****\AppData\Local\Temp\_is453B.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 12:19

==================== End Of Log ============================
--- --- ---


Mit der Addition.txt war ich weniger erfolgreich, habe vergessen die gestrige Datei vom Desktop zu löschen. So hat er keine neue erstellt. Jetzt scanne ich zum 2. Mal, dauert aber ewig. werde ihn jetzt irgendwie beenden und morgen noch mal versuchen.

cosinus 15.01.2015 00:16
Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Riela15 15.01.2015 11:42
Morgen! Das Häkchen war gestern gesetzt. Heute habe ich genauso gestartet, er scannt jetzt fast 40 Minuten... "Listing installed Programms..." steht da.
Ich hatte das Programm gestern nicht neu downgeloadet, sd. das von vorgestern genommen, das ich auf dem Desktop hatte. Ist das ok?

warte, vorläufiges Ergebnis (da er ja weiter scannt):
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-01-2015 01
Ran by ***** at 2015-01-15 09:58:29
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
FRST scannt immer noch... und lässt sich nicht schließen. Ist das normal?

cosinus 15.01.2015 12:30
Hm...auch bei dir ist das Log unvollständig... :balla:

FRST löschen, neu runterladen auf den Desktop und erneut ausführen

Riela15 15.01.2015 15:05
:) sieht besser aus!

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015
Ran by ***** (administrator) on +++++ on 15-01-2015 14:59:13
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** (Available profiles: *****)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe
() C:\Program Files\MaxUp Video Downloader\maxup.exe
(EasyBits Software AS) C:\ProgramData\GameXN\GameXNGO.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Moritz Bunkus) C:\ProgramData\GameXN\Chat\windows_calendar\shuffle_all.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Ipswitch) C:\Program Files\WS_FTP Pro\WsftpCOMHelper.exe
(Microsoft Corporation) C:\Windows\System32\regini.exe
(Microsoft Corporation) C:\Windows\System32\gpresult.exe
(Microsoft Corporation) C:\Windows\System32\sethc.exe
(Microsoft Corporation) C:\Windows\System32\xcopy.exe
(Microsoft Corporation) C:\Windows\System32\dvdupgrd.exe
(Microsoft Corporation) C:\Windows\System32\sfc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Company 'gora-sah') C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\branch_code.exe
(Company 'gora-sah') C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\kit_item.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [514832 2014-10-06] (McAfee, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [110348472 2015-01-14] (Microsoft Corporation)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [MaxUp Video Downloader] => C:\Program Files\MaxUp Video Downloader\maxup.exe [30720 2010-02-11] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [GameXN GO] => C:\ProgramData\GameXN\GameXNGO.exe [347008 2012-02-25] (EasyBits Software AS)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ohpjimak] => C:\Users\*****\AppData\Roaming\Cmqyzsh\ypedimak.exe [117248 2015-01-14] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [emergency_room] => C:\ProgramData\GameXN\Chat\windows_calendar\shuffle_all.exe [239616 2012-05-01] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [validation] => C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\live_mesh.exe [239616 2014-11-25] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\MountPoints2: {e9c492e8-c7fe-11e1-b6ec-002421af38dd} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000 -> {3A28514C-0D87-4C90-A786-E1FE060B9784} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140325&p={SearchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {142DC14B-63E4-453E-8B4B-AE36A52BF049} hxxp://appdown.naver.com/naver/sports/Cabs/NLiveCastX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\5hgb4j72.default
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Homepage: hxxp://www.******.de
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE0D20140325&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/O1DPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-12-10]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-03-25]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-25]
FF HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-12-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\Mcafee\ActWiz\McAWFwk.exe [287728 2013-04-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [40448 2009-08-28] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 14:59 - 2015-01-15 14:59 - 00019721 _____ () C:\Users\*****\Desktop\FRST.txt
2015-01-15 14:57 - 2015-01-15 14:57 - 01116672 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2015-01-15 10:50 - 2015-01-15 10:50 - 00000000 ___HD () C:\Users\*****\AppData\Local\Mountainproposed
2015-01-15 10:28 - 2015-01-15 10:32 - 00000944 _____ () C:\Users\*****\Desktop\Neues Textdokument.txt
2015-01-14 23:44 - 2015-01-15 14:54 - 00000000 ____D () C:\Users\*****\Desktop\alte ERgebnisse
2015-01-14 23:20 - 2015-01-14 23:40 - 00000705 _____ () C:\Users\*****\Desktop\JRT.txt
2015-01-14 23:18 - 2015-01-14 23:18 - 00000000 ____D () C:\Windows\ERUNT
2015-01-14 23:17 - 2015-01-14 23:17 - 01707939 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2015-01-14 23:04 - 2015-01-14 23:04 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Cmqyzsh
2015-01-14 23:00 - 2015-01-14 23:07 - 00000000 ____D () C:\AdwCleaner
2015-01-14 22:59 - 2015-01-14 22:59 - 02191360 _____ () C:\Users\*****\Desktop\AdwCleaner_4.107.exe
2015-01-14 17:04 - 2015-01-14 22:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-14 17:04 - 2015-01-14 20:47 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 17:04 - 2015-01-14 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 17:01 - 2015-01-14 20:46 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 17:00 - 2015-01-14 21:01 - 00000000 ____D () C:\Users\*****\Desktop\mbar
2015-01-14 16:58 - 2015-01-14 16:59 - 16448208 _____ (Malwarebytes Corp.) C:\Users\*****\Desktop\mbar-1.08.2.1001.exe
2015-01-14 12:04 - 2015-01-14 16:47 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2015-01-14 12:03 - 2015-01-14 12:03 - 00000000 ____D () C:\3172b0be09dd49095d85
2015-01-14 09:27 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:27 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:27 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 09:27 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:27 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:27 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:26 - 2015-01-13 16:49 - 00000236 _____ () C:\Users\*****\Desktop\defogger_disable.txt
2015-01-13 15:56 - 2015-01-13 15:56 - 00152400 _____ () C:\Windows\Minidump\011315-24242-01.dmp
2015-01-13 15:38 - 2015-01-13 15:38 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2015-01-13 15:32 - 2015-01-15 14:59 - 00000000 ____D () C:\FRST
2015-01-13 15:20 - 2015-01-13 16:49 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log
2015-01-13 15:20 - 2015-01-13 15:20 - 00000000 _____ () C:\Users\*****\defogger_reenable
2015-01-13 15:18 - 2015-01-13 15:18 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2015-01-10 16:14 - 2015-01-10 16:14 - 00000000 ___HD () C:\Users\*****\AppData\Local\Price-deposit
2015-01-10 15:55 - 2015-01-10 15:55 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage_imagine
2015-01-09 09:15 - 2015-01-09 09:15 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-command
2015-01-09 09:06 - 2015-01-09 09:06 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-joke
2015-01-08 09:23 - 2015-01-08 09:28 - 00785408 _____ () C:\Users\*****\Desktop\Formular Inventur Düsseldorf 2014.xls
2015-01-08 09:12 - 2015-01-10 16:16 - 00000000 ___HD () C:\Users\*****\AppData\Local\Cpecwmjid
2015-01-08 08:40 - 2015-01-08 08:40 - 00000000 ___HD () C:\Users\*****\AppData\Local\Pin-phase
2015-01-06 10:37 - 2015-01-08 17:17 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Farmer-cook
2015-01-05 18:40 - 2015-01-05 18:40 - 00005816 _____ () C:\Users\*****\AppData\Roaming\out.bin
2015-01-05 15:18 - 2015-01-05 15:18 - 00182784 _____ () C:\Users\*****\AppData\Roaming\salmagundis.c
2015-01-02 08:17 - 2015-01-14 17:29 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-golf
2014-12-26 08:26 - 2015-01-05 10:00 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Ppqbxpput
2014-12-19 21:10 - 2014-12-23 20:56 - 00000000 ____D () C:\Users\*****\Desktop\Presentazione Düsseldorf -
2014-12-19 09:26 - 2015-01-14 17:29 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-shoulder
2014-12-18 11:08 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:47 - 2014-12-18 11:23 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Fbkkan
2014-12-18 10:45 - 2014-12-18 10:47 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Wiyuws
2014-12-18 10:35 - 2014-12-18 10:45 - 00000000 ___HD () C:\Users\*****\AppData\Local\Nfnbbvqez

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 14:56 - 2009-12-11 11:40 - 01698272 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 14:55 - 2009-12-11 14:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2015-01-15 14:51 - 2012-02-25 19:45 - 00000000 ____D () C:\ProgramData\GameXN
2015-01-15 14:50 - 2012-02-25 19:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\go
2015-01-15 14:49 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 14:49 - 2009-07-14 05:39 - 00252046 _____ () C:\Windows\setupact.log
2015-01-15 14:48 - 2009-12-11 12:10 - 00881544 _____ () C:\Windows\PFRO.log
2015-01-15 14:34 - 2010-12-12 13:09 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA.job
2015-01-15 09:10 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 09:10 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 20:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-14 20:29 - 2010-12-12 13:09 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core.job
2015-01-14 17:32 - 2014-11-24 21:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Avira32
2015-01-14 17:32 - 2014-11-24 16:42 - 00000000 ___HD () C:\Users\*****\AppData\Local\Firefox64
2015-01-14 17:32 - 2014-11-22 19:41 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Loader
2015-01-14 17:32 - 2014-11-22 19:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Run
2015-01-14 17:32 - 2014-10-16 12:24 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Script
2015-01-14 17:32 - 2014-10-11 10:21 - 00000000 ___HD () C:\Users\*****\AppData\Local\Gorebxesay
2015-01-14 17:32 - 2014-10-10 10:12 - 00000000 ___HD () C:\Users\*****\AppData\Local\Lpsgds
2015-01-14 17:29 - 2014-12-13 05:22 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Farmer_picture
2015-01-14 17:29 - 2014-11-24 16:13 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Office7reg
2015-01-14 17:29 - 2014-11-22 20:22 - 00000000 ___HD () C:\Users\*****\AppData\Local\Rnepwrqbck
2015-01-14 17:29 - 2014-10-17 09:43 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Update
2015-01-14 12:03 - 2013-08-15 09:14 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 12:03 - 2009-12-11 12:06 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 15:56 - 2014-08-07 10:26 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 15:56 - 2014-08-07 10:25 - 380116606 _____ () C:\Windows\MEMORY.DMP
2015-01-13 15:20 - 2009-12-11 11:59 - 00000000 ____D () C:\Users\*****
2015-01-13 15:10 - 2009-12-11 12:35 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-13 14:03 - 2014-10-16 15:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Win
2015-01-12 17:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-10 16:35 - 2009-12-11 14:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Apple Computer
2015-01-06 15:46 - 2009-12-11 11:54 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 18:34 - 2014-10-10 14:47 - 00000000 ____D () C:\ProgramData\kjsdym
2014-12-24 10:46 - 2014-12-15 09:55 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage-explain
2014-12-22 14:50 - 2013-06-23 09:48 - 00000000 ____D () C:\Users\*****\Documents\Agnes
2014-12-20 16:55 - 2012-10-27 09:57 - 00000000 ____D () C:\Users\*****\Documents\Gabriela
2014-12-19 10:33 - 2013-02-27 13:02 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-12-19 10:33 - 2011-12-04 21:26 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-18 10:35 - 2014-12-15 10:05 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Ktaqfpqp

Files to move or delete:
====================
C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe
C:\Users\*****\install_reader11_de_ltr5x32d_awc_aih.exe


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\contentDATs.exe
C:\Users\*****\AppData\Local\Temp\FileSystemView.dll
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate08.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate09.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate10.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate11.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate12.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate13.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate14.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate15.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate16.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate17.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate18.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate19.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate20.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate21.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate22.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate23.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate24.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate25.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate26.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate27.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate28.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate29.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate30.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate31.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate32.exe
C:\Users\*****\AppData\Local\Temp\GUR5F06.exe
C:\Users\*****\AppData\Local\Temp\GUR98D5.exe
C:\Users\*****\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.dll
C:\Users\*****\AppData\Local\Temp\_is11FB.exe
C:\Users\*****\AppData\Local\Temp\_is37A.exe
C:\Users\*****\AppData\Local\Temp\_is453B.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 12:19

==================== End Of Log ============================
--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015
Ran by ***** at 2015-01-15 15:00:05
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
d71kibj5usy (HKLM\...\{2028b740-5aa6-4f26-b77c-db4d43d458a2}.sdb) (Version:  - )
Epson Easy Photo Print 2 (HKLM\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Stylus Office BX300F_TX300F Handbuch (HKLM\...\EPSON Stylus Office BX300F_TX300F Benutzerhandbuch) (Version:  - )
GameXN GO (HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Game Organizer) (Version:  - GameXN AS)
Garmin City Navigator Europe NT 2010.31 Update (HKLM\...\{D22F5242-773E-4270-AB1F-492021BCABBE}) (Version: 13.31.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{15F4085A-BC98-4590-AFFD-03BBBE49524E}) (Version: 2.9.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Ipswitch WS_FTP 12 (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.4 - Ipswitch)
Ipswitch WS_FTP Pro Uninstall (HKLM\...\WS_FTPPro) (Version:  - )
iTunes (HKLM\...\{81063354-9060-42B2-A000-1EBE96778AA9}) (Version: 9.0.3.15 - Apple Inc.)
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
MaxUp Video Downloader 1.0 (HKLM\...\MaxUp Video Downloader_is1) (Version:  - )
McAfee Internet Security (HKLM\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero 7 Essentials (HKLM\...\{F17F7703-1E72-40C1-A0DD-E5B365661031}) (Version: 7.02.0794 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
oryvs1aqn (HKLM\...\{9d31bfce-bd21-4218-bb95-90d535e179ad}.sdb) (Version:  - )
Pacchetto di compatibilità per Office System 2007 (HKLM\...\{90120000-0020-0410-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
pkauey3tjte (HKLM\...\{668f6d88-11ad-439a-8277-66a1790133df}.sdb) (Version:  - )
QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.19045 - TeamViewer)
Voipwise (HKLM\...\Voipwise_is1) (Version: 4.04 build 550 - Finarea S.A. Switzerland)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

14-08-2014 15:45:31 Windows Update
15-08-2014 02:00:59 Windows Update
15-08-2014 06:39:58 Windows Update
15-08-2014 08:56:54 Windows Update
15-08-2014 15:46:44 Windows Update
15-08-2014 18:52:37 Windows Update
16-08-2014 15:21:32 Windows Update
16-08-2014 17:29:54 Windows Update
24-08-2014 14:29:40 Windows Update
24-08-2014 16:58:16 Windows Update
25-08-2014 19:56:20 Windows Update
26-08-2014 04:55:22 Windows Update
26-08-2014 20:07:12 Windows Update
27-08-2014 03:41:53 Windows Update
27-08-2014 11:03:58 Windows Update
27-08-2014 11:19:31 Windows Update
27-08-2014 17:48:37 Windows Update
28-08-2014 11:03:42 Windows Update
28-08-2014 12:06:41 Windows Update
28-08-2014 15:41:36 Windows Update
28-08-2014 19:15:34 Windows Update
28-08-2014 20:18:58 Windows Update
29-08-2014 08:11:48 Windows Update
29-08-2014 18:57:49 Windows Update
30-08-2014 09:36:02 Windows Update
30-08-2014 17:54:55 Windows Update
31-08-2014 09:25:08 Windows Update
31-08-2014 17:07:02 Windows Update
01-09-2014 10:50:30 Windows Update
01-09-2014 18:26:52 Windows Update
02-09-2014 18:45:20 Windows Update
03-09-2014 17:21:59 Windows Update
04-09-2014 10:50:38 Windows Update
04-09-2014 19:08:12 Windows Update
05-09-2014 10:58:22 Windows Update
05-09-2014 16:46:13 Windows Update
05-09-2014 17:28:20 Windows Update
06-09-2014 18:48:51 Windows Update
07-09-2014 05:58:34 Windows Update
07-09-2014 11:08:41 Windows Update
07-09-2014 18:05:49 Windows Update
08-09-2014 06:57:55 Windows Update
08-09-2014 07:46:53 Windows Update
08-09-2014 19:23:15 Windows Update
10-09-2014 02:00:40 Windows Update
11-09-2014 09:48:30 Windows Update
19-09-2014 18:28:52 Geplanter Prüfpunkt
24-09-2014 13:25:20 Windows Update
01-10-2014 17:52:13 Windows Update
09-10-2014 17:36:19 Geplanter Prüfpunkt
17-10-2014 10:53:55 Windows Update
28-10-2014 11:30:44 Geplanter Prüfpunkt
10-11-2014 09:42:48 Geplanter Prüfpunkt
23-11-2014 16:49:01 Windows Update
09-12-2014 12:41:10 Geplanter Prüfpunkt
11-12-2014 17:16:41 Windows Update
12-12-2014 11:19:46 Windows Update
18-12-2014 11:56:46 Windows Update
12-01-2015 17:15:48 Geplanter Prüfpunkt
13-01-2015 14:55:35 Pacchetto di compatibilità per Office System 2007 rimosso
14-01-2015 12:02:19 Windows Update
14-01-2015 17:28:35 Malwarebytes Anti-Rootkit Restore Point
14-01-2015 20:14:21 Malwarebytes Anti-Rootkit Restore Point
14-01-2015 20:37:53 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {206CE3E2-8524-4F1C-B7FF-CDE721B58C9E} - System32\Tasks\{B442546E-03F9-4483-BC3C-58AA2C567E8A} => C:\Program Files\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {43404FC0-9F2A-45FE-AD73-62205FC36867} - System32\Tasks\{7146788D-B689-4C90-9E0F-54F548C2E2C3} => pcalua.exe -a "C:\Users\*****\Desktop\garmin_rmu_cneunt2010_30c.exe" -d "C:\Users\*****\Desktop"
Task: {6D19F507-D68A-44A8-8607-57C33CAA7633} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {99AE1380-A9DE-4929-ABEC-236142A35B77} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9DFC69C3-8097-41C6-B432-ED2B1334BB5C} - System32\Tasks\{EBF9F240-B55D-44CE-B449-5BF99E3F757B} => pcalua.exe -a "E:\WS_FTP Pro 6.0 GER\wsftpsup.exe" -d "E:\WS_FTP Pro 6.0 GER"
Task: {F21621DF-23FF-4F93-B32B-9B421CF7A1FE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {F5C0661C-94A5-4F91-92D3-2EA7CFEE4519} - System32\Tasks\{579295C0-AD4F-418C-A9F7-C0C85BCB4C22} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {F7BF453F-D5E8-4E5E-8ECB-C7A3E9BFC313} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
1999-07-23 08:08 - 1999-07-23 08:08 - 00045568 _____ () C:\Program Files\WS_FTP Pro\nsftpch.dll
2014-04-22 18:06 - 2012-10-12 15:39 - 06622288 _____ () C:\Program Files\WS_FTP Pro\res0407.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-07-16 15:34 - 2009-07-16 15:34 - 02140944 _____ () C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 07704336 _____ () C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00968976 _____ () C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00475408 _____ () C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00363792 _____ () C:\Program Files\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00199952 _____ () C:\Program Files\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00027408 _____ () C:\Program Files\Logitech\Logitech Vid\SDL.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 11311888 _____ () C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00291600 _____ () C:\Program Files\Logitech\Logitech Vid\phonon4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00028944 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00035088 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00138000 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2010-04-11 12:45 - 2010-02-11 22:26 - 00030720 _____ () C:\Program Files\MaxUp Video Downloader\maxup.exe
2010-04-11 12:45 - 2009-11-03 13:03 - 00043008 _____ () C:\Program Files\MaxUp Video Downloader\_socket.pyd
2010-04-11 12:45 - 2009-11-03 13:03 - 00805376 _____ () C:\Program Files\MaxUp Video Downloader\_ssl.pyd
2010-04-11 12:45 - 2009-11-20 17:23 - 01169920 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtCore.pyd
2010-04-11 12:45 - 2009-10-22 19:52 - 01951744 _____ () C:\Program Files\MaxUp Video Downloader\QtCore4.dll
2010-04-11 12:45 - 2009-11-20 17:10 - 00059904 _____ () C:\Program Files\MaxUp Video Downloader\sip.pyd
2010-04-11 12:45 - 2009-11-20 17:28 - 04477952 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtGui.pyd
2010-04-11 12:45 - 2009-10-22 20:00 - 07236608 _____ () C:\Program Files\MaxUp Video Downloader\QtGui4.dll
2010-04-11 12:45 - 2009-11-20 17:29 - 00151040 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtWebKit.pyd
2010-04-11 12:45 - 2009-10-22 20:38 - 08476672 _____ () C:\Program Files\MaxUp Video Downloader\QtWebKit4.dll
2010-04-11 12:45 - 2009-10-22 20:04 - 00241664 _____ () C:\Program Files\MaxUp Video Downloader\phonon4.dll
2010-04-11 12:45 - 2009-10-22 19:53 - 00875520 _____ () C:\Program Files\MaxUp Video Downloader\QtNetwork4.dll
2010-04-11 12:45 - 2009-11-20 17:28 - 00343040 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtNetwork.pyd
2010-04-11 12:45 - 2009-11-03 12:35 - 00092160 _____ () C:\Program Files\MaxUp Video Downloader\win32api.pyd
2010-04-11 12:45 - 2009-11-03 13:04 - 00107520 _____ () C:\Program Files\MaxUp Video Downloader\pywintypes26.dll
2010-04-11 12:45 - 2009-11-03 13:04 - 00353792 _____ () C:\Program Files\MaxUp Video Downloader\pythoncom26.dll
2010-04-11 12:45 - 2009-11-03 12:43 - 00244736 _____ () C:\Program Files\MaxUp Video Downloader\win32com.shell.shell.pyd
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-12-10 10:18 - 2014-12-10 10:18 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2950267747-3488905677-2633809525-500 - Administrator - Disabled)
Gast (S-1-5-21-2950267747-3488905677-2633809525-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2950267747-3488905677-2633809525-1005 - Limited - Enabled)
***** (S-1-5-21-2950267747-3488905677-2633809525-1000 - Administrator - Enabled) => C:\Users\*****

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2015 02:55:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:55:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:46:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:46:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:35:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST.exe, Version 14.1.2015.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2744

Startzeit: 01d030a14a85ebf6

Endzeit: 6

Anwendungspfad: C:\Users\*****\Desktop\FRST.exe

Berichts-ID:

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3026

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3026

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/15/2015 00:12:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028

Error: (01/15/2015 00:12:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028


System errors:
=============
Error: (01/15/2015 02:53:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/15/2015 02:53:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.

Error: (01/15/2015 02:50:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (01/15/2015 02:50:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "iPod-Dienst" wurde mit folgendem Fehler beendet:
%%-2147417831

Error: (01/15/2015 09:04:43 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (01/15/2015 09:04:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/15/2015 09:04:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.


Microsoft Office Sessions:
=========================
Error: (01/15/2015 02:55:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:55:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:46:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:46:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:35:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe14.1.2015.1274401d030a14a85ebf66C:\Users\*****\Desktop\FRST.exe

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3026

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3026

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/15/2015 00:12:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028

Error: (01/15/2015 00:12:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 56%
Total physical RAM: 3070.18 MB
Available physical RAM: 1349.69 MB
Total Pagefile: 6138.65 MB
Available Pagefile: 4049.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.11 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:583.49 GB) (Free:468.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.67 GB) (Free:1.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=583.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Riela15 15.01.2015 15:28
seltsam, hab vor ner halben Stunde was gepostet...
Also, nochmal. Ergebnis sieht besser aus:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015
Ran by ***** (administrator) on +++++ on 15-01-2015 14:59:13
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** (Available profiles: *****)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe
() C:\Program Files\MaxUp Video Downloader\maxup.exe
(EasyBits Software AS) C:\ProgramData\GameXN\GameXNGO.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Moritz Bunkus) C:\ProgramData\GameXN\Chat\windows_calendar\shuffle_all.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Ipswitch) C:\Program Files\WS_FTP Pro\WsftpCOMHelper.exe
(Microsoft Corporation) C:\Windows\System32\regini.exe
(Microsoft Corporation) C:\Windows\System32\gpresult.exe
(Microsoft Corporation) C:\Windows\System32\sethc.exe
(Microsoft Corporation) C:\Windows\System32\xcopy.exe
(Microsoft Corporation) C:\Windows\System32\dvdupgrd.exe
(Microsoft Corporation) C:\Windows\System32\sfc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Company 'gora-sah') C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\branch_code.exe
(Company 'gora-sah') C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\kit_item.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [514832 2014-10-06] (McAfee, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [110348472 2015-01-14] (Microsoft Corporation)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [MaxUp Video Downloader] => C:\Program Files\MaxUp Video Downloader\maxup.exe [30720 2010-02-11] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [GameXN GO] => C:\ProgramData\GameXN\GameXNGO.exe [347008 2012-02-25] (EasyBits Software AS)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ohpjimak] => C:\Users\*****\AppData\Roaming\Cmqyzsh\ypedimak.exe [117248 2015-01-14] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [emergency_room] => C:\ProgramData\GameXN\Chat\windows_calendar\shuffle_all.exe [239616 2012-05-01] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [validation] => C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\live_mesh.exe [239616 2014-11-25] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\MountPoints2: {e9c492e8-c7fe-11e1-b6ec-002421af38dd} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000 -> {3A28514C-0D87-4C90-A786-E1FE060B9784} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140325&p={SearchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {142DC14B-63E4-453E-8B4B-AE36A52BF049} hxxp://appdown.naver.com/naver/sports/Cabs/NLiveCastX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\5hgb4j72.default
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Homepage: hxxp://www.******.de
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE0D20140325&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/O1DPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-12-10]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-03-25]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-25]
FF HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-12-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\Mcafee\ActWiz\McAWFwk.exe [287728 2013-04-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [40448 2009-08-28] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 14:59 - 2015-01-15 14:59 - 00019721 _____ () C:\Users\*****\Desktop\FRST.txt
2015-01-15 14:57 - 2015-01-15 14:57 - 01116672 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2015-01-15 10:50 - 2015-01-15 10:50 - 00000000 ___HD () C:\Users\*****\AppData\Local\Mountainproposed
2015-01-15 10:28 - 2015-01-15 10:32 - 00000944 _____ () C:\Users\*****\Desktop\Neues Textdokument.txt
2015-01-14 23:44 - 2015-01-15 14:54 - 00000000 ____D () C:\Users\*****\Desktop\alte ERgebnisse
2015-01-14 23:20 - 2015-01-14 23:40 - 00000705 _____ () C:\Users\*****\Desktop\JRT.txt
2015-01-14 23:18 - 2015-01-14 23:18 - 00000000 ____D () C:\Windows\ERUNT
2015-01-14 23:17 - 2015-01-14 23:17 - 01707939 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2015-01-14 23:04 - 2015-01-14 23:04 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Cmqyzsh
2015-01-14 23:00 - 2015-01-14 23:07 - 00000000 ____D () C:\AdwCleaner
2015-01-14 22:59 - 2015-01-14 22:59 - 02191360 _____ () C:\Users\*****\Desktop\AdwCleaner_4.107.exe
2015-01-14 17:04 - 2015-01-14 22:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-14 17:04 - 2015-01-14 20:47 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 17:04 - 2015-01-14 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 17:01 - 2015-01-14 20:46 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 17:00 - 2015-01-14 21:01 - 00000000 ____D () C:\Users\*****\Desktop\mbar
2015-01-14 16:58 - 2015-01-14 16:59 - 16448208 _____ (Malwarebytes Corp.) C:\Users\*****\Desktop\mbar-1.08.2.1001.exe
2015-01-14 12:04 - 2015-01-14 16:47 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2015-01-14 12:03 - 2015-01-14 12:03 - 00000000 ____D () C:\3172b0be09dd49095d85
2015-01-14 09:27 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:27 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:27 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 09:27 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:27 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:27 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:26 - 2015-01-13 16:49 - 00000236 _____ () C:\Users\*****\Desktop\defogger_disable.txt
2015-01-13 15:56 - 2015-01-13 15:56 - 00152400 _____ () C:\Windows\Minidump\011315-24242-01.dmp
2015-01-13 15:38 - 2015-01-13 15:38 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2015-01-13 15:32 - 2015-01-15 14:59 - 00000000 ____D () C:\FRST
2015-01-13 15:20 - 2015-01-13 16:49 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log
2015-01-13 15:20 - 2015-01-13 15:20 - 00000000 _____ () C:\Users\*****\defogger_reenable
2015-01-13 15:18 - 2015-01-13 15:18 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2015-01-10 16:14 - 2015-01-10 16:14 - 00000000 ___HD () C:\Users\*****\AppData\Local\Price-deposit
2015-01-10 15:55 - 2015-01-10 15:55 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage_imagine
2015-01-09 09:15 - 2015-01-09 09:15 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-command
2015-01-09 09:06 - 2015-01-09 09:06 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-joke
2015-01-08 09:23 - 2015-01-08 09:28 - 00785408 _____ () C:\Users\*****\Desktop\Formular Inventur Düsseldorf 2014.xls
2015-01-08 09:12 - 2015-01-10 16:16 - 00000000 ___HD () C:\Users\*****\AppData\Local\Cpecwmjid
2015-01-08 08:40 - 2015-01-08 08:40 - 00000000 ___HD () C:\Users\*****\AppData\Local\Pin-phase
2015-01-06 10:37 - 2015-01-08 17:17 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Farmer-cook
2015-01-05 18:40 - 2015-01-05 18:40 - 00005816 _____ () C:\Users\*****\AppData\Roaming\out.bin
2015-01-05 15:18 - 2015-01-05 15:18 - 00182784 _____ () C:\Users\*****\AppData\Roaming\salmagundis.c
2015-01-02 08:17 - 2015-01-14 17:29 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-golf
2014-12-26 08:26 - 2015-01-05 10:00 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Ppqbxpput
2014-12-19 21:10 - 2014-12-23 20:56 - 00000000 ____D () C:\Users\*****\Desktop\Presentazione Düsseldorf -
2014-12-19 09:26 - 2015-01-14 17:29 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-shoulder
2014-12-18 11:08 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:47 - 2014-12-18 11:23 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Fbkkan
2014-12-18 10:45 - 2014-12-18 10:47 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Wiyuws
2014-12-18 10:35 - 2014-12-18 10:45 - 00000000 ___HD () C:\Users\*****\AppData\Local\Nfnbbvqez

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 14:56 - 2009-12-11 11:40 - 01698272 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 14:55 - 2009-12-11 14:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2015-01-15 14:51 - 2012-02-25 19:45 - 00000000 ____D () C:\ProgramData\GameXN
2015-01-15 14:50 - 2012-02-25 19:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\go
2015-01-15 14:49 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 14:49 - 2009-07-14 05:39 - 00252046 _____ () C:\Windows\setupact.log
2015-01-15 14:48 - 2009-12-11 12:10 - 00881544 _____ () C:\Windows\PFRO.log
2015-01-15 14:34 - 2010-12-12 13:09 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA.job
2015-01-15 09:10 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 09:10 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 20:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-14 20:29 - 2010-12-12 13:09 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core.job
2015-01-14 17:32 - 2014-11-24 21:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Avira32
2015-01-14 17:32 - 2014-11-24 16:42 - 00000000 ___HD () C:\Users\*****\AppData\Local\Firefox64
2015-01-14 17:32 - 2014-11-22 19:41 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Loader
2015-01-14 17:32 - 2014-11-22 19:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Run
2015-01-14 17:32 - 2014-10-16 12:24 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Script
2015-01-14 17:32 - 2014-10-11 10:21 - 00000000 ___HD () C:\Users\*****\AppData\Local\Gorebxesay
2015-01-14 17:32 - 2014-10-10 10:12 - 00000000 ___HD () C:\Users\*****\AppData\Local\Lpsgds
2015-01-14 17:29 - 2014-12-13 05:22 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Farmer_picture
2015-01-14 17:29 - 2014-11-24 16:13 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Office7reg
2015-01-14 17:29 - 2014-11-22 20:22 - 00000000 ___HD () C:\Users\*****\AppData\Local\Rnepwrqbck
2015-01-14 17:29 - 2014-10-17 09:43 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Update
2015-01-14 12:03 - 2013-08-15 09:14 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 12:03 - 2009-12-11 12:06 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 15:56 - 2014-08-07 10:26 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 15:56 - 2014-08-07 10:25 - 380116606 _____ () C:\Windows\MEMORY.DMP
2015-01-13 15:20 - 2009-12-11 11:59 - 00000000 ____D () C:\Users\*****
2015-01-13 15:10 - 2009-12-11 12:35 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-13 14:03 - 2014-10-16 15:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Win
2015-01-12 17:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-10 16:35 - 2009-12-11 14:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Apple Computer
2015-01-06 15:46 - 2009-12-11 11:54 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 18:34 - 2014-10-10 14:47 - 00000000 ____D () C:\ProgramData\kjsdym
2014-12-24 10:46 - 2014-12-15 09:55 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage-explain
2014-12-22 14:50 - 2013-06-23 09:48 - 00000000 ____D () C:\Users\*****\Documents\Agnes
2014-12-20 16:55 - 2012-10-27 09:57 - 00000000 ____D () C:\Users\*****\Documents\Gabriela
2014-12-19 10:33 - 2013-02-27 13:02 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-12-19 10:33 - 2011-12-04 21:26 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-18 10:35 - 2014-12-15 10:05 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Ktaqfpqp

Files to move or delete:
====================
C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe
C:\Users\*****\install_reader11_de_ltr5x32d_awc_aih.exe


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\contentDATs.exe
C:\Users\*****\AppData\Local\Temp\FileSystemView.dll
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate08.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate09.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate10.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate11.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate12.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate13.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate14.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate15.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate16.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate17.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate18.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate19.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate20.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate21.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate22.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate23.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate24.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate25.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate26.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate27.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate28.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate29.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate30.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate31.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate32.exe
C:\Users\*****\AppData\Local\Temp\GUR5F06.exe
C:\Users\*****\AppData\Local\Temp\GUR98D5.exe
C:\Users\*****\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.dll
C:\Users\*****\AppData\Local\Temp\_is11FB.exe
C:\Users\*****\AppData\Local\Temp\_is37A.exe
C:\Users\*****\AppData\Local\Temp\_is453B.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 12:19

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015
Ran by ***** at 2015-01-15 15:00:05
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
d71kibj5usy (HKLM\...\{2028b740-5aa6-4f26-b77c-db4d43d458a2}.sdb) (Version:  - )
Epson Easy Photo Print 2 (HKLM\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Stylus Office BX300F_TX300F Handbuch (HKLM\...\EPSON Stylus Office BX300F_TX300F Benutzerhandbuch) (Version:  - )
GameXN GO (HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Game Organizer) (Version:  - GameXN AS)
Garmin City Navigator Europe NT 2010.31 Update (HKLM\...\{D22F5242-773E-4270-AB1F-492021BCABBE}) (Version: 13.31.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{15F4085A-BC98-4590-AFFD-03BBBE49524E}) (Version: 2.9.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Ipswitch WS_FTP 12 (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.4 - Ipswitch)
Ipswitch WS_FTP Pro Uninstall (HKLM\...\WS_FTPPro) (Version:  - )
iTunes (HKLM\...\{81063354-9060-42B2-A000-1EBE96778AA9}) (Version: 9.0.3.15 - Apple Inc.)
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
MaxUp Video Downloader 1.0 (HKLM\...\MaxUp Video Downloader_is1) (Version:  - )
McAfee Internet Security (HKLM\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero 7 Essentials (HKLM\...\{F17F7703-1E72-40C1-A0DD-E5B365661031}) (Version: 7.02.0794 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
oryvs1aqn (HKLM\...\{9d31bfce-bd21-4218-bb95-90d535e179ad}.sdb) (Version:  - )
Pacchetto di compatibilità per Office System 2007 (HKLM\...\{90120000-0020-0410-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
pkauey3tjte (HKLM\...\{668f6d88-11ad-439a-8277-66a1790133df}.sdb) (Version:  - )
QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.19045 - TeamViewer)
Voipwise (HKLM\...\Voipwise_is1) (Version: 4.04 build 550 - Finarea S.A. Switzerland)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

14-08-2014 15:45:31 Windows Update
15-08-2014 02:00:59 Windows Update
15-08-2014 06:39:58 Windows Update
15-08-2014 08:56:54 Windows Update
15-08-2014 15:46:44 Windows Update
15-08-2014 18:52:37 Windows Update
16-08-2014 15:21:32 Windows Update
16-08-2014 17:29:54 Windows Update
24-08-2014 14:29:40 Windows Update
24-08-2014 16:58:16 Windows Update
25-08-2014 19:56:20 Windows Update
26-08-2014 04:55:22 Windows Update
26-08-2014 20:07:12 Windows Update
27-08-2014 03:41:53 Windows Update
27-08-2014 11:03:58 Windows Update
27-08-2014 11:19:31 Windows Update
27-08-2014 17:48:37 Windows Update
28-08-2014 11:03:42 Windows Update
28-08-2014 12:06:41 Windows Update
28-08-2014 15:41:36 Windows Update
28-08-2014 19:15:34 Windows Update
28-08-2014 20:18:58 Windows Update
29-08-2014 08:11:48 Windows Update
29-08-2014 18:57:49 Windows Update
30-08-2014 09:36:02 Windows Update
30-08-2014 17:54:55 Windows Update
31-08-2014 09:25:08 Windows Update
31-08-2014 17:07:02 Windows Update
01-09-2014 10:50:30 Windows Update
01-09-2014 18:26:52 Windows Update
02-09-2014 18:45:20 Windows Update
03-09-2014 17:21:59 Windows Update
04-09-2014 10:50:38 Windows Update
04-09-2014 19:08:12 Windows Update
05-09-2014 10:58:22 Windows Update
05-09-2014 16:46:13 Windows Update
05-09-2014 17:28:20 Windows Update
06-09-2014 18:48:51 Windows Update
07-09-2014 05:58:34 Windows Update
07-09-2014 11:08:41 Windows Update
07-09-2014 18:05:49 Windows Update
08-09-2014 06:57:55 Windows Update
08-09-2014 07:46:53 Windows Update
08-09-2014 19:23:15 Windows Update
10-09-2014 02:00:40 Windows Update
11-09-2014 09:48:30 Windows Update
19-09-2014 18:28:52 Geplanter Prüfpunkt
24-09-2014 13:25:20 Windows Update
01-10-2014 17:52:13 Windows Update
09-10-2014 17:36:19 Geplanter Prüfpunkt
17-10-2014 10:53:55 Windows Update
28-10-2014 11:30:44 Geplanter Prüfpunkt
10-11-2014 09:42:48 Geplanter Prüfpunkt
23-11-2014 16:49:01 Windows Update
09-12-2014 12:41:10 Geplanter Prüfpunkt
11-12-2014 17:16:41 Windows Update
12-12-2014 11:19:46 Windows Update
18-12-2014 11:56:46 Windows Update
12-01-2015 17:15:48 Geplanter Prüfpunkt
13-01-2015 14:55:35 Pacchetto di compatibilità per Office System 2007 rimosso
14-01-2015 12:02:19 Windows Update
14-01-2015 17:28:35 Malwarebytes Anti-Rootkit Restore Point
14-01-2015 20:14:21 Malwarebytes Anti-Rootkit Restore Point
14-01-2015 20:37:53 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {206CE3E2-8524-4F1C-B7FF-CDE721B58C9E} - System32\Tasks\{B442546E-03F9-4483-BC3C-58AA2C567E8A} => C:\Program Files\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {43404FC0-9F2A-45FE-AD73-62205FC36867} - System32\Tasks\{7146788D-B689-4C90-9E0F-54F548C2E2C3} => pcalua.exe -a "C:\Users\*****\Desktop\garmin_rmu_cneunt2010_30c.exe" -d "C:\Users\*****\Desktop"
Task: {6D19F507-D68A-44A8-8607-57C33CAA7633} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {99AE1380-A9DE-4929-ABEC-236142A35B77} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9DFC69C3-8097-41C6-B432-ED2B1334BB5C} - System32\Tasks\{EBF9F240-B55D-44CE-B449-5BF99E3F757B} => pcalua.exe -a "E:\WS_FTP Pro 6.0 GER\wsftpsup.exe" -d "E:\WS_FTP Pro 6.0 GER"
Task: {F21621DF-23FF-4F93-B32B-9B421CF7A1FE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {F5C0661C-94A5-4F91-92D3-2EA7CFEE4519} - System32\Tasks\{579295C0-AD4F-418C-A9F7-C0C85BCB4C22} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {F7BF453F-D5E8-4E5E-8ECB-C7A3E9BFC313} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
1999-07-23 08:08 - 1999-07-23 08:08 - 00045568 _____ () C:\Program Files\WS_FTP Pro\nsftpch.dll
2014-04-22 18:06 - 2012-10-12 15:39 - 06622288 _____ () C:\Program Files\WS_FTP Pro\res0407.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-07-16 15:34 - 2009-07-16 15:34 - 02140944 _____ () C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 07704336 _____ () C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00968976 _____ () C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00475408 _____ () C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00363792 _____ () C:\Program Files\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00199952 _____ () C:\Program Files\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00027408 _____ () C:\Program Files\Logitech\Logitech Vid\SDL.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 11311888 _____ () C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00291600 _____ () C:\Program Files\Logitech\Logitech Vid\phonon4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00028944 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00035088 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00138000 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2010-04-11 12:45 - 2010-02-11 22:26 - 00030720 _____ () C:\Program Files\MaxUp Video Downloader\maxup.exe
2010-04-11 12:45 - 2009-11-03 13:03 - 00043008 _____ () C:\Program Files\MaxUp Video Downloader\_socket.pyd
2010-04-11 12:45 - 2009-11-03 13:03 - 00805376 _____ () C:\Program Files\MaxUp Video Downloader\_ssl.pyd
2010-04-11 12:45 - 2009-11-20 17:23 - 01169920 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtCore.pyd
2010-04-11 12:45 - 2009-10-22 19:52 - 01951744 _____ () C:\Program Files\MaxUp Video Downloader\QtCore4.dll
2010-04-11 12:45 - 2009-11-20 17:10 - 00059904 _____ () C:\Program Files\MaxUp Video Downloader\sip.pyd
2010-04-11 12:45 - 2009-11-20 17:28 - 04477952 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtGui.pyd
2010-04-11 12:45 - 2009-10-22 20:00 - 07236608 _____ () C:\Program Files\MaxUp Video Downloader\QtGui4.dll
2010-04-11 12:45 - 2009-11-20 17:29 - 00151040 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtWebKit.pyd
2010-04-11 12:45 - 2009-10-22 20:38 - 08476672 _____ () C:\Program Files\MaxUp Video Downloader\QtWebKit4.dll
2010-04-11 12:45 - 2009-10-22 20:04 - 00241664 _____ () C:\Program Files\MaxUp Video Downloader\phonon4.dll
2010-04-11 12:45 - 2009-10-22 19:53 - 00875520 _____ () C:\Program Files\MaxUp Video Downloader\QtNetwork4.dll
2010-04-11 12:45 - 2009-11-20 17:28 - 00343040 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtNetwork.pyd
2010-04-11 12:45 - 2009-11-03 12:35 - 00092160 _____ () C:\Program Files\MaxUp Video Downloader\win32api.pyd
2010-04-11 12:45 - 2009-11-03 13:04 - 00107520 _____ () C:\Program Files\MaxUp Video Downloader\pywintypes26.dll
2010-04-11 12:45 - 2009-11-03 13:04 - 00353792 _____ () C:\Program Files\MaxUp Video Downloader\pythoncom26.dll
2010-04-11 12:45 - 2009-11-03 12:43 - 00244736 _____ () C:\Program Files\MaxUp Video Downloader\win32com.shell.shell.pyd
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-12-10 10:18 - 2014-12-10 10:18 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2950267747-3488905677-2633809525-500 - Administrator - Disabled)
Gast (S-1-5-21-2950267747-3488905677-2633809525-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2950267747-3488905677-2633809525-1005 - Limited - Enabled)
***** (S-1-5-21-2950267747-3488905677-2633809525-1000 - Administrator - Enabled) => C:\Users\*****

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2015 02:55:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:55:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:46:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:46:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:35:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST.exe, Version 14.1.2015.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2744

Startzeit: 01d030a14a85ebf6

Endzeit: 6

Anwendungspfad: C:\Users\*****\Desktop\FRST.exe

Berichts-ID:

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3026

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3026

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/15/2015 00:12:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028

Error: (01/15/2015 00:12:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028


System errors:
=============
Error: (01/15/2015 02:53:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/15/2015 02:53:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.

Error: (01/15/2015 02:50:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (01/15/2015 02:50:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "iPod-Dienst" wurde mit folgendem Fehler beendet:
%%-2147417831

Error: (01/15/2015 09:04:43 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (01/15/2015 09:04:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/15/2015 09:04:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.


Microsoft Office Sessions:
=========================
Error: (01/15/2015 02:55:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:55:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:46:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:46:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:35:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe14.1.2015.1274401d030a14a85ebf66C:\Users\*****\Desktop\FRST.exe

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3026

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3026

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/15/2015 00:12:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028

Error: (01/15/2015 00:12:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 56%
Total physical RAM: 3070.18 MB
Available physical RAM: 1349.69 MB
Total Pagefile: 6138.65 MB
Available Pagefile: 4049.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.11 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:583.49 GB) (Free:468.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.67 GB) (Free:1.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=583.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 15.01.2015 15:55
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ohpjimak] => C:\Users\*****\AppData\Roaming\Cmqyzsh\ypedimak.exe [117248 2015-01-14] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [emergency_room] => C:\ProgramData\GameXN\Chat\windows_calendar\shuffle_all.exe [239616 2012-05-01] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [validation] => C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\live_mesh.exe [239616 2014-11-25] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
C:\Users\*****\AppData\Roaming\Avira32
C:\Users\*****\AppData\Local\Firefox64
C:\Users\*****\AppData\Roaming\Win
C:\Users\*****\AppData\Roaming\Farmer_picture
C:\Users\*****\AppData\Roaming\Office7reg
C:\Users\*****\AppData\Roaming\Loader
C:\Users\*****\AppData\Roaming\Run
C:\Users\*****\AppData\Roaming\Script
C:\Users\*****\AppData\Roaming\Cmqyzsh
C:\Users\*****\AppData\Local\Cpecwmjid
C:\Users\*****\AppData\Roaming\Fbkkan
C:\Users\*****\AppData\Roaming\Wiyuws
C:\Users\*****\AppData\Local\Nfnbbvqez
C:\Users\*****\AppData\Roaming\Ppqbxpput
C:\Users\*****\AppData\Local\Gorebxesay
C:\Users\*****\AppData\Local\Lpsgds
C:\Users\*****\AppData\Local\Rnepwrqbck
C:\ProgramData\kjsdym
C:\Users\*****\AppData\Roaming\Ktaqfpqp
C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe
C:\Users\*****\install_reader11_de_ltr5x32d_awc_aih.exe
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\contentDATs.exe
C:\Users\*****\AppData\Local\Temp\FileSystemView.dll
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate08.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate09.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate10.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate11.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate12.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate13.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate14.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate15.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate16.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate17.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate18.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate19.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate20.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate21.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate22.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate23.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate24.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate25.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate26.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate27.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate28.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate29.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate30.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate31.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate32.exe
C:\Users\*****\AppData\Local\Temp\GUR5F06.exe
C:\Users\*****\AppData\Local\Temp\GUR98D5.exe
C:\Users\*****\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.dll
C:\Users\*****\AppData\Local\Temp\_is11FB.exe
C:\Users\*****\AppData\Local\Temp\_is37A.exe
C:\Users\*****\AppData\Local\Temp\_is453B.exe
EmptyTemp:
Hosts:
Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.


Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Riela15 15.01.2015 16:24
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2015
Ran by ***** at 2015-01-15 16:07:16 Run:1
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** (Available profiles: *****)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ohpjimak] => C:\Users\*****\AppData\Roaming\Cmqyzsh\ypedimak.exe [117248 2015-01-14] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [emergency_room] => C:\ProgramData\GameXN\Chat\windows_calendar\shuffle_all.exe [239616 2012-05-01] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [validation] => C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\live_mesh.exe [239616 2014-11-25] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
C:\Users\*****\AppData\Roaming\Avira32
C:\Users\*****\AppData\Local\Firefox64
C:\Users\*****\AppData\Roaming\Win
C:\Users\*****\AppData\Roaming\Farmer_picture
C:\Users\*****\AppData\Roaming\Office7reg
C:\Users\*****\AppData\Roaming\Loader
C:\Users\*****\AppData\Roaming\Run
C:\Users\*****\AppData\Roaming\Script
C:\Users\*****\AppData\Roaming\Cmqyzsh
C:\Users\*****\AppData\Local\Cpecwmjid
C:\Users\*****\AppData\Roaming\Fbkkan
C:\Users\*****\AppData\Roaming\Wiyuws
C:\Users\*****\AppData\Local\Nfnbbvqez
C:\Users\*****\AppData\Roaming\Ppqbxpput
C:\Users\*****\AppData\Local\Gorebxesay
C:\Users\*****\AppData\Local\Lpsgds
C:\Users\*****\AppData\Local\Rnepwrqbck
C:\ProgramData\kjsdym
C:\Users\*****\AppData\Roaming\Ktaqfpqp
C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe
C:\Users\*****\install_reader11_de_ltr5x32d_awc_aih.exe
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\contentDATs.exe
C:\Users\*****\AppData\Local\Temp\FileSystemView.dll
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate08.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate09.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate10.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate11.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate12.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate13.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate14.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate15.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate16.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate17.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate18.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate19.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate20.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate21.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate22.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate23.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate24.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate25.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate26.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate27.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate28.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate29.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate30.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate31.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate32.exe
C:\Users\*****\AppData\Local\Temp\GUR5F06.exe
C:\Users\*****\AppData\Local\Temp\GUR98D5.exe
C:\Users\*****\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.dll
C:\Users\*****\AppData\Local\Temp\_is11FB.exe
C:\Users\*****\AppData\Local\Temp\_is37A.exe
C:\Users\*****\AppData\Local\Temp\_is453B.exe
EmptyTemp:
Hosts:
*****************

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ohpjimak => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\pin-arrive => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ear-according => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\doctor-cable => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\price-calendar => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\mountain-choose => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\farmer-raise => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\emergency_room => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\validation => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\farmer-raise => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ear-according => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\price-calendar => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mountain-choose => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\pin-arrive => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\doctor-cable => value deleted successfully.
C:\Users\*****\AppData\Roaming\Avira32 => Moved successfully.
C:\Users\*****\AppData\Local\Firefox64 => Moved successfully.
C:\Users\*****\AppData\Roaming\Win => Moved successfully.
C:\Users\*****\AppData\Roaming\Farmer_picture => Moved successfully.
C:\Users\*****\AppData\Roaming\Office7reg => Moved successfully.
C:\Users\*****\AppData\Roaming\Loader => Moved successfully.
C:\Users\*****\AppData\Roaming\Run => Moved successfully.
C:\Users\*****\AppData\Roaming\Script => Moved successfully.
C:\Users\*****\AppData\Roaming\Cmqyzsh => Moved successfully.
C:\Users\*****\AppData\Local\Cpecwmjid => Moved successfully.
C:\Users\*****\AppData\Roaming\Fbkkan => Moved successfully.
C:\Users\*****\AppData\Roaming\Wiyuws => Moved successfully.
C:\Users\*****\AppData\Local\Nfnbbvqez => Moved successfully.
C:\Users\*****\AppData\Roaming\Ppqbxpput => Moved successfully.
C:\Users\*****\AppData\Local\Gorebxesay => Moved successfully.
C:\Users\*****\AppData\Local\Lpsgds => Moved successfully.
C:\Users\*****\AppData\Local\Rnepwrqbck => Moved successfully.
C:\ProgramData\kjsdym => Moved successfully.
C:\Users\*****\AppData\Roaming\Ktaqfpqp => Moved successfully.
Could not move "C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe" => Scheduled to move on reboot.
C:\Users\*****\install_reader11_de_ltr5x32d_awc_aih.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\*****\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FileSystemView.dll => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate01.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate02.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate03.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate04.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate05.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate06.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate07.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate08.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate09.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate10.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate11.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate12.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate13.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate14.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate15.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate16.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate17.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate18.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate19.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate20.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate21.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate22.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate23.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate24.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate25.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate26.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate27.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate28.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate29.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate30.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate31.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate32.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\GUR5F06.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\GUR98D5.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\*****\AppData\Local\Temp\_is11FB.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\_is37A.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\_is453B.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 2.6 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-15 16:21:08)<=

C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe => Is moved successfully.

==== End of Fixlog 16:21:08 ====

cosinus 15.01.2015 16:29
System bitte rebooten. Dann frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Riela15 15.01.2015 16:53

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015
Ran by ***** (administrator) on +++++ on 15-01-2015 16:48:37
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** (Available profiles: *****)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe
() C:\Program Files\MaxUp Video Downloader\maxup.exe
(EasyBits Software AS) C:\ProgramData\GameXN\GameXNGO.exe
(Microsoft Corporation) C:\Windows\System32\cmmon32.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Microsoft Corporation) C:\Windows\System32\grpconv.exe
(Microsoft Corporation) C:\Windows\System32\bootcfg.exe
(Microsoft Corporation) C:\Windows\System32\WPDShextAutoplay.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
(Ipswitch) C:\Program Files\WS_FTP Pro\WsftpCOMHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [514832 2014-10-06] (McAfee, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [110348472 2015-01-14] (Microsoft Corporation)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [MaxUp Video Downloader] => C:\Program Files\MaxUp Video Downloader\maxup.exe [30720 2010-02-11] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [GameXN GO] => C:\ProgramData\GameXN\GameXNGO.exe [347008 2012-02-25] (EasyBits Software AS)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mortgage-plant] => C:\Users\PAULUS~1\AppData\Local\Temp\Mortgagerealize\mortgage-strip.exe <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\MountPoints2: {e9c492e8-c7fe-11e1-b6ec-002421af38dd} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000 -> {3A28514C-0D87-4C90-A786-E1FE060B9784} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140325&p={SearchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {142DC14B-63E4-453E-8B4B-AE36A52BF049} hxxp://appdown.naver.com/naver/sports/Cabs/NLiveCastX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\5hgb4j72.default
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Homepage: hxxp://www.******.de
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE0D20140325&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/O1DPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-12-10]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-03-25]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-25]
FF HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-12-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\Mcafee\ActWiz\McAWFwk.exe [287728 2013-04-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [40448 2009-08-28] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 16:48 - 2015-01-15 16:49 - 00018531 _____ () C:\Users\*****\Desktop\FRST.txt
2015-01-15 16:01 - 2015-01-15 16:04 - 00007250 _____ () C:\Users\*****\Desktop\Neues Textdokument (2).txt
2015-01-15 14:57 - 2015-01-15 14:57 - 01116672 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2015-01-15 10:50 - 2015-01-15 10:50 - 00000000 ___HD () C:\Users\*****\AppData\Local\Mountainproposed
2015-01-14 23:44 - 2015-01-15 16:46 - 00000000 ____D () C:\Users\*****\Desktop\alte ERgebnisse
2015-01-14 23:20 - 2015-01-14 23:40 - 00000705 _____ () C:\Users\*****\Desktop\JRT.txt
2015-01-14 23:18 - 2015-01-14 23:18 - 00000000 ____D () C:\Windows\ERUNT
2015-01-14 23:17 - 2015-01-14 23:17 - 01707939 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2015-01-14 23:00 - 2015-01-14 23:07 - 00000000 ____D () C:\AdwCleaner
2015-01-14 22:59 - 2015-01-14 22:59 - 02191360 _____ () C:\Users\*****\Desktop\AdwCleaner_4.107.exe
2015-01-14 17:04 - 2015-01-14 22:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-14 17:04 - 2015-01-14 20:47 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 17:04 - 2015-01-14 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 17:01 - 2015-01-14 20:46 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 17:00 - 2015-01-14 21:01 - 00000000 ____D () C:\Users\*****\Desktop\mbar
2015-01-14 16:58 - 2015-01-14 16:59 - 16448208 _____ (Malwarebytes Corp.) C:\Users\*****\Desktop\mbar-1.08.2.1001.exe
2015-01-14 12:04 - 2015-01-14 16:47 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2015-01-14 12:03 - 2015-01-14 12:03 - 00000000 ____D () C:\3172b0be09dd49095d85
2015-01-14 09:27 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:27 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:27 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 09:27 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:27 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:27 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:26 - 2015-01-13 16:49 - 00000236 _____ () C:\Users\*****\Desktop\defogger_disable.txt
2015-01-13 15:56 - 2015-01-13 15:56 - 00152400 _____ () C:\Windows\Minidump\011315-24242-01.dmp
2015-01-13 15:38 - 2015-01-13 15:38 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2015-01-13 15:32 - 2015-01-15 16:48 - 00000000 ____D () C:\FRST
2015-01-13 15:20 - 2015-01-13 16:49 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log
2015-01-13 15:20 - 2015-01-13 15:20 - 00000000 _____ () C:\Users\*****\defogger_reenable
2015-01-13 15:18 - 2015-01-13 15:18 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2015-01-10 16:14 - 2015-01-10 16:14 - 00000000 ___HD () C:\Users\*****\AppData\Local\Price-deposit
2015-01-10 15:55 - 2015-01-10 15:55 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage_imagine
2015-01-09 09:15 - 2015-01-09 09:15 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-command
2015-01-09 09:06 - 2015-01-09 09:06 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-joke
2015-01-08 09:23 - 2015-01-08 09:28 - 00785408 _____ () C:\Users\*****\Desktop\Formular Inventur Düsseldorf 2014.xls
2015-01-08 08:40 - 2015-01-08 08:40 - 00000000 ___HD () C:\Users\*****\AppData\Local\Pin-phase
2015-01-06 10:37 - 2015-01-08 17:17 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Farmer-cook
2015-01-05 18:40 - 2015-01-05 18:40 - 00005816 _____ () C:\Users\*****\AppData\Roaming\out.bin
2015-01-05 15:18 - 2015-01-05 15:18 - 00182784 _____ () C:\Users\*****\AppData\Roaming\salmagundis.c
2015-01-02 08:17 - 2015-01-14 17:29 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-golf
2014-12-19 21:10 - 2014-12-23 20:56 - 00000000 ____D () C:\Users\*****\Desktop\Presentazione Düsseldorf -
2014-12-19 09:26 - 2015-01-14 17:29 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-shoulder
2014-12-18 11:08 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 16:48 - 2009-12-11 11:40 - 01722681 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 16:47 - 2009-12-11 14:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2015-01-15 16:42 - 2012-02-25 19:45 - 00000000 ____D () C:\ProgramData\GameXN
2015-01-15 16:41 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-15 16:41 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 16:41 - 2009-07-14 05:39 - 00252158 _____ () C:\Windows\setupact.log
2015-01-15 16:29 - 2010-12-12 13:09 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA.job
2015-01-15 16:26 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 16:26 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 16:18 - 2009-12-11 12:10 - 00882152 _____ () C:\Windows\PFRO.log
2015-01-15 16:07 - 2009-12-11 11:59 - 00000000 ____D () C:\Users\*****
2015-01-15 16:00 - 2012-02-25 19:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\go
2015-01-14 20:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-14 20:29 - 2010-12-12 13:09 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core.job
2015-01-14 17:29 - 2014-10-17 09:43 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Update
2015-01-14 12:03 - 2013-08-15 09:14 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 12:03 - 2009-12-11 12:06 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 15:56 - 2014-08-07 10:26 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 15:56 - 2014-08-07 10:25 - 380116606 _____ () C:\Windows\MEMORY.DMP
2015-01-13 15:10 - 2009-12-11 12:35 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-12 17:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-10 16:35 - 2009-12-11 14:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Apple Computer
2015-01-06 15:46 - 2009-12-11 11:54 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 10:46 - 2014-12-15 09:55 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage-explain
2014-12-22 14:50 - 2013-06-23 09:48 - 00000000 ____D () C:\Users\*****\Documents\Agnes
2014-12-20 16:55 - 2012-10-27 09:57 - 00000000 ____D () C:\Users\*****\Documents\Gabriela
2014-12-19 10:33 - 2013-02-27 13:02 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-12-19 10:33 - 2011-12-04 21:26 - 00000000 ____D () C:\ProgramData\McAfee

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 12:19

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015
Ran by ***** at 2015-01-15 16:50:10
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
d71kibj5usy (HKLM\...\{2028b740-5aa6-4f26-b77c-db4d43d458a2}.sdb) (Version:  - )
Epson Easy Photo Print 2 (HKLM\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Stylus Office BX300F_TX300F Handbuch (HKLM\...\EPSON Stylus Office BX300F_TX300F Benutzerhandbuch) (Version:  - )
GameXN GO (HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Game Organizer) (Version:  - GameXN AS)
Garmin City Navigator Europe NT 2010.31 Update (HKLM\...\{D22F5242-773E-4270-AB1F-492021BCABBE}) (Version: 13.31.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{15F4085A-BC98-4590-AFFD-03BBBE49524E}) (Version: 2.9.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Ipswitch WS_FTP 12 (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.4 - Ipswitch)
Ipswitch WS_FTP Pro Uninstall (HKLM\...\WS_FTPPro) (Version:  - )
iTunes (HKLM\...\{81063354-9060-42B2-A000-1EBE96778AA9}) (Version: 9.0.3.15 - Apple Inc.)
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
MaxUp Video Downloader 1.0 (HKLM\...\MaxUp Video Downloader_is1) (Version:  - )
McAfee Internet Security (HKLM\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero 7 Essentials (HKLM\...\{F17F7703-1E72-40C1-A0DD-E5B365661031}) (Version: 7.02.0794 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
oryvs1aqn (HKLM\...\{9d31bfce-bd21-4218-bb95-90d535e179ad}.sdb) (Version:  - )
Pacchetto di compatibilità per Office System 2007 (HKLM\...\{90120000-0020-0410-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
pkauey3tjte (HKLM\...\{668f6d88-11ad-439a-8277-66a1790133df}.sdb) (Version:  - )
QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.19045 - TeamViewer)
Voipwise (HKLM\...\Voipwise_is1) (Version: 4.04 build 550 - Finarea S.A. Switzerland)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

14-08-2014 15:45:31 Windows Update
15-08-2014 02:00:59 Windows Update
15-08-2014 06:39:58 Windows Update
15-08-2014 08:56:54 Windows Update
15-08-2014 15:46:44 Windows Update
15-08-2014 18:52:37 Windows Update
16-08-2014 15:21:32 Windows Update
16-08-2014 17:29:54 Windows Update
24-08-2014 14:29:40 Windows Update
24-08-2014 16:58:16 Windows Update
25-08-2014 19:56:20 Windows Update
26-08-2014 04:55:22 Windows Update
26-08-2014 20:07:12 Windows Update
27-08-2014 03:41:53 Windows Update
27-08-2014 11:03:58 Windows Update
27-08-2014 11:19:31 Windows Update
27-08-2014 17:48:37 Windows Update
28-08-2014 11:03:42 Windows Update
28-08-2014 12:06:41 Windows Update
28-08-2014 15:41:36 Windows Update
28-08-2014 19:15:34 Windows Update
28-08-2014 20:18:58 Windows Update
29-08-2014 08:11:48 Windows Update
29-08-2014 18:57:49 Windows Update
30-08-2014 09:36:02 Windows Update
30-08-2014 17:54:55 Windows Update
31-08-2014 09:25:08 Windows Update
31-08-2014 17:07:02 Windows Update
01-09-2014 10:50:30 Windows Update
01-09-2014 18:26:52 Windows Update
02-09-2014 18:45:20 Windows Update
03-09-2014 17:21:59 Windows Update
04-09-2014 10:50:38 Windows Update
04-09-2014 19:08:12 Windows Update
05-09-2014 10:58:22 Windows Update
05-09-2014 16:46:13 Windows Update
05-09-2014 17:28:20 Windows Update
06-09-2014 18:48:51 Windows Update
07-09-2014 05:58:34 Windows Update
07-09-2014 11:08:41 Windows Update
07-09-2014 18:05:49 Windows Update
08-09-2014 06:57:55 Windows Update
08-09-2014 07:46:53 Windows Update
08-09-2014 19:23:15 Windows Update
10-09-2014 02:00:40 Windows Update
11-09-2014 09:48:30 Windows Update
19-09-2014 18:28:52 Geplanter Prüfpunkt
24-09-2014 13:25:20 Windows Update
01-10-2014 17:52:13 Windows Update
09-10-2014 17:36:19 Geplanter Prüfpunkt
17-10-2014 10:53:55 Windows Update
28-10-2014 11:30:44 Geplanter Prüfpunkt
10-11-2014 09:42:48 Geplanter Prüfpunkt
23-11-2014 16:49:01 Windows Update
09-12-2014 12:41:10 Geplanter Prüfpunkt
11-12-2014 17:16:41 Windows Update
12-12-2014 11:19:46 Windows Update
18-12-2014 11:56:46 Windows Update
12-01-2015 17:15:48 Geplanter Prüfpunkt
13-01-2015 14:55:35 Pacchetto di compatibilità per Office System 2007 rimosso
14-01-2015 12:02:19 Windows Update
14-01-2015 17:28:35 Malwarebytes Anti-Rootkit Restore Point
14-01-2015 20:14:21 Malwarebytes Anti-Rootkit Restore Point
14-01-2015 20:37:53 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-01-15 16:07 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {206CE3E2-8524-4F1C-B7FF-CDE721B58C9E} - System32\Tasks\{B442546E-03F9-4483-BC3C-58AA2C567E8A} => C:\Program Files\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {43404FC0-9F2A-45FE-AD73-62205FC36867} - System32\Tasks\{7146788D-B689-4C90-9E0F-54F548C2E2C3} => pcalua.exe -a "C:\Users\*****\Desktop\garmin_rmu_cneunt2010_30c.exe" -d "C:\Users\*****\Desktop"
Task: {6D19F507-D68A-44A8-8607-57C33CAA7633} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {99AE1380-A9DE-4929-ABEC-236142A35B77} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9DFC69C3-8097-41C6-B432-ED2B1334BB5C} - System32\Tasks\{EBF9F240-B55D-44CE-B449-5BF99E3F757B} => pcalua.exe -a "E:\WS_FTP Pro 6.0 GER\wsftpsup.exe" -d "E:\WS_FTP Pro 6.0 GER"
Task: {F21621DF-23FF-4F93-B32B-9B421CF7A1FE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {F5C0661C-94A5-4F91-92D3-2EA7CFEE4519} - System32\Tasks\{579295C0-AD4F-418C-A9F7-C0C85BCB4C22} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {F7BF453F-D5E8-4E5E-8ECB-C7A3E9BFC313} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
1999-07-23 08:08 - 1999-07-23 08:08 - 00045568 _____ () C:\Program Files\WS_FTP Pro\nsftpch.dll
2014-04-22 18:06 - 2012-10-12 15:39 - 06622288 _____ () C:\Program Files\WS_FTP Pro\res0407.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-07-16 15:34 - 2009-07-16 15:34 - 02140944 _____ () C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 07704336 _____ () C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00968976 _____ () C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00475408 _____ () C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00363792 _____ () C:\Program Files\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00199952 _____ () C:\Program Files\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00027408 _____ () C:\Program Files\Logitech\Logitech Vid\SDL.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 11311888 _____ () C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00291600 _____ () C:\Program Files\Logitech\Logitech Vid\phonon4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00028944 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00035088 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00138000 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2010-04-11 12:45 - 2010-02-11 22:26 - 00030720 _____ () C:\Program Files\MaxUp Video Downloader\maxup.exe
2010-04-11 12:45 - 2009-11-03 13:03 - 00043008 _____ () C:\Program Files\MaxUp Video Downloader\_socket.pyd
2010-04-11 12:45 - 2009-11-03 13:03 - 00805376 _____ () C:\Program Files\MaxUp Video Downloader\_ssl.pyd
2010-04-11 12:45 - 2009-11-20 17:23 - 01169920 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtCore.pyd
2010-04-11 12:45 - 2009-10-22 19:52 - 01951744 _____ () C:\Program Files\MaxUp Video Downloader\QtCore4.dll
2010-04-11 12:45 - 2009-11-20 17:10 - 00059904 _____ () C:\Program Files\MaxUp Video Downloader\sip.pyd
2010-04-11 12:45 - 2009-11-20 17:28 - 04477952 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtGui.pyd
2010-04-11 12:45 - 2009-10-22 20:00 - 07236608 _____ () C:\Program Files\MaxUp Video Downloader\QtGui4.dll
2010-04-11 12:45 - 2009-11-20 17:29 - 00151040 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtWebKit.pyd
2010-04-11 12:45 - 2009-10-22 20:38 - 08476672 _____ () C:\Program Files\MaxUp Video Downloader\QtWebKit4.dll
2010-04-11 12:45 - 2009-10-22 20:04 - 00241664 _____ () C:\Program Files\MaxUp Video Downloader\phonon4.dll
2010-04-11 12:45 - 2009-10-22 19:53 - 00875520 _____ () C:\Program Files\MaxUp Video Downloader\QtNetwork4.dll
2010-04-11 12:45 - 2009-11-20 17:28 - 00343040 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtNetwork.pyd
2010-04-11 12:45 - 2009-11-03 12:35 - 00092160 _____ () C:\Program Files\MaxUp Video Downloader\win32api.pyd
2010-04-11 12:45 - 2009-11-03 13:04 - 00107520 _____ () C:\Program Files\MaxUp Video Downloader\pywintypes26.dll
2010-04-11 12:45 - 2009-11-03 13:04 - 00353792 _____ () C:\Program Files\MaxUp Video Downloader\pythoncom26.dll
2010-04-11 12:45 - 2009-11-03 12:43 - 00244736 _____ () C:\Program Files\MaxUp Video Downloader\win32com.shell.shell.pyd
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2950267747-3488905677-2633809525-500 - Administrator - Disabled)
Gast (S-1-5-21-2950267747-3488905677-2633809525-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2950267747-3488905677-2633809525-1005 - Limited - Enabled)
***** (S-1-5-21-2950267747-3488905677-2633809525-1000 - Administrator - Enabled) => C:\Users\*****

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2015 04:46:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 04:46:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 04:03:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 04:03:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:55:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:55:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:46:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:46:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:35:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST.exe, Version 14.1.2015.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2744

Startzeit: 01d030a14a85ebf6

Endzeit: 6

Anwendungspfad: C:\Users\*****\Desktop\FRST.exe

Berichts-ID:

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3026


System errors:
=============
Error: (01/15/2015 04:42:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (01/15/2015 04:42:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "iPod-Dienst" wurde mit folgendem Fehler beendet:
%%-2147417831

Error: (01/15/2015 02:53:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/15/2015 02:53:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.

Error: (01/15/2015 02:50:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (01/15/2015 02:50:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "iPod-Dienst" wurde mit folgendem Fehler beendet:
%%-2147417831

Error: (01/15/2015 09:04:43 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (01/15/2015 09:04:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/15/2015 09:04:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.


Microsoft Office Sessions:
=========================
Error: (01/15/2015 04:46:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 04:46:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 04:03:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 04:03:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:55:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:55:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:46:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:46:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:35:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe14.1.2015.1274401d030a14a85ebf66C:\Users\*****\Desktop\FRST.exe

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3026


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 50%
Total physical RAM: 3070.18 MB
Available physical RAM: 1524.23 MB
Total Pagefile: 6138.65 MB
Available Pagefile: 4499.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.06 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:583.49 GB) (Free:471.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.67 GB) (Free:1.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=583.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 15.01.2015 20:23
Da ist noch was


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mortgage-plant] => C:\Users\PAULUS~1\AppData\Local\Temp\Mortgagerealize\mortgage-strip.exe <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
C:\Users\*****\AppData\Local\Pin-phase
C:\Users\*****\AppData\Local\Doctor-command
C:\Users\*****\AppData\Local\Price-deposit
C:\Users\*****\AppData\Local\Mountainproposed
C:\Users\*****\AppData\Local\Farmer-joke
C:\Users\*****\AppData\Local\Doctor-command
EmptyTemp:
Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Riela15 15.01.2015 20:52
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2015
Ran by ***** at 2015-01-15 20:39:30 Run:2
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** (Available profiles: *****)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mortgage-plant] => C:\Users\PAULUS~1\AppData\Local\Temp\Mortgagerealize\mortgage-strip.exe <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
C:\Users\*****\AppData\Local\Pin-phase
C:\Users\*****\AppData\Local\Doctor-command
C:\Users\*****\AppData\Local\Price-deposit
C:\Users\*****\AppData\Local\Mountainproposed
C:\Users\*****\AppData\Local\Farmer-joke
C:\Users\*****\AppData\Local\Doctor-command
EmptyTemp:
       
*****************

HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\mortgage-plant => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\pin-arrive => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ear-according => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\doctor-cable => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\price-calendar => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\mountain-choose => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\farmer-raise => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\price-calendar => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\farmer-raise => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\doctor-cable => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\pin-arrive => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mountain-choose => value deleted successfully.

"C:\Users\*****\AppData\Local\Pin-phase" directory move:

Could not move "C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe" => Scheduled to move on reboot.
Could not move "C:\Users\*****\AppData\Local\Pin-phase" directory. => Scheduled to move on reboot.


"C:\Users\*****\AppData\Local\Doctor-command" directory move:

Could not move "C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe" => Scheduled to move on reboot.
Could not move "C:\Users\*****\AppData\Local\Doctor-command" directory. => Scheduled to move on reboot.


"C:\Users\*****\AppData\Local\Price-deposit" directory move:

Could not move "C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe" => Scheduled to move on reboot.
Could not move "C:\Users\*****\AppData\Local\Price-deposit" directory. => Scheduled to move on reboot.


"C:\Users\*****\AppData\Local\Mountainproposed" directory move:

Could not move "C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe" => Scheduled to move on reboot.
Could not move "C:\Users\*****\AppData\Local\Mountainproposed" directory. => Scheduled to move on reboot.


"C:\Users\*****\AppData\Local\Farmer-joke" directory move:

Could not move "C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe" => Scheduled to move on reboot.
Could not move "C:\Users\*****\AppData\Local\Farmer-joke" directory. => Scheduled to move on reboot.


"C:\Users\*****\AppData\Local\Doctor-command" directory move:

Could not move "C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe" => Scheduled to move on reboot.
Could not move "C:\Users\*****\AppData\Local\Doctor-command" directory. => Scheduled to move on reboot.

EmptyTemp: => Removed 21.3 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-15 20:43:06)<=

C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe => Is moved successfully.
C:\Users\*****\AppData\Local\Pin-phase => Is moved successfully.
C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe => Is moved successfully.
C:\Users\*****\AppData\Local\Doctor-command => Is moved successfully.
C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe => Is moved successfully.
C:\Users\*****\AppData\Local\Price-deposit => Is moved successfully.
C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe => Is moved successfully.
C:\Users\*****\AppData\Local\Mountainproposed => Is moved successfully.
C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe => Is moved successfully.
C:\Users\*****\AppData\Local\Farmer-joke => Is moved successfully.
C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe => Is moved successfully.
C:\Users\*****\AppData\Local\Doctor-command => Is moved successfully.

==== End of Fixlog 20:43:06 ====
Hilft es dir zu wissen, dass nach dem Neustart "Microsoft Tool zum Entfernen bösartiger Software" weiterhin auftaucht und aufmerksam macht auf "C: Windows Syste32 MRT.exe" R/RE?

cosinus 15.01.2015 21:02
MRT.exe ist das "Microsoft Tool zum Entfernen bösartiger Software" selbst! :D

Bitte neue FRST Logs posten

Riela15 15.01.2015 21:20
hm, ach so

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015
Ran by ***** (administrator) on +++++ on 15-01-2015 21:13:30
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** (Available profiles: *****)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe
() C:\Program Files\MaxUp Video Downloader\maxup.exe
(EasyBits Software AS) C:\ProgramData\GameXN\GameXNGO.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [514832 2014-10-06] (McAfee, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [110348472 2015-01-14] (Microsoft Corporation)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [MaxUp Video Downloader] => C:\Program Files\MaxUp Video Downloader\maxup.exe [30720 2010-02-11] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [GameXN GO] => C:\ProgramData\GameXN\GameXNGO.exe [347008 2012-02-25] (EasyBits Software AS)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\MountPoints2: {e9c492e8-c7fe-11e1-b6ec-002421af38dd} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000 -> {3A28514C-0D87-4C90-A786-E1FE060B9784} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140325&p={SearchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {142DC14B-63E4-453E-8B4B-AE36A52BF049} hxxp://appdown.naver.com/naver/sports/Cabs/NLiveCastX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\5hgb4j72.default
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Homepage: hxxp://www.******.de
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE0D20140325&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/O1DPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-12-10]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-03-25]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-25]
FF HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-12-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\Mcafee\ActWiz\McAWFwk.exe [287728 2013-04-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [40448 2009-08-28] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 21:13 - 2015-01-15 21:14 - 00016969 _____ () C:\Users\*****\Desktop\FRST.txt
2015-01-15 20:35 - 2015-01-15 20:37 - 00002451 _____ () C:\Users\*****\Desktop\Neues Textdokument.txt
2015-01-15 16:01 - 2015-01-15 16:04 - 00007250 _____ () C:\Users\*****\Desktop\Neues Textdokument (2).txt
2015-01-15 14:57 - 2015-01-15 14:57 - 01116672 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2015-01-14 23:44 - 2015-01-15 20:38 - 00000000 ____D () C:\Users\*****\Desktop\alte ERgebnisse
2015-01-14 23:20 - 2015-01-14 23:40 - 00000705 _____ () C:\Users\*****\Desktop\JRT.txt
2015-01-14 23:18 - 2015-01-14 23:18 - 00000000 ____D () C:\Windows\ERUNT
2015-01-14 23:17 - 2015-01-14 23:17 - 01707939 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2015-01-14 23:00 - 2015-01-14 23:07 - 00000000 ____D () C:\AdwCleaner
2015-01-14 22:59 - 2015-01-14 22:59 - 02191360 _____ () C:\Users\*****\Desktop\AdwCleaner_4.107.exe
2015-01-14 17:04 - 2015-01-14 22:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-14 17:04 - 2015-01-14 20:47 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 17:04 - 2015-01-14 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 17:01 - 2015-01-14 20:46 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 17:00 - 2015-01-14 21:01 - 00000000 ____D () C:\Users\*****\Desktop\mbar
2015-01-14 16:58 - 2015-01-14 16:59 - 16448208 _____ (Malwarebytes Corp.) C:\Users\*****\Desktop\mbar-1.08.2.1001.exe
2015-01-14 12:04 - 2015-01-14 16:47 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2015-01-14 12:03 - 2015-01-14 12:03 - 00000000 ____D () C:\3172b0be09dd49095d85
2015-01-14 09:27 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:27 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:27 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 09:27 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:27 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:27 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:26 - 2015-01-13 16:49 - 00000236 _____ () C:\Users\*****\Desktop\defogger_disable.txt
2015-01-13 15:56 - 2015-01-13 15:56 - 00152400 _____ () C:\Windows\Minidump\011315-24242-01.dmp
2015-01-13 15:38 - 2015-01-13 15:38 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2015-01-13 15:32 - 2015-01-15 21:13 - 00000000 ____D () C:\FRST
2015-01-13 15:20 - 2015-01-13 16:49 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log
2015-01-13 15:20 - 2015-01-13 15:20 - 00000000 _____ () C:\Users\*****\defogger_reenable
2015-01-13 15:18 - 2015-01-13 15:18 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2015-01-10 15:55 - 2015-01-10 15:55 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage_imagine
2015-01-08 09:23 - 2015-01-08 09:28 - 00785408 _____ () C:\Users\*****\Desktop\Formular Inventur Düsseldorf 2014.xls
2015-01-06 10:37 - 2015-01-08 17:17 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Farmer-cook
2015-01-05 18:40 - 2015-01-05 18:40 - 00005816 _____ () C:\Users\*****\AppData\Roaming\out.bin
2015-01-05 15:18 - 2015-01-05 15:18 - 00182784 _____ () C:\Users\*****\AppData\Roaming\salmagundis.c
2015-01-02 08:17 - 2015-01-14 17:29 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-golf
2014-12-19 21:10 - 2014-12-23 20:56 - 00000000 ____D () C:\Users\*****\Desktop\Presentazione Düsseldorf -
2014-12-19 09:26 - 2015-01-14 17:29 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-shoulder
2014-12-18 11:08 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 21:13 - 2012-02-25 19:45 - 00000000 ____D () C:\ProgramData\GameXN
2015-01-15 21:12 - 2009-12-11 14:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2015-01-15 20:48 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 20:48 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 20:46 - 2009-12-11 11:40 - 01740845 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 20:40 - 2009-12-11 12:10 - 00883324 _____ () C:\Windows\PFRO.log
2015-01-15 20:40 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 20:40 - 2009-07-14 05:39 - 00252214 _____ () C:\Windows\setupact.log
2015-01-15 20:32 - 2010-12-12 13:09 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA.job
2015-01-15 20:32 - 2010-12-12 13:09 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core.job
2015-01-15 16:41 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-15 16:07 - 2009-12-11 11:59 - 00000000 ____D () C:\Users\*****
2015-01-15 16:00 - 2012-02-25 19:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\go
2015-01-14 20:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-14 17:29 - 2014-10-17 09:43 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Update
2015-01-14 12:03 - 2013-08-15 09:14 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 12:03 - 2009-12-11 12:06 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 15:56 - 2014-08-07 10:26 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 15:56 - 2014-08-07 10:25 - 380116606 _____ () C:\Windows\MEMORY.DMP
2015-01-13 15:10 - 2009-12-11 12:35 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-12 17:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-10 16:35 - 2009-12-11 14:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Apple Computer
2015-01-06 15:46 - 2009-12-11 11:54 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 10:46 - 2014-12-15 09:55 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage-explain
2014-12-22 14:50 - 2013-06-23 09:48 - 00000000 ____D () C:\Users\*****\Documents\Agnes
2014-12-20 16:55 - 2012-10-27 09:57 - 00000000 ____D () C:\Users\*****\Documents\Gabriela
2014-12-19 10:33 - 2013-02-27 13:02 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-12-19 10:33 - 2011-12-04 21:26 - 00000000 ____D () C:\ProgramData\McAfee

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 12:19

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015
Ran by ***** at 2015-01-15 21:14:21
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
d71kibj5usy (HKLM\...\{2028b740-5aa6-4f26-b77c-db4d43d458a2}.sdb) (Version:  - )
Epson Easy Photo Print 2 (HKLM\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Stylus Office BX300F_TX300F Handbuch (HKLM\...\EPSON Stylus Office BX300F_TX300F Benutzerhandbuch) (Version:  - )
GameXN GO (HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Game Organizer) (Version:  - GameXN AS)
Garmin City Navigator Europe NT 2010.31 Update (HKLM\...\{D22F5242-773E-4270-AB1F-492021BCABBE}) (Version: 13.31.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{15F4085A-BC98-4590-AFFD-03BBBE49524E}) (Version: 2.9.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Ipswitch WS_FTP 12 (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.4 - Ipswitch)
Ipswitch WS_FTP Pro Uninstall (HKLM\...\WS_FTPPro) (Version:  - )
iTunes (HKLM\...\{81063354-9060-42B2-A000-1EBE96778AA9}) (Version: 9.0.3.15 - Apple Inc.)
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
MaxUp Video Downloader 1.0 (HKLM\...\MaxUp Video Downloader_is1) (Version:  - )
McAfee Internet Security (HKLM\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero 7 Essentials (HKLM\...\{F17F7703-1E72-40C1-A0DD-E5B365661031}) (Version: 7.02.0794 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
oryvs1aqn (HKLM\...\{9d31bfce-bd21-4218-bb95-90d535e179ad}.sdb) (Version:  - )
Pacchetto di compatibilità per Office System 2007 (HKLM\...\{90120000-0020-0410-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
pkauey3tjte (HKLM\...\{668f6d88-11ad-439a-8277-66a1790133df}.sdb) (Version:  - )
QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.19045 - TeamViewer)
Voipwise (HKLM\...\Voipwise_is1) (Version: 4.04 build 550 - Finarea S.A. Switzerland)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

14-08-2014 15:45:31 Windows Update
15-08-2014 02:00:59 Windows Update
15-08-2014 06:39:58 Windows Update
15-08-2014 08:56:54 Windows Update
15-08-2014 15:46:44 Windows Update
15-08-2014 18:52:37 Windows Update
16-08-2014 15:21:32 Windows Update
16-08-2014 17:29:54 Windows Update
24-08-2014 14:29:40 Windows Update
24-08-2014 16:58:16 Windows Update
25-08-2014 19:56:20 Windows Update
26-08-2014 04:55:22 Windows Update
26-08-2014 20:07:12 Windows Update
27-08-2014 03:41:53 Windows Update
27-08-2014 11:03:58 Windows Update
27-08-2014 11:19:31 Windows Update
27-08-2014 17:48:37 Windows Update
28-08-2014 11:03:42 Windows Update
28-08-2014 12:06:41 Windows Update
28-08-2014 15:41:36 Windows Update
28-08-2014 19:15:34 Windows Update
28-08-2014 20:18:58 Windows Update
29-08-2014 08:11:48 Windows Update
29-08-2014 18:57:49 Windows Update
30-08-2014 09:36:02 Windows Update
30-08-2014 17:54:55 Windows Update
31-08-2014 09:25:08 Windows Update
31-08-2014 17:07:02 Windows Update
01-09-2014 10:50:30 Windows Update
01-09-2014 18:26:52 Windows Update
02-09-2014 18:45:20 Windows Update
03-09-2014 17:21:59 Windows Update
04-09-2014 10:50:38 Windows Update
04-09-2014 19:08:12 Windows Update
05-09-2014 10:58:22 Windows Update
05-09-2014 16:46:13 Windows Update
05-09-2014 17:28:20 Windows Update
06-09-2014 18:48:51 Windows Update
07-09-2014 05:58:34 Windows Update
07-09-2014 11:08:41 Windows Update
07-09-2014 18:05:49 Windows Update
08-09-2014 06:57:55 Windows Update
08-09-2014 07:46:53 Windows Update
08-09-2014 19:23:15 Windows Update
10-09-2014 02:00:40 Windows Update
11-09-2014 09:48:30 Windows Update
19-09-2014 18:28:52 Geplanter Prüfpunkt
24-09-2014 13:25:20 Windows Update
01-10-2014 17:52:13 Windows Update
09-10-2014 17:36:19 Geplanter Prüfpunkt
17-10-2014 10:53:55 Windows Update
28-10-2014 11:30:44 Geplanter Prüfpunkt
10-11-2014 09:42:48 Geplanter Prüfpunkt
23-11-2014 16:49:01 Windows Update
09-12-2014 12:41:10 Geplanter Prüfpunkt
11-12-2014 17:16:41 Windows Update
12-12-2014 11:19:46 Windows Update
18-12-2014 11:56:46 Windows Update
12-01-2015 17:15:48 Geplanter Prüfpunkt
13-01-2015 14:55:35 Pacchetto di compatibilità per Office System 2007 rimosso
14-01-2015 12:02:19 Windows Update
14-01-2015 17:28:35 Malwarebytes Anti-Rootkit Restore Point
14-01-2015 20:14:21 Malwarebytes Anti-Rootkit Restore Point
14-01-2015 20:37:53 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-01-15 16:07 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {206CE3E2-8524-4F1C-B7FF-CDE721B58C9E} - System32\Tasks\{B442546E-03F9-4483-BC3C-58AA2C567E8A} => C:\Program Files\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {43404FC0-9F2A-45FE-AD73-62205FC36867} - System32\Tasks\{7146788D-B689-4C90-9E0F-54F548C2E2C3} => pcalua.exe -a "C:\Users\*****\Desktop\garmin_rmu_cneunt2010_30c.exe" -d "C:\Users\*****\Desktop"
Task: {6D19F507-D68A-44A8-8607-57C33CAA7633} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {99AE1380-A9DE-4929-ABEC-236142A35B77} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9DFC69C3-8097-41C6-B432-ED2B1334BB5C} - System32\Tasks\{EBF9F240-B55D-44CE-B449-5BF99E3F757B} => pcalua.exe -a "E:\WS_FTP Pro 6.0 GER\wsftpsup.exe" -d "E:\WS_FTP Pro 6.0 GER"
Task: {F21621DF-23FF-4F93-B32B-9B421CF7A1FE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {F5C0661C-94A5-4F91-92D3-2EA7CFEE4519} - System32\Tasks\{579295C0-AD4F-418C-A9F7-C0C85BCB4C22} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {F7BF453F-D5E8-4E5E-8ECB-C7A3E9BFC313} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-07-16 15:34 - 2009-07-16 15:34 - 02140944 _____ () C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 07704336 _____ () C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00968976 _____ () C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00475408 _____ () C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00363792 _____ () C:\Program Files\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00199952 _____ () C:\Program Files\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00027408 _____ () C:\Program Files\Logitech\Logitech Vid\SDL.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 11311888 _____ () C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00291600 _____ () C:\Program Files\Logitech\Logitech Vid\phonon4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00028944 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00035088 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00138000 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2010-04-11 12:45 - 2010-02-11 22:26 - 00030720 _____ () C:\Program Files\MaxUp Video Downloader\maxup.exe
2010-04-11 12:45 - 2009-11-03 13:03 - 00043008 _____ () C:\Program Files\MaxUp Video Downloader\_socket.pyd
2010-04-11 12:45 - 2009-11-03 13:03 - 00805376 _____ () C:\Program Files\MaxUp Video Downloader\_ssl.pyd
2010-04-11 12:45 - 2009-11-20 17:23 - 01169920 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtCore.pyd
2010-04-11 12:45 - 2009-10-22 19:52 - 01951744 _____ () C:\Program Files\MaxUp Video Downloader\QtCore4.dll
2010-04-11 12:45 - 2009-11-20 17:10 - 00059904 _____ () C:\Program Files\MaxUp Video Downloader\sip.pyd
2010-04-11 12:45 - 2009-11-20 17:28 - 04477952 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtGui.pyd
2010-04-11 12:45 - 2009-10-22 20:00 - 07236608 _____ () C:\Program Files\MaxUp Video Downloader\QtGui4.dll
2010-04-11 12:45 - 2009-11-20 17:29 - 00151040 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtWebKit.pyd
2010-04-11 12:45 - 2009-10-22 20:38 - 08476672 _____ () C:\Program Files\MaxUp Video Downloader\QtWebKit4.dll
2010-04-11 12:45 - 2009-10-22 20:04 - 00241664 _____ () C:\Program Files\MaxUp Video Downloader\phonon4.dll
2010-04-11 12:45 - 2009-10-22 19:53 - 00875520 _____ () C:\Program Files\MaxUp Video Downloader\QtNetwork4.dll
2010-04-11 12:45 - 2009-11-20 17:28 - 00343040 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtNetwork.pyd
2010-04-11 12:45 - 2009-11-03 12:35 - 00092160 _____ () C:\Program Files\MaxUp Video Downloader\win32api.pyd
2010-04-11 12:45 - 2009-11-03 13:04 - 00107520 _____ () C:\Program Files\MaxUp Video Downloader\pywintypes26.dll
2010-04-11 12:45 - 2009-11-03 13:04 - 00353792 _____ () C:\Program Files\MaxUp Video Downloader\pythoncom26.dll
2010-04-11 12:45 - 2009-11-03 12:43 - 00244736 _____ () C:\Program Files\MaxUp Video Downloader\win32com.shell.shell.pyd
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-12-10 10:18 - 2014-12-10 10:18 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2950267747-3488905677-2633809525-500 - Administrator - Disabled)
Gast (S-1-5-21-2950267747-3488905677-2633809525-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2950267747-3488905677-2633809525-1005 - Limited - Enabled)
***** (S-1-5-21-2950267747-3488905677-2633809525-1000 - Administrator - Enabled) => C:\Users\*****

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2015 09:12:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 09:12:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 08:14:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5117

Error: (01/15/2015 08:14:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5117

Error: (01/15/2015 08:14:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/15/2015 08:14:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4119

Error: (01/15/2015 08:14:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4119

Error: (01/15/2015 08:14:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/15/2015 08:14:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3120

Error: (01/15/2015 08:14:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3120


System errors:
=============
Error: (01/15/2015 04:42:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (01/15/2015 04:42:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "iPod-Dienst" wurde mit folgendem Fehler beendet:
%%-2147417831

Error: (01/15/2015 02:53:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/15/2015 02:53:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.

Error: (01/15/2015 02:50:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (01/15/2015 02:50:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "iPod-Dienst" wurde mit folgendem Fehler beendet:
%%-2147417831

Error: (01/15/2015 09:04:43 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (01/15/2015 09:04:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/15/2015 09:04:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.


Microsoft Office Sessions:
=========================
Error: (01/15/2015 09:12:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 09:12:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 08:14:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5117

Error: (01/15/2015 08:14:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5117

Error: (01/15/2015 08:14:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/15/2015 08:14:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4119

Error: (01/15/2015 08:14:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4119

Error: (01/15/2015 08:14:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/15/2015 08:14:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3120

Error: (01/15/2015 08:14:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3120


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 35%
Total physical RAM: 3070.18 MB
Available physical RAM: 1973.69 MB
Total Pagefile: 6138.65 MB
Available Pagefile: 4806.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.06 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:583.49 GB) (Free:469.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.67 GB) (Free:1.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=583.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Wenn er dann aber fragt, ob er helfen kann, dann sag ich erstmal nein, oder?

cosinus 15.01.2015 22:19
Der Mist scheint immer noch dazu sein....Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Riela15 16.01.2015 11:56
hab wohl die Zeit überschritten...
Ich habe die Anleitung vom 29.03.2008 zu MBAM befolgt. Als Sprache war schon Deutsch angegeben, ab schritt 4. aber auf Englisch. Dank eurer Bildanleitung scan durchgeführt.
MBAM hat nichts gefunden, grün.

ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=47239146a0d21744b1a3c2f226c37beb
# engine=21995
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-16 10:31:24
# local_time=2015-01-16 11:31:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5124 16777213 88 100 2395061 184214462 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 47699730 173035475 0 0
# scanned=361646
# found=98
# cleaned=0
# scan_time=9853
sh=534C6C6410721E9FE6206E0D7D9EAC341619DB37 ft=1 fh=34e1abfeb0b434b1 vn="Variante von Win32/Kryptik.CUWZ Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\*****\AppData\Local\Doctor-command\doctorshow.exe.xBAD"
sh=C77286436007B23827FDDCF30DCCD08E6B212393 ft=1 fh=f1d15e40a6b280b4 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe.xBAD"
sh=C52E9079A3D52BDAA26D6BF905DD8916D802D3C2 ft=1 fh=2ecb6c281fa98d05 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\*****\AppData\Local\Pin-phase\pin-slight.exe.xBAD"
sh=50F673444E6693B1F0F3E3E410EA9C530ADE331B ft=1 fh=fdf4ef8d592af440 vn="Variante von Win32/Kryptik.CUYK Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\*****\AppData\Local\Price-deposit\price-closet.exe.xBAD"
sh=B252BBE7B64EA863E115D3BFECA6B39E3E17A18F ft=1 fh=097d18a63b1c1296 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe.xBAD"
sh=3B0B516F28DAB4E5DF32F4EFA063730DC79C73C0 ft=1 fh=25ec46b98566a176 vn="Variante von Win32/Kryptik.CNSG Trojaner" ac=I fn="C:\Program Files\Adobe\Reader 11.0\Reader\AcroExt\referring_physician\antimalware_software.exe"
sh=DADBA16A2593C8751A46753A5500DEE26CE023DC ft=1 fh=d773637edf5346e6 vn="Variante von Win32/Kryptik.CNWZ Trojaner" ac=I fn="C:\Program Files\Adobe\Reader 11.0\Reader\AcroExt\referring_physician\beneficiary_kpp.exe"
sh=D06ACB6D2CF8B2A4F9DB0BF2FBF7C6BEBD5B4116 ft=1 fh=21d07ab943c073cb vn="Variante von Win32/Kryptik.COLP Trojaner" ac=I fn="C:\Program Files\Adobe\Reader 11.0\Reader\AcroExt\referring_physician\bluetooth.exe"
sh=D06ACB6D2CF8B2A4F9DB0BF2FBF7C6BEBD5B4116 ft=1 fh=21d07ab943c073cb vn="Variante von Win32/Kryptik.COLP Trojaner" ac=I fn="C:\Program Files\Adobe\Reader 11.0\Reader\AcroExt\referring_physician\encoding.exe"
sh=DADBA16A2593C8751A46753A5500DEE26CE023DC ft=1 fh=d773637edf5346e6 vn="Variante von Win32/Kryptik.CNWZ Trojaner" ac=I fn="C:\Program Files\Adobe\Reader 11.0\Reader\AcroExt\referring_physician\favorites.exe"
sh=DADBA16A2593C8751A46753A5500DEE26CE023DC ft=1 fh=d773637edf5346e6 vn="Variante von Win32/Kryptik.CNWZ Trojaner" ac=I fn="C:\Program Files\Adobe\Reader 11.0\Reader\AcroExt\referring_physician\glass.exe"
sh=1A188BCC25D2980128CB159FBDE96699A3C81B69 ft=1 fh=f6304112cc29f982 vn="Variante von Win32/Kryptik.COCQ Trojaner" ac=I fn="C:\Program Files\Adobe\Reader 11.0\Reader\AcroExt\referring_physician\long_date.exe"
sh=DADBA16A2593C8751A46753A5500DEE26CE023DC ft=1 fh=d773637edf5346e6 vn="Variante von Win32/Kryptik.CNWZ Trojaner" ac=I fn="C:\Program Files\Adobe\Reader 11.0\Reader\AcroExt\referring_physician\track.exe"
sh=D946B8CD6D28CA38D3ACCE897F07856474DED6B4 ft=1 fh=47c4bcac63278daa vn="Variante von Win32/Kryptik.CNWZ Trojaner" ac=I fn="C:\Program Files\Adobe\Reader 11.0\Reader\AcroExt\referring_physician\windows_location_provider.exe"
sh=D946B8CD6D28CA38D3ACCE897F07856474DED6B4 ft=1 fh=47c4bcac63278daa vn="Variante von Win32/Kryptik.CNWZ Trojaner" ac=I fn="C:\Program Files\Adobe\Reader 11.0\Reader\Browser\question\bitlocker.exe"
sh=DADBA16A2593C8751A46753A5500DEE26CE023DC ft=1 fh=d773637edf5346e6 vn="Variante von Win32/Kryptik.CNWZ Trojaner" ac=I fn="C:\Program Files\Adobe\Reader 11.0\Reader\Browser\question\ipsec.exe"
sh=DADBA16A2593C8751A46753A5500DEE26CE023DC ft=1 fh=d773637edf5346e6 vn="Variante von Win32/Kryptik.CNWZ Trojaner" ac=I fn="C:\Program Files\Adobe\Reader 11.0\Reader\Browser\question\right_arrow.exe"
sh=D946B8CD6D28CA38D3ACCE897F07856474DED6B4 ft=1 fh=47c4bcac63278daa vn="Variante von Win32/Kryptik.CNWZ Trojaner" ac=I fn="C:\Program Files\Adobe\Reader 11.0\Reader\Browser\question\rolling_shutter.exe"
sh=D06ACB6D2CF8B2A4F9DB0BF2FBF7C6BEBD5B4116 ft=1 fh=21d07ab943c073cb vn="Variante von Win32/Kryptik.COLP Trojaner" ac=I fn="C:\Program Files\Adobe\Reader 11.0\Reader\Browser\question\stabilization.exe"
sh=1A188BCC25D2980128CB159FBDE96699A3C81B69 ft=1 fh=f6304112cc29f982 vn="Variante von Win32/Kryptik.COCQ Trojaner" ac=I fn="C:\Program Files\Adobe\Reader 11.0\Reader\Browser\question\unavailable.exe"
sh=AEA1DC54336DDBB0952CBBAB91F335C34502D58A ft=1 fh=9f7d46fd60edff75 vn="Variante von Win32/Kryptik.CUEI Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\account_balance.exe"
sh=D95DE1DBFFC1CBCD56E29847946EF9B1D57C15A5 ft=1 fh=b437e5cea2f20990 vn="Variante von Win32/Kryptik.CTSK Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\app_container.exe"
sh=7BC489B3947F42A6A4C3BAAE48E1F6244D0EDB81 ft=1 fh=5423004c929326ae vn="Variante von Win32/Kryptik.CURT Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\block.exe"
sh=EDD4CEE91D62F16EA08BF3A8B8EA2D062C1FA1B0 ft=1 fh=9c4b55fbc60dd861 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\camera.exe"
sh=7495C5EA97E6DC4EC05A8A2A9F41A0E89BF220C0 ft=1 fh=62146591d430d9fb vn="Variante von Win32/Kryptik.CUNW Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\counter.exe"
sh=75CEF67AB2050D6619B539D0EFA123A09D4DBD9C ft=1 fh=9dea98f019cc44c0 vn="Variante von Win32/Kryptik.CTUO Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\discharge.exe"
sh=2CD63456472F10D7A286756CDC514316BAD2F0F6 ft=1 fh=5423004c32586239 vn="Variante von Win32/Kryptik.CURT Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\file_format.exe"
sh=F2EAD050AF34089F5BD0E8E11EFD6BE2DD019E91 ft=1 fh=b65bf3dd6bc9f4b7 vn="Variante von Win32/Kryptik.CTFI Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\general_ledger.exe"
sh=637CD2A7B112294D0263AF65F13A5F57513FE5D9 ft=1 fh=f2fb6beff5883945 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\gsm_network.exe"
sh=F45DEF343B802D2FE2003A29D2931E8AB7F6480D ft=1 fh=162fd3e6ce70e9cb vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\hard_disk.exe"
sh=2E6364031808ABD1B649B09EFD2D79813F58DD3A ft=1 fh=839400fb20a6efce vn="Variante von Win32/Kryptik.CUEI Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\in_collection.exe"
sh=75CEF67AB2050D6619B539D0EFA123A09D4DBD9C ft=1 fh=9dea98f019cc44c0 vn="Variante von Win32/Kryptik.CTUO Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\low_density_lipoprotein.exe"
sh=D4E10F08416D4D211C7660C0F565823597E4D366 ft=1 fh=e262cab0bd6e442d vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\microsoft_schweiz_gmbh.exe"
sh=C374781B91ED9E83F7A614B7861BC6BFC8013FBC ft=1 fh=6e95649460775656 vn="Variante von Win32/Kryptik.CTKY Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\mobile.exe"
sh=0E962D405C5A93111E4490171B542E3B7FEB441C ft=1 fh=eb8ff4b77e6964a4 vn="Variante von Win32/Kryptik.CTDK Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\phone_language.exe"
sh=D7AAF82F5549F001F4096DD279ECCEC510A86610 ft=1 fh=9c4b55fb054f7d7e vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\respiratory_rate.exe"
sh=050246929725A7F6B6FFC827FE9C83F3051F5553 ft=1 fh=584acbc06d65c453 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\silent.exe"
sh=0E962D405C5A93111E4490171B542E3B7FEB441C ft=1 fh=eb8ff4b77e6964a4 vn="Variante von Win32/Kryptik.CTDK Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\sms_center_number.exe"
sh=A5DC6F2C2814E286752E899997E97DBCCBA587A8 ft=1 fh=e691352e58b60b25 vn="Variante von Win32/Kryptik.CTSK Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\snap_mode.exe"
sh=B748A1F266E3BC85E9AFD52282CF2454D18879CF ft=1 fh=b6c7f12322b6b6bc vn="Variante von Win32/Kryptik.CUNW Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\speed_dial.exe"
sh=D95DE1DBFFC1CBCD56E29847946EF9B1D57C15A5 ft=1 fh=b437e5cea2f20990 vn="Variante von Win32/Kryptik.CTSK Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\synced_folders.exe"
sh=C374781B91ED9E83F7A614B7861BC6BFC8013FBC ft=1 fh=6e95649460775656 vn="Variante von Win32/Kryptik.CTKY Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\tap_gesture.exe"
sh=F2EAD050AF34089F5BD0E8E11EFD6BE2DD019E91 ft=1 fh=b65bf3dd6bc9f4b7 vn="Variante von Win32/Kryptik.CTFI Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\transfer.exe"
sh=050246929725A7F6B6FFC827FE9C83F3051F5553 ft=1 fh=584acbc06d65c453 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\value_added_tax.exe"
sh=8144B0C7C9080C2EBB783FDFCC5366977062E3D3 ft=1 fh=bd29844e22b15760 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\video.exe"
sh=637CD2A7B112294D0263AF65F13A5F57513FE5D9 ft=1 fh=f2fb6beff5883945 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\windows_8_single_language.exe"
sh=B748A1F266E3BC85E9AFD52282CF2454D18879CF ft=1 fh=b6c7f12322b6b6bc vn="Variante von Win32/Kryptik.CUNW Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\windows_essentials.exe"
sh=D4E10F08416D4D211C7660C0F565823597E4D366 ft=1 fh=e262cab0bd6e442d vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\windows_rt.exe"
sh=D4BE0ED435CF3A4B8DC5B503BCB9F4DE69587C2D ft=1 fh=d45b456a18d81c73 vn="Variante von Win32/Kryptik.CTSK Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\property\wi_fi_networking.exe"
sh=C55C32F177579AF54A4A31A6CE31ED9FF8646F9B ft=1 fh=a11b3e373c438e08 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\unlock.exe"
sh=294C69FF1DD8CFEEB3F1986D747BE80AAB6F20B7 ft=1 fh=fa0491840994bf44 vn="Variante von Win32/Kryptik.CTTD Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\authorize.exe"
sh=58086C13BA00B300752F48E402B693BEF73FBBF5 ft=1 fh=391f51c399497a5d vn="Variante von Win32/Kryptik.CVJP Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\beacon.exe"
sh=3106298CC37BDC47F32BB482FB96652FB78FA8E3 ft=1 fh=d2f3b7e1c798ae76 vn="Win32/TrojanDownloader.Nymaim.AO Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\capi2.exe"
sh=A04022D4F3931E0B59AD5601CDBEEE7AF0CF6A13 ft=1 fh=b30a7786a7dd3a97 vn="Win32/TrojanDownloader.Nymaim.AO Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\drop_down_arrow.exe"
sh=9F6905FB8871B0B59414FF90C83E59268D8BA751 ft=1 fh=bf2339e9d4f2f696 vn="Variante von Win32/Kryptik.CUUQ Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\file_explorer.exe"
sh=DC97EAFB3D26B3DCD2C1E8CFE0BE1161D938BF33 ft=1 fh=780ba8053633df7f vn="Win32/TrojanDownloader.Nymaim.AO Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\korean_won.exe"
sh=8B0B5BB9D416596D93E283C2838DA96F9A03350F ft=1 fh=c71c0011fef5fb24 vn="Variante von Win32/Kryptik.CVCT Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\package.exe"
sh=FE6297DBD17E5F9073A012118B3F34B515546E34 ft=1 fh=7ded8fe077ea2b99 vn="Variante von Win32/Injector.BRMJ Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\refresh.exe"
sh=3106298CC37BDC47F32BB482FB96652FB78FA8E3 ft=1 fh=d2f3b7e1c798ae76 vn="Win32/TrojanDownloader.Nymaim.AO Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\safety.exe"
sh=FD835A848303A6F8204CD3F712EB04C490DF0FB9 ft=1 fh=4ac14dbf3f6ff20a vn="Variante von Win32/Kryptik.CTYX Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\sources.exe"
sh=8B0B5BB9D416596D93E283C2838DA96F9A03350F ft=1 fh=c71c0011fef5fb24 vn="Variante von Win32/Kryptik.CVCT Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\swipe_gesture.exe"
sh=5286E929B42665432DA35D30117CA01671B68170 ft=1 fh=c71c0011aac9acca vn="Win32/TrojanDownloader.Nymaim.AO Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\target.exe"
sh=C83CD4ABCA3D7A0DCA8128F3C1A6F1D223F58A8C ft=1 fh=b31c627e3a9b63e7 vn="Win32/TrojanDownloader.Nymaim.AO Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\windows_search.exe"
sh=DCDA5DFD8BB4594B84B40E10DA9BFE6F992D5115 ft=1 fh=a789273229fd1634 vn="Variante von Win32/Kryptik.CUVG Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\es.lproj\contacts\dynamic_access_control.exe"
sh=DCDA5DFD8BB4594B84B40E10DA9BFE6F992D5115 ft=1 fh=a789273229fd1634 vn="Variante von Win32/Kryptik.CUVG Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\es.lproj\contacts\pairing_request.exe"
sh=0C89C0DB570C0FC1A18423B83EBBD8FD615F5FB0 ft=1 fh=3f6db4b2027a4c64 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\es.lproj\contacts\pre_boot.exe"
sh=7256D30BD64C519F14FD7EDBCFBF155341A45F7E ft=1 fh=d661a948bef3adfd vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\es.lproj\contacts\security_administrator.exe"
sh=2CD63456472F10D7A286756CDC514316BAD2F0F6 ft=1 fh=5423004c32586239 vn="Variante von Win32/Kryptik.CURT Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\sv.lproj\upload\tty_tdd.exe"
sh=07834D4F9E82FABDD74F4E337AC9894CFB5BEE8F ft=1 fh=c4789c2abfe51385 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\sv.lproj\upload\device_channels\achievement.exe"
sh=0C89C0DB570C0FC1A18423B83EBBD8FD615F5FB0 ft=1 fh=3f6db4b2027a4c64 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\sv.lproj\upload\device_channels\catalog.exe"
sh=07834D4F9E82FABDD74F4E337AC9894CFB5BEE8F ft=1 fh=c4789c2abfe51385 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\sv.lproj\upload\device_channels\flagged.exe"
sh=C55C32F177579AF54A4A31A6CE31ED9FF8646F9B ft=1 fh=a11b3e373c438e08 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Program Files\Bonjour\Bonjour.Resources\da.lproj\blood_glucose_measurement\notification.exe"
sh=9F6905FB8871B0B59414FF90C83E59268D8BA751 ft=1 fh=bf2339e9d4f2f696 vn="Variante von Win32/Kryptik.CUUQ Trojaner" ac=I fn="C:\ProgramData\GameXN\Chat\windows_calendar\emergency_profile.exe"
sh=7422A67DBF024380D2AC71EB1750382DE90D281D ft=1 fh=e8da2f4c8d23a058 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\ProgramData\GameXN\MLS\discussion\inicis.exe"
sh=EAEE91C9ED39069B33B55DB5670F5E5F1C5B5B64 ft=1 fh=63bc4243cc823c7d vn="Variante von Win32/Kryptik.CVIV Trojaner" ac=I fn="C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\branch_code.exe"
sh=8CB5FACA7A374EA49F1F147673FD82EA02D1D757 ft=1 fh=902b22b0cb49280e vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\other.exe"
sh=537B5E77C27072D7F4F286DB98C229F8FBB6253E ft=1 fh=efa98ed6c8bb2828 vn="Variante von Win32/Kryptik.CVIV Trojaner" ac=I fn="C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\permissions.exe"
sh=FF605A9AC8054AB0F920368B8C261954CCE49081 ft=1 fh=a8c1e202931e0739 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\wi_fi.exe"
sh=A97B4E8F319E27D4B113B202BCA1D9E3CCFFFADA ft=1 fh=d7c17976677fbbcf vn="Variante von Win32/Kryptik.CUWE Trojaner" ac=I fn="C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\beacon.exe"
sh=8CB5FACA7A374EA49F1F147673FD82EA02D1D757 ft=1 fh=902b22b0cb49280e vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\heart_rate_monitor.exe"
sh=EAEE91C9ED39069B33B55DB5670F5E5F1C5B5B64 ft=1 fh=63bc4243cc823c7d vn="Variante von Win32/Kryptik.CVIV Trojaner" ac=I fn="C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\kit_item.exe"
sh=DF34C6830F4357F6C0205CC7421736A0C4331488 ft=1 fh=cc5b6beb1a41762d vn="Variante von Win32/Kryptik.CVDB Trojaner" ac=I fn="C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\messaging.exe"
sh=DBC737F2FA8E0F6D19BBA9362986FD5BE83AF733 ft=1 fh=937b62b55c4ce067 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\music_videos.exe"
sh=E9124F1581F24A5810DF0C5F7E221C551190D332 ft=1 fh=17fef44e2c8f3582 vn="Variante von Win32/Kryptik.CUUM Trojaner" ac=I fn="C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\watch.exe"
sh=9F6905FB8871B0B59414FF90C83E59268D8BA751 ft=1 fh=bf2339e9d4f2f696 vn="Variante von Win32/Kryptik.CUUQ Trojaner" ac=I fn="C:\Users\All Users\GameXN\Chat\windows_calendar\emergency_profile.exe"
sh=7422A67DBF024380D2AC71EB1750382DE90D281D ft=1 fh=e8da2f4c8d23a058 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Users\All Users\GameXN\MLS\discussion\inicis.exe"
sh=EAEE91C9ED39069B33B55DB5670F5E5F1C5B5B64 ft=1 fh=63bc4243cc823c7d vn="Variante von Win32/Kryptik.CVIV Trojaner" ac=I fn="C:\Users\All Users\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\branch_code.exe"
sh=8CB5FACA7A374EA49F1F147673FD82EA02D1D757 ft=1 fh=902b22b0cb49280e vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Users\All Users\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\other.exe"
sh=537B5E77C27072D7F4F286DB98C229F8FBB6253E ft=1 fh=efa98ed6c8bb2828 vn="Variante von Win32/Kryptik.CVIV Trojaner" ac=I fn="C:\Users\All Users\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\permissions.exe"
sh=FF605A9AC8054AB0F920368B8C261954CCE49081 ft=1 fh=a8c1e202931e0739 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Users\All Users\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\wi_fi.exe"
sh=A97B4E8F319E27D4B113B202BCA1D9E3CCFFFADA ft=1 fh=d7c17976677fbbcf vn="Variante von Win32/Kryptik.CUWE Trojaner" ac=I fn="C:\Users\All Users\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\beacon.exe"
sh=8CB5FACA7A374EA49F1F147673FD82EA02D1D757 ft=1 fh=902b22b0cb49280e vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Users\All Users\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\heart_rate_monitor.exe"
sh=EAEE91C9ED39069B33B55DB5670F5E5F1C5B5B64 ft=1 fh=63bc4243cc823c7d vn="Variante von Win32/Kryptik.CVIV Trojaner" ac=I fn="C:\Users\All Users\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\kit_item.exe"
sh=DF34C6830F4357F6C0205CC7421736A0C4331488 ft=1 fh=cc5b6beb1a41762d vn="Variante von Win32/Kryptik.CVDB Trojaner" ac=I fn="C:\Users\All Users\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\messaging.exe"
sh=DBC737F2FA8E0F6D19BBA9362986FD5BE83AF733 ft=1 fh=937b62b55c4ce067 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Users\All Users\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\music_videos.exe"
sh=E9124F1581F24A5810DF0C5F7E221C551190D332 ft=1 fh=17fef44e2c8f3582 vn="Variante von Win32/Kryptik.CUUM Trojaner" ac=I fn="C:\Users\All Users\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\watch.exe"
sh=CA8CFF0304B871DF4AB039CE21D455344F93BB37 ft=1 fh=7cff629c7cb85300 vn="Variante von Win32/Kryptik.CQTL Trojaner" ac=I fn="C:\Users\*****\AppData\Local\Win\win.exe"
sh=B3596019AE6715F414D514979D8ED89FA091D66A ft=1 fh=f666d472bcff13d0 vn="Variante von Win32/Kryptik.CVAX Trojaner" ac=I fn="C:\Users\*****\AppData\Roaming\Mortgage_imagine\mortgage_station.exe"

cosinus 16.01.2015 12:15
Hui....:wtf:...was ESET denn da alles in Programmordnern legitimer Programme gefunden....:wtf:

Code:
C:\Program Files\Adobe\Reader 11.0\Reader\Browser\question\bitlocker.exe
Bitte diese Datei bei Virustotal auswerten lassen und den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.

Riela15 16.01.2015 12:27
mit Ergebnislink meinst du das?
Code:
hxxps://www.virustotal.com/de/file/529c55c27db20dc495e0622dd4e3b0f6ececfaaf16f97e32c49e3dd0d602a0b7/analysis/1421407411/

cosinus 16.01.2015 13:21
Oha tatsächlich...da hat sich die Malware breitärschig in deine Programme gesetzt :D


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\*****\AppData\Local\Win
C:\Users\*****\AppData\Roaming\Mortgage_imagine
C:\Program Files\Adobe\Reader 11.0\Reader\AcroExt\referring_physician
C:\Program Files\Adobe\Reader 11.0\Reader\Browser\question
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\es.lproj
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\sv.lproj
C:\Program Files\Bonjour\Bonjour.Resources\da.lproj
C:\ProgramData\GameXN\Chat\windows_calendar\emergency_profile.exe
C:\ProgramData\GameXN\MLS\discussion\inicis.exe
C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458
C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464
C:\Users\All Users\GameXN\Chat\windows_calendar\emergency_profile.exe
C:\Users\All Users\GameXN\MLS\discussion\inicis.exe
C:\Users\All Users\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458
C:\Users\All Users\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464
Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Riela15 16.01.2015 14:37
Schön, dass du sie gefunden hast.

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2015
Ran by ***** at 2015-01-16 14:33:20 Run:3
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** (Available profiles: *****)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\*****\AppData\Local\Win
C:\Users\*****\AppData\Roaming\Mortgage_imagine
C:\Program Files\Adobe\Reader 11.0\Reader\AcroExt\referring_physician
C:\Program Files\Adobe\Reader 11.0\Reader\Browser\question
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\es.lproj
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\sv.lproj
C:\Program Files\Bonjour\Bonjour.Resources\da.lproj
C:\ProgramData\GameXN\Chat\windows_calendar\emergency_profile.exe
C:\ProgramData\GameXN\MLS\discussion\inicis.exe
C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458
C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464
C:\Users\All Users\GameXN\Chat\windows_calendar\emergency_profile.exe
C:\Users\All Users\GameXN\MLS\discussion\inicis.exe
C:\Users\All Users\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458
C:\Users\All Users\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464
       
*****************

C:\Users\*****\AppData\Local\Win => Moved successfully.
C:\Users\*****\AppData\Roaming\Mortgage_imagine => Moved successfully.
C:\Program Files\Adobe\Reader 11.0\Reader\AcroExt\referring_physician => Moved successfully.
C:\Program Files\Adobe\Reader 11.0\Reader\Browser\question => Moved successfully.
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj => Moved successfully.
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj => Moved successfully.
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\es.lproj => Moved successfully.
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\sv.lproj => Moved successfully.
C:\Program Files\Bonjour\Bonjour.Resources\da.lproj => Moved successfully.
C:\ProgramData\GameXN\Chat\windows_calendar\emergency_profile.exe => Moved successfully.
C:\ProgramData\GameXN\MLS\discussion\inicis.exe => Moved successfully.
C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458 => Moved successfully.
C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464 => Moved successfully.
"C:\Users\All Users\GameXN\Chat\windows_calendar\emergency_profile.exe" => File/Directory not found.
"C:\Users\All Users\GameXN\MLS\discussion\inicis.exe" => File/Directory not found.
"C:\Users\All Users\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458" => File/Directory not found.
"C:\Users\All Users\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464" => File/Directory not found.

==== End of Fixlog 14:33:22 ====

cosinus 17.01.2015 16:49
Bitte neue Kontrollscans mit MBAM und ESET

Riela15 18.01.2015 18:00
MBAM grün.
ESET nun nur noch die Hälfte ;)
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=47239146a0d21744b1a3c2f226c37beb
# engine=22025
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-18 04:48:04
# local_time=2015-01-18 05:48:04 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5124 16777214 88 100 2594060 184409861 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 47895129 173230874 0 0
# scanned=363794
# found=39
# cleaned=0
# scan_time=7911
sh=294C69FF1DD8CFEEB3F1986D747BE80AAB6F20B7 ft=1 fh=fa0491840994bf44 vn="Variante von Win32/Kryptik.CTTD Trojaner" ac=I fn="C:\FRST\Quarantine\C\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\authorize.exe"
sh=58086C13BA00B300752F48E402B693BEF73FBBF5 ft=1 fh=391f51c399497a5d vn="Variante von Win32/Kryptik.CVJP Trojaner" ac=I fn="C:\FRST\Quarantine\C\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\beacon.exe"
sh=3106298CC37BDC47F32BB482FB96652FB78FA8E3 ft=1 fh=d2f3b7e1c798ae76 vn="Win32/TrojanDownloader.Nymaim.AO Trojaner" ac=I fn="C:\FRST\Quarantine\C\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\capi2.exe"
sh=A04022D4F3931E0B59AD5601CDBEEE7AF0CF6A13 ft=1 fh=b30a7786a7dd3a97 vn="Win32/TrojanDownloader.Nymaim.AO Trojaner" ac=I fn="C:\FRST\Quarantine\C\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\drop_down_arrow.exe"
sh=9F6905FB8871B0B59414FF90C83E59268D8BA751 ft=1 fh=bf2339e9d4f2f696 vn="Variante von Win32/Kryptik.CUUQ Trojaner" ac=I fn="C:\FRST\Quarantine\C\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\file_explorer.exe"
sh=DC97EAFB3D26B3DCD2C1E8CFE0BE1161D938BF33 ft=1 fh=780ba8053633df7f vn="Win32/TrojanDownloader.Nymaim.AO Trojaner" ac=I fn="C:\FRST\Quarantine\C\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\korean_won.exe"
sh=30EC58AB0092D46A283299851115FFF48EF47B04 ft=1 fh=a29541424edb5d73 vn="Win32/TrojanDownloader.Nymaim.AO Trojaner" ac=I fn="C:\FRST\Quarantine\C\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\live_mesh.exe"
sh=8B0B5BB9D416596D93E283C2838DA96F9A03350F ft=1 fh=c71c0011fef5fb24 vn="Variante von Win32/Kryptik.CVCT Trojaner" ac=I fn="C:\FRST\Quarantine\C\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\package.exe"
sh=FE6297DBD17E5F9073A012118B3F34B515546E34 ft=1 fh=7ded8fe077ea2b99 vn="Variante von Win32/Injector.BRMJ Trojaner" ac=I fn="C:\FRST\Quarantine\C\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\refresh.exe"
sh=3106298CC37BDC47F32BB482FB96652FB78FA8E3 ft=1 fh=d2f3b7e1c798ae76 vn="Win32/TrojanDownloader.Nymaim.AO Trojaner" ac=I fn="C:\FRST\Quarantine\C\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\safety.exe"
sh=FD835A848303A6F8204CD3F712EB04C490DF0FB9 ft=1 fh=4ac14dbf3f6ff20a vn="Variante von Win32/Kryptik.CTYX Trojaner" ac=I fn="C:\FRST\Quarantine\C\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\sources.exe"
sh=8B0B5BB9D416596D93E283C2838DA96F9A03350F ft=1 fh=c71c0011fef5fb24 vn="Variante von Win32/Kryptik.CVCT Trojaner" ac=I fn="C:\FRST\Quarantine\C\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\swipe_gesture.exe"
sh=5286E929B42665432DA35D30117CA01671B68170 ft=1 fh=c71c0011aac9acca vn="Win32/TrojanDownloader.Nymaim.AO Trojaner" ac=I fn="C:\FRST\Quarantine\C\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\target.exe"
sh=C83CD4ABCA3D7A0DCA8128F3C1A6F1D223F58A8C ft=1 fh=b31c627e3a9b63e7 vn="Win32/TrojanDownloader.Nymaim.AO Trojaner" ac=I fn="C:\FRST\Quarantine\C\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\windows_search.exe"
sh=07834D4F9E82FABDD74F4E337AC9894CFB5BEE8F ft=1 fh=c4789c2abfe51385 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\FRST\Quarantine\C\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\sv.lproj\upload\device_channels\achievement.exe"
sh=0C89C0DB570C0FC1A18423B83EBBD8FD615F5FB0 ft=1 fh=3f6db4b2027a4c64 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\FRST\Quarantine\C\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\sv.lproj\upload\device_channels\catalog.exe"
sh=07834D4F9E82FABDD74F4E337AC9894CFB5BEE8F ft=1 fh=c4789c2abfe51385 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\FRST\Quarantine\C\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\sv.lproj\upload\device_channels\flagged.exe"
sh=9F6905FB8871B0B59414FF90C83E59268D8BA751 ft=1 fh=bf2339e9d4f2f696 vn="Variante von Win32/Kryptik.CUUQ Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\GameXN\Chat\windows_calendar\emergency_profile.exe.xBAD"
sh=7422A67DBF024380D2AC71EB1750382DE90D281D ft=1 fh=e8da2f4c8d23a058 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\GameXN\MLS\discussion\inicis.exe.xBAD"
sh=EAEE91C9ED39069B33B55DB5670F5E5F1C5B5B64 ft=1 fh=63bc4243cc823c7d vn="Variante von Win32/Kryptik.CVIV Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\branch_code.exe"
sh=8CB5FACA7A374EA49F1F147673FD82EA02D1D757 ft=1 fh=902b22b0cb49280e vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\other.exe"
sh=537B5E77C27072D7F4F286DB98C229F8FBB6253E ft=1 fh=efa98ed6c8bb2828 vn="Variante von Win32/Kryptik.CVIV Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\permissions.exe"
sh=FF605A9AC8054AB0F920368B8C261954CCE49081 ft=1 fh=a8c1e202931e0739 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\wi_fi.exe"
sh=A97B4E8F319E27D4B113B202BCA1D9E3CCFFFADA ft=1 fh=d7c17976677fbbcf vn="Variante von Win32/Kryptik.CUWE Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\beacon.exe"
sh=8CB5FACA7A374EA49F1F147673FD82EA02D1D757 ft=1 fh=902b22b0cb49280e vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\heart_rate_monitor.exe"
sh=EAEE91C9ED39069B33B55DB5670F5E5F1C5B5B64 ft=1 fh=63bc4243cc823c7d vn="Variante von Win32/Kryptik.CVIV Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\kit_item.exe"
sh=DF34C6830F4357F6C0205CC7421736A0C4331488 ft=1 fh=cc5b6beb1a41762d vn="Variante von Win32/Kryptik.CVDB Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\messaging.exe"
sh=DBC737F2FA8E0F6D19BBA9362986FD5BE83AF733 ft=1 fh=937b62b55c4ce067 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\music_videos.exe"
sh=E9124F1581F24A5810DF0C5F7E221C551190D332 ft=1 fh=17fef44e2c8f3582 vn="Variante von Win32/Kryptik.CUUM Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\watch.exe"
sh=534C6C6410721E9FE6206E0D7D9EAC341619DB37 ft=1 fh=34e1abfeb0b434b1 vn="Variante von Win32/Kryptik.CUWZ Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\*****\AppData\Local\Doctor-command\doctorshow.exe.xBAD"
sh=C77286436007B23827FDDCF30DCCD08E6B212393 ft=1 fh=f1d15e40a6b280b4 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe.xBAD"
sh=44656ADE6F82A3C58A847013274EDB0134622CB3 ft=1 fh=c32abebcdbb6c20e vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe.xBAD"
sh=C52E9079A3D52BDAA26D6BF905DD8916D802D3C2 ft=1 fh=2ecb6c281fa98d05 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\*****\AppData\Local\Pin-phase\pin-slight.exe.xBAD"
sh=50F673444E6693B1F0F3E3E410EA9C530ADE331B ft=1 fh=fdf4ef8d592af440 vn="Variante von Win32/Kryptik.CUYK Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\*****\AppData\Local\Price-deposit\price-closet.exe.xBAD"
sh=B252BBE7B64EA863E115D3BFECA6B39E3E17A18F ft=1 fh=097d18a63b1c1296 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe.xBAD"
sh=CA8CFF0304B871DF4AB039CE21D455344F93BB37 ft=1 fh=7cff629c7cb85300 vn="Variante von Win32/Kryptik.CQTL Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\*****\AppData\Local\Win\win.exe"
sh=B3596019AE6715F414D514979D8ED89FA091D66A ft=1 fh=f666d472bcff13d0 vn="Variante von Win32/Kryptik.CVAX Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\*****\AppData\Roaming\Mortgage_imagine\mortgage_station.exe"
sh=30EC58AB0092D46A283299851115FFF48EF47B04 ft=1 fh=a29541424edb5d73 vn="Win32/TrojanDownloader.Nymaim.AO Trojaner" ac=I fn="C:\ProgramData\GameXN\Chat\windows_calendar\shuffle_all.exe"
sh=30EC58AB0092D46A283299851115FFF48EF47B04 ft=1 fh=a29541424edb5d73 vn="Win32/TrojanDownloader.Nymaim.AO Trojaner" ac=I fn="C:\Users\All Users\GameXN\Chat\windows_calendar\shuffle_all.exe"

cosinus 18.01.2015 20:59
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\ProgramData\GameXN
C:\Users\All Users\GameXN
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Riela15 18.01.2015 21:29
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-01-2015 01
Ran by ***** at 2015-01-18 21:17:05 Run:4
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** (Available profiles: *****)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\ProgramData\GameXN
C:\Users\All Users\GameXN
EmptyTemp:
Hosts:
*****************


"C:\ProgramData\GameXN" directory move:

C:\ProgramData\GameXN\ezGameXN.dll => Moved successfully.
C:\ProgramData\GameXN\ezShell64Run.exe => Moved successfully.
C:\ProgramData\GameXN\GameXNGO.exe => Moved successfully.
C:\ProgramData\GameXN\go.sdat => Moved successfully.
C:\ProgramData\GameXN\go.upd.sdat => Moved successfully.
C:\ProgramData\GameXN\goRel.dat => Moved successfully.
C:\ProgramData\GameXN\out.bin => Moved successfully.
C:\ProgramData\GameXN\pxml.xml => Moved successfully.
C:\ProgramData\GameXN\sc1.pub => Moved successfully.
C:\ProgramData\GameXN\ShortIDs.dat => Moved successfully.
C:\ProgramData\GameXN\swf.map => Moved successfully.
C:\ProgramData\GameXN\_bpid.dat => Moved successfully.
C:\ProgramData\GameXN\_gompu.dat => Moved successfully.
C:\ProgramData\GameXN\_gosti.dat => Moved successfully.
C:\ProgramData\GameXN\_luc.dat => Moved successfully.
C:\ProgramData\GameXN\_mu1.dat => Moved successfully.
C:\ProgramData\GameXN\_popularity.dat => Moved successfully.
C:\ProgramData\GameXN\Tabs\tabs.dat => Moved successfully.
C:\ProgramData\GameXN\Sounds\ChatMessage.mp3 => Moved successfully.
C:\ProgramData\GameXN\Sounds\GameReady.mp3 => Moved successfully.
C:\ProgramData\GameXN\Sounds\Invitation.mp3 => Moved successfully.
C:\ProgramData\GameXN\Sounds\LobbyStart.mp3 => Moved successfully.
C:\ProgramData\GameXN\Sounds\NewFriend.mp3 => Moved successfully.
C:\ProgramData\GameXN\Sounds\Notification.mp3 => Moved successfully.
C:\ProgramData\GameXN\Sounds\Sounds.ini => Moved successfully.
C:\ProgramData\GameXN\Sounds\splayer.swf => Moved successfully.
C:\ProgramData\GameXN\News\news.dat => Moved successfully.
C:\ProgramData\GameXN\News\premium\newsletter.xml => Moved successfully.
C:\ProgramData\GameXN\News\premium\PremiumBanner.swf => Moved successfully.
C:\ProgramData\GameXN\MLS\CompltetedLangs.dat => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_ARE.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_BGR.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_CHS.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_CHT.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_CSY.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_DAN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_DEU.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_ELL.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_ESN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_ETI.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_FIN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_FRA.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_HEB.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_HUN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_ITA.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_JPN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_KOR.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_LTH.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_NLD.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_NOR.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_PLK.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_PTB.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_PTG.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_ROM.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_RUS.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_SVE.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOLobby_TRK.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_ARE.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_BGR.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_CHS.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_CHT.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_CSY.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_DAN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_DEU.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_ELL.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_ESN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_ETI.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_FIN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_FRA.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_HEB.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_HUN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_ITA.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_JPN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_KOR.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_LTH.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_NLD.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_NOR.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_PLK.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_PTB.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_PTG.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_ROM.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_RUS.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_SVE.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GoNet_TRK.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_ARE.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_BGR.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_CHS.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_CHT.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_CSY.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_DAN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_DEU.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_ELL.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_ESN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_ETI.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_FIN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_FRA.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_HEB.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_HUN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_ITA.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_JPN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_KOR.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_LTH.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_NLD.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_NOR.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_PLK.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_PTB.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_PTG.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_ROM.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_RUS.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_SVE.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GOV1_TRK.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_ARE.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_BGR.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_CHS.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_CHT.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_CSY.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_DAN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_DEU.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_ELL.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_ESN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_ETI.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_FIN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_FRA.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_HEB.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_HUN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_ITA.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_JPN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_KOR.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_LTH.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_NLD.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_NOR.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_PLK.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_PTB.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_PTG.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_ROM.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_RUS.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_SVE.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\GO_TRK.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_ARE.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_BGR.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_CHS.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_CHT.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_CSY.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_DAN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_DEU.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_ELL.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_ESN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_ETI.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_FIN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_FRA.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_HEB.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_HUN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_ITA.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_JPN.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_KOR.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_LTH.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_NLD.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_NOR.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_PLK.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_PTB.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_PTG.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_ROM.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_RUS.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_SVE.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\skypePM_TRK.mls => Moved successfully.
C:\ProgramData\GameXN\MLS\discussion\sxsvj.pam => Moved successfully.
C:\ProgramData\GameXN\Local Cache\00858AFBC4C6418397A981061E85E95C_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\00858AFBC4C6418397A981061E85E95C_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\01E408B224F44A85B5C58CEAFA619E53_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\01E408B224F44A85B5C58CEAFA619E53_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\0493A0A710B44406A0AC4B1383B8D07D_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\0493A0A710B44406A0AC4B1383B8D07D_thumb135x80.jpg => Moved successfully.
C:\ProgramData\GameXN\Local Cache\0827725D5A0C415AB3B72E8ECA712134_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\0827725D5A0C415AB3B72E8ECA712134_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\0C99AA2DA06E4F6BA61B15297AA0DBEF_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\0C99AA2DA06E4F6BA61B15297AA0DBEF_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\0DD3EA14790940ECB8BD992F24F4FF20_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\0DD3EA14790940ECB8BD992F24F4FF20_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\1451CA7AD738404FBA1572F0D15F00A8_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\1451CA7AD738404FBA1572F0D15F00A8_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\164368FE9051439A8E8FB3FE5730FC7C_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\164368FE9051439A8E8FB3FE5730FC7C_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\2E06D5039B734EE8A1244F34184BD499_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\2E06D5039B734EE8A1244F34184BD499_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\3AC42E18194147CF8DA2997C926EEC36_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\3AC42E18194147CF8DA2997C926EEC36_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\3AC42E18194147CF8DA2997C926EEC36_thumb135x80.jpg => Moved successfully.
C:\ProgramData\GameXN\Local Cache\4136746E049B4E648BAE5299828AAC2B_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\4136746E049B4E648BAE5299828AAC2B_thumb135x80.jpg => Moved successfully.
C:\ProgramData\GameXN\Local Cache\4396EDB7C1A140ADA40B775FEB3C0D25_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\4396EDB7C1A140ADA40B775FEB3C0D25_thumb135x80.jpg => Moved successfully.
C:\ProgramData\GameXN\Local Cache\454EB22F4CF24AD0B14FBA4A4C21E879_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\454EB22F4CF24AD0B14FBA4A4C21E879_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\4C89916128C54976B7A80B10F3C19137_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\4C89916128C54976B7A80B10F3C19137_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\5823ABD88F47457C9D2BF864D89C5FBC_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\5823ABD88F47457C9D2BF864D89C5FBC_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\6BD422D51C4342F2B6B8AB37C42AA17B_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\6BD422D51C4342F2B6B8AB37C42AA17B_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\72314F0D257D448BADABB1BC59272131_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\72314F0D257D448BADABB1BC59272131_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\77714F0D257D448BADABB1BC59272131_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\77714F0D257D448BADABB1BC59272131_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\78814F0D257D448BADABB1BC59272131_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\78814F0D257D448BADABB1BC59272131_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\79914F0D257D448BADABB1BC59272131_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\79914F0D257D448BADABB1BC59272131_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\79AE9A1F56F842A7A099E5DDFD7710B3_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\79AE9A1F56F842A7A099E5DDFD7710B3_thumb135x80.jpg => Moved successfully.
C:\ProgramData\GameXN\Local Cache\79FF86CC601045CE9675AF1363600ED9_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\79FF86CC601045CE9675AF1363600ED9_thumb135x80.jpg => Moved successfully.
C:\ProgramData\GameXN\Local Cache\7FF10FD1D9E1467181402A0155363CB2_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\7FF10FD1D9E1467181402A0155363CB2_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\80FA788DB37F44C4AC03D1206073EF67_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\80FA788DB37F44C4AC03D1206073EF67_thumb135x80.jpg => Moved successfully.
C:\ProgramData\GameXN\Local Cache\8CA38853EAF74A618812B5185704FA72_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\8CA38853EAF74A618812B5185704FA72_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\8F2BEA1A2B56457AA3182B880C863A52_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\8F2BEA1A2B56457AA3182B880C863A52_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\91B6FD143522487DBC07A35DE803C671_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\91B6FD143522487DBC07A35DE803C671_thumb135x80.jpg => Moved successfully.
C:\ProgramData\GameXN\Local Cache\ABC0C93967AD43098E0382FD5EA9DFE1_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\ABC0C93967AD43098E0382FD5EA9DFE1_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\B1F1A04AC9AD41CE8E83313BF9788957_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\B1F1A04AC9AD41CE8E83313BF9788957_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\B5362B0B24E14E6B8A330041B208FF78_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\B5362B0B24E14E6B8A330041B208FF78_thumb135x80.jpg => Moved successfully.
C:\ProgramData\GameXN\Local Cache\B76A8D6A7F0A4415B459E204940E45DA_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\B76A8D6A7F0A4415B459E204940E45DA_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\C1CD45C3F42A43AB899F31B591A5211F_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\C1CD45C3F42A43AB899F31B591A5211F_thumb135x80.jpg => Moved successfully.
C:\ProgramData\GameXN\Local Cache\C5094D21049946CC8CCB397AAB28817A_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\C5094D21049946CC8CCB397AAB28817A_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\C7D94334204347AEBB0F776ED21C7F29_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\C7D94334204347AEBB0F776ED21C7F29_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\CA2E420582B3484EA454CB5E7A1C8892_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\CA2E420582B3484EA454CB5E7A1C8892_thumb135x80.jpg => Moved successfully.
C:\ProgramData\GameXN\Local Cache\CE6B3C1D64654E4B8331A1CB0ED028AD_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\CE6B3C1D64654E4B8331A1CB0ED028AD_thumb135x80.jpg => Moved successfully.
C:\ProgramData\GameXN\Local Cache\D8F6378E7EE742B9A38730ECE6FA7CCA_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\D8F6378E7EE742B9A38730ECE6FA7CCA_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\DE3FAACAE2834545AADAAE424244F5D8_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\DE3FAACAE2834545AADAAE424244F5D8_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\E573AAFBCCC6425157A989000E12A77B_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\E573AAFBCCC6425157A989000E12A77B_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\EB659AD2FCC647F38E82982293E1663C_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\EB659AD2FCC647F38E82982293E1663C_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\EC0BD23BB8FB49AB9CEA5FC8EDE66BDB_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\EC0BD23BB8FB49AB9CEA5FC8EDE66BDB_thumb135x80.jpg => Moved successfully.
C:\ProgramData\GameXN\Local Cache\EF40E569ACCA4FA3A41083BA475C2102_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\EF40E569ACCA4FA3A41083BA475C2102_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\F48988F4365D412F9DDA68C7805772BF_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\F48988F4365D412F9DDA68C7805772BF_thumb135x80.jpg => Moved successfully.
C:\ProgramData\GameXN\Local Cache\F9C6228EE2884EB0B722ECBB9296FA74_icon16.png => Moved successfully.
C:\ProgramData\GameXN\Local Cache\F9C6228EE2884EB0B722ECBB9296FA74_thumb.swf => Moved successfully.
C:\ProgramData\GameXN\Local Cache\~Please do not delete files from this folder => Moved successfully.
C:\ProgramData\GameXN\HTML\named_strings.mlsxml => Moved successfully.
C:\ProgramData\GameXN\HTML\organizer2.swf => Moved successfully.
C:\ProgramData\GameXN\HTML\organizer3.swf => Moved successfully.
C:\ProgramData\GameXN\HTML\organizer4.swf => Moved successfully.
C:\ProgramData\GameXN\HTML\uswk\ufci.uku => Moved successfully.
C:\ProgramData\GameXN\HTML\startup\bg.jpg => Moved successfully.
C:\ProgramData\GameXN\HTML\startup\default.htm => Moved successfully.
C:\ProgramData\GameXN\HTML\startup\default_mls.htm => Moved successfully.
C:\ProgramData\GameXN\HTML\mls\GameOrganizer.xml => Moved successfully.
C:\ProgramData\GameXN\GUP\UL\DefLog.ezlog => Moved successfully.
C:\ProgramData\GameXN\gost\recent.dat => Moved successfully.
C:\ProgramData\GameXN\Games\bg.gif => Moved successfully.
C:\ProgramData\GameXN\Games\CommonGamesStrings_MLS.xml => Moved successfully.
C:\ProgramData\GameXN\Games\game.htm => Moved successfully.
C:\ProgramData\GameXN\Chat\chat.htm => Moved successfully.
C:\ProgramData\GameXN\Chat\chat.swf => Moved successfully.
C:\ProgramData\GameXN\Chat\chat_MLS.xml => Moved successfully.
C:\ProgramData\GameXN\Chat\xnChat_MLS.xml => Moved successfully.
C:\ProgramData\GameXN\Chat\windows_calendar\aqbsa.cmy => Moved successfully.
C:\ProgramData\GameXN\Chat\windows_calendar\fhg.dky => Moved successfully.
C:\ProgramData\GameXN\Chat\windows_calendar\shuffle_all.exe => Moved successfully.
Could not move "C:\ProgramData\GameXN" directory. => Scheduled to move on reboot.


"C:\Users\All Users\GameXN" directory move:

Could not move "C:\Users\All Users\GameXN" directory. => Scheduled to move on reboot.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 102.5 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-18 21:21:03)<=

C:\ProgramData\GameXN => Is moved successfully.
C:\Users\All Users\GameXN => Is moved successfully.

==== End of Fixlog 21:21:03 ====

cosinus 18.01.2015 23:40
Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Riela15 19.01.2015 21:11
cosinus, erstmal ein ganz ganz liebes :dankeschoen: , dass du dir die ganze Zeit genommen hast und so hartnäckig nach dem Nest gesucht hast!
Ich hab jetzt bei Ghostery alles blockiert bis auf Widgets. Mal schauen, wie weit ich damit komme.
Morgen probiere ich noch ne letzte Sache aus und melde mich kurz bei dir.
A! Was ist mit re-enable von CD-Emulatoren, die ich zu Anfang ausgeschaltet habe?
Und... vor ein paar Wochen (da hatte ich die Trojaner bestimmt schon drauf) musste ich unser Speedport neu konfigurieren u. Passworte eingeben. Ist das ein mögliches Tor für weitere malware?

cosinus 20.01.2015 11:57
defogger re-enablen, defogger ist eh nur relevant wenn man CD-Emulatoren installiert hat. Steht aber auch alles bei der Beschreibung. Router können ein Einfallstor sein wenn man zB die Firmware nicht rechtzeitig aktualisiert oder Administration aus der Ferne zulässt.

Dann wären wir durch! :daumenhoc


Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen.

Helfen kann dir dabei delfix:


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.






Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Riela15 20.01.2015 13:21
Programme, die ich brauche, lassen sich alle wieder normal öffnen. :)
Nochmals danke!
Hausaufgaben werden gleich erledigt. Ciao!

Riela15 06.02.2015 18:53
Hallo Cosinus!
Hab ein neues Problem: Nymaim. Hat am 2.2.2015 Phishing versucht, so dass unser Zugang zum Online-Konto gesperrt wurde und die Bank uns anrief um die Info zu geben.
Ich hoffe, du kannst wieder helfen. Bevor ich die logs plaziere, wollte ich fragen, ob du weiter machen kannst oder ob ich ein neues Thema eröffnen soll?
Danke schon mal! (ersparrt mir die komplette Aufspielung, hoffentlich..)

cosinus 06.02.2015 20:40
Hi, bitte ein neues Thema eröffnen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:23 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131