Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Positive Finds infizierter PC nach Installation von Youtube to MP3 Converter (https://www.trojaner-board.de/163782-positive-finds-infizierter-pc-installation-youtube-to-mp3-converter.html)

Minnie89 09.02.2015 17:22
Positive Finds infizierter PC nach Installation von Youtube to MP3 Converter
 
Hallo an alle,

heute habe ich mir den Youtube to MP3 Converter heruntergeladen. Bisher hatte ich nie Probleme nach einem solchen Update. Heute allerdings schon. Ständig erscheinen Popups am rechten, unteren und linken Bildschirmrand. Ein Löschen der kompletten Chronik, aller dazugehöriger Cookies etc, des Programms ansich und des Adobe Readers, den ich heute auch aktualisiert habe, brachte keinen Erfolg.
Ich habe mir erlaubt einen FRST Scan durchzuführen. Nur ab jetzt bin ich vorsichtig, weil ich auch kein Pc Genie bin :(

Vielen Dank für eure Hilfe

Mc Afee hat bei seinem Scan nichts entdeckt;

4723 Daten & 68 Prozesse wurden gescannt
Registrierungselemente 0
Bootrecords 0

schrauber 09.02.2015 17:33
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Minnie89 09.02.2015 17:35
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015
Ran by Anna Schmitt (administrator) on ANNA-PC on 09-02-2015 16:48:18
Running from C:\Users\Anna Schmitt\Downloads
Loaded Profiles: Anna Schmitt (Available profiles: Anna Schmitt)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Apple Inc.) D:\Programme\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Users\Anna Schmitt\AppData\Local\Amazon Music\Amazon Music Helper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) D:\Programme\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [497792 2014-08-05] (McAfee, Inc.)
HKLM\...\Run: [fst_de_86] => [X]
HKLM\...\Run: [iTunesHelper] => D:\Programme\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [Amazon Music] => C:\Users\Anna Schmitt\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\MountPoints2: {dbcbd8f8-0054-11e4-9c97-806e6f6e6963} - E:\Autorun.exe
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\Program Files\SupTab\SearchProtect32.dll [94088 2014-07-08] (Skytech Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe (Acresso Software Inc.)
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53462;https=127.0.0.1:53462
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1404843312&from=amt&uid=ST9500325AS_6VE8L4KXXXXX6VE8L4KX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = webssearches
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404843312&from=amt&uid=ST9500325AS_6VE8L4KXXXXX6VE8L4KX&q={searchTerms}
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = webssearches
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404843312&from=amt&uid=ST9500325AS_6VE8L4KXXXXX6VE8L4KX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404843312&from=amt&uid=ST9500325AS_6VE8L4KXXXXX6VE8L4KX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3632686917-1945200719-2163919785-1001 -> DefaultScope {5EAB7D68-45C5-4998-BEC0-D6366D43FC9B} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE739D20140731&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3632686917-1945200719-2163919785-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404843312&from=amt&uid=ST9500325AS_6VE8L4KXXXXX6VE8L4KX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3632686917-1945200719-2163919785-1001 -> {5EAB7D68-45C5-4998-BEC0-D6366D43FC9B} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE739D20140731&p={SearchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe webssearches

FireFox:
========
FF ProfilePath: C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: webssearches
FF Homepage: about:home
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE739D20140731&p=
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: iCloud Bookmarks - C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default\Extensions\firefoxdav@icloud.com [2015-01-16]
FF Extension: Positive Finds - C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default\Extensions\{7084813e-70d5-4251-9d2b-03bda4f44792}.xpi [2015-02-09]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-09]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-06-30]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default\extensions\faststartff@gmail.com
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-30]
FF HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-02]
CHR Extension: (Google Drive) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-02]
CHR Extension: (YouTube) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-02]
CHR Extension: (Google Search) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-02]
CHR Extension: (Google Wallet) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-02]
CHR Extension: (Gmail) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-02]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2015-01-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0324461423494375mcinstcleanup; C:\Windows\TEMP\032446~1.EXE [851136 2014-08-08] (McAfee, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [759688 2014-07-08] (Cherished Technololgy LIMITED)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-09-04] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-07-18] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [229688 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-07-18] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238368 2014-07-18] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371288 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575984 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-07-18] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 16:48 - 2015-02-09 16:49 - 00016586 _____ () C:\Users\Anna Schmitt\Downloads\FRST.txt
2015-02-09 16:47 - 2015-02-09 16:48 - 00000000 ____D () C:\FRST
2015-02-09 16:47 - 2015-02-09 16:47 - 01124352 _____ (Farbar) C:\Users\Anna Schmitt\Downloads\FRST.exe
2015-02-09 16:44 - 2015-02-09 16:44 - 01883584 _____ (Avanquest Software ) C:\Users\Anna Schmitt\Downloads\PCSpeedMaximizer_PIH.exe
2015-02-09 14:10 - 2015-02-09 16:29 - 00000000 ____D () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-02-09 14:09 - 2015-02-09 14:09 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Roaming\RHEng
2015-02-09 14:07 - 2015-02-09 14:07 - 03533008 _____ (DVDVideoSoft Ltd. ) C:\Users\Anna Schmitt\Downloads\FreeYouTubeToMP3Converter.exe
2015-02-09 13:25 - 2015-02-09 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-07 20:01 - 2015-02-07 20:01 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-04 19:35 - 2015-02-09 16:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 08:12 - 2015-01-25 08:12 - 39565896 _____ (Amazon) C:\Users\Anna Schmitt\Downloads\AmazonMusicInstaller(1).exe
2015-01-16 12:34 - 2015-02-09 13:21 - 00000000 ___RD () C:\Users\Anna Schmitt\iCloudDrive
2015-01-16 12:34 - 2015-01-16 12:34 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Apple Inc
2015-01-16 12:27 - 2015-01-16 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-01-16 12:25 - 2015-01-16 12:25 - 71647536 _____ (Apple Inc.) C:\Users\Anna Schmitt\Downloads\icloudsetup.exe
2015-01-16 11:30 - 2015-01-16 11:52 - 00000000 ____D () C:\Users\Anna Schmitt\Desktop\DCIM1
2015-01-15 10:46 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 10:46 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 10:46 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-15 10:46 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 10:46 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 10:46 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 16:48 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 16:48 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 16:33 - 2014-07-06 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:32 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:32 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:30 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Roaming\DVDVideoSoft
2015-02-09 16:06 - 2014-06-30 15:09 - 00000000 ____D () C:\Program Files\McAfee
2015-02-09 16:03 - 2009-07-14 05:39 - 00043984 _____ () C:\Windows\setupact.log
2015-02-09 16:01 - 2014-06-30 13:51 - 01962491 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 14:41 - 2014-07-06 16:10 - 00000000 ____D () C:\Users\Anna Schmitt\Desktop\Programme
2015-02-09 13:47 - 2014-10-17 18:04 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Adobe
2015-02-09 13:25 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-09 13:20 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 17:04 - 2014-06-30 14:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-16 13:22 - 2014-06-30 14:30 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Roaming\Apple Computer
2015-01-16 13:22 - 2014-06-30 14:30 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Apple Computer
2015-01-16 13:17 - 2014-06-30 15:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 13:15 - 2014-06-30 15:29 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-16 12:35 - 2014-06-30 14:28 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Apple
2015-01-16 12:34 - 2014-06-30 13:56 - 00000000 ____D () C:\Users\Anna Schmitt
2015-01-16 12:29 - 2010-11-20 22:48 - 00023010 _____ () C:\Windows\PFRO.log
2015-01-16 12:27 - 2014-06-30 14:27 - 00000000 ____D () C:\Program Files\Common Files\Apple

==================== Files in the root of some directories =======

2014-06-30 14:39 - 2014-06-30 14:39 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Anna Schmitt\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Anna Schmitt\AppData\Local\Temp\sam__2268_il2696.exe
C:\Users\Anna Schmitt\AppData\Local\Temp\SIntf16.dll
C:\Users\Anna Schmitt\AppData\Local\Temp\SIntf32.dll
C:\Users\Anna Schmitt\AppData\Local\Temp\SIntfNT.dll
C:\Users\Anna Schmitt\AppData\Local\Temp\tmps.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 00:33

==================== End Of Log ============================
--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-02-2015
Ran by Anna Schmitt at 2015-02-09 16:49:56
Running from C:\Users\Anna Schmitt\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Photoshop 7.0.1 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.18.65 - Conexant)
Free Video to JPG Converter version 5.0.44.623 (HKLM\...\Free Video to JPG Converter_is1) (Version: 5.0.44.623 - DVDVideoSoft Ltd.)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{63EA2A2E-E67D-4A5A-9245-2A50353E2340}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
JMicron Ethernet Adapter NDIS Driver (HKLM\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.23.4 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.50.2 - JMicron Technology Corp.)
McAfee Internet Security (HKLM\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)
McAfee Online Backup (Version:  - McAfee, Inc.) Hidden
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
RollerCoaster Tycoon 3 (HKLM\...\RollerCoaster Tycoon 3_is1) (Version:  - Atari)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
WinRAR 5.10 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

15-12-2014 15:24:23 Windows Update
19-12-2014 15:29:43 Windows Update
27-12-2014 00:00:04 Geplanter Prüfpunkt
16-01-2015 12:26:29 Installed iCloud
16-01-2015 13:15:08 Windows Update
23-01-2015 17:34:35 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {26324757-FD86-445E-97FF-8FCF274595F0} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {50E3C6C0-8A39-4596-BE61-7941E6F6A607} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5FCB0FF2-3FAF-43F1-98D8-11BC3625F62E} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: {8B39D76A-04B9-41B7-8DF9-04154F58B8E5} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: {C787A167-44A0-455B-8489-1A1FA914249E} - System32\Tasks\{E77BD6A9-1791-4F40-8064-6F920200A0AD} => pcalua.exe -a "C:\Users\Anna Schmitt\AppData\Local\Temp\Temp1_VGA_nVidia_WIN7_32_z817125741.zip\setup.exe"
Task: {CF4A5059-4DD5-4BF4-A7F6-F00F9D8AA67A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) ==============

2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-06 15:39 - 2014-12-08 07:27 - 06277952 _____ () C:\Users\Anna Schmitt\AppData\Local\Amazon Music\Amazon Music Helper.exe
2010-04-13 19:11 - 2010-04-13 19:11 - 00077624 _____ () C:\Program Files\McAfee Online Backup\librs2.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 00237352 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2015-02-04 19:35 - 2015-02-04 19:35 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Anna Schmitt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Anna Schmitt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Product Registration.lnk => C:\Windows\pss\Product Registration.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Anna Schmitt\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: HP Officejet Pro 8500 A910 (NET) => "C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe" -deviceID "CN181DM215:NW" -scfn "HP Officejet Pro 8500 A910 (NET)" -AutoStart 1
MSCONFIG\startupreg: iTunesHelper => "D:\Programme\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t

==================== Accounts: =============================

Administrator (S-1-5-21-3632686917-1945200719-2163919785-500 - Administrator - Disabled)
Anna Schmitt (S-1-5-21-3632686917-1945200719-2163919785-1001 - Administrator - Enabled) => C:\Users\Anna Schmitt
Gast (S-1-5-21-3632686917-1945200719-2163919785-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3632686917-1945200719-2163919785-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2015 01:23:32 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {ae4df772-391e-40dc-bb65-4d85657b56a8}

Error: (02/09/2015 01:22:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2015 00:02:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RCT3plus.exe, Version: 3.2.8.13, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: RCT3plus.exe, Version: 3.2.8.13, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012ea1
ID des fehlerhaften Prozesses: 0x1a58
Startzeit der fehlerhaften Anwendung: 0xRCT3plus.exe0
Pfad der fehlerhaften Anwendung: RCT3plus.exe1
Pfad des fehlerhaften Moduls: RCT3plus.exe2
Berichtskennung: RCT3plus.exe3

Error: (02/08/2015 07:14:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 72796837

Error: (02/08/2015 07:14:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 72796837

Error: (02/08/2015 07:14:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/08/2015 07:14:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 72795807

Error: (02/08/2015 07:14:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 72795807

Error: (02/08/2015 07:14:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/08/2015 07:14:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 72794637


System errors:
=============
Error: (02/09/2015 02:12:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}

Error: (02/09/2015 01:22:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/07/2015 08:00:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TrustedInstaller erreicht.

Error: (02/06/2015 05:06:36 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/21/2015 07:47:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {88FB3FDD-8644-4236-A8F7-F35BCFC627E2}

Error: (01/16/2015 01:57:34 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 01:21:27 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 00:44:42 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 00:31:21 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/30/2014 00:48:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 60%
Total physical RAM: 2982.51 MB
Available physical RAM: 1177.19 MB
Total Pagefile: 5963.31 MB
Available Pagefile: 3931.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.39 GB) (Free:107.72 GB) NTFS
Drive d: () (Fixed) (Total:299.74 GB) (Free:297.31 GB) NTFS
Drive e: (RCT3) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=299.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

schrauber 09.02.2015 20:13
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Minnie89 09.02.2015 22:26
Combofix Logfile:
Code:
ComboFix 15-02-09.01 - Anna Schmitt 09.02.2015  21:17:06.1.4 - x86 MINIMAL
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2983.2269 [GMT 1:00]
ausgeführt von:: c:\users\Anna Schmitt\Downloads\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Config\ver.xml
c:\program files\SupTab\SuPTab.dll
c:\users\Anna Schmitt\AppData\Roaming\InetStat\inetstat.exe
c:\windows\IsUn0407.exe
c:\windows\system32\installd.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-01-09 bis 2015-02-09  ))))))))))))))))))))))))))))))
.
.
2015-02-09 20:21 . 2015-02-09 20:21        --------        d-----w-        c:\users\Anna Schmitt\AppData\Local\temp
2015-02-09 20:21 . 2015-02-09 20:21        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-02-09 16:33 . 2015-02-09 16:33        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-09 16:33 . 2015-02-09 16:33        701616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2015-02-09 15:47 . 2015-02-09 15:52        --------        d-----w-        C:\FRST
2015-02-09 13:09 . 2015-02-09 13:09        --------        d-----w-        c:\users\Anna Schmitt\AppData\Roaming\RHEng
2015-01-16 11:34 . 2015-02-09 20:04        --------        d-----r-        c:\users\Anna Schmitt\iCloudDrive
2015-01-16 11:34 . 2015-01-16 11:34        --------        d-----w-        c:\users\Anna Schmitt\AppData\Local\Apple Inc
2015-01-15 09:46 . 2014-12-12 05:11        3971512        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2015-01-15 09:46 . 2014-12-12 05:11        3916728        ----a-w-        c:\windows\system32\ntoskrnl.exe
2015-01-15 09:46 . 2014-12-11 17:47        46592        ----a-w-        c:\windows\system32\TSWbPrxy.exe
2015-01-15 09:46 . 2014-12-19 02:43        164864        ----a-w-        c:\windows\system32\profsvc.dll
2015-01-15 09:46 . 2014-12-06 03:50        242688        ----a-w-        c:\windows\system32\nlasvc.dll
2015-01-15 09:46 . 2014-12-19 01:34        116224        ----a-w-        c:\windows\system32\drivers\mrxdav.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-13 03:33 . 2014-12-18 19:13        115712        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-04 04:38 . 2014-12-11 11:37        337920        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-04 04:38 . 2014-12-11 11:37        610304        ----a-w-        c:\windows\system32\invagent.dll
2014-12-04 04:38 . 2014-12-11 11:37        315392        ----a-w-        c:\windows\system32\devinv.dll
2014-12-04 04:38 . 2014-12-11 11:37        728576        ----a-w-        c:\windows\system32\appraiser.dll
2014-12-04 04:38 . 2014-12-11 11:37        159744        ----a-w-        c:\windows\system32\aepic.dll
2014-12-04 04:38 . 2014-12-11 11:37        202752        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-04 04:34 . 2014-12-11 11:37        873984        ----a-w-        c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 11:37        1160872        ----a-w-        c:\windows\system32\aitstatic.exe
2014-11-22 02:20 . 2014-12-11 11:37        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-11-22 02:20 . 2014-12-11 11:37        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07 . 2014-12-11 11:37        501248        ----a-w-        c:\windows\system32\vbscript.dll
2014-11-22 02:07 . 2014-12-11 11:37        62464        ----a-w-        c:\windows\system32\iesetup.dll
2014-11-22 02:06 . 2014-12-11 11:37        47616        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 11:37        64000        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55 . 2014-12-11 11:37        102912        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54 . 2014-12-11 11:37        620032        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-11-22 01:48 . 2014-12-11 11:37        667648        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40 . 2014-12-11 11:37        60416        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 11:37        4299264        ----a-w-        c:\windows\system32\jscript9.dll
2014-11-22 01:22 . 2014-12-11 11:37        2052096        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 11:37        1155072        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00 . 2014-12-11 11:37        1888256        ----a-w-        c:\windows\system32\wininet.dll
2014-11-18 13:56 . 2014-11-18 13:56        1202848        ----a-w-        c:\windows\system32\FM20.DLL
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 18:11        2872120        ----a-w-        c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 18:11        2872120        ----a-w-        c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 18:11        2872120        ----a-w-        c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-11-21 43816]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816]
"iCloudDrive"="c:\program files\Common Files\Apple\Internet Services\iCloudDrive.exe" [2014-11-21 43816]
"Amazon Music"="c:\users\Anna Schmitt\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-12-08 6277952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 170008]
"mcpltui_exe"="c:\program files\Common Files\McAfee\Platform\mcuicnt.exe" [2014-08-05 497792]
"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe /f=srs_premium_sound_nopreset.zip /h [2014-6-30 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SupTab\SearchProtect32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Anna Schmitt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Product Registration.lnk]
path=c:\users\Anna Schmitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk
backup=c:\windows\pss\Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 07:48        1022152        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Amazon Music]
2014-12-08 06:27        6277952        ----a-w-        c:\users\Anna Schmitt\AppData\Local\Amazon Music\Amazon Music Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Officejet Pro 8500 A910 (NET)]
2012-10-17 02:05        1837672        ----a-w-        c:\program files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-10-15 04:42        157480        ----a-w-        d:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartAudio]
2009-11-19 11:45        307768        ------w-        c:\program files\CONEXANT\SAII\SAIICpl.exe
.
R1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-13 54776]
R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2014-07-30 286672]
R2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe [2014-07-08 759688]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2014-12-03 131136]
R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe [2014-09-04 529216]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2014-07-30 286672]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-07-30 286672]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2014-07-24 655936]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2014-07-18 169800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2014-07-18 179600]
R2 MOBKbackup;1%;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-13 229688]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2014-07-18 62832]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-09-23 147912]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-09-27 140376]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\DRIVERS\JME.sys [2010-10-05 113632]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2014-07-18 371288]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2014-07-24 349192]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2014-07-24 81296]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2014-07-18 217224]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-07-30 286672]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-09 16:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default\
FF - prefs.js: browser.search.selectedEngine - webssearches
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxps://de.search.yahoo.com/search?fr=mcafee&type=B111DE739D20140731&p=
user_pref(extensions.autoDisableScopes,14);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
HKLM-Run-fst_de_86 - (no file)
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-02-09  21:22:50
ComboFix-quarantined-files.txt  2015-02-09 20:22
.
Vor Suchlauf: 8 Verzeichnis(se), 119.764.123.648 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 119.889.645.568 Bytes frei
.
- - End Of File - - 0D47AC316BB59CD401836757FAA48C02
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

schrauber 10.02.2015 15:09
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Minnie89 10.02.2015 16:12
Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 10.02.2015
Suchlauf-Zeit: 15:18:14
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.10.07
Rootkit Datenbank: v2015.02.03.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Anna Schmitt

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 319796
Verstrichene Zeit: 22 Min, 6 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1428, Löschen bei Neustart, [5f7072aa7e0c360021bed2aaab56ed13]

Module: 1
PUP.Optional.Skytech.A, C:\Program Files\SupTab\DpInterface32.dll, Löschen bei Neustart, [418e7e9e503a81b5d5f7179553aeb34d],

Registrierungsschlüssel: 14
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, In Quarantäne, [5f7072aa7e0c360021bed2aaab56ed13],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [06c90319f3972a0c51fbdd2a3ac912ee],
PUP.Optional.FreeSoftToday.A, HKLM\SOFTWARE\FrEeSoFtOdAy, In Quarantäne, [d5fad8441773f93d7c8704a87f8423dd],
PUP.Optional.WPM.A, HKLM\SOFTWARE\supWindowsMangerProtect, In Quarantäne, [458a9b81503a57dfffcc59ae93723bc5],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\supWPM, In Quarantäne, [e2ed3be15139112555e2465dd1327f81],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\webssearchesSoftware, In Quarantäne, [3c93b9638cfe4fe79c0de4e110f3a759],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [cc03c458e9a17db9dab1fcf7010327d9],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPDP, In Quarantäne, [953a98848307d165d4311b885ea58e72],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, In Quarantäne, [597613093e4cd363e6502c7728dbfb05],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, In Quarantäne, [527da6765d2d0f279bcfbcdcc93a837d],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [bd12a17b7e0cb6802a41b6e2956e53ad],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-3632686917-1945200719-2163919785-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, In Quarantäne, [2ba42cf0b7d3b77f2c91a268d134fd03],
PUP.Optional.Qone8, HKU\S-1-5-21-3632686917-1945200719-2163919785-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [b31c58c433571d19cbbfa74c1aea0bf5],
PUP.Optional.FastStart.A, HKU\S-1-5-21-3632686917-1945200719-2163919785-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [a02fff1d820847ef17389010df249868],

Registrierungswerte: 4
PUP.Optional.FastStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default\extensions\faststartff@gmail.com, In Quarantäne, [953a4ece6d1d8aac04e632d43ec746ba]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPDP|dir, C:\Program Files\SupTab, In Quarantäne, [953a98848307d165d4311b885ea58e72]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, amt, In Quarantäne, [597613093e4cd363e6502c7728dbfb05]
PUP.Optional.FastStart.A, HKU\S-1-5-21-3632686917-1945200719-2163919785-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [a02fff1d820847ef17389010df249868]

Registrierungsdaten: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[37981efe088251e5b5722c8d48bdce32]

Ordner: 35
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\code, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\log, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Löschen bei Neustart, [e6e9a17b85058aac8dcb82e34fb46d93],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [e6e9a17b85058aac8dcb82e34fb46d93],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [597616062a604de92c5898cfdb2839c7],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, In Quarantäne, [597616062a604de92c5898cfdb2839c7],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [597616062a604de92c5898cfdb2839c7],
PUP.Optional.SupTab.A, C:\Program Files\SupTab, Löschen bei Neustart, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\weather, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\en-US, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\es-419, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\es-ES, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-BE, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-CA, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-CH, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-FR, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-LU, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\it-CH, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\it-IT, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pl, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pt, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pt-BR, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\ru, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\ru-MO, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\tr-TR, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\vi-VI, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\zh-CN, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\zh-TW, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.GenesisOffers, C:\Users\Anna Schmitt\AppData\Local\Genesis_07081817, In Quarantäne, [8748aa726228a78f5d65d49c36cd9769],

Dateien: 86
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Löschen bei Neustart, [5f7072aa7e0c360021bed2aaab56ed13],
PUP.Optional.Skytech.A, C:\Program Files\SupTab\DpInterface32.dll, Löschen bei Neustart, [418e7e9e503a81b5d5f7179553aeb34d],
PUP.Optional.Skytech.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\UninstallManager.exe, In Quarantäne, [f9d6d745eaa0e94d68642a8235ccd42c],
PUP.Optional.Skytech.A, C:\Program Files\SupTab\DpInterface64.dll, In Quarantäne, [ca0518043d4dca6c329a5b5140c157a9],
PUP.Optional.IEPluginService.A, C:\Program Files\SupTab\RSHP.exe, In Quarantäne, [448b908cf19915210eb9bbd41ee302fe],
PUP.Optional.Skytech.A, C:\Program Files\SupTab\SearchProtect64.dll, In Quarantäne, [3e91d547e4a639fd6b614b61897838c8],
PUP.Optional.Skytech.A, C:\Program Files\SupTab\SpAPPSv32.dll, In Quarantäne, [329d7ba12763c670ae1eebc130d1a45c],
PUP.Optional.Skytech.A, C:\Program Files\SupTab\SpAPPSv64.dll, In Quarantäne, [636ca27a74160036dcf0c6e6966b4cb4],
PUP.Optional.WebsSearches.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\webssearches.xml, In Quarantäne, [ba1558c46c1e3afc9219972e8281956b],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\136.json, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\MessageBox.xml, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\uninstallDlg2.xml, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\bg.png, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\bg1.png, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\bk_shadow.png, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\button.png, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\button1.png, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\checkbox.png, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\checkbox_select.png, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\checked.png, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\close.png, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\loading_bg.png, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\loading_light.png, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\min.png, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\scrollbar.bmp, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\Thumbs.db, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\unchecked.png, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\code\code1.jpg, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\code\code2.jpg, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\code\code3.jpg, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\code\code4.jpg, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\code\code5.jpg, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\code\code6.jpg, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\images\code\Thumbs.db, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.WebsSearches.A, C:\Users\Anna Schmitt\AppData\Roaming\webssearches\log\UninstallManager_2014-07-08[20-21-23-640].log, In Quarantäne, [ebe46ab283070432478387cf0102d030],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [e6e9a17b85058aac8dcb82e34fb46d93],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-07-08[20-15-47-440].log, In Quarantäne, [597616062a604de92c5898cfdb2839c7],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [597616062a604de92c5898cfdb2839c7],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\ient.json, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\install.data, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\WebDataJs, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\data.html, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\indexIE.html, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\indexIE8.html, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\main.css, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\ver.txt, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\arrow.png, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\default_add_logo.png, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\default_add_logo_hover.png, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\default_logo.png, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\googlelogo.png, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\googlelogo2.png, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\google_trends.png, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\icon128.png, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\icon16.png, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\icon48.png, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\loading.gif, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\logo32.ico, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\weather\0.png, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\common.js, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\ga.js, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\ie8.js, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\js.js, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\library.js, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\xagainit.js, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pl\messages.json, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pt\messages.json, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\ru\messages.json, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [fdd2f02cf09aa492af2ff577b0532fd1],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

AdwCleaner Logfile:
Code:
# AdwCleaner v4.110 - Bericht erstellt 10/02/2015 um 15:54:41
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-09.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : Anna Schmitt - ANNA-PC
# Gestarted von : C:\Users\Anna Schmitt\Downloads\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\predm
Ordner Gelöscht : C:\Users\Anna Schmitt\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Anna Schmitt\AppData\Roaming\Uniblue
Ordner Gelöscht : C:\Users\Anna Schmitt\AppData\Roaming\RHEng
Datei Gelöscht : C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default\invalidprefs.js
Datei Gelöscht : C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default\user.js

***** [ Geplante Tasks ] *****

Task Gelöscht : SpeedUpMyPC Maintenance
Task Gelöscht : SpeedUpMyPC Startup

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\PositiveFinds
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SupTab\SEARCH~1.DLL
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 de)

[bhjwiw7p.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "webssearches");

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [2181 Bytes] - [10/02/2015 15:52:32]
AdwCleaner[S0].txt - [2056 Bytes] - [10/02/2015 15:54:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2115  Bytes] ##########
--- --- ---JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x86
Ran by Anna Schmitt on 10.02.2015 at 15:59:40,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Anna Schmitt\AppData\Roaming\mozilla\firefox\profiles\bhjwiw7p.default\minidumps [12 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.02.2015 at 16:05:35,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015
Ran by Anna Schmitt (administrator) on ANNA-PC on 10-02-2015 16:08:36
Running from C:\Users\Anna Schmitt\Downloads
Loaded Profiles: Anna Schmitt (Available profiles: Anna Schmitt)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Apple Inc.) D:\Programme\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
() C:\Users\Anna Schmitt\AppData\Local\Amazon Music\Amazon Music Helper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
Failed to access process -> dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [497792 2014-08-05] (McAfee, Inc.)
HKLM\...\Run: [iTunesHelper] => D:\Programme\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [Amazon Music] => C:\Users\Anna Schmitt\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe (Acresso Software Inc.)
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53462;https=127.0.0.1:53462
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3632686917-1945200719-2163919785-1001 -> {5EAB7D68-45C5-4998-BEC0-D6366D43FC9B} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE739D20140731&p={SearchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default
FF SearchEngineOrder.1: Sichere Suche
FF Homepage: about:home
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE739D20140731&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: iCloud Bookmarks - C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default\Extensions\firefoxdav@icloud.com [2015-01-16]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-09]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-06-30]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-30]
FF HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-02]
CHR Extension: (Google Drive) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-02]
CHR Extension: (YouTube) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-02]
CHR Extension: (Google Search) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-02]
CHR Extension: (Google Wallet) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-02]
CHR Extension: (Gmail) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-02]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2015-01-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-09-04] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-07-18] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [229688 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-07-18] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238368 2014-07-18] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371288 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575984 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-07-18] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
S3 catchme; \??\C:\Users\ANNASC~1\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 16:05 - 2015-02-10 16:05 - 00000771 _____ () C:\Users\Anna Schmitt\Desktop\JRT.txt
2015-02-10 16:00 - 2015-02-10 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-10 15:59 - 2015-02-10 15:59 - 01388274 _____ (Thisisu) C:\Users\Anna Schmitt\Downloads\JRT.exe
2015-02-10 15:51 - 2015-02-10 15:54 - 00000000 ____D () C:\AdwCleaner
2015-02-10 15:51 - 2015-02-10 15:51 - 02112512 _____ () C:\Users\Anna Schmitt\Downloads\AdwCleaner_4.110.exe
2015-02-10 15:48 - 2015-02-10 15:48 - 00020183 _____ () C:\Users\Anna Schmitt\Desktop\mbam.txt
2015-02-10 15:16 - 2015-02-10 15:56 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 15:16 - 2015-02-10 15:16 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-10 15:16 - 2015-02-10 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-10 15:16 - 2015-02-10 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-10 15:16 - 2015-02-10 15:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-10 15:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-10 15:16 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-10 15:16 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-10 15:15 - 2015-02-10 15:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Anna Schmitt\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-09 21:22 - 2015-02-09 21:22 - 00013584 _____ () C:\ComboFix.txt
2015-02-09 21:10 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-09 21:10 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-09 21:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-09 21:09 - 2015-02-09 21:22 - 00000000 ____D () C:\Windows\erdnt
2015-02-09 21:09 - 2015-02-09 21:22 - 00000000 ____D () C:\Qoobox
2015-02-09 17:33 - 2015-02-10 15:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 17:33 - 2015-02-09 17:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-09 17:33 - 2015-02-09 17:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-09 16:49 - 2015-02-09 16:52 - 00017241 _____ () C:\Users\Anna Schmitt\Downloads\Addition.txt
2015-02-09 16:48 - 2015-02-10 16:08 - 00014985 _____ () C:\Users\Anna Schmitt\Downloads\FRST.txt
2015-02-09 16:47 - 2015-02-10 16:08 - 00000000 ____D () C:\FRST
2015-02-09 16:47 - 2015-02-09 16:47 - 01124352 _____ (Farbar) C:\Users\Anna Schmitt\Downloads\FRST.exe
2015-02-09 16:44 - 2015-02-09 16:44 - 01883584 _____ (Avanquest Software ) C:\Users\Anna Schmitt\Downloads\PCSpeedMaximizer_PIH.exe
2015-02-07 20:01 - 2015-02-07 20:01 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-04 19:35 - 2015-02-09 16:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 08:12 - 2015-01-25 08:12 - 39565896 _____ (Amazon) C:\Users\Anna Schmitt\Downloads\AmazonMusicInstaller(1).exe
2015-01-16 12:34 - 2015-02-10 15:56 - 00000000 ___RD () C:\Users\Anna Schmitt\iCloudDrive
2015-01-16 12:34 - 2015-01-16 12:34 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Apple Inc
2015-01-16 12:27 - 2015-01-16 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-01-16 12:25 - 2015-01-16 12:25 - 71647536 _____ (Apple Inc.) C:\Users\Anna Schmitt\Downloads\icloudsetup.exe
2015-01-16 11:30 - 2015-01-16 11:52 - 00000000 ____D () C:\Users\Anna Schmitt\Desktop\DCIM1
2015-01-15 10:46 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 10:46 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 10:46 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-15 10:46 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 10:46 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 10:46 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 16:03 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-10 16:03 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-10 15:55 - 2014-06-30 13:51 - 02035811 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 15:55 - 2010-11-20 22:48 - 00056204 _____ () C:\Windows\PFRO.log
2015-02-10 15:55 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-10 15:55 - 2009-07-14 05:39 - 00044544 _____ () C:\Windows\setupact.log
2015-02-09 21:22 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-09 21:21 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-09 21:03 - 2014-06-30 15:09 - 00000000 ____D () C:\Program Files\McAfee
2015-02-09 17:59 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-09 17:49 - 2014-07-06 16:10 - 00000000 ____D () C:\Users\Anna Schmitt\Desktop\Programme
2015-02-09 17:33 - 2014-10-17 18:04 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Adobe
2015-02-09 16:33 - 2014-07-06 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:32 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:32 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:30 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Roaming\DVDVideoSoft
2015-02-06 17:04 - 2014-06-30 14:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-16 13:22 - 2014-06-30 14:30 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Roaming\Apple Computer
2015-01-16 13:22 - 2014-06-30 14:30 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Apple Computer
2015-01-16 13:17 - 2014-06-30 15:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 13:15 - 2014-06-30 15:29 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-16 12:35 - 2014-06-30 14:28 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Apple
2015-01-16 12:34 - 2014-06-30 13:56 - 00000000 ____D () C:\Users\Anna Schmitt
2015-01-16 12:27 - 2014-06-30 14:27 - 00000000 ____D () C:\Program Files\Common Files\Apple

==================== Files in the root of some directories =======

2014-06-30 14:39 - 2014-06-30 14:39 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Anna Schmitt\AppData\Local\temp\Quarantine.exe
C:\Users\Anna Schmitt\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 00:33

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015
Ran by Anna Schmitt (administrator) on ANNA-PC on 10-02-2015 16:08:36
Running from C:\Users\Anna Schmitt\Downloads
Loaded Profiles: Anna Schmitt (Available profiles: Anna Schmitt)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Apple Inc.) D:\Programme\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
() C:\Users\Anna Schmitt\AppData\Local\Amazon Music\Amazon Music Helper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
Failed to access process -> dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [497792 2014-08-05] (McAfee, Inc.)
HKLM\...\Run: [iTunesHelper] => D:\Programme\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [Amazon Music] => C:\Users\Anna Schmitt\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe (Acresso Software Inc.)
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53462;https=127.0.0.1:53462
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3632686917-1945200719-2163919785-1001 -> {5EAB7D68-45C5-4998-BEC0-D6366D43FC9B} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE739D20140731&p={SearchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default
FF SearchEngineOrder.1: Sichere Suche
FF Homepage: about:home
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE739D20140731&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: iCloud Bookmarks - C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default\Extensions\firefoxdav@icloud.com [2015-01-16]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-09]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-06-30]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-30]
FF HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-02]
CHR Extension: (Google Drive) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-02]
CHR Extension: (YouTube) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-02]
CHR Extension: (Google Search) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-02]
CHR Extension: (Google Wallet) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-02]
CHR Extension: (Gmail) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-02]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2015-01-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-09-04] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-07-18] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [229688 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-07-18] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238368 2014-07-18] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371288 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575984 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-07-18] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
S3 catchme; \??\C:\Users\ANNASC~1\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 16:05 - 2015-02-10 16:05 - 00000771 _____ () C:\Users\Anna Schmitt\Desktop\JRT.txt
2015-02-10 16:00 - 2015-02-10 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-10 15:59 - 2015-02-10 15:59 - 01388274 _____ (Thisisu) C:\Users\Anna Schmitt\Downloads\JRT.exe
2015-02-10 15:51 - 2015-02-10 15:54 - 00000000 ____D () C:\AdwCleaner
2015-02-10 15:51 - 2015-02-10 15:51 - 02112512 _____ () C:\Users\Anna Schmitt\Downloads\AdwCleaner_4.110.exe
2015-02-10 15:48 - 2015-02-10 15:48 - 00020183 _____ () C:\Users\Anna Schmitt\Desktop\mbam.txt
2015-02-10 15:16 - 2015-02-10 15:56 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 15:16 - 2015-02-10 15:16 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-10 15:16 - 2015-02-10 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-10 15:16 - 2015-02-10 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-10 15:16 - 2015-02-10 15:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-10 15:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-10 15:16 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-10 15:16 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-10 15:15 - 2015-02-10 15:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Anna Schmitt\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-09 21:22 - 2015-02-09 21:22 - 00013584 _____ () C:\ComboFix.txt
2015-02-09 21:10 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-09 21:10 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-09 21:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-09 21:09 - 2015-02-09 21:22 - 00000000 ____D () C:\Windows\erdnt
2015-02-09 21:09 - 2015-02-09 21:22 - 00000000 ____D () C:\Qoobox
2015-02-09 17:33 - 2015-02-10 15:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 17:33 - 2015-02-09 17:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-09 17:33 - 2015-02-09 17:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-09 16:49 - 2015-02-09 16:52 - 00017241 _____ () C:\Users\Anna Schmitt\Downloads\Addition.txt
2015-02-09 16:48 - 2015-02-10 16:08 - 00014985 _____ () C:\Users\Anna Schmitt\Downloads\FRST.txt
2015-02-09 16:47 - 2015-02-10 16:08 - 00000000 ____D () C:\FRST
2015-02-09 16:47 - 2015-02-09 16:47 - 01124352 _____ (Farbar) C:\Users\Anna Schmitt\Downloads\FRST.exe
2015-02-09 16:44 - 2015-02-09 16:44 - 01883584 _____ (Avanquest Software ) C:\Users\Anna Schmitt\Downloads\PCSpeedMaximizer_PIH.exe
2015-02-07 20:01 - 2015-02-07 20:01 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-04 19:35 - 2015-02-09 16:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 08:12 - 2015-01-25 08:12 - 39565896 _____ (Amazon) C:\Users\Anna Schmitt\Downloads\AmazonMusicInstaller(1).exe
2015-01-16 12:34 - 2015-02-10 15:56 - 00000000 ___RD () C:\Users\Anna Schmitt\iCloudDrive
2015-01-16 12:34 - 2015-01-16 12:34 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Apple Inc
2015-01-16 12:27 - 2015-01-16 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-01-16 12:25 - 2015-01-16 12:25 - 71647536 _____ (Apple Inc.) C:\Users\Anna Schmitt\Downloads\icloudsetup.exe
2015-01-16 11:30 - 2015-01-16 11:52 - 00000000 ____D () C:\Users\Anna Schmitt\Desktop\DCIM1
2015-01-15 10:46 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 10:46 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 10:46 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-15 10:46 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 10:46 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 10:46 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 16:03 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-10 16:03 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-10 15:55 - 2014-06-30 13:51 - 02035811 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 15:55 - 2010-11-20 22:48 - 00056204 _____ () C:\Windows\PFRO.log
2015-02-10 15:55 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-10 15:55 - 2009-07-14 05:39 - 00044544 _____ () C:\Windows\setupact.log
2015-02-09 21:22 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-09 21:21 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-09 21:03 - 2014-06-30 15:09 - 00000000 ____D () C:\Program Files\McAfee
2015-02-09 17:59 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-09 17:49 - 2014-07-06 16:10 - 00000000 ____D () C:\Users\Anna Schmitt\Desktop\Programme
2015-02-09 17:33 - 2014-10-17 18:04 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Adobe
2015-02-09 16:33 - 2014-07-06 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:32 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:32 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:30 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Roaming\DVDVideoSoft
2015-02-06 17:04 - 2014-06-30 14:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-16 13:22 - 2014-06-30 14:30 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Roaming\Apple Computer
2015-01-16 13:22 - 2014-06-30 14:30 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Apple Computer
2015-01-16 13:17 - 2014-06-30 15:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 13:15 - 2014-06-30 15:29 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-16 12:35 - 2014-06-30 14:28 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Apple
2015-01-16 12:34 - 2014-06-30 13:56 - 00000000 ____D () C:\Users\Anna Schmitt
2015-01-16 12:27 - 2014-06-30 14:27 - 00000000 ____D () C:\Program Files\Common Files\Apple

==================== Files in the root of some directories =======

2014-06-30 14:39 - 2014-06-30 14:39 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Anna Schmitt\AppData\Local\temp\Quarantine.exe
C:\Users\Anna Schmitt\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 00:33

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 11.02.2015 07:02

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Minnie89 11.02.2015 17:48
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d231aefb4730f943bb10538587a1f67e
# engine=22416
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-11 11:25:53
# local_time=2015-02-11 12:25:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5124 16777214 88 100 10091608 50901839 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 19505811 175285144 0 0
# scanned=398
# found=0
# cleaned=0
# scan_time=1171
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d231aefb4730f943bb10538587a1f67e
# engine=22416
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-11 04:37:08
# local_time=2015-02-11 05:37:08 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5124 16777214 88 100 10110283 50920514 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 19524486 175303819 0 0
# scanned=162492
# found=16
# cleaned=0
# scan_time=18608
sh=9042385F0336C5429FCD45FC347CC29A9BC06BB0 ft=1 fh=a7a426d7c77c80fb vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SupTab\SuPTab.dll.vir"
sh=CA422851421ADC99403249CC7203DEDCA0B4B3F3 ft=1 fh=7524831eeb94e3ff vn="Win32/RiskWare.Astori.A Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Anna Schmitt\AppData\Roaming\InetStat\inetstat.exe.vir"
sh=A803702665D9ED551E87E3CAAE03430B65556AD4 ft=1 fh=5e64ea2b62c6d3ae vn="Variante von Win32/Amonetize.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Windows\System32\installd.exe.vir"
sh=7CD0BAF0CE1BAF99CA21CD861AA1388B537820F3 ft=1 fh=da0bb244a02fa625 vn="Variante von Win32/AdWare.SpeedingUpMyPC.S Anwendung" ac=I fn="C:\Users\Anna Schmitt\Downloads\PCSpeedMaximizer_PIH.exe"
sh=2F555F4DFFDEF7F0E188C63F26692E7909A7D523 ft=1 fh=26d539751cacd29e vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Anna Schmitt\Downloads\SUPERsetup_CB-DL-Manager.exe"
sh=43AF0139AB9A1F7BCB5223ADB9A113D778C22741 ft=1 fh=26d53975c94e791c vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Anna Schmitt\Downloads\verkleinerer17b_CB-DL-Manager.exe"
sh=8BCD6F8432D4A2EB07747A7E20BBF8927AA6D511 ft=1 fh=f8caf38a8ba5c213 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Anna\Desktop\Programme\ashampoo_cover_studio_2_2.2.0_sm.exe"
sh=92C402DFA62DB3A964D8893533B1EE60EE79F222 ft=1 fh=c717cc7b49ead004 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\7ZipSetup.exe"
sh=16C7F2DF0628B4C032E7923ECDB04779806A197C ft=1 fh=8fa83ea6fdf62524 vn="Variante von Win32/Toolbar.Babylon.A evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\Babylon9_setup.exe"
sh=71AC1AD9699E3054721A87DDF60D4C3E6FDB53E7 ft=1 fh=510fc5c4bbfbcb9c vn="Variante von Win32/InstallCore.AY evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\Firefox_Setup_15.0.1.exe"
sh=846D95D63EDE9508EFC7CEEE1D145D7CE62988C3 ft=1 fh=ec23a4ae3310ce50 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\FreeYouTubetoMP3Converter(1).exe"
sh=AA190194CD322F27B81B57B66F0E48B16DDF09FC ft=1 fh=7a1e2a1eaadddca3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\FreeYouTubeToMP3Converter(2).exe"
sh=E8CD33623287C08C7CC3662A042E45522654BB30 ft=1 fh=7cd3b160b0dbd4bd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\FreeYouTubeToMP3Converter(3).exe"
sh=F7260CE69E39008609AC6570C2013A39315C46F5 ft=1 fh=c8129b0266621a88 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\FreeYouTubeToMP3Converter(4).exe"
sh=8D4A1921C158B587030F1DF49C2012C3E0C82FEA ft=1 fh=c1343073867c1b26 vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\IDMSetup_3230.exe"
sh=1447092BA29779C726829611180994E17718C412 ft=1 fh=23f22b72eb3a5b90 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\PDFCreator-1_7_2_setup_offline.exe"
Bei ESET wurden 16 infizierte Dateien gefunden. Was soll ich jetzt machen? ESET samt der Dateien löschen?
Security Check kann nicht ausgeführt werden, da das hier immer kommt :
" UNSUPPORTED OPERATING SYSTEM! ABORTED!"
Soll ich trotzdem nochmal FRST drüberlaufen lassen?

schrauber 12.02.2015 06:20
Ja, FRST bitte und meine Frage beantworten :)

Minnie89 12.02.2015 16:56
Habe security check nochmal laufen lassen: hier das Resultat
Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
McAfee Anti-Virus und Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
McAfee SiteAdvisor
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader XI
Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
McAfee Online Backup MOBKbackup.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


Hier FRST:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2015 02
Ran by Anna Schmitt (administrator) on ANNA-PC on 12-02-2015 16:47:29
Running from C:\Users\Anna Schmitt\Downloads
Loaded Profiles: Anna Schmitt (Available profiles: Anna Schmitt)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Apple Inc.) D:\Programme\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
() C:\Users\Anna Schmitt\AppData\Local\Amazon Music\Amazon Music Helper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [497792 2014-08-05] (McAfee, Inc.)
HKLM\...\Run: [iTunesHelper] => D:\Programme\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [Amazon Music] => C:\Users\Anna Schmitt\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe (Acresso Software Inc.)
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53462;https=127.0.0.1:53462
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3632686917-1945200719-2163919785-1001 -> {5EAB7D68-45C5-4998-BEC0-D6366D43FC9B} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE739D20140731&p={SearchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default
FF SearchEngineOrder.1: Sichere Suche
FF Homepage: about:home
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE739D20140731&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: iCloud Bookmarks - C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default\Extensions\firefoxdav@icloud.com [2015-01-16]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-09]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-06-30]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-30]
FF HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-02]
CHR Extension: (Google Drive) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-02]
CHR Extension: (YouTube) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-02]
CHR Extension: (Google Search) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-02]
CHR Extension: (Google Wallet) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-02]
CHR Extension: (Gmail) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-02]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2015-01-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-09-04] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-07-18] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [229688 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-07-30] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-07-18] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238368 2014-07-18] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371288 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575984 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-07-18] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
S3 catchme; \??\C:\Users\ANNASC~1\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 16:47 - 2015-02-12 16:47 - 00000000 ____D () C:\Users\Anna Schmitt\Downloads\FRST-OlderVersion
2015-02-12 16:39 - 2015-02-12 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-11 17:45 - 2015-02-11 17:45 - 00852594 _____ () C:\Users\Anna Schmitt\Downloads\SecurityCheck(1).exe
2015-02-11 12:43 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 12:43 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 12:43 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 12:43 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 12:43 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 12:43 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 12:43 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 12:43 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 12:43 - 2015-01-10 07:31 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 12:43 - 2015-01-10 07:31 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 12:43 - 2015-01-10 07:27 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 12:43 - 2015-01-10 07:27 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 12:43 - 2015-01-10 07:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 12:43 - 2015-01-10 07:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 12:43 - 2015-01-10 07:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 12:43 - 2015-01-10 07:23 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 12:43 - 2014-12-30 00:29 - 00370480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 12:42 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 12:42 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 12:42 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 12:42 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 12:42 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 12:42 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 12:42 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 12:42 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 12:42 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 12:42 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 12:42 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 12:42 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 12:42 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 12:42 - 2015-01-12 02:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 12:42 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 12:42 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 12:42 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 12:42 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 12:42 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 12:42 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 12:42 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 12:42 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 12:42 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 12:42 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 12:42 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 12:42 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 12:42 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 12:42 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 12:42 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 12:42 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 12:42 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 12:42 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 12:42 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 12:42 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 12:42 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 11:56 - 2015-02-11 11:56 - 00000000 ____D () C:\Program Files\ESET
2015-02-10 16:05 - 2015-02-10 16:05 - 00000771 _____ () C:\Users\Anna Schmitt\Desktop\JRT.txt
2015-02-10 15:59 - 2015-02-10 15:59 - 01388274 _____ (Thisisu) C:\Users\Anna Schmitt\Downloads\JRT.exe
2015-02-10 15:51 - 2015-02-10 15:54 - 00000000 ____D () C:\AdwCleaner
2015-02-10 15:51 - 2015-02-10 15:51 - 02112512 _____ () C:\Users\Anna Schmitt\Downloads\AdwCleaner_4.110.exe
2015-02-10 15:48 - 2015-02-10 15:48 - 00020183 _____ () C:\Users\Anna Schmitt\Desktop\mbam.txt
2015-02-10 15:16 - 2015-02-12 16:34 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 15:16 - 2015-02-10 15:16 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-10 15:16 - 2015-02-10 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-10 15:16 - 2015-02-10 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-10 15:16 - 2015-02-10 15:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-10 15:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-10 15:16 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-10 15:16 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-10 15:15 - 2015-02-10 15:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Anna Schmitt\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-09 21:22 - 2015-02-09 21:22 - 00013584 _____ () C:\ComboFix.txt
2015-02-09 21:10 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-09 21:10 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-09 21:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-09 21:09 - 2015-02-09 21:22 - 00000000 ____D () C:\Windows\erdnt
2015-02-09 21:09 - 2015-02-09 21:22 - 00000000 ____D () C:\Qoobox
2015-02-09 17:33 - 2015-02-12 16:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 17:33 - 2015-02-09 17:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-09 17:33 - 2015-02-09 17:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-09 16:49 - 2015-02-09 16:52 - 00017241 _____ () C:\Users\Anna Schmitt\Downloads\Addition.txt
2015-02-09 16:48 - 2015-02-12 16:47 - 00014843 _____ () C:\Users\Anna Schmitt\Downloads\FRST.txt
2015-02-09 16:47 - 2015-02-12 16:47 - 01125376 _____ (Farbar) C:\Users\Anna Schmitt\Downloads\FRST.exe
2015-02-09 16:47 - 2015-02-12 16:47 - 00000000 ____D () C:\FRST
2015-02-09 16:44 - 2015-02-09 16:44 - 01883584 _____ (Avanquest Software ) C:\Users\Anna Schmitt\Downloads\PCSpeedMaximizer_PIH.exe
2015-02-07 20:01 - 2015-02-07 20:01 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-04 19:35 - 2015-02-09 16:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 08:12 - 2015-01-25 08:12 - 39565896 _____ (Amazon) C:\Users\Anna Schmitt\Downloads\AmazonMusicInstaller(1).exe
2015-01-16 12:34 - 2015-02-12 16:33 - 00000000 ___RD () C:\Users\Anna Schmitt\iCloudDrive
2015-01-16 12:34 - 2015-01-16 12:34 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Apple Inc
2015-01-16 12:27 - 2015-01-16 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-01-16 12:25 - 2015-01-16 12:25 - 71647536 _____ (Apple Inc.) C:\Users\Anna Schmitt\Downloads\icloudsetup.exe
2015-01-16 11:30 - 2015-01-16 11:52 - 00000000 ____D () C:\Users\Anna Schmitt\Desktop\DCIM1
2015-01-15 10:46 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 10:46 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 10:46 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-15 10:46 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 10:46 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 10:46 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 16:43 - 2014-06-30 13:51 - 02024044 _____ () C:\Windows\WindowsUpdate.log
2015-02-12 16:40 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-12 16:40 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-12 16:32 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-12 16:32 - 2009-07-14 05:39 - 00045619 _____ () C:\Windows\setupact.log
2015-02-12 16:30 - 2014-12-15 15:50 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 16:30 - 2014-06-30 18:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 16:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-02-12 16:29 - 2014-06-30 14:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 17:54 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-10 15:55 - 2010-11-20 22:48 - 00056204 _____ () C:\Windows\PFRO.log
2015-02-09 21:22 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-09 21:21 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-09 21:03 - 2014-06-30 15:09 - 00000000 ____D () C:\Program Files\McAfee
2015-02-09 17:49 - 2014-07-06 16:10 - 00000000 ____D () C:\Users\Anna Schmitt\Desktop\Programme
2015-02-09 17:33 - 2014-10-17 18:04 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Adobe
2015-02-09 16:33 - 2014-07-06 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:32 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:32 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:30 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Roaming\DVDVideoSoft
2015-02-06 17:04 - 2014-06-30 14:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-16 13:22 - 2014-06-30 14:30 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Roaming\Apple Computer
2015-01-16 13:22 - 2014-06-30 14:30 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Apple Computer
2015-01-16 13:17 - 2014-06-30 15:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 13:15 - 2014-06-30 15:29 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-16 12:35 - 2014-06-30 14:28 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Apple
2015-01-16 12:34 - 2014-06-30 13:56 - 00000000 ____D () C:\Users\Anna Schmitt
2015-01-16 12:27 - 2014-06-30 14:27 - 00000000 ____D () C:\Program Files\Common Files\Apple

==================== Files in the root of some directories =======

2014-06-30 14:39 - 2014-06-30 14:39 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Anna Schmitt\AppData\Local\temp\Quarantine.exe
C:\Users\Anna Schmitt\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 00:33

==================== End Of Log ============================
--- --- ---
Ich hatte nach Combofix keine Probleme mehr.
Wenn ich nochmal so einen Befall hätte, könnte ich dann das Gleiche nochmal machen? Alle Programme nacheinander drüberlaufen lassen?
Welches Anitviren/Antimalware Programm empfiehlt denn der Fachmann? Im Moment ist McAfee drauf, aber ist das denn auch gut?

Ich will mich auch noch ganz ganz rechtherzlich für die schnelle und vor allem kompetente Hilfe bedanken. Vielen vielen Dank dafür. Ich werde die Seite jedem, der Probleme hat weiterempfehlen.
Liebe Grüße
Anna

schrauber 13.02.2015 06:30
Nein, das is immer individuell. Aber MBAM und AdwCleaner kann man schon nutzen.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\Anna Schmitt\Downloads\PCSpeedMaximizer_PIH.exe

C:\Users\Anna Schmitt\Downloads\SUPERsetup_CB-DL-Manager.exe

C:\Users\Anna Schmitt\Downloads\verkleinerer17b_CB-DL-Manager.exe

G:\Anna\Desktop\Programme\ashampoo_cover_studio_2_2.2.0_sm.exe

G:\Downloads\7ZipSetup.exe

G:\Downloads\Babylon9_setup.exe

G:\Downloads\Firefox_Setup_15.0.1.exe

G:\Downloads\FreeYouTubetoMP3Converter(1).exe

G:\Downloads\FreeYouTubeToMP3Converter(2).exe

G:\Downloads\FreeYouTubeToMP3Converter(3).exe

G:\Downloads\FreeYouTubeToMP3Converter(4).exe

G:\Downloads\IDMSetup_3230.exe

G:\Downloads\PDFCreator-1_7_2_setup_offline.exe
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53462;https=127.0.0.1:53462
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Frisches FRST Log bitte.

Ich empfehle immer Emsisoft, ich arbeite aber auch dort :)

Minnie89 17.02.2015 12:27
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by Anna Schmitt (administrator) on ANNA-PC on 17-02-2015 12:11:55
Running from C:\Users\Anna Schmitt\Downloads
Loaded Profiles: Anna Schmitt (Available profiles: Anna Schmitt)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) D:\Programme\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
() C:\Users\Anna Schmitt\AppData\Local\Amazon Music\Amazon Music Helper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McV61FF.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\UPDMGR\3.0.225.1\mcupdatemgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUDC0D.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulAlert.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)
HKLM\...\Run: [iTunesHelper] => D:\Programme\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [Amazon Music] => C:\Users\Anna Schmitt\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe (Acresso Software Inc.)
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53462;https=127.0.0.1:53462
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3632686917-1945200719-2163919785-1001 -> {5EAB7D68-45C5-4998-BEC0-D6366D43FC9B} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE739D20140731&p={SearchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default
FF SearchEngineOrder.1: Sichere Suche
FF Homepage: about:home
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE739D20140731&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: iCloud Bookmarks - C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default\Extensions\firefoxdav@icloud.com [2015-01-16]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-09]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-06-30]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-30]
FF HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-02]
CHR Extension: (Google Drive) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-02]
CHR Extension: (YouTube) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-02]
CHR Extension: (Google Search) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-02]
CHR Extension: (Google Wallet) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-02]
CHR Extension: (Gmail) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-02]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2015-01-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0060651424168633mcinstcleanup; C:\Windows\TEMP\006065~1.EXE [851136 2014-08-08] (McAfee, Inc.)
S2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-10-06] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-12-03] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [229688 2010-04-13] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
S3 catchme; \??\C:\Users\ANNASC~1\AppData\Local\Temp\catchme.sys [X]
U3 mfeavfk01; No ImagePath
U3 mfehidk01; No ImagePath
U3 mfencbdc01; No ImagePath
U3 mfencbdc02; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 11:27 - 2013-09-23 13:48 - 00147912 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-02-17 11:20 - 2015-02-17 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-13 00:54 - 2015-02-13 00:54 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Microsoft Games
2015-02-12 16:47 - 2015-02-17 12:11 - 00000000 ____D () C:\Users\Anna Schmitt\Downloads\FRST-OlderVersion
2015-02-12 16:42 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 16:42 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 17:45 - 2015-02-11 17:45 - 00852594 _____ () C:\Users\Anna Schmitt\Downloads\SecurityCheck(1).exe
2015-02-11 12:44 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 12:44 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 12:44 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 12:44 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 12:44 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 12:44 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 12:44 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 12:44 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 12:44 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 12:44 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 12:44 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 12:44 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 12:44 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 12:43 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 12:43 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 12:43 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 12:43 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 12:43 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 12:43 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 12:43 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 12:43 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 12:43 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 12:43 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 12:43 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 12:43 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 12:43 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 12:43 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-02-11 12:42 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 12:42 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 12:42 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 12:42 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 12:42 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 12:42 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 12:42 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 12:42 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 12:42 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 12:42 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 12:42 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 12:42 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 12:42 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 12:42 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 12:42 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 12:42 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 12:42 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 12:42 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 12:42 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 12:42 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 12:42 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 12:42 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 12:42 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 12:42 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 12:42 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 12:42 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 12:42 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 12:42 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 12:42 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 12:42 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 12:42 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 12:42 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 12:42 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 15:59 - 2015-02-10 15:59 - 01388274 _____ (Thisisu) C:\Users\Anna Schmitt\Downloads\JRT.exe
2015-02-10 15:51 - 2015-02-10 15:54 - 00000000 ____D () C:\AdwCleaner
2015-02-10 15:51 - 2015-02-10 15:51 - 02112512 _____ () C:\Users\Anna Schmitt\Downloads\AdwCleaner_4.110.exe
2015-02-10 15:16 - 2015-02-17 12:00 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 15:16 - 2015-02-10 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-10 15:16 - 2015-02-10 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-10 15:16 - 2015-02-10 15:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-10 15:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-10 15:16 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-10 15:16 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-10 15:15 - 2015-02-10 15:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Anna Schmitt\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-09 21:22 - 2015-02-09 21:22 - 00013584 _____ () C:\ComboFix.txt
2015-02-09 21:10 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-09 21:10 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-09 21:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-09 21:09 - 2015-02-09 21:22 - 00000000 ____D () C:\Windows\erdnt
2015-02-09 21:09 - 2015-02-09 21:22 - 00000000 ____D () C:\Qoobox
2015-02-09 17:33 - 2015-02-17 11:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 17:33 - 2015-02-09 17:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-09 17:33 - 2015-02-09 17:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-09 16:49 - 2015-02-09 16:52 - 00017241 _____ () C:\Users\Anna Schmitt\Downloads\Addition.txt
2015-02-09 16:48 - 2015-02-17 12:11 - 00015266 _____ () C:\Users\Anna Schmitt\Downloads\FRST.txt
2015-02-09 16:47 - 2015-02-17 12:12 - 00000000 ____D () C:\FRST
2015-02-09 16:47 - 2015-02-17 12:11 - 01125888 _____ (Farbar) C:\Users\Anna Schmitt\Downloads\FRST.exe
2015-02-09 16:44 - 2015-02-09 16:44 - 01883584 _____ (Avanquest Software ) C:\Users\Anna Schmitt\Downloads\PCSpeedMaximizer_PIH.exe
2015-02-07 20:01 - 2015-02-07 20:01 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-04 19:35 - 2015-02-09 16:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 08:12 - 2015-01-25 08:12 - 39565896 _____ (Amazon) C:\Users\Anna Schmitt\Downloads\AmazonMusicInstaller(1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 11:57 - 2014-07-12 15:08 - 00000000 ____D () C:\Users\Anna Schmitt\Desktop\Neuer Ordner
2015-02-17 11:37 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-17 11:37 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-17 11:35 - 2009-07-14 05:39 - 00047337 _____ () C:\Windows\setupact.log
2015-02-17 11:27 - 2014-06-30 15:03 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-02-17 11:24 - 2014-06-30 15:03 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-17 11:23 - 2014-06-30 15:09 - 00000000 ____D () C:\Program Files\McAfee
2015-02-17 11:21 - 2014-06-30 13:51 - 01959970 _____ () C:\Windows\WindowsUpdate.log
2015-02-17 11:21 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-17 11:16 - 2015-01-16 12:34 - 00000000 ___RD () C:\Users\Anna Schmitt\iCloudDrive
2015-02-17 11:14 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-17 11:14 - 2009-07-14 05:33 - 00305176 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-17 11:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-02-13 01:13 - 2014-06-30 15:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 01:11 - 2014-06-30 15:29 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-13 01:10 - 2014-06-30 14:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 17:07 - 2014-07-06 16:10 - 00000000 ____D () C:\Users\Anna Schmitt\Desktop\Programme
2015-02-12 16:30 - 2014-12-15 15:50 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 16:30 - 2014-06-30 18:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-10 15:55 - 2010-11-20 22:48 - 00056204 _____ () C:\Windows\PFRO.log
2015-02-09 21:22 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-09 21:21 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-09 17:33 - 2014-10-17 18:04 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Adobe
2015-02-09 16:33 - 2014-07-06 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:32 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:32 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:30 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Roaming\DVDVideoSoft
2015-02-06 17:04 - 2014-06-30 14:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2014-06-30 14:39 - 2014-06-30 14:39 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Anna Schmitt\AppData\Local\temp\Quarantine.exe
C:\Users\Anna Schmitt\AppData\Local\temp\SIntf16.dll
C:\Users\Anna Schmitt\AppData\Local\temp\SIntf32.dll
C:\Users\Anna Schmitt\AppData\Local\temp\SIntfNT.dll
C:\Users\Anna Schmitt\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 00:33

==================== End Of Log ============================
--- --- ---

--- --- ---


Das hier ist das richtige FRST:
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by Anna Schmitt (administrator) on ANNA-PC on 17-02-2015 12:25:06
Running from C:\Users\Anna Schmitt\Downloads
Loaded Profiles: Anna Schmitt (Available profiles: Anna Schmitt)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Apple Inc.) D:\Programme\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
() C:\Users\Anna Schmitt\AppData\Local\Amazon Music\Amazon Music Helper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)
HKLM\...\Run: [iTunesHelper] => D:\Programme\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [Amazon Music] => C:\Users\Anna Schmitt\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe (Acresso Software Inc.)
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3632686917-1945200719-2163919785-1001 -> {5EAB7D68-45C5-4998-BEC0-D6366D43FC9B} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE739D20140731&p={SearchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default
FF SearchEngineOrder.1: Sichere Suche
FF Homepage: about:home
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE739D20140731&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: iCloud Bookmarks - C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default\Extensions\firefoxdav@icloud.com [2015-01-16]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\bhjwiw7p.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-09]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-06-30]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-30]
FF HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-02]
CHR Extension: (Google Drive) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-02]
CHR Extension: (YouTube) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-02]
CHR Extension: (Google Search) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-02]
CHR Extension: (Google Wallet) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-02]
CHR Extension: (Gmail) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-02]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2015-01-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-10-06] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-12-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)
S2 MOBKbackup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [229688 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 0060651424168633mcinstcleanup; C:\Windows\TEMP\006065~1.EXE -cleanup -nolog [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
S3 catchme; \??\C:\Users\ANNASC~1\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 11:27 - 2013-09-23 13:48 - 00147912 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-02-17 11:20 - 2015-02-17 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-13 00:54 - 2015-02-13 00:54 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Microsoft Games
2015-02-12 16:47 - 2015-02-17 12:18 - 00000000 ____D () C:\Users\Anna Schmitt\Downloads\FRST-OlderVersion
2015-02-12 16:42 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 16:42 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 17:45 - 2015-02-11 17:45 - 00852594 _____ () C:\Users\Anna Schmitt\Downloads\SecurityCheck(1).exe
2015-02-11 12:44 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 12:44 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 12:44 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 12:44 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 12:44 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 12:44 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 12:44 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 12:44 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 12:44 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 12:44 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 12:44 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 12:44 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 12:44 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 12:43 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 12:43 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 12:43 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 12:43 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 12:43 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 12:43 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 12:43 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 12:43 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 12:43 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 12:43 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 12:43 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 12:43 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 12:43 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 12:43 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-02-11 12:42 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 12:42 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 12:42 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 12:42 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 12:42 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 12:42 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 12:42 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 12:42 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 12:42 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 12:42 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 12:42 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 12:42 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 12:42 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 12:42 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 12:42 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 12:42 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 12:42 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 12:42 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 12:42 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 12:42 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 12:42 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 12:42 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 12:42 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 12:42 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 12:42 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 12:42 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 12:42 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 12:42 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 12:42 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 12:42 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 12:42 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 12:42 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 12:42 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 15:59 - 2015-02-10 15:59 - 01388274 _____ (Thisisu) C:\Users\Anna Schmitt\Downloads\JRT.exe
2015-02-10 15:51 - 2015-02-10 15:54 - 00000000 ____D () C:\AdwCleaner
2015-02-10 15:51 - 2015-02-10 15:51 - 02112512 _____ () C:\Users\Anna Schmitt\Downloads\AdwCleaner_4.110.exe
2015-02-10 15:16 - 2015-02-17 12:24 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 15:16 - 2015-02-10 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-10 15:16 - 2015-02-10 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-10 15:16 - 2015-02-10 15:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-10 15:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-10 15:16 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-10 15:16 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-10 15:15 - 2015-02-10 15:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Anna Schmitt\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-09 21:22 - 2015-02-09 21:22 - 00013584 _____ () C:\ComboFix.txt
2015-02-09 21:10 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-09 21:10 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-09 21:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-09 21:09 - 2015-02-09 21:22 - 00000000 ____D () C:\Windows\erdnt
2015-02-09 21:09 - 2015-02-09 21:22 - 00000000 ____D () C:\Qoobox
2015-02-09 17:33 - 2015-02-17 11:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 17:33 - 2015-02-09 17:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-09 17:33 - 2015-02-09 17:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-09 16:49 - 2015-02-09 16:52 - 00017241 _____ () C:\Users\Anna Schmitt\Downloads\Addition.txt
2015-02-09 16:48 - 2015-02-17 12:25 - 00014476 _____ () C:\Users\Anna Schmitt\Downloads\FRST.txt
2015-02-09 16:47 - 2015-02-17 12:25 - 00000000 ____D () C:\FRST
2015-02-09 16:47 - 2015-02-17 12:11 - 01125888 _____ (Farbar) C:\Users\Anna Schmitt\Downloads\FRST.exe
2015-02-07 20:01 - 2015-02-07 20:01 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-04 19:35 - 2015-02-09 16:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 08:12 - 2015-01-25 08:12 - 39565896 _____ (Amazon) C:\Users\Anna Schmitt\Downloads\AmazonMusicInstaller(1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 12:24 - 2015-01-16 12:34 - 00000000 ___RD () C:\Users\Anna Schmitt\iCloudDrive
2015-02-17 12:23 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-17 12:23 - 2009-07-14 05:39 - 00047393 _____ () C:\Windows\setupact.log
2015-02-17 12:22 - 2014-06-30 13:51 - 01960787 _____ () C:\Windows\WindowsUpdate.log
2015-02-17 11:57 - 2014-07-12 15:08 - 00000000 ____D () C:\Users\Anna Schmitt\Desktop\Neuer Ordner
2015-02-17 11:37 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-17 11:37 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-17 11:27 - 2014-06-30 15:03 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-02-17 11:24 - 2014-06-30 15:03 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-17 11:23 - 2014-06-30 15:09 - 00000000 ____D () C:\Program Files\McAfee
2015-02-17 11:21 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-17 11:14 - 2009-07-14 05:33 - 00305176 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-17 11:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-02-13 01:13 - 2014-06-30 15:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 01:11 - 2014-06-30 15:29 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-13 01:10 - 2014-06-30 14:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 17:07 - 2014-07-06 16:10 - 00000000 ____D () C:\Users\Anna Schmitt\Desktop\Programme
2015-02-12 16:30 - 2014-12-15 15:50 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 16:30 - 2014-06-30 18:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-10 15:55 - 2010-11-20 22:48 - 00056204 _____ () C:\Windows\PFRO.log
2015-02-09 21:22 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-09 21:21 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-09 17:33 - 2014-10-17 18:04 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Adobe
2015-02-09 16:33 - 2014-07-06 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:32 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:32 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:30 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Roaming\DVDVideoSoft
2015-02-06 17:04 - 2014-06-30 14:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2014-06-30 14:39 - 2014-06-30 14:39 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 00:33

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 17.02.2015 20:08
Kopiere den Text in der Codebox in deinen Editor (z.B. Notepad) und speichere es unter dem Namen regfix.reg (bei Dateityp bitte "alle Dateien" wählen)

Code:
Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings"=-
"DefaultConnectionSettings"=-

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=-
"ProxyServer"=-
Starte die regfix.reg duch Doppelklick.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53462;https=127.0.0.1:53462
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Frisches FRST log bitte.

Minnie89 17.02.2015 20:30
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-02-2015
Ran by Anna Schmitt at 2015-02-17 20:18:23 Run:2
Running from C:\Users\Anna Schmitt\Downloads
Loaded Profiles: Anna Schmitt (Available profiles: Anna Schmitt)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53462;https=127.0.0.1:53462
Emptytemp:

*****************

HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
EmptyTemp: => Removed 55.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:18:28 ====


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by Anna Schmitt (administrator) on ANNA-PC on 17-02-2015 20:26:46
Running from C:\Users\Anna Schmitt\Downloads
Loaded Profiles: Anna Schmitt (Available profiles: Anna Schmitt)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) D:\Programme\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
() C:\Users\Anna Schmitt\AppData\Local\Amazon Music\Amazon Music Helper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)
HKLM\...\Run: [iTunesHelper] => D:\Programme\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Run: [Amazon Music] => C:\Users\Anna Schmitt\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe (Acresso Software Inc.)
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3632686917-1945200719-2163919785-1001 -> {5EAB7D68-45C5-4998-BEC0-D6366D43FC9B} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE739D20140731&p={SearchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Anna Schmitt\AppData\Roaming\Mozilla\Firefox\Profiles\9stiqozb.default-1424200945585
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-06-30]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-30]
FF HKU\S-1-5-21-3632686917-1945200719-2163919785-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-02]
CHR Extension: (Google Drive) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-02]
CHR Extension: (YouTube) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-02]
CHR Extension: (Google Search) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-02]
CHR Extension: (Google Wallet) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-02]
CHR Extension: (Gmail) - C:\Users\Anna Schmitt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-02]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2015-01-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-10-06] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-12-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [229688 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 0060651424168633mcinstcleanup; C:\Windows\TEMP\006065~1.EXE -cleanup -nolog [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
S3 catchme; \??\C:\Users\ANNASC~1\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 20:24 - 2015-02-17 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-17 20:16 - 2015-02-17 20:16 - 00000319 _____ () C:\Users\Anna Schmitt\Downloads\regfix.reg
2015-02-17 11:27 - 2013-09-23 13:48 - 00147912 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-02-13 00:54 - 2015-02-13 00:54 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Microsoft Games
2015-02-12 16:47 - 2015-02-17 12:18 - 00000000 ____D () C:\Users\Anna Schmitt\Downloads\FRST-OlderVersion
2015-02-12 16:42 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 16:42 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 17:45 - 2015-02-11 17:45 - 00852594 _____ () C:\Users\Anna Schmitt\Downloads\SecurityCheck(1).exe
2015-02-11 12:44 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 12:44 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 12:44 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 12:44 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 12:44 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 12:44 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 12:44 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 12:44 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 12:44 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 12:44 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 12:44 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 12:44 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 12:44 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 12:43 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 12:43 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 12:43 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 12:43 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 12:43 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 12:43 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 12:43 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 12:43 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 12:43 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 12:43 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 12:43 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 12:43 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 12:43 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 12:43 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 12:43 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-02-11 12:42 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 12:42 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 12:42 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 12:42 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 12:42 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 12:42 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 12:42 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 12:42 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 12:42 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 12:42 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 12:42 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 12:42 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 12:42 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 12:42 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 12:42 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 12:42 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 12:42 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 12:42 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 12:42 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 12:42 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 12:42 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 12:42 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 12:42 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 12:42 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 12:42 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 12:42 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 12:42 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 12:42 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 12:42 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 12:42 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 12:42 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 12:42 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 12:42 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 15:59 - 2015-02-10 15:59 - 01388274 _____ (Thisisu) C:\Users\Anna Schmitt\Downloads\JRT.exe
2015-02-10 15:51 - 2015-02-10 15:54 - 00000000 ____D () C:\AdwCleaner
2015-02-10 15:51 - 2015-02-10 15:51 - 02112512 _____ () C:\Users\Anna Schmitt\Downloads\AdwCleaner_4.110.exe
2015-02-10 15:16 - 2015-02-17 20:20 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 15:16 - 2015-02-10 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-10 15:16 - 2015-02-10 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-10 15:16 - 2015-02-10 15:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-10 15:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-10 15:16 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-10 15:16 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-10 15:15 - 2015-02-10 15:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Anna Schmitt\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-09 21:22 - 2015-02-09 21:22 - 00013584 _____ () C:\ComboFix.txt
2015-02-09 21:10 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-09 21:10 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-09 21:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-09 21:10 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-09 21:09 - 2015-02-09 21:22 - 00000000 ____D () C:\Windows\erdnt
2015-02-09 21:09 - 2015-02-09 21:22 - 00000000 ____D () C:\Qoobox
2015-02-09 17:33 - 2015-02-17 20:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 17:33 - 2015-02-09 17:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-09 17:33 - 2015-02-09 17:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-09 16:49 - 2015-02-09 16:52 - 00017241 _____ () C:\Users\Anna Schmitt\Downloads\Addition.txt
2015-02-09 16:48 - 2015-02-17 20:26 - 00014504 _____ () C:\Users\Anna Schmitt\Downloads\FRST.txt
2015-02-09 16:47 - 2015-02-17 20:26 - 00000000 ____D () C:\FRST
2015-02-09 16:47 - 2015-02-17 12:11 - 01125888 _____ (Farbar) C:\Users\Anna Schmitt\Downloads\FRST.exe
2015-02-07 20:01 - 2015-02-07 20:01 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-04 19:35 - 2015-02-09 16:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 08:12 - 2015-01-25 08:12 - 39565896 _____ (Amazon) C:\Users\Anna Schmitt\Downloads\AmazonMusicInstaller(1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 20:20 - 2015-01-16 12:34 - 00000000 ___RD () C:\Users\Anna Schmitt\iCloudDrive
2015-02-17 20:20 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-17 20:20 - 2009-07-14 05:39 - 00047505 _____ () C:\Windows\setupact.log
2015-02-17 20:19 - 2014-06-30 13:51 - 01996427 _____ () C:\Windows\WindowsUpdate.log
2015-02-17 14:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-17 14:42 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-17 14:42 - 2009-07-14 05:34 - 00031808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-17 11:57 - 2014-07-12 15:08 - 00000000 ____D () C:\Users\Anna Schmitt\Desktop\Neuer Ordner
2015-02-17 11:27 - 2014-06-30 15:03 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-02-17 11:24 - 2014-06-30 15:03 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-17 11:23 - 2014-06-30 15:09 - 00000000 ____D () C:\Program Files\McAfee
2015-02-17 11:21 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-17 11:14 - 2009-07-14 05:33 - 00305176 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-17 11:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-02-13 01:13 - 2014-06-30 15:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 01:11 - 2014-06-30 15:29 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-13 01:10 - 2014-06-30 14:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 17:07 - 2014-07-06 16:10 - 00000000 ____D () C:\Users\Anna Schmitt\Desktop\Programme
2015-02-12 16:30 - 2014-12-15 15:50 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 16:30 - 2014-06-30 18:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-10 15:55 - 2010-11-20 22:48 - 00056204 _____ () C:\Windows\PFRO.log
2015-02-09 21:22 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-09 21:21 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-09 17:33 - 2014-10-17 18:04 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Local\Adobe
2015-02-09 16:33 - 2014-07-06 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:32 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:32 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-02-09 16:33 - 2014-07-06 15:30 - 00000000 ____D () C:\Users\Anna Schmitt\AppData\Roaming\DVDVideoSoft
2015-02-06 17:04 - 2014-06-30 14:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2014-06-30 14:39 - 2014-06-30 14:39 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-17 14:34

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Jetzt habe ich auf meinem Desktop desktop.ini zweimal stehen.
Eigene Dateien wie Eigene Musik, Eigene Bilder etc. gibt es jetzt auch in der Liste zweimal. Einmal in 'normal farbig' und einmal in fast durchsichtig mit Schloss dran.
Geht das irgendwann wieder weg? Bis grade eben hatte ich dieses Doppelte nicht....


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:41 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131