Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner nach Adobe Flash Player Update

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 16.01.2014, 23:24   #1
Moppi11
 
Trojaner nach Adobe Flash Player Update - Standard

Trojaner nach Adobe Flash Player Update



Liebe Helfer,
nach dem letzten Adobe Flash Player Update (11.9.900.170) musste ich feststellen, dass die Prozesse auf meinem Win 7 Rechner sehr verlangsamt wurden. Bei dem ersten Restart funktionierte der Virenscanner aus dem McAfee „Security as a Service“ noch. Mit dem habe ich einen Vollscann durchgeführt, aber das Programm hat nichts gefunden. Beim darauf folgenden System Restart konnte ich McAfee schon nicht mehr aktualisieren, der Virenscanner ging auch nicht mehr und die Firewall konnte ich seit dem auch nicht mehr aktivieren. Alle Applikationen auf meinem Rechner liefen nur noch sehr langsam.

Bei dem Hochfahren des Rechners werden manche selbststartende Programme auf dem Desktop zunächst als schwarze Kasten dargestellt. Auch das Herunterfahren des Rechners funktioniert nicht mehr ordentlich da einige Prozesse nicht schließen.

Es gibt leider keinen Wiederherstellungspunkt für ein Recovery auf meinem Rechner was bei der Problemlösung wohl geholfen hätte?!

Mit Malwarebytes Anti-Malware habe ich inzwischen dreimal meinen Rechner gescannt und gesäubert. Beim ersten Mal fand das Anti-Malware Programm 27 Objekte und jetzt beim zweiten Mal waren es immerhin noch 6 Einträge die MBAM fand und die ich entfernt habe. Im letzen Voll-Scan fand Malwarebyte nichts mehr (siehe MBAM Logfile). Ich habe noch einen Systemcheck mit der aktuellen OTL Version gemacht. Die OTL Logdateien OTL.txt und Extra.txt lade ich ebenfalls hoch. Ich habe den CCleaner auf meinem PC installiert. Die Liste der installierten Programme füge ich bei.

Ich kann gerne auch noch weitere Analyse Tools installieren und auf meinem Rechner laufen lassen. Allerdings fehlt mir das Fachwissen, die Ergebnisse richtig zu interpretieren und weitere Maßnahmen daraus abzuleiten. Daher würde ich mich gerne einem Betreuer anvertrauen.
Liebe Grüße,
Moppi11

Alt 17.01.2014, 08:17   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner nach Adobe Flash Player Update - Standard

Trojaner nach Adobe Flash Player Update



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.



Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 17.01.2014, 17:20   #3
Moppi11
 
Trojaner nach Adobe Flash Player Update - Standard

Trojaner nach Adobe Flash Player Update



Hallo Schrauber,

vielen Dank für Deine Hilfestellung! Nachdem ich gestern noch drei mal mit MBAM einen Vollscan habe laufen lassen und mit den Programmen CCleaner, JRT und AdwCleaner 3.017 weitere Objekte identifizieren und löschen konnte, war es möglich mein System wieder im normalen, nicht abgesicherten Modus zu starten. Die Performance ist "gefühlt" jetzt wieder akzeptabel, die McAfee Konsole funktioniert wieder und aktualisiert alle Applikationen (Firewall, Virenscanner etc.).

Adobe hat inzwischen einen neuen Flash Player (Version 12!) ins Netz gestellt, den ich ohne Probleme herunter laden und installieren konnte.

Also Ende gut alles gut? - Ich möchte auf Nummer sicher gehen und gerne Deiner Rat in Anspruch nehmen. Das FRST64 hat folgende Log Files erzeugt (siehe unten). Was sagt Dir das als Experte?


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 03
Ran by admin (administrator) on ADMIN-PC on 17-01-2014 14:26:50
Running from C:\Users\admin\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\esClient.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\saHookMain.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\saHookMain.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSConnector.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSTrayApp.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
() C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_38_ActiveX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - E
HKLM\...\Run: [mwlDaemon] - E
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-09-29] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-09-29] (Acer Corp.)
HKLM-x32\...\Run: [MVS Splash] - C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe [480872 2012-11-13] ()
HKLM-x32\...\Run: [McAfee Managed Services Tray] - C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.Exe [480872 2012-11-13] ()
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300472 2010-05-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Alfred\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-12] (Google Inc.)
HKU\Alfred\...\Run: [PcSync] - C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
HKU\Alfred\...\Run: [InternetCalls] - "C:\Program Files (x86)\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
HKU\Alfred\...\Run: [SplitCam] - C:\Program Files (x86)\SplitCam\SplitCam.exe
HKU\Alfred\...\Policies\system: [LogonHoursAction] 2
HKU\Alfred\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\McAfeeMVSUser\...\Run: [PcSync] - C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
HKU\McAfeeMVSUser\...\Run: [InternetCalls] - "C:\Program Files (x86)\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
HKU\McAfeeMVSUser\...\Run: [Philips Intelligent Agent] - "C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
HKU\McAfeeMVSUser\...\Run: [SplitCam] - C:\Program Files (x86)\SplitCam\SplitCam.exe
HKU\McAfeeMVSUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\McAfeeMVSUser\...\Policies\system: [LogonHoursAction] 2
HKU\McAfeeMVSUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Susi_Harry\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-12] (Google Inc.)
HKU\Susi_Harry\...\Run: [PcSync] - C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
HKU\Susi_Harry\...\Run: [InternetCalls] - "C:\Program Files (x86)\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
HKU\Susi_Harry\...\Run: [Philips Intelligent Agent] - "C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
HKU\Susi_Harry\...\Run: [VirtualBrowseAloud] - C:\Users\Susi_Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFIKAPCY\Talande Webb.exe
HKU\Susi_Harry\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\Susi_Harry\...\Policies\system: [LogonHoursAction] 2
HKU\Susi_Harry\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm065^YYA^se&si=flvrunner&ptb=1459ABF5-92D8-4B5A-8043-FDD8798397C1&ind=2013111614&n=77fda53e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20131219135316.dll (McAfee, Inc.)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20131219135316.dll (McAfee, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - Gutscheinmieze\toolbar.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll (McAfee, Inc.)
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 83.255.245.11 193.150.193.150

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\m9dsssli.default
FF DefaultSearchEngine: foxsearch
FF SearchEngineOrder.1: foxsearch
FF SelectedSearchEngine: foxsearch
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.0.2.10 - C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\NPMcFFPlg.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-21]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-21]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011-01-12]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [feobgjncdknhelkhjpiejdbpliekmfaj] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McChPlg.crx [2013-09-10]
CHR HKLM-x32\...\Chrome\Extension: [feobgjncdknhelkhjpiejdbpliekmfaj] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McChPlg.crx [2013-09-10]

==================== Services (Whitelisted) =================

R2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [160800 2013-09-10] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241968 2013-08-07] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 myAgtSvc; C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [295920 2013-10-03] (McAfee, Inc.)
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)
R2 RumorServer; "C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" /RunDLL=RumorServer.dll;ServiceHost [x]

==================== Drivers (Whitelisted) ====================

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-25] (Samsung Electronics Co., Ltd.)
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2009-02-20] (Siemens Home and Office Communication Devices GmbH & Co. KG)
S3 GUCI_AVS; C:\Windows\System32\DRIVERS\GUCI_AVS.sys [646656 2010-06-10] (PixArt Imaging Incorporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 MfeAVFK; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-08-07] (McAfee, Inc.)
S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDk.sys [40904 2009-12-15] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [71240 2009-12-15] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]
S3 MFE_RR; \??\C:\Users\admin\AppData\Local\Temp\mfe_rr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-17 14:26 - 2014-01-17 14:26 - 00028462 _____ C:\Users\admin\Downloads\FRST.txt
2014-01-17 14:25 - 2014-01-17 14:25 - 02076160 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2014-01-17 14:25 - 2014-01-17 14:25 - 00000000 ____D C:\FRST
2014-01-17 14:02 - 2014-01-17 14:02 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL (1).exe
2014-01-17 13:51 - 2014-01-17 13:56 - 00000224 _____ C:\Windows\setupact.log
2014-01-17 13:51 - 2014-01-17 13:51 - 00000000 _____ C:\Windows\setuperr.log
2014-01-17 01:07 - 2014-01-17 01:07 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-17 00:30 - 2014-01-17 00:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2014-01-17 00:30 - 2014-01-17 00:30 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-17 00:26 - 2014-01-17 14:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-17 00:26 - 2014-01-17 00:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-17 00:26 - 2014-01-17 00:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-16 23:57 - 2014-01-16 23:57 - 01037068 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2014-01-16 23:56 - 2014-01-16 23:56 - 01037068 _____ (Thisisu) C:\Users\admin\Downloads\JRT.exe
2014-01-16 23:36 - 2014-01-17 01:25 - 00584651 _____ C:\Windows\WindowsUpdate.log
2014-01-16 23:28 - 2014-01-17 01:15 - 00000000 ____D C:\AdwCleaner
2014-01-16 23:22 - 2014-01-16 23:22 - 00020383 _____ C:\Users\Public\Documents\OTL.zip
2014-01-16 21:06 - 2014-01-17 14:23 - 00137980 _____ C:\Users\Public\Documents\OTL.Txt
2014-01-16 21:06 - 2014-01-16 21:01 - 00082410 _____ C:\Users\Public\Documents\Extras.Txt
2014-01-16 21:06 - 2014-01-16 20:53 - 00018022 _____ C:\Users\Public\Documents\CCleanerscan20140116.txt
2014-01-16 20:52 - 2014-01-17 01:09 - 00000000 ____D C:\Users\Public\Documents\CCleaner
2014-01-16 20:50 - 2014-01-17 01:07 - 00000000 ____D C:\Program Files\CCleaner
2014-01-16 20:50 - 2014-01-16 20:50 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-16 19:39 - 2014-01-17 14:19 - 00137980 _____ C:\Users\admin\Downloads\OTL.Txt
2014-01-16 19:39 - 2014-01-16 21:01 - 00082410 _____ C:\Users\admin\Downloads\Extras.Txt
2014-01-16 19:33 - 2014-01-16 19:33 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe
2014-01-16 18:25 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 18:25 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 18:25 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 18:25 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 18:25 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 18:25 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 18:25 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 18:25 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 18:25 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-16 14:44 - 2014-01-16 14:44 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2014-01-16 14:43 - 2014-01-16 14:43 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-16 14:43 - 2014-01-16 14:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-16 14:43 - 2014-01-16 14:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-16 14:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-16 14:38 - 2014-01-16 14:43 - 00000000 ____D C:\Program Files (x86)\stinger
2014-01-16 14:36 - 2014-01-16 14:37 - 00000404 _____ C:\Users\admin\Desktop\RootkitRemover_20140116_143654.log
2014-01-14 14:13 - 2014-01-14 14:13 - 00000000 ____D C:\Windows Home Server-Treiber für Wiederherstellung
2014-01-13 21:03 - 2014-01-13 21:04 - 00000000 ___HD C:\ProgramData\CanonIJScan
2014-01-11 17:07 - 2014-01-13 21:08 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2014-01-11 17:05 - 2014-01-11 17:06 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Canon
2014-01-11 17:04 - 2014-01-11 17:05 - 00000000 ____D C:\Users\Susi_Harry\Neuer Ordner
2014-01-11 16:55 - 2012-09-20 05:00 - 00393728 _____ (CANON INC.) C:\Windows\system32\CNMXLMBL.DLL
2014-01-11 16:49 - 2014-01-11 16:49 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2014-01-11 16:49 - 2012-09-21 09:33 - 00321024 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BLL.dll
2014-01-11 16:49 - 2012-05-25 09:21 - 00103936 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BLU.dll
2014-01-11 16:49 - 2012-05-15 15:58 - 00098048 _____ C:\Windows\SysWOW64\CNC176BD.TBL
2014-01-11 16:49 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2014-01-11 16:47 - 2014-01-11 16:47 - 00001985 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2014-01-11 16:47 - 2014-01-11 16:47 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2014-01-11 16:41 - 2014-01-11 16:41 - 00002316 _____ C:\Users\Public\Desktop\Canon MX920 series On-Screen-Handbuch.lnk
2014-01-11 16:41 - 2014-01-11 16:41 - 00000000 ____D C:\Program Files\Canon
2014-01-11 16:40 - 2014-01-11 16:41 - 00000000 ___HD C:\Program Files\CanonBJ
2014-01-11 16:40 - 2014-01-11 16:40 - 00000000 ____D C:\Windows\system32\STRING
2014-01-11 16:40 - 2012-07-31 09:48 - 00359936 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL
2014-01-11 16:40 - 2012-07-31 09:48 - 00039424 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL
2014-01-11 14:42 - 2014-01-11 14:42 - 00000000 ___HD C:\ProgramData\CanonIJFAX
2014-01-11 14:42 - 2014-01-11 14:42 - 00000000 ___HD C:\ProgramData\CanonBJ
2014-01-11 14:41 - 2012-09-21 09:34 - 00366080 _____ (CANON INC.) C:\Windows\system32\CNC_BLL.dll
2014-01-11 14:41 - 2012-09-21 05:00 - 00303104 _____ (CANON INC.) C:\Windows\system32\CNCALBL.DLL
2014-01-11 14:41 - 2012-09-20 05:00 - 00390656 _____ (CANON INC.) C:\Windows\system32\CNMLMBL.DLL
2014-01-11 14:41 - 2012-05-25 09:21 - 00282624 _____ (CANON INC.) C:\Windows\system32\CNC_BLC.dll
2014-01-11 14:41 - 2012-05-25 09:20 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_BLI.dll
2014-01-11 14:41 - 2012-05-15 15:58 - 00098048 _____ C:\Windows\system32\CNC176BD.TBL
2014-01-11 14:41 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2014-01-08 11:03 - 2014-01-08 11:08 - 00017408 _____ C:\Users\admin\AppData\Local\WebpageIcons.db
2014-01-08 11:03 - 2014-01-08 11:03 - 00000000 ____D C:\Users\admin\AppData\Local\Zattoo
2014-01-08 11:02 - 2014-01-15 17:37 - 00000000 ____D C:\Program Files (x86)\Zattoo4
2014-01-08 11:02 - 2014-01-08 11:02 - 00001832 _____ C:\Users\UpdatusUser\Desktop\Zattoo.lnk
2014-01-08 11:02 - 2014-01-08 11:02 - 00001832 _____ C:\Users\Susi_Harry\Desktop\Zattoo.lnk
2014-01-08 11:02 - 2014-01-08 11:02 - 00001832 _____ C:\Users\McAfeeMVSUser\Desktop\Zattoo.lnk
2014-01-08 11:02 - 2014-01-08 11:02 - 00001832 _____ C:\Users\Alfred\Desktop\Zattoo.lnk
2014-01-08 10:56 - 2014-01-08 10:56 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\concept design
2014-01-08 10:50 - 2014-01-15 17:34 - 00000000 ____D C:\Users\admin\AppData\Roaming\concept design
2013-12-29 10:56 - 2013-12-29 10:56 - 00001321 _____ C:\Users\Public\Desktop\Photomizer 2 Bresser Edition.lnk
2013-12-29 10:56 - 2013-12-29 10:56 - 00000000 ____D C:\Program Files (x86)\Engelmann Media
2013-12-29 10:54 - 2013-12-29 10:54 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\Engelmann Media
2013-12-29 10:36 - 2013-12-29 10:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\Engelmann Media
2013-12-29 10:36 - 2013-12-29 10:36 - 00000000 ____D C:\ProgramData\Licenses
2013-12-29 10:25 - 2013-06-06 14:44 - 08672840 ____R (ark) C:\Windows\system32\Drivers\PictureDll.sys
2013-12-29 10:25 - 2013-06-06 14:44 - 00381512 ____R (ark) C:\Windows\system32\Drivers\FaceDll.sys
2013-12-29 10:25 - 2013-06-06 14:44 - 00054088 ____R (usb camera) C:\Windows\system32\Drivers\usbcamcl.sys
2013-12-29 10:25 - 2013-06-06 14:44 - 00038472 ____R (usb camera) C:\Windows\system32\Drivers\usbDecode.sys
2013-12-29 10:25 - 2013-06-06 14:44 - 00014408 ____R (ark) C:\Windows\system32\Drivers\FilterDll.sys
2013-12-29 10:25 - 2001-05-11 13:18 - 00420240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg4c32.dll
2013-12-26 22:06 - 2013-12-26 22:06 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\BankID
2013-12-25 00:11 - 2013-12-25 00:11 - 00000093 _____ C:\Windows\WFT-E5Utility.INI
2013-12-25 00:02 - 2013-12-25 00:02 - 00000867 _____ C:\Users\Susi_Harry\.recently-used.xbel
2013-12-24 10:19 - 2013-12-24 10:19 - 00000000 ____D C:\ProgramData\InterAction studios
2013-12-24 10:17 - 2013-12-29 15:24 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alawar Games
2013-12-24 10:17 - 2013-12-24 10:19 - 00001887 _____ C:\Users\admin\Desktop\Alawar Games.lnk
2013-12-24 10:17 - 2013-12-24 10:17 - 00000000 ____D C:\Users\Public\Documents\AlawarWrapper
2013-12-24 10:17 - 2013-12-24 10:17 - 00000000 ____D C:\Program Files (x86)\Alawar
2013-12-24 10:06 - 2013-12-24 10:09 - 25700041 _____ C:\Users\Susi_Harry\Downloads\Chicken-Invaders-4-Ultimate(www.vatandownload.com).rar
2013-12-24 09:56 - 2013-12-24 09:56 - 00000000 ____D C:\Users\admin\AppData\Local\cache
2013-12-24 09:56 - 2013-12-24 09:56 - 00000000 ____D C:\Users\admin\.android
2013-12-24 09:56 - 2013-12-24 09:56 - 00000000 _____ C:\Users\admin\daemonprocess.txt
2013-12-21 12:39 - 2014-01-16 20:53 - 00000000 ____D C:\Users\admin\AppData\Roaming\Media Player Classic
2013-12-21 12:23 - 2013-12-21 12:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-21 12:18 - 2013-12-21 12:18 - 00000233 _____ C:\Windows\wininit.ini
2013-12-21 11:49 - 2013-12-21 11:49 - 00000000 ____D C:\Users\admin\AppData\Roaming\BankID
2013-12-21 11:48 - 2013-12-21 11:48 - 00000000 ____D C:\Program Files (x86)\BankID
2013-12-21 11:44 - 2014-01-16 23:30 - 00000999 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-20 02:44 - 2013-12-20 02:44 - 00002176 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-18 15:36 - 2013-12-19 18:00 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\Rovio Entertainment Ltd
2013-12-18 07:11 - 2013-12-18 07:11 - 00354656 _____ (DivX, Inc.) C:\Windows\SysWOW64\DivXControlPanelApplet.cpl

==================== One Month Modified Files and Folders =======

2014-01-17 14:26 - 2014-01-17 14:26 - 00028462 _____ C:\Users\admin\Downloads\FRST.txt
2014-01-17 14:26 - 2014-01-17 00:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-17 14:25 - 2014-01-17 14:25 - 02076160 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2014-01-17 14:25 - 2014-01-17 14:25 - 00000000 ____D C:\FRST
2014-01-17 14:23 - 2014-01-16 21:06 - 00137980 _____ C:\Users\Public\Documents\OTL.Txt
2014-01-17 14:19 - 2014-01-16 19:39 - 00137980 _____ C:\Users\admin\Downloads\OTL.Txt
2014-01-17 14:02 - 2014-01-17 14:02 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL (1).exe
2014-01-17 14:02 - 2009-07-14 05:45 - 00015088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-17 14:02 - 2009-07-14 05:45 - 00015088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-17 14:01 - 2010-04-08 04:38 - 00702942 _____ C:\Windows\system32\perfh007.dat
2014-01-17 14:01 - 2010-04-08 04:38 - 00150582 _____ C:\Windows\system32\perfc007.dat
2014-01-17 14:01 - 2009-07-14 06:13 - 01629284 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-17 13:57 - 2012-01-07 20:12 - 00000392 _____ C:\Windows\Tasks\FinalTorrent Update Checker.job
2014-01-17 13:57 - 2010-04-16 18:27 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-17 13:56 - 2014-01-17 13:51 - 00000224 _____ C:\Windows\setupact.log
2014-01-17 13:54 - 2009-12-26 08:15 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-17 13:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-17 13:54 - 2009-07-14 05:45 - 00440784 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-17 13:51 - 2014-01-17 13:51 - 00000000 _____ C:\Windows\setuperr.log
2014-01-17 01:25 - 2014-01-16 23:36 - 00584651 _____ C:\Windows\WindowsUpdate.log
2014-01-17 01:25 - 2009-10-12 23:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-17 01:24 - 2013-08-05 21:36 - 00000000 ____D C:\Windows\system32\MRT
2014-01-17 01:21 - 2010-04-09 17:15 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-17 01:15 - 2014-01-16 23:28 - 00000000 ____D C:\AdwCleaner
2014-01-17 01:09 - 2014-01-16 20:52 - 00000000 ____D C:\Users\Public\Documents\CCleaner
2014-01-17 01:07 - 2014-01-17 01:07 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-17 01:07 - 2014-01-16 20:50 - 00000000 ____D C:\Program Files\CCleaner
2014-01-17 00:42 - 2010-04-16 18:27 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-17 00:31 - 2014-01-17 00:30 - 00000000 ____D C:\Program Files (x86)\QuickTime
2014-01-17 00:30 - 2014-01-17 00:30 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-17 00:26 - 2014-01-17 00:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-17 00:26 - 2014-01-17 00:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-17 00:26 - 2012-06-27 11:04 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-17 00:26 - 2010-04-07 20:27 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2014-01-16 23:57 - 2014-01-16 23:57 - 01037068 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2014-01-16 23:56 - 2014-01-16 23:56 - 01037068 _____ (Thisisu) C:\Users\admin\Downloads\JRT.exe
2014-01-16 23:30 - 2013-12-21 11:44 - 00000999 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-16 23:30 - 2011-01-11 21:05 - 00000969 _____ C:\Users\admin\Desktop\Internet Explorer.lnk
2014-01-16 23:30 - 2010-05-05 13:17 - 00001013 _____ C:\Users\admin\Desktop\Mozilla Firefox.lnk
2014-01-16 23:22 - 2014-01-16 23:22 - 00020383 _____ C:\Users\Public\Documents\OTL.zip
2014-01-16 21:01 - 2014-01-16 21:06 - 00082410 _____ C:\Users\Public\Documents\Extras.Txt
2014-01-16 21:01 - 2014-01-16 19:39 - 00082410 _____ C:\Users\admin\Downloads\Extras.Txt
2014-01-16 20:53 - 2014-01-16 21:06 - 00018022 _____ C:\Users\Public\Documents\CCleanerscan20140116.txt
2014-01-16 20:53 - 2013-12-21 12:39 - 00000000 ____D C:\Users\admin\AppData\Roaming\Media Player Classic
2014-01-16 20:53 - 2011-06-22 20:09 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2014-01-16 20:53 - 2009-10-13 00:02 - 00000000 ____D C:\Windows\Panther
2014-01-16 20:50 - 2014-01-16 20:50 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-16 19:33 - 2014-01-16 19:33 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe
2014-01-16 19:18 - 2009-10-12 23:29 - 00000000 ____D C:\Program Files (x86)\Acer GameZone
2014-01-16 19:17 - 2009-10-12 23:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-16 19:16 - 2011-12-14 21:57 - 00000000 ____D C:\ProgramData\eMule
2014-01-16 19:13 - 2012-10-20 08:19 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\uTorrent
2014-01-16 14:44 - 2014-01-16 14:44 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2014-01-16 14:43 - 2014-01-16 14:43 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-16 14:43 - 2014-01-16 14:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-16 14:43 - 2014-01-16 14:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-16 14:43 - 2014-01-16 14:38 - 00000000 ____D C:\Program Files (x86)\stinger
2014-01-16 14:37 - 2014-01-16 14:36 - 00000404 _____ C:\Users\admin\Desktop\RootkitRemover_20140116_143654.log
2014-01-15 17:37 - 2014-01-08 11:02 - 00000000 ____D C:\Program Files (x86)\Zattoo4
2014-01-15 17:36 - 2012-02-07 19:23 - 00000000 ____D C:\Program Files (x86)\Free Video Converter
2014-01-15 17:34 - 2014-01-08 10:50 - 00000000 ____D C:\Users\admin\AppData\Roaming\concept design
2014-01-15 17:34 - 2013-09-21 08:58 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2014-01-14 14:13 - 2014-01-14 14:13 - 00000000 ____D C:\Windows Home Server-Treiber für Wiederherstellung
2014-01-14 14:13 - 2010-04-09 18:00 - 00000000 ____D C:\Windows\system32\(SYSTEM RESERVED)
2014-01-13 21:08 - 2014-01-11 17:07 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2014-01-13 21:04 - 2014-01-13 21:03 - 00000000 ___HD C:\ProgramData\CanonIJScan
2014-01-13 21:04 - 2013-04-06 07:31 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\Canon
2014-01-13 17:45 - 2010-04-09 14:34 - 00000000 ____D C:\Users\Susi_Harry\AppData\Local\VirtualStore
2014-01-12 19:00 - 2011-06-22 19:09 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\Skype
2014-01-11 17:06 - 2014-01-11 17:05 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Canon
2014-01-11 17:05 - 2014-01-11 17:04 - 00000000 ____D C:\Users\Susi_Harry\Neuer Ordner
2014-01-11 17:04 - 2010-04-09 14:33 - 00000000 ____D C:\Users\Susi_Harry
2014-01-11 17:00 - 2012-11-04 14:06 - 00000000 ____D C:\Users\admin\AppData\Roaming\canon
2014-01-11 17:00 - 2012-11-04 13:03 - 00000000 ____D C:\Program Files (x86)\Canon
2014-01-11 16:49 - 2014-01-11 16:49 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2014-01-11 16:49 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Media
2014-01-11 16:47 - 2014-01-11 16:47 - 00001985 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2014-01-11 16:47 - 2014-01-11 16:47 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2014-01-11 16:41 - 2014-01-11 16:41 - 00002316 _____ C:\Users\Public\Desktop\Canon MX920 series On-Screen-Handbuch.lnk
2014-01-11 16:41 - 2014-01-11 16:41 - 00000000 ____D C:\Program Files\Canon
2014-01-11 16:41 - 2014-01-11 16:40 - 00000000 ___HD C:\Program Files\CanonBJ
2014-01-11 16:40 - 2014-01-11 16:40 - 00000000 ____D C:\Windows\system32\STRING
2014-01-11 15:50 - 2011-06-25 21:48 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Skype
2014-01-11 15:41 - 2010-07-13 17:59 - 00000000 ____D C:\Program Files (x86)\Samsung
2014-01-11 14:42 - 2014-01-11 14:42 - 00000000 ___HD C:\ProgramData\CanonIJFAX
2014-01-11 14:42 - 2014-01-11 14:42 - 00000000 ___HD C:\ProgramData\CanonBJ
2014-01-09 17:18 - 2011-05-14 10:50 - 00000121 _____ C:\Users\Public\LMDebug.log
2014-01-08 13:13 - 2010-05-14 14:25 - 01602628 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-08 13:00 - 2011-12-14 22:25 - 00000000 ____D C:\Program Files (x86)\DivX
2014-01-08 13:00 - 2011-12-14 22:24 - 00000000 ____D C:\ProgramData\DivX
2014-01-08 11:08 - 2014-01-08 11:03 - 00017408 _____ C:\Users\admin\AppData\Local\WebpageIcons.db
2014-01-08 11:03 - 2014-01-08 11:03 - 00000000 ____D C:\Users\admin\AppData\Local\Zattoo
2014-01-08 11:02 - 2014-01-08 11:02 - 00001832 _____ C:\Users\UpdatusUser\Desktop\Zattoo.lnk
2014-01-08 11:02 - 2014-01-08 11:02 - 00001832 _____ C:\Users\Susi_Harry\Desktop\Zattoo.lnk
2014-01-08 11:02 - 2014-01-08 11:02 - 00001832 _____ C:\Users\McAfeeMVSUser\Desktop\Zattoo.lnk
2014-01-08 11:02 - 2014-01-08 11:02 - 00001832 _____ C:\Users\Alfred\Desktop\Zattoo.lnk
2014-01-08 10:56 - 2014-01-08 10:56 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\concept design
2014-01-08 07:15 - 2012-02-18 17:03 - 00000000 ____D C:\Users\Susi_Harry\Documents\HENRIK
2013-12-29 15:24 - 2013-12-24 10:17 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alawar Games
2013-12-29 10:56 - 2013-12-29 10:56 - 00001321 _____ C:\Users\Public\Desktop\Photomizer 2 Bresser Edition.lnk
2013-12-29 10:56 - 2013-12-29 10:56 - 00000000 ____D C:\Program Files (x86)\Engelmann Media
2013-12-29 10:54 - 2013-12-29 10:54 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\Engelmann Media
2013-12-29 10:54 - 2010-04-07 19:05 - 00000000 ____D C:\Users\admin
2013-12-29 10:36 - 2013-12-29 10:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\Engelmann Media
2013-12-29 10:36 - 2013-12-29 10:36 - 00000000 ____D C:\ProgramData\Licenses
2013-12-29 10:25 - 2009-07-14 03:34 - 00000742 _____ C:\Windows\win.ini
2013-12-26 22:06 - 2013-12-26 22:06 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\BankID
2013-12-25 00:11 - 2013-12-25 00:11 - 00000093 _____ C:\Windows\WFT-E5Utility.INI
2013-12-25 00:08 - 2010-11-16 15:05 - 00000000 ____D C:\Users\Susi_Harry\.gimp-2.6
2013-12-25 00:02 - 2013-12-25 00:02 - 00000867 _____ C:\Users\Susi_Harry\.recently-used.xbel
2013-12-24 10:19 - 2013-12-24 10:19 - 00000000 ____D C:\ProgramData\InterAction studios
2013-12-24 10:19 - 2013-12-24 10:17 - 00001887 _____ C:\Users\admin\Desktop\Alawar Games.lnk
2013-12-24 10:17 - 2013-12-24 10:17 - 00000000 ____D C:\Users\Public\Documents\AlawarWrapper
2013-12-24 10:17 - 2013-12-24 10:17 - 00000000 ____D C:\Program Files (x86)\Alawar
2013-12-24 10:09 - 2013-12-24 10:06 - 25700041 _____ C:\Users\Susi_Harry\Downloads\Chicken-Invaders-4-Ultimate(www.vatandownload.com).rar
2013-12-24 09:56 - 2013-12-24 09:56 - 00000000 ____D C:\Users\admin\AppData\Local\cache
2013-12-24 09:56 - 2013-12-24 09:56 - 00000000 ____D C:\Users\admin\.android
2013-12-24 09:56 - 2013-12-24 09:56 - 00000000 _____ C:\Users\admin\daemonprocess.txt
2013-12-22 18:08 - 2013-09-02 07:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 12:39 - 2011-12-14 22:26 - 00000000 ____D C:\Users\admin\AppData\Roaming\DivX
2013-12-21 12:29 - 2011-07-05 16:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-21 12:29 - 2011-07-05 16:50 - 00000000 ____D C:\ProgramData\Skype
2013-12-21 12:24 - 2013-12-21 12:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-21 12:24 - 2010-04-23 17:32 - 00000000 ____D C:\Users\admin\AppData\Local\Mozilla
2013-12-21 12:18 - 2013-12-21 12:18 - 00000233 _____ C:\Windows\wininit.ini
2013-12-21 12:08 - 2011-12-14 22:25 - 00000000 ____D C:\Program Files\DivX
2013-12-21 11:49 - 2013-12-21 11:49 - 00000000 ____D C:\Users\admin\AppData\Roaming\BankID
2013-12-21 11:48 - 2013-12-21 11:48 - 00000000 ____D C:\Program Files (x86)\BankID
2013-12-21 11:42 - 2010-05-14 14:54 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-20 02:44 - 2013-12-20 02:44 - 00002176 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-20 02:44 - 2009-10-12 23:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-19 18:00 - 2013-12-18 15:36 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\Rovio Entertainment Ltd
2013-12-19 13:52 - 2010-05-14 14:54 - 00000000 ____D C:\ProgramData\McAfee
2013-12-18 07:11 - 2013-12-18 07:11 - 00354656 _____ (DivX, Inc.) C:\Windows\SysWOW64\DivXControlPanelApplet.cpl

ZeroAccess:
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

ZeroAccess:
C:\Users\Susi_Harry\AppData\Local\d42df14e
C:\Users\Susi_Harry\AppData\Local\d42df14e\@

Files to move or delete:
====================
C:\Users\Public\hosts.dat


Some content of TEMP:
====================
C:\Users\Alfred\AppData\Local\Temp\DivXSetup.exe
C:\Users\Alfred\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Alfred\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Susi_Harry\AppData\Local\Temp\contentDATs.exe
C:\Users\Susi_Harry\AppData\Local\Temp\DivXSetup.exe
C:\Users\Susi_Harry\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Susi_Harry\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Susi_Harry\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Susi_Harry\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Susi_Harry\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Susi_Harry\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Susi_Harry\AppData\Local\Temp\utt619E.tmp.exe
C:\Users\Susi_Harry\AppData\Local\Temp\utt67D1.tmp.exe
C:\Users\Susi_Harry\AppData\Local\Temp\_isFD84.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 08:02

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2014 03
Ran by admin at 2014-01-17 17:08:15
Running from C:\Users\admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee® Total Protection™ Service (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee® Total Protection™ Service (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee® Security-as-a-Service (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
2007 Microsoft Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Acer Arcade Deluxe (x32 Version: 3.2.6929 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.2.6929 - CyberLink Corp.) Hidden
Acer Backup Manager (x32 Version: 2.0.2.19 - NewTech Infosystems)
Acer eRecovery Management (x32 Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (x32 Version: 5.1.0.2 - Oberon Media, Inc.)
Acer Registration (x32 Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.1.0812 - Acer Incorporated)
Acer Updater (x32 Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.4.634 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (x32 Version: 2.3.4 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
BankID säkerhetsprogram (x32 Version: 5.0.2.10 - Finansiell ID-Teknik BID AB)
BlueStacks Notification Center (x32 Version: 0.7.17.916 - BlueStack Systems, Inc.)
Bonjour (Version: 2.0.5.0 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
Canon Easy-WebPrint EX (x32 Version: 1.4.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (x32 Version:  - Canon Inc.)
Canon IJ Network Tool (x32 Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (x32 Version:  - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9 - Canon Inc.)
Canon Kurzwahlprogramm (x32 Version: 1.3.0 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.9.0.6 - Canon Inc.)
Canon MX920 series Benutzerregistrierung (x32 Version:  - *Canon Inc.)
Canon MX920 series MP Drivers (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (x32 Version: 7.6.0 - Canon Inc.)
Canon My Image Garden (x32 Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (x32 Version: 1.0.1 - Canon Inc.)
Canon My Printer (x32 Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (x32 Version: 2.1.0 - Canon Inc.)
Canon RAW Codec (x32 Version: 1.10.0.74 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.11 (x32 Version: 3.11.31.0 - Canon Inc.)
Canon Utilities EOS Utility (x32 Version: 2.11.4.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (x32 Version: 1.0.0.10 - Canon Inc.)
Canon Utilities ImageBrowser EX (x32 Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (x32 Version: 1.7.0.0 - Canon Inc.)
Canon Utilities WFT Utility (x32 Version: 3.5.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (x32 Version: 6.9.0.1 - Canon Inc.)
CCleaner (Version: 4.09 - Piriform)
Citrix Online Plug-in - Web (x32 Version: 12.0.3.6 - Citrix Systems, Inc.)
Citrix Online Plug-in (DV) (x32 Version: 12.0.3.6 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (HDX) (x32 Version: 12.0.3.6 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (USB) (x32 Version: 12.0.3.6 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (Web) (x32 Version: 12.0.3.6 - Citrix Systems, Inc.) Hidden
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
DivX-Setup (x32 Version: 2.6.1.90 - DivX, LLC)
DMS Viewer (x32 Version: 2.0.3 - DMS)
Dream Day First Home (x32 Version:  - Oberon Media)
DVD Shrink 3.2 (x32 Version:  - DVD Shrink)
eBay Worldwide (x32 Version: 2.1.0901 - OEM)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Free DWG Viewer 7.1 (x32 Version: 7.1 - IGC)
Gigaset QuickSync (x32 Version: 6.1.0822.15063 - Gigaset Communications GmbH)
GIMP 2.6.11 (x32 Version: 2.6.11 - The GIMP Team)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Hotkey Utility (x32 Version: 1.00.3004 - Acer Incorporated)
Identity Card (x32 Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Matrix Storage Manager (Version:  - Intel Corporation)
Internet-TV für Windows Media Center (x32 Version: 4.2.2.0 - Microsoft Corporation)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Codec Pack 8.1.0 (Standard) (x32 Version: 8.1.0 - )
Logitech Webcam Software (x32 Version: 2.0 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.50.862.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.50.859.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.50.861.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Browser Protection Service (x32 Version: 6.0.2.133 - McAfee, Inc.)
McAfee Firewall Protection Service (x32 Version: 6.0.2.133 - McAfee, Inc.)
McAfee SiteAdvisor Enterprise (x32 Version: 3.5.0.1167 - McAfee, Inc.) Hidden
McAfee Total Protection Service (x32 Version: 4.9.2.133 - McAfee Inc.)
McAfee Virtual Technician (x32 Version: 6.5.0.2101 - McAfee, Inc.)
McAfee Virus and Spyware Protection Service (x32 Version: 6.0.2.133 - McAfee, Inc.)
Merriam Websters Spell Jam (x32 Version:  - Oberon Media)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - German/Deutsch (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (x32 Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.76.0 - Egis Technology Inc.)
NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1 - NAVIGON)
Nero 9 Essentials (x32 Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.16.0.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.09.0428 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Photomizer 2 Bresser Edition (x32 Version: 2.0.12.725 - Engelmann Media GmbH)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Samsung Kies (x32 Version: 2.5.3.13034_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13034_9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (x32 Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Two Worlds Pinball (x32 Version: 1.00 - TopWare Interactive Inc.)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32 Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 8.0 x64 Runtime Setup Package (x32 Version: 1.0.0.0 - McAfee Inc.) Hidden
Visual C++ 8.0 x86 Runtime Setup Package (x32 Version: 1.0.0.0 - McAfee Inc.) Hidden
Welcome Center (x32 Version: 1.00.3008 - Acer Incorporated)
Windows Home Server Toolkit 1.1 (Version: 6.0.1800.0 - Microsoft Corporation)
Windows Home Server-Connector (Version: 6.0.3436.0 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live ID-Anmelde-Assistent (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
XP Codec Pack (x32 Version:  - )
Zahlenzauber 1 (x32 Version:  - Oldenbourg Verlag)
Zahlenzauber 2 (x32 Version:  - Oldenbourg Verlag)

==================== Restore Points  =========================

16-01-2014 23:18:11 PC_Cleanup_after_Artemis_17012014
17-01-2014 00:20:46 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2012-06-23 19:49 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0D59C1CD-309B-4533-ADDF-AFC1915BB0C3} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {0D7E62CF-D347-46FF-BAB9-973C29377033} - System32\Tasks\{E0AA6E4E-B550-42F2-93D6-DE6E4F81ADAB} => C:\Users\admin\Desktop\Firefox Setup 3.6.3.exe
Task: {549EE3E6-249C-43E6-9D55-7294EFE1910F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-16] (Google Inc.)
Task: {7D55B1C3-194B-421D-9857-E3C3CEDDF649} - System32\Tasks\{8110E900-C1B3-4BBA-86D4-A63F317775D2} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {9C76F0A3-2DDD-43CE-BD6A-5EB5ED558537} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {CDC74A33-3904-4618-B28E-814BE8C6137D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-16] (Google Inc.)
Task: {D6AB8C8A-D204-41F4-902F-F973780ACB8A} - System32\Tasks\McQcModifier-5c47-a7b0 => C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd [2009-08-29] ()
Task: {D79A2C05-A533-4ACE-ADEA-FEA6F52C6317} - System32\Tasks\{6C81F8F8-78ED-4E24-A4E5-EB5E06E65540} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {E534C419-E990-4E35-8822-EE1432C5CAA8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-17] (Adobe Systems Incorporated)
Task: {E9289C5D-7DFB-4EE5-B919-CAF8B1C4159E} - System32\Tasks\{AE425C5A-0305-466F-A649-AF7747AE5FEC} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsProgressBar
Task: {E97FF2B2-E891-4A51-8DD0-697421958E25} - System32\Tasks\FinalTorrent Update Checker => C:\Program Files (x86)\FinalTorrent\FTCheckForUpdates.exe
Task: {EE3A7273-C4FA-4BC1-A3BC-8942BEB50E93} - System32\Tasks\{56D1826B-1427-484D-9C66-8F0944956E0B} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FinalTorrent Update Checker.job => C:\Program Files (x86)\FinalTorrent\FTCheckForUpdates.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-02-03 01:33 - 2009-02-03 01:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 01:55 - 2008-09-29 01:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2012-08-30 13:39 - 2013-10-03 10:42 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2009-08-18 08:31 - 2009-08-18 08:31 - 00163840 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2010-05-14 14:54 - 2012-11-13 03:28 - 00403048 _____ () C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\Win32RenderingEngine.dll
2013-12-19 13:52 - 2013-11-06 17:05 - 00198688 _____ () C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\BPTrayPlugin.dll
2011-03-01 22:14 - 2011-03-01 22:14 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-03-01 22:14 - 2011-03-01 22:14 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-03-01 22:15 - 2011-03-01 22:15 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-03-01 22:15 - 2011-03-01 22:15 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-03-01 22:15 - 2011-03-01 22:15 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-07-23 14:10 - 2012-07-23 14:10 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-11-15 01:49 - 2013-11-15 01:49 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:2634FC95
AlternateDataStreams: C:\ProgramData\Temp:444C53BA
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2014 01:54:44 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/17/2014 01:51:38 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/17/2014 00:21:07 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/16/2014 11:34:22 PM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/16/2014 11:34:22 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/16/2014 11:34:22 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/16/2014 11:34:22 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/16/2014 11:34:22 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (01/16/2014 11:34:21 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/16/2014 11:34:21 PM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexserver kann wegen eines Datenbankfehlers keine Daten aktualisieren oder auf sie zugreifen. Beenden Sie den Suchdienst, und starten Sie ihn erneut. Wenn das Problem weiterhin besteht, setzen Sie den Inhaltsindex zurück, und crawlen Sie ihn erneut. In manchen Fällen muss der Inhaltsindex möglicherweise gelöscht und erneut erstellt werden.  (HRESULT : 0x8004117f) (0x8004117f)


System errors:
=============
Error: (01/17/2014 01:57:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

Error: (01/17/2014 01:56:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (01/17/2014 01:56:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/17/2014 01:54:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (01/17/2014 01:54:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (01/17/2014 01:54:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (01/17/2014 01:54:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (01/17/2014 01:54:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: 
%%1060

Error: (01/17/2014 01:51:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (01/17/2014 01:51:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.


Microsoft Office Sessions:
=========================
Error: (06/02/2011 11:50:02 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/22/2010 10:47:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17478 seconds with 420 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-01-17 15:18:35.317
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\McAfee\Managed VirusScan\Temp\CIOFF6F.TMP\TPSTool.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-17 15:18:34.989
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\McAfee\Managed VirusScan\Temp\CIOFF6F.TMP\TPSTool.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-17 15:18:34.661
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\McAfee\Managed VirusScan\Temp\CIOFF6F.TMP\TPSTool.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-17 15:18:34.334
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\McAfee\Managed VirusScan\Temp\CIOFF6F.TMP\TPSTool.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-17 15:18:31.339
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\McAfee\Managed VirusScan\Temp\CIOFF69.TMP\TPSTool.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-17 15:18:31.042
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\McAfee\Managed VirusScan\Temp\CIOFF69.TMP\TPSTool.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-17 15:18:30.699
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\McAfee\Managed VirusScan\Temp\CIOFF69.TMP\TPSTool.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-17 15:18:30.356
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\McAfee\Managed VirusScan\Temp\CIOFF69.TMP\TPSTool.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-17 15:18:29.888
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\McAfee\Managed VirusScan\Temp\CIOFF67.TMP\TPSTool.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-17 15:18:29.560
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\McAfee\Managed VirusScan\Temp\CIOFF67.TMP\TPSTool.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 6135.08 MB
Available physical RAM: 4029.2 MB
Total Pagefile: 12268.34 MB
Available Pagefile: 10137.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:458.95 GB) (Free:50.18 GB) NTFS
Drive d: (DATA) (Fixed) (Total:459.46 GB) (Free:348.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E21407E9)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=459 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=459 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 18.01.2014, 08:03   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner nach Adobe Flash Player Update - Standard

Trojaner nach Adobe Flash Player Update



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
ZeroAccess:
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

ZeroAccess:
C:\Users\Susi_Harry\AppData\Local\d42df14e
C:\Users\Susi_Harry\AppData\Local\d42df14e\@
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.01.2014, 19:57   #5
Moppi11
 
Trojaner nach Adobe Flash Player Update - Standard

Trojaner nach Adobe Flash Player Update



Hallo Schrauber,
ich bin Deiner Anweisung genau gefolgt. Hier die Log Files.

FIXLOG.txt
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2014 03
Ran by Susi_Harry at 2014-01-18 10:57:31 Run:1
Running from C:\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ZeroAccess:
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

ZeroAccess:
C:\Users\Susi_Harry\AppData\Local\d42df14e
C:\Users\Susi_Harry\AppData\Local\d42df14e\@
*****************


"C:\Windows\assembly\tmp" directory move:

Could not move "C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}" => Scheduled to move on reboot.
Could not move "C:\Windows\assembly\tmp" directory. => Scheduled to move on reboot.

Could not move "C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}" => Scheduled to move on reboot.
C:\Users\Susi_Harry\AppData\Local\d42df14e => Moved successfully.
"C:\Users\Susi_Harry\AppData\Local\d42df14e\@" => File/Directory not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-18 11:01:13)<=

==> ATTENTION: System is not rebooted.
"C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}" => File could not move.
"C:\Windows\assembly\tmp" => Directory could not move.
"C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}" => File could not move.

==== End of Fixlog ====
         
ESET LOG
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=aaf593dcb057e74d8bea1b7b16e621c0
# engine=16700
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-18 02:25:31
# local_time=2014-01-18 03:25:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 16306104 141684981 0 0
# scanned=501671
# found=1
# cleaned=0
# scan_time=15305
sh=FACDE273326A8AEFF602544B484A5D8DFEA3A19A ft=0 fh=0000000000000000 vn="HTML/Fraud.BG trojan" ac=I fn="C:\Users\Susi_Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SUHN9HHZ\video-rewardz_com[1].htm"
         
CHECKUP.txt
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
McAfee© Total ProtectionT Service   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 McAfee Virus and Spyware Protection Service 
 McAfee SiteAdvisor Enterprise   
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 45  
 Java version out of Date! 
 Adobe Reader XI  
 Mozilla Firefox (26.0) 
````````Process Check: objlist.exe by Laurent````````  
 McAfee Managed VirusScan Agent myAgtSvc.Exe 
 McAfee Managed VirusScan Agent myAgtSvc.exe 
 McAfee Managed VirusScan DesktopUI XTray.exe 
 McAfee Managed VirusScan DesktopUI TOPSConsole.exe 
 McAfee Managed VirusScan Agent UpdDlg.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST LOG

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2014 03
Ran by admin (administrator) on ADMIN-PC on 18-01-2014 17:01:40
Running from C:\FRST
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\esClient.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSConnector.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\saHookMain.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\saHookMain.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSTrayApp.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
() C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_38_ActiveX.exe
() C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\TOPSConsole.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
() C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\UpdDlg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - E
HKLM\...\Run: [mwlDaemon] - E
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-09-29] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-09-29] (Acer Corp.)
HKLM-x32\...\Run: [MVS Splash] - C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe [480872 2012-11-13] ()
HKLM-x32\...\Run: [McAfee Managed Services Tray] - C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.Exe [480872 2012-11-13] ()
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300472 2010-05-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Alfred\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-12] (Google Inc.)
HKU\Alfred\...\Run: [PcSync] - C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
HKU\Alfred\...\Run: [InternetCalls] - "C:\Program Files (x86)\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
HKU\Alfred\...\Run: [SplitCam] - C:\Program Files (x86)\SplitCam\SplitCam.exe
HKU\Alfred\...\Policies\system: [LogonHoursAction] 2
HKU\Alfred\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\McAfeeMVSUser\...\Run: [PcSync] - C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
HKU\McAfeeMVSUser\...\Run: [InternetCalls] - "C:\Program Files (x86)\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
HKU\McAfeeMVSUser\...\Run: [Philips Intelligent Agent] - "C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
HKU\McAfeeMVSUser\...\Run: [SplitCam] - C:\Program Files (x86)\SplitCam\SplitCam.exe
HKU\McAfeeMVSUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\McAfeeMVSUser\...\Policies\system: [LogonHoursAction] 2
HKU\McAfeeMVSUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Susi_Harry\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-12] (Google Inc.)
HKU\Susi_Harry\...\Run: [PcSync] - C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
HKU\Susi_Harry\...\Run: [InternetCalls] - "C:\Program Files (x86)\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
HKU\Susi_Harry\...\Run: [Philips Intelligent Agent] - "C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
HKU\Susi_Harry\...\Run: [VirtualBrowseAloud] - C:\Users\Susi_Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFIKAPCY\Talande Webb.exe
HKU\Susi_Harry\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\Susi_Harry\...\Policies\system: [LogonHoursAction] 2
HKU\Susi_Harry\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm065^YYA^se&si=flvrunner&ptb=1459ABF5-92D8-4B5A-8043-FDD8798397C1&ind=2013111614&n=77fda53e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20131219135316.dll (McAfee, Inc.)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20131219135316.dll (McAfee, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - Gutscheinmieze\toolbar.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll (McAfee, Inc.)
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 83.255.245.11 193.150.193.150

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\m9dsssli.default
FF DefaultSearchEngine: foxsearch
FF SearchEngineOrder.1: foxsearch
FF SelectedSearchEngine: foxsearch
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.0.2.10 - C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\NPMcFFPlg.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-21]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-21]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011-01-12]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [feobgjncdknhelkhjpiejdbpliekmfaj] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McChPlg.crx [2013-09-10]
CHR HKLM-x32\...\Chrome\Extension: [feobgjncdknhelkhjpiejdbpliekmfaj] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McChPlg.crx [2013-09-10]

==================== Services (Whitelisted) =================

R2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [160800 2013-09-10] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241968 2013-08-07] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 myAgtSvc; C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [295920 2013-10-03] (McAfee, Inc.)
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)
R2 RumorServer; "C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" /RunDLL=RumorServer.dll;ServiceHost [x]

==================== Drivers (Whitelisted) ====================

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-25] (Samsung Electronics Co., Ltd.)
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2009-02-20] (Siemens Home and Office Communication Devices GmbH & Co. KG)
S3 GUCI_AVS; C:\Windows\System32\DRIVERS\GUCI_AVS.sys [646656 2010-06-10] (PixArt Imaging Incorporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 MfeAVFK; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-08-07] (McAfee, Inc.)
S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDk.sys [40904 2009-12-15] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [71240 2009-12-15] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]
S3 MFE_RR; \??\C:\Users\admin\AppData\Local\Temp\mfe_rr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-18 16:59 - 2014-01-18 16:59 - 00001189 _____ C:\Users\Public\Documents\checkup.txt
2014-01-18 16:56 - 2014-01-18 16:56 - 00987425 _____ C:\Users\admin\Downloads\SecurityCheck.exe
2014-01-18 10:56 - 2014-01-18 10:56 - 02076160 _____ (Farbar) C:\Users\Susi_Harry\Downloads\FRST64.exe
2014-01-18 10:55 - 2014-01-18 10:55 - 00000205 _____ C:\Users\Susi_Harry\Desktop\Fixlist.txt
2014-01-17 17:08 - 2014-01-17 17:09 - 00037454 _____ C:\Users\admin\Downloads\Addition.txt
2014-01-17 14:26 - 2014-01-17 17:09 - 00053823 _____ C:\Users\admin\Downloads\FRST.txt
2014-01-17 14:25 - 2014-01-18 17:01 - 00000000 ____D C:\FRST
2014-01-17 14:25 - 2014-01-17 14:25 - 02076160 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2014-01-17 14:02 - 2014-01-17 14:02 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL (1).exe
2014-01-17 13:51 - 2014-01-18 10:58 - 00000336 _____ C:\Windows\setupact.log
2014-01-17 13:51 - 2014-01-17 13:51 - 00000000 _____ C:\Windows\setuperr.log
2014-01-17 01:07 - 2014-01-17 01:07 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-17 00:30 - 2014-01-17 00:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2014-01-17 00:30 - 2014-01-17 00:30 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-17 00:26 - 2014-01-18 16:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-17 00:26 - 2014-01-17 00:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-17 00:26 - 2014-01-17 00:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-16 23:57 - 2014-01-16 23:57 - 01037068 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2014-01-16 23:56 - 2014-01-16 23:56 - 01037068 _____ (Thisisu) C:\Users\admin\Downloads\JRT.exe
2014-01-16 23:36 - 2014-01-18 10:57 - 00610625 _____ C:\Windows\WindowsUpdate.log
2014-01-16 23:28 - 2014-01-17 01:15 - 00000000 ____D C:\AdwCleaner
2014-01-16 23:22 - 2014-01-16 23:22 - 00020383 _____ C:\Users\Public\Documents\OTL.zip
2014-01-16 21:06 - 2014-01-17 14:23 - 00137980 _____ C:\Users\Public\Documents\OTL.Txt
2014-01-16 21:06 - 2014-01-16 21:01 - 00082410 _____ C:\Users\Public\Documents\Extras.Txt
2014-01-16 21:06 - 2014-01-16 20:53 - 00018022 _____ C:\Users\Public\Documents\CCleanerscan20140116.txt
2014-01-16 20:52 - 2014-01-17 01:09 - 00000000 ____D C:\Users\Public\Documents\CCleaner
2014-01-16 20:50 - 2014-01-17 01:07 - 00000000 ____D C:\Program Files\CCleaner
2014-01-16 20:50 - 2014-01-16 20:50 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-16 19:39 - 2014-01-17 14:19 - 00137980 _____ C:\Users\admin\Downloads\OTL.Txt
2014-01-16 19:39 - 2014-01-16 21:01 - 00082410 _____ C:\Users\admin\Downloads\Extras.Txt
2014-01-16 19:33 - 2014-01-16 19:33 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe
2014-01-16 18:25 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 18:25 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 18:25 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 18:25 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 18:25 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 18:25 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 18:25 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 18:25 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 18:25 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-16 14:44 - 2014-01-16 14:44 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2014-01-16 14:43 - 2014-01-16 14:43 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-16 14:43 - 2014-01-16 14:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-16 14:43 - 2014-01-16 14:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-16 14:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-16 14:38 - 2014-01-16 14:43 - 00000000 ____D C:\Program Files (x86)\stinger
2014-01-16 14:36 - 2014-01-16 14:37 - 00000404 _____ C:\Users\admin\Desktop\RootkitRemover_20140116_143654.log
2014-01-14 14:13 - 2014-01-14 14:13 - 00000000 ____D C:\Windows Home Server-Treiber für Wiederherstellung
2014-01-13 21:03 - 2014-01-13 21:04 - 00000000 ___HD C:\ProgramData\CanonIJScan
2014-01-11 17:07 - 2014-01-13 21:08 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2014-01-11 17:05 - 2014-01-11 17:06 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Canon
2014-01-11 17:04 - 2014-01-11 17:05 - 00000000 ____D C:\Users\Susi_Harry\Neuer Ordner
2014-01-11 16:55 - 2012-09-20 05:00 - 00393728 _____ (CANON INC.) C:\Windows\system32\CNMXLMBL.DLL
2014-01-11 16:49 - 2014-01-11 16:49 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2014-01-11 16:49 - 2012-09-21 09:33 - 00321024 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BLL.dll
2014-01-11 16:49 - 2012-05-25 09:21 - 00103936 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BLU.dll
2014-01-11 16:49 - 2012-05-15 15:58 - 00098048 _____ C:\Windows\SysWOW64\CNC176BD.TBL
2014-01-11 16:49 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2014-01-11 16:47 - 2014-01-11 16:47 - 00001985 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2014-01-11 16:47 - 2014-01-11 16:47 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2014-01-11 16:41 - 2014-01-11 16:41 - 00002316 _____ C:\Users\Public\Desktop\Canon MX920 series On-Screen-Handbuch.lnk
2014-01-11 16:41 - 2014-01-11 16:41 - 00000000 ____D C:\Program Files\Canon
2014-01-11 16:40 - 2014-01-11 16:41 - 00000000 ___HD C:\Program Files\CanonBJ
2014-01-11 16:40 - 2014-01-11 16:40 - 00000000 ____D C:\Windows\system32\STRING
2014-01-11 16:40 - 2012-07-31 09:48 - 00359936 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL
2014-01-11 16:40 - 2012-07-31 09:48 - 00039424 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL
2014-01-11 14:42 - 2014-01-11 14:42 - 00000000 ___HD C:\ProgramData\CanonIJFAX
2014-01-11 14:42 - 2014-01-11 14:42 - 00000000 ___HD C:\ProgramData\CanonBJ
2014-01-11 14:41 - 2012-09-21 09:34 - 00366080 _____ (CANON INC.) C:\Windows\system32\CNC_BLL.dll
2014-01-11 14:41 - 2012-09-21 05:00 - 00303104 _____ (CANON INC.) C:\Windows\system32\CNCALBL.DLL
2014-01-11 14:41 - 2012-09-20 05:00 - 00390656 _____ (CANON INC.) C:\Windows\system32\CNMLMBL.DLL
2014-01-11 14:41 - 2012-05-25 09:21 - 00282624 _____ (CANON INC.) C:\Windows\system32\CNC_BLC.dll
2014-01-11 14:41 - 2012-05-25 09:20 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_BLI.dll
2014-01-11 14:41 - 2012-05-15 15:58 - 00098048 _____ C:\Windows\system32\CNC176BD.TBL
2014-01-11 14:41 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2014-01-08 11:03 - 2014-01-08 11:08 - 00017408 _____ C:\Users\admin\AppData\Local\WebpageIcons.db
2014-01-08 11:03 - 2014-01-08 11:03 - 00000000 ____D C:\Users\admin\AppData\Local\Zattoo
2014-01-08 11:02 - 2014-01-15 17:37 - 00000000 ____D C:\Program Files (x86)\Zattoo4
2014-01-08 11:02 - 2014-01-08 11:02 - 00001832 _____ C:\Users\UpdatusUser\Desktop\Zattoo.lnk
2014-01-08 11:02 - 2014-01-08 11:02 - 00001832 _____ C:\Users\McAfeeMVSUser\Desktop\Zattoo.lnk
2014-01-08 11:02 - 2014-01-08 11:02 - 00001832 _____ C:\Users\Alfred\Desktop\Zattoo.lnk
2014-01-08 10:56 - 2014-01-08 10:56 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\concept design
2014-01-08 10:50 - 2014-01-15 17:34 - 00000000 ____D C:\Users\admin\AppData\Roaming\concept design
2013-12-29 10:56 - 2013-12-29 10:56 - 00001321 _____ C:\Users\Public\Desktop\Photomizer 2 Bresser Edition.lnk
2013-12-29 10:56 - 2013-12-29 10:56 - 00000000 ____D C:\Program Files (x86)\Engelmann Media
2013-12-29 10:54 - 2013-12-29 10:54 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\Engelmann Media
2013-12-29 10:36 - 2013-12-29 10:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\Engelmann Media
2013-12-29 10:36 - 2013-12-29 10:36 - 00000000 ____D C:\ProgramData\Licenses
2013-12-29 10:25 - 2013-06-06 14:44 - 08672840 ____R (ark) C:\Windows\system32\Drivers\PictureDll.sys
2013-12-29 10:25 - 2013-06-06 14:44 - 00381512 ____R (ark) C:\Windows\system32\Drivers\FaceDll.sys
2013-12-29 10:25 - 2013-06-06 14:44 - 00054088 ____R (usb camera) C:\Windows\system32\Drivers\usbcamcl.sys
2013-12-29 10:25 - 2013-06-06 14:44 - 00038472 ____R (usb camera) C:\Windows\system32\Drivers\usbDecode.sys
2013-12-29 10:25 - 2013-06-06 14:44 - 00014408 ____R (ark) C:\Windows\system32\Drivers\FilterDll.sys
2013-12-29 10:25 - 2001-05-11 13:18 - 00420240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg4c32.dll
2013-12-26 22:06 - 2013-12-26 22:06 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\BankID
2013-12-25 00:11 - 2013-12-25 00:11 - 00000093 _____ C:\Windows\WFT-E5Utility.INI
2013-12-25 00:02 - 2013-12-25 00:02 - 00000867 _____ C:\Users\Susi_Harry\.recently-used.xbel
2013-12-24 10:19 - 2013-12-24 10:19 - 00000000 ____D C:\ProgramData\InterAction studios
2013-12-24 10:17 - 2013-12-29 15:24 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alawar Games
2013-12-24 10:17 - 2013-12-24 10:19 - 00001887 _____ C:\Users\admin\Desktop\Alawar Games.lnk
2013-12-24 10:17 - 2013-12-24 10:17 - 00000000 ____D C:\Users\Public\Documents\AlawarWrapper
2013-12-24 10:17 - 2013-12-24 10:17 - 00000000 ____D C:\Program Files (x86)\Alawar
2013-12-24 10:06 - 2013-12-24 10:09 - 25700041 _____ C:\Users\Susi_Harry\Downloads\Chicken-Invaders-4-Ultimate(www.vatandownload.com).rar
2013-12-24 09:56 - 2013-12-24 09:56 - 00000000 ____D C:\Users\admin\AppData\Local\cache
2013-12-24 09:56 - 2013-12-24 09:56 - 00000000 ____D C:\Users\admin\.android
2013-12-24 09:56 - 2013-12-24 09:56 - 00000000 _____ C:\Users\admin\daemonprocess.txt
2013-12-21 12:39 - 2014-01-16 20:53 - 00000000 ____D C:\Users\admin\AppData\Roaming\Media Player Classic
2013-12-21 12:23 - 2013-12-21 12:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-21 12:18 - 2013-12-21 12:18 - 00000233 _____ C:\Windows\wininit.ini
2013-12-21 11:49 - 2013-12-21 11:49 - 00000000 ____D C:\Users\admin\AppData\Roaming\BankID
2013-12-21 11:48 - 2013-12-21 11:48 - 00000000 ____D C:\Program Files (x86)\BankID
2013-12-21 11:44 - 2014-01-16 23:30 - 00000999 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-20 02:44 - 2013-12-20 02:44 - 00002176 _____ C:\Users\Public\Desktop\Google Earth.lnk

==================== One Month Modified Files and Folders =======

2014-01-18 17:01 - 2014-01-17 14:25 - 00000000 ____D C:\FRST
2014-01-18 16:59 - 2014-01-18 16:59 - 00001189 _____ C:\Users\Public\Documents\checkup.txt
2014-01-18 16:56 - 2014-01-18 16:56 - 00987425 _____ C:\Users\admin\Downloads\SecurityCheck.exe
2014-01-18 16:42 - 2010-04-16 18:27 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-18 16:26 - 2014-01-17 00:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-18 13:42 - 2010-04-16 18:27 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-18 11:06 - 2012-01-07 20:12 - 00000392 _____ C:\Windows\Tasks\FinalTorrent Update Checker.job
2014-01-18 11:06 - 2009-07-14 05:45 - 00015088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-18 11:06 - 2009-07-14 05:45 - 00015088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-18 11:03 - 2010-04-08 04:38 - 00702942 _____ C:\Windows\system32\perfh007.dat
2014-01-18 11:03 - 2010-04-08 04:38 - 00150582 _____ C:\Windows\system32\perfc007.dat
2014-01-18 11:03 - 2009-07-14 06:13 - 01629284 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-18 10:58 - 2014-01-17 13:51 - 00000336 _____ C:\Windows\setupact.log
2014-01-18 10:58 - 2009-12-26 08:15 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-18 10:58 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-18 10:57 - 2014-01-16 23:36 - 00610625 _____ C:\Windows\WindowsUpdate.log
2014-01-18 10:56 - 2014-01-18 10:56 - 02076160 _____ (Farbar) C:\Users\Susi_Harry\Downloads\FRST64.exe
2014-01-18 10:55 - 2014-01-18 10:55 - 00000205 _____ C:\Users\Susi_Harry\Desktop\Fixlist.txt
2014-01-17 17:09 - 2014-01-17 17:08 - 00037454 _____ C:\Users\admin\Downloads\Addition.txt
2014-01-17 17:09 - 2014-01-17 14:26 - 00053823 _____ C:\Users\admin\Downloads\FRST.txt
2014-01-17 14:25 - 2014-01-17 14:25 - 02076160 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2014-01-17 14:23 - 2014-01-16 21:06 - 00137980 _____ C:\Users\Public\Documents\OTL.Txt
2014-01-17 14:19 - 2014-01-16 19:39 - 00137980 _____ C:\Users\admin\Downloads\OTL.Txt
2014-01-17 14:02 - 2014-01-17 14:02 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL (1).exe
2014-01-17 13:54 - 2009-07-14 05:45 - 00440784 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-17 13:51 - 2014-01-17 13:51 - 00000000 _____ C:\Windows\setuperr.log
2014-01-17 01:25 - 2009-10-12 23:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-17 01:24 - 2013-08-05 21:36 - 00000000 ____D C:\Windows\system32\MRT
2014-01-17 01:21 - 2010-04-09 17:15 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-17 01:15 - 2014-01-16 23:28 - 00000000 ____D C:\AdwCleaner
2014-01-17 01:09 - 2014-01-16 20:52 - 00000000 ____D C:\Users\Public\Documents\CCleaner
2014-01-17 01:07 - 2014-01-17 01:07 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-17 01:07 - 2014-01-16 20:50 - 00000000 ____D C:\Program Files\CCleaner
2014-01-17 00:31 - 2014-01-17 00:30 - 00000000 ____D C:\Program Files (x86)\QuickTime
2014-01-17 00:30 - 2014-01-17 00:30 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-17 00:26 - 2014-01-17 00:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-17 00:26 - 2014-01-17 00:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-17 00:26 - 2012-06-27 11:04 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-17 00:26 - 2010-04-07 20:27 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2014-01-16 23:57 - 2014-01-16 23:57 - 01037068 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2014-01-16 23:56 - 2014-01-16 23:56 - 01037068 _____ (Thisisu) C:\Users\admin\Downloads\JRT.exe
2014-01-16 23:30 - 2013-12-21 11:44 - 00000999 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-16 23:30 - 2011-01-11 21:05 - 00000969 _____ C:\Users\admin\Desktop\Internet Explorer.lnk
2014-01-16 23:30 - 2010-05-05 13:17 - 00001013 _____ C:\Users\admin\Desktop\Mozilla Firefox.lnk
2014-01-16 23:22 - 2014-01-16 23:22 - 00020383 _____ C:\Users\Public\Documents\OTL.zip
2014-01-16 21:01 - 2014-01-16 21:06 - 00082410 _____ C:\Users\Public\Documents\Extras.Txt
2014-01-16 21:01 - 2014-01-16 19:39 - 00082410 _____ C:\Users\admin\Downloads\Extras.Txt
2014-01-16 20:53 - 2014-01-16 21:06 - 00018022 _____ C:\Users\Public\Documents\CCleanerscan20140116.txt
2014-01-16 20:53 - 2013-12-21 12:39 - 00000000 ____D C:\Users\admin\AppData\Roaming\Media Player Classic
2014-01-16 20:53 - 2011-06-22 20:09 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2014-01-16 20:53 - 2009-10-13 00:02 - 00000000 ____D C:\Windows\Panther
2014-01-16 20:50 - 2014-01-16 20:50 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-16 19:33 - 2014-01-16 19:33 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe
2014-01-16 19:18 - 2009-10-12 23:29 - 00000000 ____D C:\Program Files (x86)\Acer GameZone
2014-01-16 19:17 - 2009-10-12 23:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-16 19:16 - 2011-12-14 21:57 - 00000000 ____D C:\ProgramData\eMule
2014-01-16 19:13 - 2012-10-20 08:19 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\uTorrent
2014-01-16 14:44 - 2014-01-16 14:44 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2014-01-16 14:43 - 2014-01-16 14:43 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-16 14:43 - 2014-01-16 14:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-16 14:43 - 2014-01-16 14:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-16 14:43 - 2014-01-16 14:38 - 00000000 ____D C:\Program Files (x86)\stinger
2014-01-16 14:37 - 2014-01-16 14:36 - 00000404 _____ C:\Users\admin\Desktop\RootkitRemover_20140116_143654.log
2014-01-15 17:37 - 2014-01-08 11:02 - 00000000 ____D C:\Program Files (x86)\Zattoo4
2014-01-15 17:36 - 2012-02-07 19:23 - 00000000 ____D C:\Program Files (x86)\Free Video Converter
2014-01-15 17:34 - 2014-01-08 10:50 - 00000000 ____D C:\Users\admin\AppData\Roaming\concept design
2014-01-15 17:34 - 2013-09-21 08:58 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2014-01-14 14:13 - 2014-01-14 14:13 - 00000000 ____D C:\Windows Home Server-Treiber für Wiederherstellung
2014-01-14 14:13 - 2010-04-09 18:00 - 00000000 ____D C:\Windows\system32\(SYSTEM RESERVED)
2014-01-13 21:08 - 2014-01-11 17:07 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2014-01-13 21:04 - 2014-01-13 21:03 - 00000000 ___HD C:\ProgramData\CanonIJScan
2014-01-13 21:04 - 2013-04-06 07:31 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\Canon
2014-01-13 17:45 - 2010-04-09 14:34 - 00000000 ____D C:\Users\Susi_Harry\AppData\Local\VirtualStore
2014-01-12 19:00 - 2011-06-22 19:09 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\Skype
2014-01-11 17:06 - 2014-01-11 17:05 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Canon
2014-01-11 17:05 - 2014-01-11 17:04 - 00000000 ____D C:\Users\Susi_Harry\Neuer Ordner
2014-01-11 17:04 - 2010-04-09 14:33 - 00000000 ____D C:\Users\Susi_Harry
2014-01-11 17:00 - 2012-11-04 14:06 - 00000000 ____D C:\Users\admin\AppData\Roaming\canon
2014-01-11 17:00 - 2012-11-04 13:03 - 00000000 ____D C:\Program Files (x86)\Canon
2014-01-11 16:49 - 2014-01-11 16:49 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2014-01-11 16:49 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Media
2014-01-11 16:47 - 2014-01-11 16:47 - 00001985 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2014-01-11 16:47 - 2014-01-11 16:47 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2014-01-11 16:41 - 2014-01-11 16:41 - 00002316 _____ C:\Users\Public\Desktop\Canon MX920 series On-Screen-Handbuch.lnk
2014-01-11 16:41 - 2014-01-11 16:41 - 00000000 ____D C:\Program Files\Canon
2014-01-11 16:41 - 2014-01-11 16:40 - 00000000 ___HD C:\Program Files\CanonBJ
2014-01-11 16:40 - 2014-01-11 16:40 - 00000000 ____D C:\Windows\system32\STRING
2014-01-11 15:50 - 2011-06-25 21:48 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Skype
2014-01-11 15:41 - 2010-07-13 17:59 - 00000000 ____D C:\Program Files (x86)\Samsung
2014-01-11 14:42 - 2014-01-11 14:42 - 00000000 ___HD C:\ProgramData\CanonIJFAX
2014-01-11 14:42 - 2014-01-11 14:42 - 00000000 ___HD C:\ProgramData\CanonBJ
2014-01-09 17:18 - 2011-05-14 10:50 - 00000121 _____ C:\Users\Public\LMDebug.log
2014-01-08 13:13 - 2010-05-14 14:25 - 01602628 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-08 13:00 - 2011-12-14 22:25 - 00000000 ____D C:\Program Files (x86)\DivX
2014-01-08 13:00 - 2011-12-14 22:24 - 00000000 ____D C:\ProgramData\DivX
2014-01-08 11:08 - 2014-01-08 11:03 - 00017408 _____ C:\Users\admin\AppData\Local\WebpageIcons.db
2014-01-08 11:03 - 2014-01-08 11:03 - 00000000 ____D C:\Users\admin\AppData\Local\Zattoo
2014-01-08 11:02 - 2014-01-08 11:02 - 00001832 _____ C:\Users\UpdatusUser\Desktop\Zattoo.lnk
2014-01-08 11:02 - 2014-01-08 11:02 - 00001832 _____ C:\Users\McAfeeMVSUser\Desktop\Zattoo.lnk
2014-01-08 11:02 - 2014-01-08 11:02 - 00001832 _____ C:\Users\Alfred\Desktop\Zattoo.lnk
2014-01-08 10:56 - 2014-01-08 10:56 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\concept design
2014-01-08 07:15 - 2012-02-18 17:03 - 00000000 ____D C:\Users\Susi_Harry\Documents\HENRIK
2013-12-29 15:24 - 2013-12-24 10:17 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alawar Games
2013-12-29 10:56 - 2013-12-29 10:56 - 00001321 _____ C:\Users\Public\Desktop\Photomizer 2 Bresser Edition.lnk
2013-12-29 10:56 - 2013-12-29 10:56 - 00000000 ____D C:\Program Files (x86)\Engelmann Media
2013-12-29 10:54 - 2013-12-29 10:54 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\Engelmann Media
2013-12-29 10:54 - 2010-04-07 19:05 - 00000000 ____D C:\Users\admin
2013-12-29 10:36 - 2013-12-29 10:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\Engelmann Media
2013-12-29 10:36 - 2013-12-29 10:36 - 00000000 ____D C:\ProgramData\Licenses
2013-12-29 10:25 - 2009-07-14 03:34 - 00000742 _____ C:\Windows\win.ini
2013-12-26 22:06 - 2013-12-26 22:06 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\BankID
2013-12-25 00:11 - 2013-12-25 00:11 - 00000093 _____ C:\Windows\WFT-E5Utility.INI
2013-12-25 00:08 - 2010-11-16 15:05 - 00000000 ____D C:\Users\Susi_Harry\.gimp-2.6
2013-12-25 00:02 - 2013-12-25 00:02 - 00000867 _____ C:\Users\Susi_Harry\.recently-used.xbel
2013-12-24 10:19 - 2013-12-24 10:19 - 00000000 ____D C:\ProgramData\InterAction studios
2013-12-24 10:19 - 2013-12-24 10:17 - 00001887 _____ C:\Users\admin\Desktop\Alawar Games.lnk
2013-12-24 10:17 - 2013-12-24 10:17 - 00000000 ____D C:\Users\Public\Documents\AlawarWrapper
2013-12-24 10:17 - 2013-12-24 10:17 - 00000000 ____D C:\Program Files (x86)\Alawar
2013-12-24 10:09 - 2013-12-24 10:06 - 25700041 _____ C:\Users\Susi_Harry\Downloads\Chicken-Invaders-4-Ultimate(www.vatandownload.com).rar
2013-12-24 09:56 - 2013-12-24 09:56 - 00000000 ____D C:\Users\admin\AppData\Local\cache
2013-12-24 09:56 - 2013-12-24 09:56 - 00000000 ____D C:\Users\admin\.android
2013-12-24 09:56 - 2013-12-24 09:56 - 00000000 _____ C:\Users\admin\daemonprocess.txt
2013-12-22 18:08 - 2013-09-02 07:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 12:39 - 2011-12-14 22:26 - 00000000 ____D C:\Users\admin\AppData\Roaming\DivX
2013-12-21 12:29 - 2011-07-05 16:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-21 12:29 - 2011-07-05 16:50 - 00000000 ____D C:\ProgramData\Skype
2013-12-21 12:24 - 2013-12-21 12:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-21 12:24 - 2010-04-23 17:32 - 00000000 ____D C:\Users\admin\AppData\Local\Mozilla
2013-12-21 12:18 - 2013-12-21 12:18 - 00000233 _____ C:\Windows\wininit.ini
2013-12-21 12:08 - 2011-12-14 22:25 - 00000000 ____D C:\Program Files\DivX
2013-12-21 11:49 - 2013-12-21 11:49 - 00000000 ____D C:\Users\admin\AppData\Roaming\BankID
2013-12-21 11:48 - 2013-12-21 11:48 - 00000000 ____D C:\Program Files (x86)\BankID
2013-12-21 11:42 - 2010-05-14 14:54 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-20 02:44 - 2013-12-20 02:44 - 00002176 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-20 02:44 - 2009-10-12 23:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-19 18:00 - 2013-12-18 15:36 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\Rovio Entertainment Ltd
2013-12-19 13:52 - 2010-05-14 14:54 - 00000000 ____D C:\ProgramData\McAfee

ZeroAccess:
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

Files to move or delete:
====================
C:\Users\Public\hosts.dat


Some content of TEMP:
====================
C:\Users\Alfred\AppData\Local\Temp\DivXSetup.exe
C:\Users\Alfred\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Alfred\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Susi_Harry\AppData\Local\Temp\contentDATs.exe
C:\Users\Susi_Harry\AppData\Local\Temp\DivXSetup.exe
C:\Users\Susi_Harry\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Susi_Harry\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Susi_Harry\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Susi_Harry\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Susi_Harry\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Susi_Harry\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Susi_Harry\AppData\Local\Temp\utt619E.tmp.exe
C:\Users\Susi_Harry\AppData\Local\Temp\utt67D1.tmp.exe
C:\Users\Susi_Harry\AppData\Local\Temp\_isFD84.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 08:02

==================== End Of Log ============================
         
--- --- ---


Alt 19.01.2014, 10:40   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner nach Adobe Flash Player Update - Standard

Trojaner nach Adobe Flash Player Update



Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
ZeroAccess:
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Rechner danach manuell neu starten. Frisches FRST log bitte.

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.


__________________
--> Trojaner nach Adobe Flash Player Update

Alt 19.01.2014, 14:41   #7
Moppi11
 
Trojaner nach Adobe Flash Player Update - Standard

Trojaner nach Adobe Flash Player Update



Hallo Schrauber,
Java ist aktualisiert und bin Deinen Anweisungen gefolgt. Unten findest Du die Logfiles.

Fixlog

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2014 03
Ran by admin at 2014-01-19 11:35:07 Run:2
Running from C:\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ZeroAccess:
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
*****************

C:\Windows\assembly\tmp => Moved successfully.
"C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}" => File/Directory not found.

==== End of Fixlog ====
         
FRST txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2014 03
Ran by admin (administrator) on ADMIN-PC on 19-01-2014 11:41:22
Running from C:\FRST
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\esClient.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\saHookMain.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\saHookMain.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSConnector.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
() C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSTrayApp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_38_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - E
HKLM\...\Run: [mwlDaemon] - E
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-09-29] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-09-29] (Acer Corp.)
HKLM-x32\...\Run: [MVS Splash] - C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe [480872 2012-11-13] ()
HKLM-x32\...\Run: [McAfee Managed Services Tray] - C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.Exe [480872 2012-11-13] ()
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300472 2010-05-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-03-20] (Samsung Electronics)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Alfred\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-12] (Google Inc.)
HKU\Alfred\...\Run: [PcSync] - C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
HKU\Alfred\...\Run: [InternetCalls] - "C:\Program Files (x86)\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
HKU\Alfred\...\Run: [SplitCam] - C:\Program Files (x86)\SplitCam\SplitCam.exe
HKU\Alfred\...\Policies\system: [LogonHoursAction] 2
HKU\Alfred\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\McAfeeMVSUser\...\Run: [PcSync] - C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
HKU\McAfeeMVSUser\...\Run: [InternetCalls] - "C:\Program Files (x86)\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
HKU\McAfeeMVSUser\...\Run: [Philips Intelligent Agent] - "C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
HKU\McAfeeMVSUser\...\Run: [SplitCam] - C:\Program Files (x86)\SplitCam\SplitCam.exe
HKU\McAfeeMVSUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\McAfeeMVSUser\...\Policies\system: [LogonHoursAction] 2
HKU\McAfeeMVSUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Susi_Harry\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-12] (Google Inc.)
HKU\Susi_Harry\...\Run: [PcSync] - C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
HKU\Susi_Harry\...\Run: [InternetCalls] - "C:\Program Files (x86)\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
HKU\Susi_Harry\...\Run: [Philips Intelligent Agent] - "C:\Program Files (x86)\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
HKU\Susi_Harry\...\Run: [VirtualBrowseAloud] - C:\Users\Susi_Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFIKAPCY\Talande Webb.exe
HKU\Susi_Harry\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\Susi_Harry\...\Policies\system: [LogonHoursAction] 2
HKU\Susi_Harry\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm065^YYA^se&si=flvrunner&ptb=1459ABF5-92D8-4B5A-8043-FDD8798397C1&ind=2013111614&n=77fda53e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20131219135316.dll (McAfee, Inc.)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20131219135316.dll (McAfee, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - Gutscheinmieze\toolbar.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll (McAfee, Inc.)
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 83.255.245.11 193.150.193.150

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\m9dsssli.default
FF DefaultSearchEngine: foxsearch
FF SearchEngineOrder.1: foxsearch
FF SelectedSearchEngine: foxsearch
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.0.2.10 - C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\NPMcFFPlg.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-21]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-21]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011-01-12]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [feobgjncdknhelkhjpiejdbpliekmfaj] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McChPlg.crx [2013-09-10]
CHR HKLM-x32\...\Chrome\Extension: [feobgjncdknhelkhjpiejdbpliekmfaj] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McChPlg.crx [2013-09-10]

==================== Services (Whitelisted) =================

R2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [160800 2013-09-10] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241968 2013-08-07] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 myAgtSvc; C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [295920 2013-10-03] (McAfee, Inc.)
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)
R2 RumorServer; "C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" /RunDLL=RumorServer.dll;ServiceHost [x]

==================== Drivers (Whitelisted) ====================

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-25] (Samsung Electronics Co., Ltd.)
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2009-02-20] (Siemens Home and Office Communication Devices GmbH & Co. KG)
S3 GUCI_AVS; C:\Windows\System32\DRIVERS\GUCI_AVS.sys [646656 2010-06-10] (PixArt Imaging Incorporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 MfeAVFK; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-08-07] (McAfee, Inc.)
S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDk.sys [40904 2009-12-15] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [71240 2009-12-15] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]
S3 MFE_RR; \??\C:\Users\admin\AppData\Local\Temp\mfe_rr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-19 11:27 - 2014-01-19 11:27 - 00005402 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 11:27 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-19 11:27 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-19 11:27 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-19 11:27 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-18 19:59 - 2014-01-18 19:59 - 00000834 _____ C:\Windows\PFRO.log
2014-01-18 19:47 - 2014-01-18 19:47 - 00054456 _____ C:\Users\Public\Documents\FRST2.txt
2014-01-18 16:59 - 2014-01-18 16:59 - 00001189 _____ C:\Users\Public\Documents\checkup.txt
2014-01-18 16:56 - 2014-01-18 16:56 - 00987425 _____ C:\Users\admin\Downloads\SecurityCheck.exe
2014-01-18 10:56 - 2014-01-18 10:56 - 02076160 _____ (Farbar) C:\Users\Susi_Harry\Downloads\FRST64.exe
2014-01-18 10:55 - 2014-01-18 10:55 - 00000205 _____ C:\Users\Susi_Harry\Desktop\Fixlist.txt
2014-01-17 17:08 - 2014-01-17 17:09 - 00037454 _____ C:\Users\admin\Downloads\Addition.txt
2014-01-17 14:26 - 2014-01-17 17:09 - 00053823 _____ C:\Users\admin\Downloads\FRST.txt
2014-01-17 14:25 - 2014-01-19 11:41 - 00000000 ____D C:\FRST
2014-01-17 14:25 - 2014-01-17 14:25 - 02076160 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2014-01-17 14:02 - 2014-01-17 14:02 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL (1).exe
2014-01-17 13:51 - 2014-01-19 11:37 - 00000616 _____ C:\Windows\setupact.log
2014-01-17 13:51 - 2014-01-17 13:51 - 00000000 _____ C:\Windows\setuperr.log
2014-01-17 01:07 - 2014-01-17 01:07 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-17 00:30 - 2014-01-17 00:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2014-01-17 00:30 - 2014-01-17 00:30 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-17 00:26 - 2014-01-19 11:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-17 00:26 - 2014-01-17 00:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-17 00:26 - 2014-01-17 00:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-16 23:57 - 2014-01-16 23:57 - 01037068 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2014-01-16 23:56 - 2014-01-16 23:56 - 01037068 _____ (Thisisu) C:\Users\admin\Downloads\JRT.exe
2014-01-16 23:36 - 2014-01-19 11:36 - 00643069 _____ C:\Windows\WindowsUpdate.log
2014-01-16 23:28 - 2014-01-17 01:15 - 00000000 ____D C:\AdwCleaner
2014-01-16 23:22 - 2014-01-16 23:22 - 00020383 _____ C:\Users\Public\Documents\OTL.zip
2014-01-16 21:06 - 2014-01-17 14:23 - 00137980 _____ C:\Users\Public\Documents\OTL.Txt
2014-01-16 21:06 - 2014-01-16 21:01 - 00082410 _____ C:\Users\Public\Documents\Extras.Txt
2014-01-16 21:06 - 2014-01-16 20:53 - 00018022 _____ C:\Users\Public\Documents\CCleanerscan20140116.txt
2014-01-16 20:52 - 2014-01-17 01:09 - 00000000 ____D C:\Users\Public\Documents\CCleaner
2014-01-16 20:50 - 2014-01-17 01:07 - 00000000 ____D C:\Program Files\CCleaner
2014-01-16 20:50 - 2014-01-16 20:50 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-16 19:39 - 2014-01-17 14:19 - 00137980 _____ C:\Users\admin\Downloads\OTL.Txt
2014-01-16 19:39 - 2014-01-16 21:01 - 00082410 _____ C:\Users\admin\Downloads\Extras.Txt
2014-01-16 19:33 - 2014-01-16 19:33 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe
2014-01-16 18:25 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 18:25 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 18:25 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 18:25 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 18:25 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 18:25 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 18:25 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 18:25 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 18:25 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-16 14:44 - 2014-01-16 14:44 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2014-01-16 14:43 - 2014-01-16 14:43 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-16 14:43 - 2014-01-16 14:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-16 14:43 - 2014-01-16 14:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-16 14:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-16 14:38 - 2014-01-16 14:43 - 00000000 ____D C:\Program Files (x86)\stinger
2014-01-16 14:36 - 2014-01-16 14:37 - 00000404 _____ C:\Users\admin\Desktop\RootkitRemover_20140116_143654.log
2014-01-14 14:13 - 2014-01-14 14:13 - 00000000 ____D C:\Windows Home Server-Treiber für Wiederherstellung
2014-01-13 21:03 - 2014-01-13 21:04 - 00000000 ___HD C:\ProgramData\CanonIJScan
2014-01-11 17:07 - 2014-01-13 21:08 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2014-01-11 17:05 - 2014-01-11 17:06 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Canon
2014-01-11 17:04 - 2014-01-11 17:05 - 00000000 ____D C:\Users\Susi_Harry\Neuer Ordner
2014-01-11 16:55 - 2012-09-20 05:00 - 00393728 _____ (CANON INC.) C:\Windows\system32\CNMXLMBL.DLL
2014-01-11 16:49 - 2014-01-11 16:49 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2014-01-11 16:49 - 2012-09-21 09:33 - 00321024 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BLL.dll
2014-01-11 16:49 - 2012-05-25 09:21 - 00103936 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BLU.dll
2014-01-11 16:49 - 2012-05-15 15:58 - 00098048 _____ C:\Windows\SysWOW64\CNC176BD.TBL
2014-01-11 16:49 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2014-01-11 16:47 - 2014-01-11 16:47 - 00001985 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2014-01-11 16:47 - 2014-01-11 16:47 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2014-01-11 16:41 - 2014-01-11 16:41 - 00002316 _____ C:\Users\Public\Desktop\Canon MX920 series On-Screen-Handbuch.lnk
2014-01-11 16:41 - 2014-01-11 16:41 - 00000000 ____D C:\Program Files\Canon
2014-01-11 16:40 - 2014-01-11 16:41 - 00000000 ___HD C:\Program Files\CanonBJ
2014-01-11 16:40 - 2014-01-11 16:40 - 00000000 ____D C:\Windows\system32\STRING
2014-01-11 16:40 - 2012-07-31 09:48 - 00359936 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL
2014-01-11 16:40 - 2012-07-31 09:48 - 00039424 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL
2014-01-11 14:42 - 2014-01-11 14:42 - 00000000 ___HD C:\ProgramData\CanonIJFAX
2014-01-11 14:42 - 2014-01-11 14:42 - 00000000 ___HD C:\ProgramData\CanonBJ
2014-01-11 14:41 - 2012-09-21 09:34 - 00366080 _____ (CANON INC.) C:\Windows\system32\CNC_BLL.dll
2014-01-11 14:41 - 2012-09-21 05:00 - 00303104 _____ (CANON INC.) C:\Windows\system32\CNCALBL.DLL
2014-01-11 14:41 - 2012-09-20 05:00 - 00390656 _____ (CANON INC.) C:\Windows\system32\CNMLMBL.DLL
2014-01-11 14:41 - 2012-05-25 09:21 - 00282624 _____ (CANON INC.) C:\Windows\system32\CNC_BLC.dll
2014-01-11 14:41 - 2012-05-25 09:20 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNC_BLI.dll
2014-01-11 14:41 - 2012-05-15 15:58 - 00098048 _____ C:\Windows\system32\CNC176BD.TBL
2014-01-11 14:41 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2014-01-08 11:03 - 2014-01-08 11:08 - 00017408 _____ C:\Users\admin\AppData\Local\WebpageIcons.db
2014-01-08 11:03 - 2014-01-08 11:03 - 00000000 ____D C:\Users\admin\AppData\Local\Zattoo
2014-01-08 11:02 - 2014-01-15 17:37 - 00000000 ____D C:\Program Files (x86)\Zattoo4
2014-01-08 11:02 - 2014-01-08 11:02 - 00001832 _____ C:\Users\UpdatusUser\Desktop\Zattoo.lnk
2014-01-08 11:02 - 2014-01-08 11:02 - 00001832 _____ C:\Users\McAfeeMVSUser\Desktop\Zattoo.lnk
2014-01-08 11:02 - 2014-01-08 11:02 - 00001832 _____ C:\Users\Alfred\Desktop\Zattoo.lnk
2014-01-08 10:56 - 2014-01-08 10:56 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\concept design
2014-01-08 10:50 - 2014-01-15 17:34 - 00000000 ____D C:\Users\admin\AppData\Roaming\concept design
2013-12-29 10:56 - 2013-12-29 10:56 - 00001321 _____ C:\Users\Public\Desktop\Photomizer 2 Bresser Edition.lnk
2013-12-29 10:56 - 2013-12-29 10:56 - 00000000 ____D C:\Program Files (x86)\Engelmann Media
2013-12-29 10:54 - 2013-12-29 10:54 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\Engelmann Media
2013-12-29 10:36 - 2013-12-29 10:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\Engelmann Media
2013-12-29 10:36 - 2013-12-29 10:36 - 00000000 ____D C:\ProgramData\Licenses
2013-12-29 10:25 - 2013-06-06 14:44 - 08672840 ____R (ark) C:\Windows\system32\Drivers\PictureDll.sys
2013-12-29 10:25 - 2013-06-06 14:44 - 00381512 ____R (ark) C:\Windows\system32\Drivers\FaceDll.sys
2013-12-29 10:25 - 2013-06-06 14:44 - 00054088 ____R (usb camera) C:\Windows\system32\Drivers\usbcamcl.sys
2013-12-29 10:25 - 2013-06-06 14:44 - 00038472 ____R (usb camera) C:\Windows\system32\Drivers\usbDecode.sys
2013-12-29 10:25 - 2013-06-06 14:44 - 00014408 ____R (ark) C:\Windows\system32\Drivers\FilterDll.sys
2013-12-29 10:25 - 2001-05-11 13:18 - 00420240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg4c32.dll
2013-12-26 22:06 - 2013-12-26 22:06 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\BankID
2013-12-25 00:11 - 2013-12-25 00:11 - 00000093 _____ C:\Windows\WFT-E5Utility.INI
2013-12-25 00:02 - 2013-12-25 00:02 - 00000867 _____ C:\Users\Susi_Harry\.recently-used.xbel
2013-12-24 10:19 - 2013-12-24 10:19 - 00000000 ____D C:\ProgramData\InterAction studios
2013-12-24 10:17 - 2013-12-29 15:24 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alawar Games
2013-12-24 10:17 - 2013-12-24 10:19 - 00001887 _____ C:\Users\admin\Desktop\Alawar Games.lnk
2013-12-24 10:17 - 2013-12-24 10:17 - 00000000 ____D C:\Users\Public\Documents\AlawarWrapper
2013-12-24 10:17 - 2013-12-24 10:17 - 00000000 ____D C:\Program Files (x86)\Alawar
2013-12-24 10:06 - 2013-12-24 10:09 - 25700041 _____ C:\Users\Susi_Harry\Downloads\Chicken-Invaders-4-Ultimate(www.vatandownload.com).rar
2013-12-24 09:56 - 2013-12-24 09:56 - 00000000 ____D C:\Users\admin\AppData\Local\cache
2013-12-24 09:56 - 2013-12-24 09:56 - 00000000 ____D C:\Users\admin\.android
2013-12-24 09:56 - 2013-12-24 09:56 - 00000000 _____ C:\Users\admin\daemonprocess.txt
2013-12-21 12:39 - 2014-01-16 20:53 - 00000000 ____D C:\Users\admin\AppData\Roaming\Media Player Classic
2013-12-21 12:23 - 2013-12-21 12:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-21 12:18 - 2013-12-21 12:18 - 00000233 _____ C:\Windows\wininit.ini
2013-12-21 11:49 - 2013-12-21 11:49 - 00000000 ____D C:\Users\admin\AppData\Roaming\BankID
2013-12-21 11:48 - 2013-12-21 11:48 - 00000000 ____D C:\Program Files (x86)\BankID
2013-12-21 11:44 - 2014-01-16 23:30 - 00000999 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-20 02:44 - 2013-12-20 02:44 - 00002176 _____ C:\Users\Public\Desktop\Google Earth.lnk

==================== One Month Modified Files and Folders =======

2014-01-19 11:42 - 2010-04-16 18:27 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-19 11:41 - 2014-01-17 14:25 - 00000000 ____D C:\FRST
2014-01-19 11:38 - 2012-01-07 20:12 - 00000392 _____ C:\Windows\Tasks\FinalTorrent Update Checker.job
2014-01-19 11:38 - 2010-04-16 18:27 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-19 11:37 - 2014-01-17 13:51 - 00000616 _____ C:\Windows\setupact.log
2014-01-19 11:37 - 2009-12-26 08:15 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-19 11:37 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-19 11:36 - 2014-01-16 23:36 - 00643069 _____ C:\Windows\WindowsUpdate.log
2014-01-19 11:30 - 2009-07-14 05:45 - 00015088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-19 11:30 - 2009-07-14 05:45 - 00015088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-19 11:28 - 2013-09-28 17:46 - 00000000 ____D C:\ProgramData\Oracle
2014-01-19 11:27 - 2014-01-19 11:27 - 00005402 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 11:27 - 2010-04-24 16:59 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-19 11:27 - 2010-04-08 04:38 - 00702942 _____ C:\Windows\system32\perfh007.dat
2014-01-19 11:27 - 2010-04-08 04:38 - 00150582 _____ C:\Windows\system32\perfc007.dat
2014-01-19 11:27 - 2009-07-14 06:13 - 01629284 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-19 11:26 - 2014-01-17 00:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-18 19:59 - 2014-01-18 19:59 - 00000834 _____ C:\Windows\PFRO.log
2014-01-18 19:47 - 2014-01-18 19:47 - 00054456 _____ C:\Users\Public\Documents\FRST2.txt
2014-01-18 16:59 - 2014-01-18 16:59 - 00001189 _____ C:\Users\Public\Documents\checkup.txt
2014-01-18 16:56 - 2014-01-18 16:56 - 00987425 _____ C:\Users\admin\Downloads\SecurityCheck.exe
2014-01-18 10:56 - 2014-01-18 10:56 - 02076160 _____ (Farbar) C:\Users\Susi_Harry\Downloads\FRST64.exe
2014-01-18 10:55 - 2014-01-18 10:55 - 00000205 _____ C:\Users\Susi_Harry\Desktop\Fixlist.txt
2014-01-17 17:09 - 2014-01-17 17:08 - 00037454 _____ C:\Users\admin\Downloads\Addition.txt
2014-01-17 17:09 - 2014-01-17 14:26 - 00053823 _____ C:\Users\admin\Downloads\FRST.txt
2014-01-17 14:25 - 2014-01-17 14:25 - 02076160 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2014-01-17 14:23 - 2014-01-16 21:06 - 00137980 _____ C:\Users\Public\Documents\OTL.Txt
2014-01-17 14:19 - 2014-01-16 19:39 - 00137980 _____ C:\Users\admin\Downloads\OTL.Txt
2014-01-17 14:02 - 2014-01-17 14:02 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL (1).exe
2014-01-17 13:54 - 2009-07-14 05:45 - 00440784 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-17 13:51 - 2014-01-17 13:51 - 00000000 _____ C:\Windows\setuperr.log
2014-01-17 01:25 - 2009-10-12 23:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-17 01:24 - 2013-08-05 21:36 - 00000000 ____D C:\Windows\system32\MRT
2014-01-17 01:21 - 2010-04-09 17:15 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-17 01:15 - 2014-01-16 23:28 - 00000000 ____D C:\AdwCleaner
2014-01-17 01:09 - 2014-01-16 20:52 - 00000000 ____D C:\Users\Public\Documents\CCleaner
2014-01-17 01:07 - 2014-01-17 01:07 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-17 01:07 - 2014-01-16 20:50 - 00000000 ____D C:\Program Files\CCleaner
2014-01-17 00:31 - 2014-01-17 00:30 - 00000000 ____D C:\Program Files (x86)\QuickTime
2014-01-17 00:30 - 2014-01-17 00:30 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-17 00:26 - 2014-01-17 00:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-17 00:26 - 2014-01-17 00:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-17 00:26 - 2012-06-27 11:04 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-17 00:26 - 2010-04-07 20:27 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2014-01-16 23:57 - 2014-01-16 23:57 - 01037068 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2014-01-16 23:56 - 2014-01-16 23:56 - 01037068 _____ (Thisisu) C:\Users\admin\Downloads\JRT.exe
2014-01-16 23:30 - 2013-12-21 11:44 - 00000999 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-16 23:30 - 2011-01-11 21:05 - 00000969 _____ C:\Users\admin\Desktop\Internet Explorer.lnk
2014-01-16 23:30 - 2010-05-05 13:17 - 00001013 _____ C:\Users\admin\Desktop\Mozilla Firefox.lnk
2014-01-16 23:22 - 2014-01-16 23:22 - 00020383 _____ C:\Users\Public\Documents\OTL.zip
2014-01-16 21:01 - 2014-01-16 21:06 - 00082410 _____ C:\Users\Public\Documents\Extras.Txt
2014-01-16 21:01 - 2014-01-16 19:39 - 00082410 _____ C:\Users\admin\Downloads\Extras.Txt
2014-01-16 20:53 - 2014-01-16 21:06 - 00018022 _____ C:\Users\Public\Documents\CCleanerscan20140116.txt
2014-01-16 20:53 - 2013-12-21 12:39 - 00000000 ____D C:\Users\admin\AppData\Roaming\Media Player Classic
2014-01-16 20:53 - 2011-06-22 20:09 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2014-01-16 20:53 - 2009-10-13 00:02 - 00000000 ____D C:\Windows\Panther
2014-01-16 20:50 - 2014-01-16 20:50 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-16 19:33 - 2014-01-16 19:33 - 00602112 _____ (OldTimer Tools) C:\Users\admin\Downloads\OTL.exe
2014-01-16 19:18 - 2009-10-12 23:29 - 00000000 ____D C:\Program Files (x86)\Acer GameZone
2014-01-16 19:17 - 2009-10-12 23:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-16 19:16 - 2011-12-14 21:57 - 00000000 ____D C:\ProgramData\eMule
2014-01-16 19:13 - 2012-10-20 08:19 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\uTorrent
2014-01-16 14:44 - 2014-01-16 14:44 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2014-01-16 14:43 - 2014-01-16 14:43 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-16 14:43 - 2014-01-16 14:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-16 14:43 - 2014-01-16 14:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-16 14:43 - 2014-01-16 14:38 - 00000000 ____D C:\Program Files (x86)\stinger
2014-01-16 14:37 - 2014-01-16 14:36 - 00000404 _____ C:\Users\admin\Desktop\RootkitRemover_20140116_143654.log
2014-01-15 17:37 - 2014-01-08 11:02 - 00000000 ____D C:\Program Files (x86)\Zattoo4
2014-01-15 17:36 - 2012-02-07 19:23 - 00000000 ____D C:\Program Files (x86)\Free Video Converter
2014-01-15 17:34 - 2014-01-08 10:50 - 00000000 ____D C:\Users\admin\AppData\Roaming\concept design
2014-01-15 17:34 - 2013-09-21 08:58 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2014-01-14 14:13 - 2014-01-14 14:13 - 00000000 ____D C:\Windows Home Server-Treiber für Wiederherstellung
2014-01-14 14:13 - 2010-04-09 18:00 - 00000000 ____D C:\Windows\system32\(SYSTEM RESERVED)
2014-01-13 21:08 - 2014-01-11 17:07 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2014-01-13 21:04 - 2014-01-13 21:03 - 00000000 ___HD C:\ProgramData\CanonIJScan
2014-01-13 21:04 - 2013-04-06 07:31 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\Canon
2014-01-13 17:45 - 2010-04-09 14:34 - 00000000 ____D C:\Users\Susi_Harry\AppData\Local\VirtualStore
2014-01-12 19:00 - 2011-06-22 19:09 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\Skype
2014-01-11 17:06 - 2014-01-11 17:05 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Canon
2014-01-11 17:05 - 2014-01-11 17:04 - 00000000 ____D C:\Users\Susi_Harry\Neuer Ordner
2014-01-11 17:04 - 2010-04-09 14:33 - 00000000 ____D C:\Users\Susi_Harry
2014-01-11 17:00 - 2012-11-04 14:06 - 00000000 ____D C:\Users\admin\AppData\Roaming\canon
2014-01-11 17:00 - 2012-11-04 13:03 - 00000000 ____D C:\Program Files (x86)\Canon
2014-01-11 16:49 - 2014-01-11 16:49 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2014-01-11 16:49 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Media
2014-01-11 16:47 - 2014-01-11 16:47 - 00001985 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2014-01-11 16:47 - 2014-01-11 16:47 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2014-01-11 16:41 - 2014-01-11 16:41 - 00002316 _____ C:\Users\Public\Desktop\Canon MX920 series On-Screen-Handbuch.lnk
2014-01-11 16:41 - 2014-01-11 16:41 - 00000000 ____D C:\Program Files\Canon
2014-01-11 16:41 - 2014-01-11 16:40 - 00000000 ___HD C:\Program Files\CanonBJ
2014-01-11 16:40 - 2014-01-11 16:40 - 00000000 ____D C:\Windows\system32\STRING
2014-01-11 15:50 - 2011-06-25 21:48 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Skype
2014-01-11 15:41 - 2010-07-13 17:59 - 00000000 ____D C:\Program Files (x86)\Samsung
2014-01-11 14:42 - 2014-01-11 14:42 - 00000000 ___HD C:\ProgramData\CanonIJFAX
2014-01-11 14:42 - 2014-01-11 14:42 - 00000000 ___HD C:\ProgramData\CanonBJ
2014-01-09 17:18 - 2011-05-14 10:50 - 00000121 _____ C:\Users\Public\LMDebug.log
2014-01-08 13:13 - 2010-05-14 14:25 - 01602628 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-08 13:00 - 2011-12-14 22:25 - 00000000 ____D C:\Program Files (x86)\DivX
2014-01-08 13:00 - 2011-12-14 22:24 - 00000000 ____D C:\ProgramData\DivX
2014-01-08 11:08 - 2014-01-08 11:03 - 00017408 _____ C:\Users\admin\AppData\Local\WebpageIcons.db
2014-01-08 11:03 - 2014-01-08 11:03 - 00000000 ____D C:\Users\admin\AppData\Local\Zattoo
2014-01-08 11:02 - 2014-01-08 11:02 - 00001832 _____ C:\Users\UpdatusUser\Desktop\Zattoo.lnk
2014-01-08 11:02 - 2014-01-08 11:02 - 00001832 _____ C:\Users\McAfeeMVSUser\Desktop\Zattoo.lnk
2014-01-08 11:02 - 2014-01-08 11:02 - 00001832 _____ C:\Users\Alfred\Desktop\Zattoo.lnk
2014-01-08 10:56 - 2014-01-08 10:56 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\concept design
2014-01-08 07:15 - 2012-02-18 17:03 - 00000000 ____D C:\Users\Susi_Harry\Documents\HENRIK
2013-12-29 15:24 - 2013-12-24 10:17 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alawar Games
2013-12-29 10:56 - 2013-12-29 10:56 - 00001321 _____ C:\Users\Public\Desktop\Photomizer 2 Bresser Edition.lnk
2013-12-29 10:56 - 2013-12-29 10:56 - 00000000 ____D C:\Program Files (x86)\Engelmann Media
2013-12-29 10:54 - 2013-12-29 10:54 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\Engelmann Media
2013-12-29 10:54 - 2010-04-07 19:05 - 00000000 ____D C:\Users\admin
2013-12-29 10:36 - 2013-12-29 10:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\Engelmann Media
2013-12-29 10:36 - 2013-12-29 10:36 - 00000000 ____D C:\ProgramData\Licenses
2013-12-29 10:25 - 2009-07-14 03:34 - 00000742 _____ C:\Windows\win.ini
2013-12-26 22:06 - 2013-12-26 22:06 - 00000000 ____D C:\Users\Susi_Harry\AppData\Roaming\BankID
2013-12-25 00:11 - 2013-12-25 00:11 - 00000093 _____ C:\Windows\WFT-E5Utility.INI
2013-12-25 00:08 - 2010-11-16 15:05 - 00000000 ____D C:\Users\Susi_Harry\.gimp-2.6
2013-12-25 00:02 - 2013-12-25 00:02 - 00000867 _____ C:\Users\Susi_Harry\.recently-used.xbel
2013-12-24 10:19 - 2013-12-24 10:19 - 00000000 ____D C:\ProgramData\InterAction studios
2013-12-24 10:19 - 2013-12-24 10:17 - 00001887 _____ C:\Users\admin\Desktop\Alawar Games.lnk
2013-12-24 10:17 - 2013-12-24 10:17 - 00000000 ____D C:\Users\Public\Documents\AlawarWrapper
2013-12-24 10:17 - 2013-12-24 10:17 - 00000000 ____D C:\Program Files (x86)\Alawar
2013-12-24 10:09 - 2013-12-24 10:06 - 25700041 _____ C:\Users\Susi_Harry\Downloads\Chicken-Invaders-4-Ultimate(www.vatandownload.com).rar
2013-12-24 09:56 - 2013-12-24 09:56 - 00000000 ____D C:\Users\admin\AppData\Local\cache
2013-12-24 09:56 - 2013-12-24 09:56 - 00000000 ____D C:\Users\admin\.android
2013-12-24 09:56 - 2013-12-24 09:56 - 00000000 _____ C:\Users\admin\daemonprocess.txt
2013-12-22 18:08 - 2013-09-02 07:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 12:39 - 2011-12-14 22:26 - 00000000 ____D C:\Users\admin\AppData\Roaming\DivX
2013-12-21 12:29 - 2011-07-05 16:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-21 12:29 - 2011-07-05 16:50 - 00000000 ____D C:\ProgramData\Skype
2013-12-21 12:24 - 2013-12-21 12:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-21 12:24 - 2010-04-23 17:32 - 00000000 ____D C:\Users\admin\AppData\Local\Mozilla
2013-12-21 12:18 - 2013-12-21 12:18 - 00000233 _____ C:\Windows\wininit.ini
2013-12-21 12:08 - 2011-12-14 22:25 - 00000000 ____D C:\Program Files\DivX
2013-12-21 11:49 - 2013-12-21 11:49 - 00000000 ____D C:\Users\admin\AppData\Roaming\BankID
2013-12-21 11:48 - 2013-12-21 11:48 - 00000000 ____D C:\Program Files (x86)\BankID
2013-12-21 11:42 - 2010-05-14 14:54 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-20 02:44 - 2013-12-20 02:44 - 00002176 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-20 02:44 - 2009-10-12 23:44 - 00000000 ____D C:\Program Files (x86)\Google

Files to move or delete:
====================
C:\Users\Public\hosts.dat


Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Alfred\AppData\Local\Temp\DivXSetup.exe
C:\Users\Alfred\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Alfred\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Susi_Harry\AppData\Local\Temp\contentDATs.exe
C:\Users\Susi_Harry\AppData\Local\Temp\DivXSetup.exe
C:\Users\Susi_Harry\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Susi_Harry\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Susi_Harry\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Susi_Harry\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Susi_Harry\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Susi_Harry\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Susi_Harry\AppData\Local\Temp\utt619E.tmp.exe
C:\Users\Susi_Harry\AppData\Local\Temp\utt67D1.tmp.exe
C:\Users\Susi_Harry\AppData\Local\Temp\_isFD84.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 08:02

==================== End Of Log ============================
         
--- --- ---


FSS.txt
Code:
ATTFilter
Farbar Service Scanner Version: 08-01-2014
Ran by admin (administrator) on 19-01-2014 at 14:35:22
Running from "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GQJ4Q23"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
IE proxy is enabled.



Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of bfe. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of bfe. The value does not exist.
Unable to retrieve ServiceDll of bfe. The value does not exist.


Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to retrieve ServiceDll of iphlpsvc. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
         

Alt 20.01.2014, 12:30   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner nach Adobe Flash Player Update - Standard

Trojaner nach Adobe Flash Player Update



Downloade dir bitte Windows Repair (All In One) von hier.
  • Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
  • Klicke auf Step 2 und drücke unter Check Disk auf Do It.

  • Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.

  • Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.

  • Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
  • Hake Restart System when Finished an.
  • Drücke Start.



Frisches FSS log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.01.2014, 16:12   #9
Moppi11
 
Trojaner nach Adobe Flash Player Update - Standard

Trojaner nach Adobe Flash Player Update



Hallo Schrauber,
ich habe Windows Repair durchgeführt. Anbei ein frisches

FSS.log
Code:
ATTFilter
Farbar Service Scanner Version: 08-01-2014
Ran by admin (administrator) on 20-01-2014 at 16:10:13
Running from "C:\Users\admin\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
         

Alt 21.01.2014, 10:41   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner nach Adobe Flash Player Update - Standard

Trojaner nach Adobe Flash Player Update



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.01.2014, 21:42   #11
Moppi11
 
Trojaner nach Adobe Flash Player Update - Standard

Trojaner nach Adobe Flash Player Update



Hallo Schrauber,
ich habe meinen Rechner mit DelFix aufgeräumt und werde die Tipps zur Absicherung meines Systems umsetzten.

Mir bleibt nur noch mich bei Dir für Deine Unterstützung zu bedanken und diese zu honorieren. Ein weiteres Dankeschön habe ich auf Deiner Profilseite gepostet.

Alles Gute,
Moppi11

Alt 24.01.2014, 14:29   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner nach Adobe Flash Player Update - Standard

Trojaner nach Adobe Flash Player Update



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Trojaner nach Adobe Flash Player Update
adobe, adobe flash player, adobe flash player 11, anti-malware, artemis, ccleaner, desktop, firewall, flash player, folge, funktioniert nicht, funktioniert nicht mehr, herunterfahren, logfile, malwarebytes, mc afee, mcafee, nicht mehr, programm, programme, prozesse, rechner, recovery, scan, system, tools, trojaner, update, virenscanner




Ähnliche Themen: Trojaner nach Adobe Flash Player Update


  1. Adobe Flash Player
    Log-Analyse und Auswertung - 21.11.2015 (28)
  2. Notfall-Update: Adobe stopft kritische Lücke in Flash Player
    Nachrichten - 08.07.2015 (0)
  3. Kritische Lücke im Flash-Player: Adobe beginnt Update-Auslieferung
    Nachrichten - 25.01.2015 (3)
  4. Adobe Flash Player Aktualisierung Virus
    Plagegeister aller Art und deren Bekämpfung - 08.12.2014 (2)
  5. Reimageplus>AdwCleaner>Nervige Update Aufforderung für Adobe Flash Player
    Plagegeister aller Art und deren Bekämpfung - 07.12.2014 (13)
  6. An update to your adobe flash player is required to display the media on this page
    Plagegeister aller Art und deren Bekämpfung - 29.04.2014 (5)
  7. Problem mit dem Update von Adobe Flash Player
    Log-Analyse und Auswertung - 27.01.2014 (1)
  8. Windows XP: Virus Win 32/Trojaner nach Flash player update
    Log-Analyse und Auswertung - 24.01.2014 (20)
  9. Adobe Flash Player, Clickjacking
    Diskussionsforum - 13.09.2013 (8)
  10. Das runterladen von Adobe flash player und alles was mit adobe zu tun hat , geht nicht runterzuladen. installation bricht immer ab. vielleic
    Plagegeister aller Art und deren Bekämpfung - 04.09.2013 (11)
  11. Systembefall nach vermeindlichem Flash-Player Update
    Plagegeister aller Art und deren Bekämpfung - 27.08.2013 (9)
  12. adobe flash player update Trojaner, FP_AX_CAB_INSTALLER.DMP
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (13)
  13. Sicherheitswarnung von Adobe Flash Player
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (24)
  14. Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)
    Plagegeister aller Art und deren Bekämpfung - 19.09.2012 (31)
  15. Avast meldet Trojaner nach Adobe Flash Player Update
    Plagegeister aller Art und deren Bekämpfung - 15.05.2012 (4)
  16. Sicherheitsspezialist: Adobe unterschlägt hunderte Lücken im Flash-Player-Update
    Nachrichten - 11.08.2011 (0)
  17. Virus nach Flash-Player Update?
    Log-Analyse und Auswertung - 05.12.2010 (28)

Zum Thema Trojaner nach Adobe Flash Player Update - Liebe Helfer, nach dem letzten Adobe Flash Player Update (11.9.900.170) musste ich feststellen, dass die Prozesse auf meinem Win 7 Rechner sehr verlangsamt wurden. Bei dem ersten Restart funktionierte der - Trojaner nach Adobe Flash Player Update...
Archiv
Du betrachtest: Trojaner nach Adobe Flash Player Update auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.