| |
| |||||||
Log-Analyse und Auswertung: McAffee und Spybot finden ein Problem und können es nicht beheben, dann ist das Problem plötzlich nicht mehr daWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.02.2014, 11:45
| #1 |
| |  McAffee und Spybot finden ein Problem und können es nicht beheben, dann ist das Problem plötzlich nicht mehr da Hallo zusammen, ich wollte "No Panic- Gute Geiseln sind selten", den ich schon einmal ohne Probleme in englisch auf You Tube angesehen hatte, auf deutsch sehen. Nach längerer Suche, fand ich eine Seite, wo ich den Film mit Hilfe einer App aus dem windows-Store runterladen und ansehen konnte. Es handelte sich nicht um eine offensichtlich illegale Seite (wie zB kinox.to) mit lauter ganz neuen Filmen, sondern man konnte dort eher weniger bekannte oder ältere Filme downloaden (wie z.B. Netzkino). Nachdem das mit dem ansehen des Films nicht klappen wollte und auch die App nicht zu funktionieren schien, wollte ich gerade aufgeben, da meldete mein McAfee einen Trojaner. Das Problem wurde gefunden, aber als ich den "entfernen"-Button drücken wollte, ging das nicht und McAffee reagierte nicht mehr. Ich fuhr den PC runter und wieder hoch, liess McAffee scannen - aber nun war scheinbar wieder alles in bester Ordnung. Da ich jedoch weiterhin ein ungutes Gefühl hatte, habe ich mir im Januar Spybot S&D runtergeladen. Merkwürdigerweise lief der erste Scan in Millisekunden und ohne Ergebnis durch. Danach scannte ich nochmal und der Scan dauerte mehr als eine Stunde, war jedoch auch ohne Ergebnis (außer ein paar weniger bewegende Sachen wie Cookies und so). Ausserdem führte ich einen ausführlichen Rootkit-Scan durch, mit dem ich jedoch nichts anfangen konnte. Seitdem habe ich meinen PC immer einmal wieder gescannt und ein bis dreimal konnte Spybot dann doch Malware (Adware-Amonetize!659BDC9DCA05) entdecken, aber wenn das ganze entfernen wollte, scheiterte es am speichern des "Wiederherstellungszeitpunktes". Die Malware konnte nicht entfernt und dann eine ganze Weile auch nicht wieder entdeckt werden. Nachdem ich mir ein Update von Spybot runter geladen hatte, war der erste Scan wieder verdächtig schnell (Milli-Sekunden) und natürlich auch ohne Ergebnis. Da ich mir nun nicht mehr zu helfen weiß, wende ich mich an Euch (wollte ich schon vor kurzem machen und habe deshalb mehrere Log-Dateien) Zuerst Eure Log-Dateien (die neueste jeweils zuerst) und dann noch die Log-Datei vom Rootkit-Scan aus Januar durch Spybot. Es gibt noch mehr Log-Dateien, aber ich bin nicht sicher, ob ihr die überhaupt braucht und ob das nicht ein bisschen viel wird.Mit Eurem „Gmer“ gab es jedesmal ein Problem, von dem ich ein Bildschirmfoto in OpenOffice gespeichert habe und Euch per Mail zukommen lassen könnte. Heute habe ich den PC beim GMER-Scan alleine gelassen. Als ich wieder zurück kam war mein Bildschirm schwarz und beim Runterfahren meldete mein PC das erste Mal einen Systemfehler. Nachdem ich das Ganze wieder hoch gefahren hatte, war mein McAffe wieder aktiviert. Nachdem ich den wieder deaktiviert hatte, scannte ich mit GMER und es kam wieder die erwähnte Fehlermeldung. Hier nun alle Ergebniss. Code:
ATTFilter GMER 2.1.19324 - hxxp://www.gmer.net
Rootkit scan 2014-02-07 10:14:18
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000029 ST320LT020-9YG142 rev.0010SDM1 298,09GB
Running: gmer.exe; Driver: C:\Users\Katja\AppData\Local\Temp\kxdcrpog.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\winlogon.exe[584] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc2eed0670 7 bytes JMP 00007ffd2ee50430
.text C:\WINDOWS\system32\lsass.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc2eed0670 7 bytes JMP 00007ffd2ee90430
.text C:\WINDOWS\system32\svchost.exe[708] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc2eed0670 7 bytes JMP 00007ffd2ee90430
.text C:\WINDOWS\system32\svchost.exe[752] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc2eed0670 7 bytes JMP 00007ffd2ee90430
.text C:\WINDOWS\System32\svchost.exe[400] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc2eed0670 7 bytes JMP 00007ffd2ee90430
.text C:\WINDOWS\system32\svchost.exe[428] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc2eed0670 7 bytes JMP 00007ffd2ee90430
.text C:\WINDOWS\system32\svchost.exe[528] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc2eed0670 7 bytes JMP 00007ffd2ee90430
.text C:\WINDOWS\System32\svchost.exe[784] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc2eed0670 7 bytes JMP 00007ffd2ee90430
.text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc2eed0670 7 bytes JMP 00007ffd2ee90430
.text C:\WINDOWS\System32\spoolsv.exe[1188] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc2eed0670 7 bytes JMP 00007ffd2ee90430
.text C:\WINDOWS\system32\svchost.exe[1220] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc2eed0670 7 bytes JMP 00007ffd2ee90430
.text C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe[1532] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffc2eb2169a 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe[1532] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffc2eb216a2 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe[1532] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffc2eb2181a 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe[1532] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffc2eb21832 4 bytes [B2, 2E, FC, 7F]
.text C:\windows\system32\mfevtps.exe[1608] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffc2eb2169a 4 bytes [B2, 2E, FC, 7F]
.text C:\windows\system32\mfevtps.exe[1608] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffc2eb216a2 4 bytes [B2, 2E, FC, 7F]
.text C:\windows\system32\mfevtps.exe[1608] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffc2eb2181a 4 bytes [B2, 2E, FC, 7F]
.text C:\windows\system32\mfevtps.exe[1608] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffc2eb21832 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1724] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffc24ba1f6a 4 bytes [BA, 24, FC, 7F]
.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1724] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffc24ba1f82 4 bytes [BA, 24, FC, 7F]
.text C:\WINDOWS\system32\rundll32.exe[1844] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc2eed0670 7 bytes JMP 00007ffd2ee50430
.text C:\WINDOWS\system32\rundll32.exe[1852] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc2eed0670 7 bytes JMP 00007ffd2ee50430
.text C:\WINDOWS\Explorer.EXE[2208] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc2eed0670 7 bytes JMP 00007ffd2ee50430
.text C:\WINDOWS\Explorer.EXE[2208] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffc2eb2169a 4 bytes [B2, 2E, FC, 7F]
.text C:\WINDOWS\Explorer.EXE[2208] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffc2eb216a2 4 bytes [B2, 2E, FC, 7F]
.text C:\WINDOWS\Explorer.EXE[2208] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffc2eb2181a 4 bytes [B2, 2E, FC, 7F]
.text C:\WINDOWS\Explorer.EXE[2208] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffc2eb21832 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2520] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffc2eb2169a 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2520] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffc2eb216a2 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2520] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffc2eb2181a 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2520] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffc2eb21832 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[2896] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffc2eb2169a 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[2896] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffc2eb216a2 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[2896] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffc2eb2181a 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[2896] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffc2eb21832 4 bytes [B2, 2E, FC, 7F]
.text C:\WINDOWS\system32\svchost.exe[2468] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc2eed0670 7 bytes JMP 00007ffd2ee90430
.text C:\WINDOWS\system32\svchost.exe[3256] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc2eed0670 7 bytes JMP 00007ffd2ee90430
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4164] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffc2eb2169a 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4164] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffc2eb216a2 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4164] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffc2eb2181a 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4164] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffc2eb21832 4 bytes [B2, 2E, FC, 7F]
.text C:\Windows\System32\igfxpers.exe[4536] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffc2eb2169a 4 bytes [B2, 2E, FC, 7F]
.text C:\Windows\System32\igfxpers.exe[4536] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffc2eb216a2 4 bytes [B2, 2E, FC, 7F]
.text C:\Windows\System32\igfxpers.exe[4536] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffc2eb2181a 4 bytes [B2, 2E, FC, 7F]
.text C:\Windows\System32\igfxpers.exe[4536] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffc2eb21832 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[4436] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffc2eb2169a 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[4436] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffc2eb216a2 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[4436] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffc2eb2181a 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[4436] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffc2eb21832 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[3604] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffc2eb2169a 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[3604] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffc2eb216a2 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[3604] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffc2eb2181a 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[3604] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffc2eb21832 4 bytes [B2, 2E, FC, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4172] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffc24ba1f6a 4 bytes [BA, 24, FC, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4172] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffc24ba1f82 4 bytes [BA, 24, FC, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [540:564] fffff960008584d0
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter GMER 2.1.19324 - hxxp://www.gmer.net
Rootkit scan 2014-02-07 09:59:29
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000029 ST320LT020-9YG142 rev.0010SDM1 298,09GB
Running: gmer.exe; Driver: C:\Users\Katja\AppData\Local\Temp\kxdcrpog.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\winlogon.exe[580] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffac3d50670 7 bytes JMP 00007ffbc3bd0430
.text C:\WINDOWS\system32\lsass.exe[640] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffac3d50670 7 bytes JMP 00007ffbc3d10430
.text C:\WINDOWS\system32\svchost.exe[704] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffac3d50670 7 bytes JMP 00007ffbc3d10430
.text C:\WINDOWS\system32\svchost.exe[748] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffac3d50670 7 bytes JMP 00007ffbc3d10430
.text C:\WINDOWS\System32\svchost.exe[396] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffac3d50670 7 bytes JMP 00007ffbc3d10430
.text C:\WINDOWS\system32\svchost.exe[408] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffac3d50670 7 bytes JMP 00007ffbc3d10430
.text C:\WINDOWS\system32\svchost.exe[424] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffac3d50670 7 bytes JMP 00007ffbc3d10430
.text C:\WINDOWS\System32\svchost.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffac3d50670 7 bytes JMP 00007ffbc3d10430
.text C:\WINDOWS\system32\svchost.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffac3d50670 7 bytes JMP 00007ffbc3d10430
.text C:\WINDOWS\System32\spoolsv.exe[1172] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffac3d50670 7 bytes JMP 00007ffbc3d10430
.text C:\WINDOWS\system32\svchost.exe[1200] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffac3d50670 7 bytes JMP 00007ffbc3d10430
.text C:\windows\system32\mfevtps.exe[1576] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffac1c9169a 4 bytes [C9, C1, FA, 7F]
.text C:\windows\system32\mfevtps.exe[1576] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffac1c916a2 4 bytes [C9, C1, FA, 7F]
.text C:\windows\system32\mfevtps.exe[1576] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffac1c9181a 4 bytes [C9, C1, FA, 7F]
.text C:\windows\system32\mfevtps.exe[1576] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffac1c91832 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1812] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffaba221f6a 4 bytes [22, BA, FA, 7F]
.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1812] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffaba221f82 4 bytes [22, BA, FA, 7F]
.text C:\WINDOWS\system32\rundll32.exe[1848] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffac3d50670 7 bytes JMP 00007ffbc3bd0430
.text C:\WINDOWS\system32\rundll32.exe[1856] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffac3d50670 7 bytes JMP 00007ffbc39e0430
.text C:\WINDOWS\Explorer.EXE[2208] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffac3d50670 7 bytes JMP 00007ffbc39e0430
.text C:\WINDOWS\Explorer.EXE[2208] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffac1c9169a 4 bytes [C9, C1, FA, 7F]
.text C:\WINDOWS\Explorer.EXE[2208] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffac1c916a2 4 bytes [C9, C1, FA, 7F]
.text C:\WINDOWS\Explorer.EXE[2208] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffac1c9181a 4 bytes [C9, C1, FA, 7F]
.text C:\WINDOWS\Explorer.EXE[2208] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffac1c91832 4 bytes [C9, C1, FA, 7F]
.text C:\WINDOWS\system32\svchost.exe[2380] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffac3d50670 7 bytes JMP 00007ffbc3d10430
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2500] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffac1c9169a 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2500] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffac1c916a2 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2500] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffac1c9181a 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2500] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffac1c91832 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[2820] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffac1c9169a 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[2820] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffac1c916a2 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[2820] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffac1c9181a 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[2820] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffac1c91832 4 bytes [C9, C1, FA, 7F]
.text C:\WINDOWS\system32\svchost.exe[2084] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffac3d50670 7 bytes JMP 00007ffbc3d10430
.text C:\WINDOWS\system32\svchost.exe[2360] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffac3d50670 7 bytes JMP 00007ffbc3d10430
.text C:\Windows\System32\igfxpers.exe[4368] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffac1c9169a 4 bytes [C9, C1, FA, 7F]
.text C:\Windows\System32\igfxpers.exe[4368] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffac1c916a2 4 bytes [C9, C1, FA, 7F]
.text C:\Windows\System32\igfxpers.exe[4368] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffac1c9181a 4 bytes [C9, C1, FA, 7F]
.text C:\Windows\System32\igfxpers.exe[4368] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffac1c91832 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[4780] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffac1c9169a 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[4780] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffac1c916a2 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[4780] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffac1c9181a 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[4780] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffac1c91832 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[844] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffac1c9169a 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[844] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffac1c916a2 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[844] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffac1c9181a 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[844] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffac1c91832 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[4940] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffac1c9169a 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[4940] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffac1c916a2 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[4940] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffac1c9181a 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[4940] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffac1c91832 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[5048] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffac1c9169a 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[5048] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffac1c916a2 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[5048] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffac1c9181a 4 bytes [C9, C1, FA, 7F]
.text C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe[5048] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffac1c91832 4 bytes [C9, C1, FA, 7F]
.text C:\WINDOWS\system32\vssvc.exe[3168] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffac3d50670 7 bytes JMP 00007ffbc3d10430
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3812] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffac3d50670 7 bytes JMP 00007ffbc3d10430
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3812] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffaba221f6a 4 bytes [22, BA, FA, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3812] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffaba221f82 4 bytes [22, BA, FA, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [536:560] fffff960008654d0
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter GMER 2.1.19324 - hxxp://www.gmer.net
Rootkit scan 2014-01-21 20:22:20
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000029 ST320LT020-9YG142 rev.0010SDM1 298,09GB
Running: gmer.exe; Driver: C:\Users\Katja\AppData\Local\Temp\kxdcrpog.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff96000118700 15 bytes [00, EA, 0F, 02, 00, 7F, 6F, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff96000118710 11 bytes [00, 1F, FC, FF, 80, 52, DE, ...]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\lsass.exe[624] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ff928050670 7 bytes JMP 00007ffa28010430
.text C:\WINDOWS\system32\svchost.exe[688] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ff928050670 7 bytes JMP 00007ffa28010430
.text C:\WINDOWS\system32\svchost.exe[720] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ff928050670 7 bytes JMP 00007ffa28010430
.text C:\WINDOWS\System32\svchost.exe[260] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ff928050670 7 bytes JMP 00007ffa28010430
.text C:\WINDOWS\system32\svchost.exe[396] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ff928050670 7 bytes JMP 00007ffa27e30430
.text C:\WINDOWS\system32\svchost.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ff928050670 7 bytes JMP 00007ffa28010430
.text C:\WINDOWS\System32\svchost.exe[628] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ff928050670 7 bytes JMP 00007ffa27e30430
.text C:\WINDOWS\system32\svchost.exe[996] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ff928050670 7 bytes JMP 00007ffa28010430
.text C:\WINDOWS\System32\spoolsv.exe[1184] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ff928050670 7 bytes JMP 00007ffa28010430
.text C:\WINDOWS\system32\svchost.exe[1208] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ff928050670 7 bytes JMP 00007ffa28010430
.text C:\WINDOWS\Explorer.EXE[2320] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ff928050670 7 bytes JMP 00007ffa27e30430
.text C:\WINDOWS\Explorer.EXE[2320] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff92617169a 4 bytes [17, 26, F9, 7F]
.text C:\WINDOWS\Explorer.EXE[2320] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff9261716a2 4 bytes [17, 26, F9, 7F]
.text C:\WINDOWS\Explorer.EXE[2320] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff92617181a 4 bytes [17, 26, F9, 7F]
.text C:\WINDOWS\Explorer.EXE[2320] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff926171832 4 bytes [17, 26, F9, 7F]
.text C:\WINDOWS\Explorer.EXE[2320] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ff91dd01f6a 4 bytes [D0, 1D, F9, 7F]
.text C:\WINDOWS\Explorer.EXE[2320] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ff91dd01f82 4 bytes [D0, 1D, F9, 7F]
.text C:\WINDOWS\system32\svchost.exe[3032] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ff928050670 7 bytes JMP 00007ffa28010430
.text C:\WINDOWS\system32\svchost.exe[2148] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ff928050670 7 bytes JMP 00007ffa28010430
.text C:\WINDOWS\System32\svchost.exe[5880] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ff928050670 7 bytes JMP 00007ffa28010430
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[8664] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ff92617169a 4 bytes [17, 26, F9, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[8664] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ff9261716a2 4 bytes [17, 26, F9, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[8664] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ff92617181a 4 bytes [17, 26, F9, 7F]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[8664] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ff926171832 4 bytes [17, 26, F9, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [528:8952] fffff960008974d0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:1964] 0000000071ca814e
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:212] 0000000071d2fd2c
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:1676] 0000000076f84c23
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:1640] 0000000074f8ffa8
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:1700] 000000006ff46134
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:5040] 000000006d907c1b
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:796] 0000000076f84c23
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:2248] 0000000076f84c23
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:5108] 0000000075b65264
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:4292] 000000006b3ba08f
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:2648] 0000000076f84c23
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:2840] 0000000069534de8
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:4296] 0000000069534de8
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:668] 0000000069534de8
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:5028] 0000000069534de8
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:3576] 000000006861f3a0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:3552] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:1152] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:2952] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:3408] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:376] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:5052] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:3680] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:2652] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:3804] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:2468] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:5092] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:5112] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:1436] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:424] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:4524] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:2948] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:4316] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:3352] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:3396] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:3548] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:3588] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:3584] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:3572] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:2260] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:588] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:4864] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:1236] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:4220] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:3732] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:2656] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:4248] 000000006861f3f0
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:3852] 0000000074f92ebc
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:4328] 0000000071d2fd2c
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:2528] 0000000071d2fd2c
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:4948] 0000000071d2fd2c
Thread C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe [4396:4612] 0000000071c24208
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by Katja (administrator) on KATJASNETBOOK on 07-02-2014 09:33:59
Running from C:\Users\Katja\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
(McAfee, Inc.) C:\Program Files\McAfee\AppStats\MfeASUM.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.1.1312.2401_x86__8wekyb3d8bbwe\Solitaire.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_2.1.1312.2409_x86__8wekyb3d8bbwe\Minesweeper.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [McAfeeWrapperApplication] - C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe [453344 2011-05-11] (McAfee, Inc.)
HKLM-x32\...\Run: [BakupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - [X]
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2693933126-1470808564-1985995006-1001\...\Run: [AcerCloud] - C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [18222336 2013-12-04] (Acer Incorporated)
HKU\S-1-5-21-2693933126-1470808564-1985995006-1001\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - DefaultScope {BF18DC60-61D4-4CCD-8AD2-AB24B365DE47} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {BF18DC60-61D4-4CCD-8AD2-AB24B365DE47} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {7C730DA2-C8DA-4622-B792-C6C76AC6D4D4} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md1202&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAzy0FtAzy0E0B0DtD0A0BtN0D0Tzu0CyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1038555440&ir=
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\f72g0f6s.default-1386231313305
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF SearchPlugin: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\f72g0f6s.default-1386231313305\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DuckDuckGo Plus - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\f72g0f6s.default-1386231313305\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-01-18]
FF Extension: NoTrace - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\f72g0f6s.default-1386231313305\Extensions\notrace@unisa.it.xpi [2014-02-06]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-06-20]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-06-20]
Chrome:
=======
CHR HomePage: hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=92f443c9-0a2c-4c80-9be7-a2ec555431c8&searchtype=hp&installDate={installDate}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Extension: (Angry Birds) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-05-26]
CHR Extension: (Google Docs) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-19]
CHR Extension: (Google Drive) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-19]
CHR Extension: (YouTube) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-19]
CHR Extension: (Google-Suche) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-19]
CHR Extension: (Multiple Account Checker for Gmailâ„¢) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnimhgelcnggigekhdjlifjpndgmnglm [2013-09-09]
CHR Extension: (SiteAdvisor) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-05-19]
CHR Extension: (Animated Lion Theme) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jckhkbpmpbglbdkachfmedhpckaghenn [2013-05-24]
CHR Extension: (Scriffon) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpcogdkjlajlgojgnjaiojdfepaakkea [2013-09-09]
CHR Extension: (WordPress.com) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2013-09-11]
CHR Extension: (Checkthis) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgkcpocjciadmnmilkhnhcnfbddcbidp [2013-09-09]
CHR Extension: (Google Maps) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-05-26]
CHR Extension: (Google Wallet) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Outlook.com) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2013-06-01]
CHR Extension: (Google Mail) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-19]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-02-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2797312 2013-12-04] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-23] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [123384 2014-01-22] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MfeASUM; C:\Program Files\McAfee\AppStats\MfeASUM.exe [335216 2013-08-28] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-27] (Dritek System INC.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)
R1 MfeASKM; C:\Program Files\McAfee\AppStats\MfeASKM.sys [31408 2013-08-28] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-11-04] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-27] (Dritek System Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-27] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-07 09:33 - 2014-02-07 09:33 - 00000000 ____D () C:\Users\Katja\Downloads\FRST-OlderVersion
2014-02-07 09:32 - 2014-02-07 09:32 - 00000472 _____ () C:\WINDOWS\SysWOW64\defogger_disable.log
2014-02-07 08:29 - 2014-02-05 18:59 - 00450709 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140207-082908.backup
2014-02-05 18:59 - 2014-01-25 10:45 - 00450639 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140205-185954.backup
2014-02-02 07:42 - 2014-02-02 07:51 - 00000000 ____D () C:\Users\Katja\AppData\Local\Adobe
2014-01-26 20:34 - 2014-01-26 20:34 - 00002384 _____ () C:\Users\Public\Desktop\Spiel Royal Envoy - Campaign for the Crown Sammleredition.lnk
2014-01-26 20:32 - 2014-01-26 20:34 - 00000000 ____D () C:\Program Files (x86)\Royal Envoy - Campaign for the Crown Sammleredition
2014-01-26 20:32 - 2014-01-26 20:32 - 00000000 ____D () C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Royal Envoy - Campaign for the Crown Sammleredition
2014-01-26 20:02 - 2014-01-26 20:02 - 00236648 _____ (Big Fish Games) C:\Users\Katja\Downloads\bigfishgames_p203360593_s2_l2.exe
2014-01-26 17:47 - 2014-01-26 18:16 - 307143568 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\DerGesandteDesKoenigsKroneSE.exe
2014-01-26 14:47 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2014-01-25 18:01 - 2014-01-25 18:01 - 00000000 ____D () C:\Users\Katja\AppData\Roaming\BC Soft Games
2014-01-25 18:01 - 2014-01-25 18:01 - 00000000 ____D () C:\ProgramData\BC Soft Games
2014-01-25 16:13 - 2014-01-25 16:13 - 00000000 ____D () C:\ProgramData\Big Fish Games
2014-01-25 14:21 - 2014-01-25 14:21 - 00000000 ____D () C:\ProgramData\ScreenSeven
2014-01-25 14:15 - 2014-01-25 14:18 - 27147304 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\MoorhuhnJDF.exe
2014-01-25 10:45 - 2014-01-19 10:20 - 00450639 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140125-104530.backup
2014-01-23 17:14 - 2014-01-23 17:15 - 00546095 ____T () C:\Users\Katja\Desktop\Was wir mit dem Bösen machen sollen.oxps
2014-01-23 13:33 - 2014-01-23 13:33 - 00000000 ____D () C:\ProgramData\Melesta
2014-01-23 13:22 - 2014-01-23 13:22 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-01-21 20:22 - 2014-01-21 20:22 - 00012869 _____ () C:\Users\Katja\Desktop\gmer.txt
2014-01-21 20:21 - 2014-01-21 20:21 - 00533567 _____ () C:\Users\Katja\Desktop\gmer fehlermeldung.odt
2014-01-21 20:01 - 2014-01-21 20:01 - 00039226 _____ () C:\Users\Katja\Desktop\FRST.txt
2014-01-21 12:17 - 2014-01-21 12:17 - 00026209 _____ () C:\Users\Katja\Desktop\Addition.txt
2014-01-21 12:14 - 2014-01-21 12:15 - 00370672 _____ () C:\Users\Katja\Downloads\gmer_2.1.19324.zip
2014-01-21 12:12 - 2014-01-21 12:16 - 00026209 _____ () C:\Users\Katja\Downloads\Addition.txt
2014-01-21 12:08 - 2014-02-07 09:33 - 00022592 _____ () C:\Users\Katja\Downloads\FRST.txt
2014-01-21 12:08 - 2014-02-07 09:33 - 00000000 ____D () C:\FRST
2014-01-21 12:07 - 2014-02-07 09:33 - 02079744 _____ (Farbar) C:\Users\Katja\Downloads\FRST64.exe
2014-01-21 12:05 - 2014-01-21 12:05 - 00000472 _____ () C:\Users\Katja\Downloads\defogger_disable.log
2014-01-21 12:05 - 2014-01-21 12:05 - 00000000 _____ () C:\Users\Katja\defogger_reenable
2014-01-21 12:03 - 2014-01-21 12:03 - 00050477 _____ () C:\Users\Katja\Downloads\Defogger.exe
2014-01-21 11:29 - 2014-01-21 11:29 - 01236282 _____ () C:\Users\Katja\Downloads\adwcleaner_3.017 (1).exe
2014-01-21 11:23 - 2014-01-21 11:23 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-01-21 11:15 - 2014-01-21 11:20 - 00000000 ____D () C:\AdwCleaner
2014-01-21 11:15 - 2014-01-21 11:15 - 01236282 _____ () C:\Users\Katja\Downloads\adwcleaner_3.017.exe
2014-01-20 15:05 - 2014-01-20 15:12 - 84628320 _____ () C:\Users\Katja\Downloads\derek_prince_die_letzte_grosse_erschuetterung_DV9007GE_1.flv
2014-01-19 11:19 - 2014-01-19 11:19 - 00000000 ____D () C:\Users\Katja\Documents\ProcAlyzer Dumps
2014-01-19 10:20 - 2013-08-22 14:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140119-102057.backup
2014-01-19 09:23 - 2014-01-19 09:23 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-19 09:22 - 2014-02-07 09:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-19 09:22 - 2014-01-19 09:22 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-19 09:22 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-01-19 09:21 - 2014-01-19 15:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-19 09:19 - 2014-01-19 09:20 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Katja\Downloads\nw_27341_spybotexe.exe
2014-01-16 15:58 - 2014-01-16 16:02 - 00000000 ____D () C:\a2f621b105c6fcd8f273d7
2014-01-16 10:45 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-16 10:45 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-16 10:45 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-16 10:45 - 2013-11-27 11:34 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-01-16 10:45 - 2013-11-27 10:54 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-16 10:45 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-16 10:45 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-16 10:45 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-16 10:45 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-16 10:45 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-16 10:45 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-11 16:55 - 2014-01-11 16:55 - 00532792 ____T () C:\Users\Katja\Desktop\Adresse Kuks 2.oxps
2014-01-11 16:54 - 2014-01-11 16:54 - 00572768 ____T () C:\Users\Katja\Desktop\Adresse Kuks Bielefeld.oxps
2014-01-10 19:16 - 2014-01-10 19:16 - 00002079 _____ () C:\Users\Public\Desktop\McAfee Online-Backup-Service konfigurieren.lnk
2014-01-08 18:20 - 2014-01-08 18:22 - 49651360 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\ZeitDerAbenteuerDerHeldInDir.exe
2014-01-08 16:59 - 2014-01-08 17:04 - 128349592 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\DerGesandteDesKoenigs.exe
2014-01-08 14:16 - 2014-01-08 14:16 - 00545166 _____ () C:\Users\Katja\Documents\Antwort Fw DELIVERY FAILURE User christoph.nordmeyer (christ.oxps
2014-01-08 14:15 - 2014-01-08 14:15 - 00214123 _____ () C:\Users\Katja\Documents\Kaufvertrag Monika Noack Katja Funke.oxps
2014-01-08 14:13 - 2014-01-08 14:13 - 00212594 _____ () C:\Users\Katja\Documents\Verkauf meiner Wohnung Hausgeld Januar.oxps
==================== One Month Modified Files and Folders =======
2014-02-07 09:35 - 2014-01-21 12:08 - 00022592 _____ () C:\Users\Katja\Downloads\FRST.txt
2014-02-07 09:33 - 2014-02-07 09:33 - 00000000 ____D () C:\Users\Katja\Downloads\FRST-OlderVersion
2014-02-07 09:33 - 2014-01-21 12:08 - 00000000 ____D () C:\FRST
2014-02-07 09:33 - 2014-01-21 12:07 - 02079744 _____ (Farbar) C:\Users\Katja\Downloads\FRST64.exe
2014-02-07 09:32 - 2014-02-07 09:32 - 00000472 _____ () C:\WINDOWS\SysWOW64\defogger_disable.log
2014-02-07 09:26 - 2014-01-19 09:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-07 09:04 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-07 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-07 08:45 - 2013-05-18 11:19 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-07 08:45 - 2013-05-02 15:57 - 00000000 ____D () C:\Users\Katja\AppData\Local\CrashDumps
2014-02-07 08:45 - 2013-04-21 14:52 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-07 08:15 - 2013-11-27 14:44 - 01554117 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-07 08:04 - 2013-04-21 09:22 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2693933126-1470808564-1985995006-1001
2014-02-07 07:55 - 2013-02-13 13:55 - 00000000 __RSD () C:\Users\Katja\Documents\McAfee-Tresore
2014-02-07 07:54 - 2013-11-28 11:38 - 00000000 __RDO () C:\Users\Katja\SkyDrive
2014-02-07 07:54 - 2013-05-18 11:21 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-07 07:52 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-07 07:52 - 2013-05-18 11:19 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-06 21:49 - 2013-08-22 14:25 - 02097152 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-06 07:37 - 2013-06-20 12:46 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-02-06 07:36 - 2013-09-29 20:04 - 00010296 _____ () C:\WINDOWS\PFRO.log
2014-02-05 18:59 - 2014-02-07 08:29 - 00450709 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140207-082908.backup
2014-02-05 09:45 - 2013-04-21 14:52 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-02 07:51 - 2014-02-02 07:42 - 00000000 ____D () C:\Users\Katja\AppData\Local\Adobe
2014-02-02 07:38 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-01-31 14:41 - 2012-08-09 14:01 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-01-30 21:47 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-30 21:47 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-30 09:55 - 2013-08-18 08:16 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-01-27 08:30 - 2014-01-01 12:00 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT
2014-01-26 22:50 - 2013-10-27 14:44 - 00000000 ____D () C:\BigFishCache
2014-01-26 20:38 - 2013-11-20 17:07 - 00000000 ____D () C:\Users\Katja\AppData\Roaming\Playrix Entertainment
2014-01-26 20:34 - 2014-01-26 20:34 - 00002384 _____ () C:\Users\Public\Desktop\Spiel Royal Envoy - Campaign for the Crown Sammleredition.lnk
2014-01-26 20:34 - 2014-01-26 20:32 - 00000000 ____D () C:\Program Files (x86)\Royal Envoy - Campaign for the Crown Sammleredition
2014-01-26 20:32 - 2014-01-26 20:32 - 00000000 ____D () C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Royal Envoy - Campaign for the Crown Sammleredition
2014-01-26 20:02 - 2014-01-26 20:02 - 00236648 _____ (Big Fish Games) C:\Users\Katja\Downloads\bigfishgames_p203360593_s2_l2.exe
2014-01-26 19:47 - 2013-08-27 16:19 - 00002520 ____N () C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2014-01-26 18:36 - 2014-01-01 11:57 - 00001155 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk
2014-01-26 18:16 - 2014-01-26 17:47 - 307143568 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\DerGesandteDesKoenigsKroneSE.exe
2014-01-26 15:30 - 2013-11-28 09:03 - 00454656 ___SH () C:\Users\Katja\Desktop\Thumbs.db
2014-01-25 18:01 - 2014-01-25 18:01 - 00000000 ____D () C:\Users\Katja\AppData\Roaming\BC Soft Games
2014-01-25 18:01 - 2014-01-25 18:01 - 00000000 ____D () C:\ProgramData\BC Soft Games
2014-01-25 16:13 - 2014-01-25 16:13 - 00000000 ____D () C:\ProgramData\Big Fish Games
2014-01-25 14:21 - 2014-01-25 14:21 - 00000000 ____D () C:\ProgramData\ScreenSeven
2014-01-25 14:18 - 2014-01-25 14:15 - 27147304 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\MoorhuhnJDF.exe
2014-01-25 10:45 - 2014-02-05 18:59 - 00450639 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140205-185954.backup
2014-01-23 17:15 - 2014-01-23 17:14 - 00546095 ____T () C:\Users\Katja\Desktop\Was wir mit dem Bösen machen sollen.oxps
2014-01-23 13:33 - 2014-01-23 13:33 - 00000000 ____D () C:\ProgramData\Melesta
2014-01-23 13:22 - 2014-01-23 13:22 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-01-23 13:21 - 2012-08-09 13:54 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-01-22 10:06 - 2013-03-06 10:29 - 00000000 ____D () C:\Users\Katja\Documents\Dokumente
2014-01-21 20:22 - 2014-01-21 20:22 - 00012869 _____ () C:\Users\Katja\Desktop\gmer.txt
2014-01-21 20:21 - 2014-01-21 20:21 - 00533567 _____ () C:\Users\Katja\Desktop\gmer fehlermeldung.odt
2014-01-21 20:01 - 2014-01-21 20:01 - 00039226 _____ () C:\Users\Katja\Desktop\FRST.txt
2014-01-21 12:17 - 2014-01-21 12:17 - 00026209 _____ () C:\Users\Katja\Desktop\Addition.txt
2014-01-21 12:16 - 2014-01-21 12:12 - 00026209 _____ () C:\Users\Katja\Downloads\Addition.txt
2014-01-21 12:15 - 2014-01-21 12:14 - 00370672 _____ () C:\Users\Katja\Downloads\gmer_2.1.19324.zip
2014-01-21 12:05 - 2014-01-21 12:05 - 00000472 _____ () C:\Users\Katja\Downloads\defogger_disable.log
2014-01-21 12:05 - 2014-01-21 12:05 - 00000000 _____ () C:\Users\Katja\defogger_reenable
2014-01-21 12:05 - 2013-11-27 14:15 - 00000000 ____D () C:\Users\Katja
2014-01-21 12:03 - 2014-01-21 12:03 - 00050477 _____ () C:\Users\Katja\Downloads\Defogger.exe
2014-01-21 11:29 - 2014-01-21 11:29 - 01236282 _____ () C:\Users\Katja\Downloads\adwcleaner_3.017 (1).exe
2014-01-21 11:26 - 2013-12-05 09:15 - 00000000 ____D () C:\Users\Katja\Desktop\Alte Firefox-Daten
2014-01-21 11:23 - 2014-01-21 11:23 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-01-21 11:20 - 2014-01-21 11:15 - 00000000 ____D () C:\AdwCleaner
2014-01-21 11:15 - 2014-01-21 11:15 - 01236282 _____ () C:\Users\Katja\Downloads\adwcleaner_3.017.exe
2014-01-20 15:12 - 2014-01-20 15:05 - 84628320 _____ () C:\Users\Katja\Downloads\derek_prince_die_letzte_grosse_erschuetterung_DV9007GE_1.flv
2014-01-19 15:04 - 2014-01-19 09:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-19 11:19 - 2014-01-19 11:19 - 00000000 ____D () C:\Users\Katja\Documents\ProcAlyzer Dumps
2014-01-19 10:20 - 2014-01-25 10:45 - 00450639 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140125-104530.backup
2014-01-19 09:23 - 2014-01-19 09:23 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-19 09:22 - 2014-01-19 09:22 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-19 09:20 - 2014-01-19 09:19 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Katja\Downloads\nw_27341_spybotexe.exe
2014-01-17 11:39 - 2012-11-13 01:51 - 00000000 ____D () C:\Users\Katja\AppData\Local\Packages
2014-01-16 21:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-16 16:02 - 2014-01-16 15:58 - 00000000 ____D () C:\a2f621b105c6fcd8f273d7
2014-01-16 16:02 - 2013-07-20 17:35 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-16 15:58 - 2013-04-21 11:25 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-11 16:55 - 2014-01-11 16:55 - 00532792 ____T () C:\Users\Katja\Desktop\Adresse Kuks 2.oxps
2014-01-11 16:54 - 2014-01-11 16:54 - 00572768 ____T () C:\Users\Katja\Desktop\Adresse Kuks Bielefeld.oxps
2014-01-10 19:20 - 2013-07-02 14:01 - 00001308 _____ () C:\Users\Katja\Desktop\MediaHuman YouTube to MP3 Converter.lnk
2014-01-10 19:16 - 2014-01-10 19:16 - 00002079 _____ () C:\Users\Public\Desktop\McAfee Online-Backup-Service konfigurieren.lnk
2014-01-08 18:22 - 2014-01-08 18:20 - 49651360 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\ZeitDerAbenteuerDerHeldInDir.exe
2014-01-08 17:28 - 2014-01-01 13:02 - 00000000 ____D () C:\Users\Katja\AppData\Roaming\Intenium
2014-01-08 17:04 - 2014-01-08 16:59 - 128349592 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\DerGesandteDesKoenigs.exe
2014-01-08 15:04 - 2013-05-17 11:01 - 00000000 ____D () C:\Users\Katja\Documents\Ausdrucken
2014-01-08 14:16 - 2014-01-08 14:16 - 00545166 _____ () C:\Users\Katja\Documents\Antwort Fw DELIVERY FAILURE User christoph.nordmeyer (christ.oxps
2014-01-08 14:15 - 2014-01-08 14:15 - 00214123 _____ () C:\Users\Katja\Documents\Kaufvertrag Monika Noack Katja Funke.oxps
2014-01-08 14:13 - 2014-01-08 14:13 - 00212594 _____ () C:\Users\Katja\Documents\Verkauf meiner Wohnung Hausgeld Januar.oxps
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-06 11:32
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by Katja (administrator) on KATJASNETBOOK on 21-01-2014 12:08:55
Running from C:\Users\Katja\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\AppStats\MfeASUM.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.Taptiles_1.8.0.31101_x86__8wekyb3d8bbwe\Taptiles.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
() C:\Program Files (x86)\MediaHuman\YouTube to MP3 Converter\YouTubeToMp3.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\Core\mchost.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
() C:\Program Files (x86)\Opera\18.0.1284.68\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [McAfeeWrapperApplication] - C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe [453344 2011-05-11] (McAfee, Inc.)
HKLM-x32\...\Run: [BakupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - [x]
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKCU\...\Run: [AcerCloud] - C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [18222336 2013-12-04] (Acer Incorporated)
HKU\Administrator\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\Default\...\RunOnce: [RegAutoPlay] - C:\Windows\regedit.exe [151552 2013-08-22] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [RegAutoPlay] - C:\Windows\regedit.exe [151552 2013-08-22] (Microsoft Corporation)
AppInit_DLLs-x32: => File Not Found
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - DefaultScope {BF18DC60-61D4-4CCD-8AD2-AB24B365DE47} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {BF18DC60-61D4-4CCD-8AD2-AB24B365DE47} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {7C730DA2-C8DA-4622-B792-C6C76AC6D4D4} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md1202&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtAzy0FtAzy0E0B0DtD0A0BtN0D0Tzu0CyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1038555440&ir=
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\f72g0f6s.default-1386231313305
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF SearchPlugin: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\f72g0f6s.default-1386231313305\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DuckDuckGo Plus - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\f72g0f6s.default-1386231313305\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-01-18]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-06-20]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-06-20]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00C2\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00C2\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Extension: (Angry Birds) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-05-26]
CHR Extension: (Google Docs) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-19]
CHR Extension: (Google Drive) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-19]
CHR Extension: (YouTube) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-19]
CHR Extension: (Google-Suche) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-19]
CHR Extension: (Multiple Account Checker for Gmail\u00E2\u201E\u00A2) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnimhgelcnggigekhdjlifjpndgmnglm [2013-09-09]
CHR Extension: (SiteAdvisor) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-05-19]
CHR Extension: (Animated Lion Theme) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jckhkbpmpbglbdkachfmedhpckaghenn [2013-05-24]
CHR Extension: (Scriffon) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpcogdkjlajlgojgnjaiojdfepaakkea [2013-09-09]
CHR Extension: (WordPress.com) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2013-09-11]
CHR Extension: (Checkthis) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgkcpocjciadmnmilkhnhcnfbddcbidp [2013-09-09]
CHR Extension: (Google Maps) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-05-26]
CHR Extension: (Google Wallet) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (MySearchDial) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2013-12-20]
CHR Extension: (Outlook.com) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2013-06-01]
CHR Extension: (Google Mail) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-19]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-01-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
U2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2797312 2013-12-04] (Acer Incorporated)
U3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
U3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
U2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-21] (WildTangent)
U2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
U2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [123384 2014-01-07] (McAfee, Inc.)
U2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.)
U2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
U2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
U3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
U2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
U2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
U2 MfeASUM; C:\Program Files\McAfee\AppStats\MfeASUM.exe [335216 2013-08-28] (McAfee, Inc.)
U2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-11-26] (McAfee, Inc.)
U2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)
U2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)
U2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
U2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
U2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
U3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
U2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-27] (Dritek System INC.)
U2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
U2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
U2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
U3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)
U3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
U3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
U3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
U2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)
U1 MfeASKM; C:\Program Files\McAfee\AppStats\MfeASKM.sys [31408 2013-08-28] (McAfee, Inc.)
U2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)
U0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-11-04] (McAfee, Inc.)
U3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)
U2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)
U3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
U3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
U2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)
U1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-27] (Dritek System Inc.)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-27] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-21 12:08 - 2014-01-21 12:10 - 00023790 _____ C:\Users\Katja\Downloads\FRST.txt
2014-01-21 12:08 - 2014-01-21 12:08 - 00000000 ____D C:\FRST
2014-01-21 12:07 - 2014-01-21 12:07 - 02077184 _____ (Farbar) C:\Users\Katja\Downloads\FRST64.exe
2014-01-21 12:05 - 2014-01-21 12:05 - 00000472 _____ C:\Users\Katja\Downloads\defogger_disable.log
2014-01-21 12:05 - 2014-01-21 12:05 - 00000000 _____ C:\Users\Katja\defogger_reenable
2014-01-21 12:03 - 2014-01-21 12:03 - 00050477 _____ C:\Users\Katja\Downloads\Defogger.exe
2014-01-21 11:29 - 2014-01-21 11:29 - 01236282 _____ C:\Users\Katja\Downloads\adwcleaner_3.017 (1).exe
2014-01-21 11:23 - 2014-01-21 11:23 - 00000000 ____D C:\ProgramData\boost_interprocess
2014-01-21 11:15 - 2014-01-21 11:20 - 00000000 ____D C:\AdwCleaner
2014-01-21 11:15 - 2014-01-21 11:15 - 01236282 _____ C:\Users\Katja\Downloads\adwcleaner_3.017.exe
2014-01-20 15:05 - 2014-01-20 15:12 - 84628320 _____ C:\Users\Katja\Downloads\derek_prince_die_letzte_grosse_erschuetterung_DV9007GE_1.flv
2014-01-19 11:19 - 2014-01-19 11:19 - 00000000 ____D C:\Users\Katja\Documents\ProcAlyzer Dumps
2014-01-19 10:20 - 2013-08-22 14:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20140119-102057.backup
2014-01-19 09:23 - 2014-01-19 09:23 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-19 09:22 - 2014-01-19 11:09 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-19 09:22 - 2014-01-19 09:22 - 00001399 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-19 09:22 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-01-19 09:21 - 2014-01-19 15:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-19 09:19 - 2014-01-19 09:20 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Katja\Downloads\nw_27341_spybotexe.exe
2014-01-16 15:58 - 2014-01-16 16:02 - 00000000 ____D C:\a2f621b105c6fcd8f273d7
2014-01-16 10:45 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-16 10:45 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-16 10:45 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-16 10:45 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-16 10:45 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-16 10:45 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-16 10:45 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-16 10:45 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-16 10:45 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-16 10:45 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-16 10:45 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-11 16:55 - 2014-01-11 16:55 - 00532792 ____T C:\Users\Katja\Desktop\Adresse Kuks 2.oxps
2014-01-11 16:54 - 2014-01-11 16:54 - 00572768 ____T C:\Users\Katja\Desktop\Adresse Kuks Bielefeld.oxps
2014-01-10 19:16 - 2014-01-10 19:16 - 00002079 _____ C:\Users\Public\Desktop\McAfee Online-Backup-Service konfigurieren.lnk
2014-01-08 18:20 - 2014-01-08 18:22 - 49651360 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\ZeitDerAbenteuerDerHeldInDir.exe
2014-01-08 16:59 - 2014-01-08 17:04 - 128349592 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\DerGesandteDesKoenigs.exe
2014-01-08 14:16 - 2014-01-08 14:16 - 00545166 _____ C:\Users\Katja\Documents\Antwort Fw DELIVERY FAILURE User christoph.nordmeyer (christ.oxps
2014-01-08 14:15 - 2014-01-08 14:15 - 00214123 _____ C:\Users\Katja\Documents\Kaufvertrag Monika Noack Katja Funke.oxps
2014-01-08 14:13 - 2014-01-08 14:13 - 00212594 _____ C:\Users\Katja\Documents\Verkauf meiner Wohnung Hausgeld Januar.oxps
2014-01-03 18:01 - 2014-01-03 20:22 - 00000000 ____D C:\Users\Katja\AppData\Roaming\WildTangent Roads Of Rome 3
2014-01-02 13:34 - 2014-01-02 13:34 - 00000000 ____D C:\ProgramData\Intenium
2014-01-02 13:19 - 2014-01-02 13:19 - 19873128 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\HuehnerRacheDeluxe (1).exe
2014-01-01 14:22 - 2014-01-02 13:35 - 00000000 ____D C:\Users\Katja\AppData\Roaming\ScreenSeven
2014-01-01 14:22 - 2014-01-01 14:23 - 19880952 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\HuehnerRacheDeluxe.exe
2014-01-01 14:21 - 2014-01-01 14:21 - 00001345 _____ C:\Users\Public\Desktop\Beetle Ju 2 VOLLVERSION.lnk
2014-01-01 13:02 - 2014-01-08 17:28 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Intenium
2014-01-01 12:00 - 2014-01-08 18:26 - 00000000 ____D C:\Program Files (x86)\DEUTSCHLAND SPIELT
2014-01-01 11:58 - 2014-01-01 11:59 - 03234774 _____ C:\Users\Katja\Downloads\dict-de_de-igerman98_2011-06-21.oxt
2014-01-01 11:57 - 2014-01-08 18:26 - 00001155 _____ C:\Users\Public\Desktop\GAME CENTER.lnk
2014-01-01 11:57 - 2014-01-01 11:57 - 00000000 ____D C:\Program Files (x86)\OXXOGames
2014-01-01 11:53 - 2014-01-01 11:55 - 41672928 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\HuhnerRacheDeluxe.exe
2014-01-01 11:51 - 2014-01-01 11:53 - 53728844 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\BeetleJu2.exe
2013-12-31 14:59 - 2013-12-31 15:05 - 163606685 _____ C:\Users\Katja\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de (2).exe
2013-12-31 13:37 - 2013-12-31 13:38 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Realore_Whiterra Roads Of Rome 3
2013-12-31 13:14 - 2013-12-31 13:14 - 00606104 _____ C:\Users\Katja\Downloads\openoffice setup.exe
2013-12-31 13:00 - 2013-12-31 13:08 - 163606685 _____ C:\Users\Katja\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de (1).exe
2013-12-30 16:04 - 2013-12-30 16:05 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Realore_Whiterra Roads Of Rome 2
2013-12-29 19:50 - 2013-12-29 19:50 - 00000000 ____D C:\Users\Katja\AppData\Roaming\FirstColony
2013-12-22 19:13 - 2013-12-22 19:13 - 00000000 ____D C:\Users\Katja\AppData\Roaming\ZOG
==================== One Month Modified Files and Folders =======
2014-01-21 12:10 - 2014-01-21 12:08 - 00023790 _____ C:\Users\Katja\Downloads\FRST.txt
2014-01-21 12:08 - 2014-01-21 12:08 - 00000000 ____D C:\FRST
2014-01-21 12:07 - 2014-01-21 12:07 - 02077184 _____ (Farbar) C:\Users\Katja\Downloads\FRST64.exe
2014-01-21 12:05 - 2014-01-21 12:05 - 00000472 _____ C:\Users\Katja\Downloads\defogger_disable.log
2014-01-21 12:05 - 2014-01-21 12:05 - 00000000 _____ C:\Users\Katja\defogger_reenable
2014-01-21 12:05 - 2013-11-27 14:15 - 00000000 ____D C:\Users\Katja
2014-01-21 12:03 - 2014-01-21 12:03 - 00050477 _____ C:\Users\Katja\Downloads\Defogger.exe
2014-01-21 12:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-21 11:45 - 2013-05-18 11:19 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-21 11:45 - 2013-04-21 14:52 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-21 11:39 - 2013-03-06 10:29 - 00000000 ____D C:\Users\Katja\Documents\Dokumente
2014-01-21 11:38 - 2013-11-27 14:44 - 01330136 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-21 11:29 - 2014-01-21 11:29 - 01236282 _____ C:\Users\Katja\Downloads\adwcleaner_3.017 (1).exe
2014-01-21 11:28 - 2013-04-21 09:22 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2693933126-1470808564-1985995006-1001
2014-01-21 11:26 - 2013-12-05 09:15 - 00000000 ____D C:\Users\Katja\Desktop\Alte Firefox-Daten
2014-01-21 11:26 - 2013-11-28 11:38 - 00000000 __RDO C:\Users\Katja\SkyDrive
2014-01-21 11:25 - 2013-05-18 11:21 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-21 11:25 - 2013-02-13 13:55 - 00000000 __RSD C:\Users\Katja\Documents\McAfee-Tresore
2014-01-21 11:24 - 2013-05-18 11:19 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-21 11:23 - 2014-01-21 11:23 - 00000000 ____D C:\ProgramData\boost_interprocess
2014-01-21 11:23 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-21 11:22 - 2013-08-22 14:25 - 02097152 ___SH C:\WINDOWS\system32\config\BBI
2014-01-21 11:20 - 2014-01-21 11:15 - 00000000 ____D C:\AdwCleaner
2014-01-21 11:15 - 2014-01-21 11:15 - 01236282 _____ C:\Users\Katja\Downloads\adwcleaner_3.017.exe
2014-01-20 15:12 - 2014-01-20 15:05 - 84628320 _____ C:\Users\Katja\Downloads\derek_prince_die_letzte_grosse_erschuetterung_DV9007GE_1.flv
2014-01-20 09:23 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-19 15:04 - 2014-01-19 09:21 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-19 11:20 - 2013-05-02 15:57 - 00000000 ____D C:\Users\Katja\AppData\Local\CrashDumps
2014-01-19 11:19 - 2014-01-19 11:19 - 00000000 ____D C:\Users\Katja\Documents\ProcAlyzer Dumps
2014-01-19 11:09 - 2014-01-19 09:22 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-19 09:23 - 2014-01-19 09:23 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-19 09:22 - 2014-01-19 09:22 - 00001399 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-19 09:20 - 2014-01-19 09:19 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Katja\Downloads\nw_27341_spybotexe.exe
2014-01-18 08:21 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2014-01-17 11:39 - 2012-11-13 01:51 - 00000000 ____D C:\Users\Katja\AppData\Local\Packages
2014-01-17 07:00 - 2013-09-29 20:04 - 00007728 _____ C:\WINDOWS\PFRO.log
2014-01-17 07:00 - 2013-06-20 12:46 - 00000000 ____D C:\Program Files (x86)\McAfee
2014-01-16 21:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-16 17:57 - 2012-08-09 14:01 - 00000000 ____D C:\Program Files\Common Files\mcafee
2014-01-16 16:02 - 2014-01-16 15:58 - 00000000 ____D C:\a2f621b105c6fcd8f273d7
2014-01-16 16:02 - 2013-07-20 17:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-16 15:58 - 2013-04-21 11:25 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-14 10:07 - 2013-11-28 09:03 - 00424448 ___SH C:\Users\Katja\Desktop\Thumbs.db
2014-01-11 16:55 - 2014-01-11 16:55 - 00532792 ____T C:\Users\Katja\Desktop\Adresse Kuks 2.oxps
2014-01-11 16:54 - 2014-01-11 16:54 - 00572768 ____T C:\Users\Katja\Desktop\Adresse Kuks Bielefeld.oxps
2014-01-10 19:32 - 2013-08-27 16:19 - 00002520 ____N C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2014-01-10 19:20 - 2013-07-02 14:01 - 00001308 _____ C:\Users\Katja\Desktop\MediaHuman YouTube to MP3 Converter.lnk
2014-01-10 19:16 - 2014-01-10 19:16 - 00002079 _____ C:\Users\Public\Desktop\McAfee Online-Backup-Service konfigurieren.lnk
2014-01-08 18:26 - 2014-01-01 12:00 - 00000000 ____D C:\Program Files (x86)\DEUTSCHLAND SPIELT
2014-01-08 18:26 - 2014-01-01 11:57 - 00001155 _____ C:\Users\Public\Desktop\GAME CENTER.lnk
2014-01-08 18:22 - 2014-01-08 18:20 - 49651360 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\ZeitDerAbenteuerDerHeldInDir.exe
2014-01-08 17:28 - 2014-01-01 13:02 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Intenium
2014-01-08 17:04 - 2014-01-08 16:59 - 128349592 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\DerGesandteDesKoenigs.exe
2014-01-08 15:04 - 2013-05-17 11:01 - 00000000 ____D C:\Users\Katja\Documents\Ausdrucken
2014-01-08 14:16 - 2014-01-08 14:16 - 00545166 _____ C:\Users\Katja\Documents\Antwort Fw DELIVERY FAILURE User christoph.nordmeyer (christ.oxps
2014-01-08 14:15 - 2014-01-08 14:15 - 00214123 _____ C:\Users\Katja\Documents\Kaufvertrag Monika Noack Katja Funke.oxps
2014-01-08 14:13 - 2014-01-08 14:13 - 00212594 _____ C:\Users\Katja\Documents\Verkauf meiner Wohnung Hausgeld Januar.oxps
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-03 20:22 - 2014-01-03 18:01 - 00000000 ____D C:\Users\Katja\AppData\Roaming\WildTangent Roads Of Rome 3
2014-01-03 17:40 - 2013-10-27 14:44 - 00000000 ____D C:\BigFishCache
2014-01-02 13:35 - 2014-01-01 14:22 - 00000000 ____D C:\Users\Katja\AppData\Roaming\ScreenSeven
2014-01-02 13:34 - 2014-01-02 13:34 - 00000000 ____D C:\ProgramData\Intenium
2014-01-02 13:19 - 2014-01-02 13:19 - 19873128 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\HuehnerRacheDeluxe (1).exe
2014-01-01 14:23 - 2014-01-01 14:22 - 19880952 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\HuehnerRacheDeluxe.exe
2014-01-01 14:21 - 2014-01-01 14:21 - 00001345 _____ C:\Users\Public\Desktop\Beetle Ju 2 VOLLVERSION.lnk
2014-01-01 11:59 - 2014-01-01 11:58 - 03234774 _____ C:\Users\Katja\Downloads\dict-de_de-igerman98_2011-06-21.oxt
2014-01-01 11:57 - 2014-01-01 11:57 - 00000000 ____D C:\Program Files (x86)\OXXOGames
2014-01-01 11:55 - 2014-01-01 11:53 - 41672928 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\HuhnerRacheDeluxe.exe
2014-01-01 11:53 - 2014-01-01 11:51 - 53728844 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\BeetleJu2.exe
2013-12-31 15:05 - 2013-12-31 14:59 - 163606685 _____ C:\Users\Katja\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de (2).exe
2013-12-31 13:38 - 2013-12-31 13:37 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Realore_Whiterra Roads Of Rome 3
2013-12-31 13:14 - 2013-12-31 13:14 - 00606104 _____ C:\Users\Katja\Downloads\openoffice setup.exe
2013-12-31 13:10 - 2013-08-14 10:26 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-31 13:08 - 2013-12-31 13:00 - 163606685 _____ C:\Users\Katja\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de (1).exe
2013-12-30 16:05 - 2013-12-30 16:04 - 00000000 ____D C:\Users\Katja\AppData\Roaming\Realore_Whiterra Roads Of Rome 2
2013-12-29 19:50 - 2013-12-29 19:50 - 00000000 ____D C:\Users\Katja\AppData\Roaming\FirstColony
2013-12-26 09:33 - 2013-06-22 17:41 - 00000000 ____D C:\ProgramData\Cateia Games
2013-12-23 14:59 - 2013-08-06 15:03 - 00000000 ____D C:\Users\Katja\AppData\Roaming\aliasworlds
2013-12-22 19:13 - 2013-12-22 19:13 - 00000000 ____D C:\Users\Katja\AppData\Roaming\ZOG
Some content of TEMP:
====================
C:\Users\Katja\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-20 09:50
==================== End Of Log ============================
|
|
07.02.2014, 12:08
| #2 |
| /// the machine /// TB-Ausbilder    | McAffee und Spybot finden ein Problem und können es nicht beheben, dann ist das Problem plötzlich nicht mehr da hi,
__________________Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
__________________ |
|
07.02.2014, 13:51
| #3 |
| | McAffee und Spybot finden ein Problem und können es nicht beheben, dann ist das Problem plötzlich nicht mehr da Hallo Schrauber, hier der Inhalt der MBR und die zip-Datei:
__________________Code:
ATTFilter Detected Windows version: 6.2 Build 9200
Installing direct disk access driver ...
Driver connection handle: 0x00000170
1 valid drive(s) found.
Details for Disk 0 - ST320LT020-9YG142 Rev 0010SDM1:
Device name : \\.\PhysicalDrive0
Geometry (C/H/S) : 38913/255/63
Boot loader reputation : Unknown
Cross view comparison : Passed
Partition table integrity: Passed
Boot loader hashes
SHA-1 : 639AC5CDF8A5CF3245975932C6A4215450A7B98F
MD5 : 5FB38429D5D77768867C76DCBDB35194
|
|
08.02.2014, 11:25
| #4 |
| /// the machine /// TB-Ausbilder | McAffee und Spybot finden ein Problem und können es nicht beheben, dann ist das Problem plötzlich nicht mehr da Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.02.2014, 17:23
| #5 |
| | McAffee und Spybot finden ein Problem und können es nicht beheben, dann ist das Problem plötzlich nicht mehr da Hallo Schrauber, ich bin nicht ganz sicher, ob ich alles "korrekt" ausgeführt habe, hänge aber mal alle txt.s hier dran: Malware Bytes: (21 Einträge wurden gefunden, die ich gelöscht habe) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.08.04 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16476 Katja :: KATJASNETBOOK [Administrator] 08.02.2014 12:20:10 mbam-log-2014-02-08 (12-20-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 446362 Laufzeit: 3 Stunde(n), 9 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 21 C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Users\Katja\AppData\Local\genienext\nengine.dll.vir (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Users\Katja\AppData\Roaming\newnext.me\nengine.dll.vir (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katja\Downloads\FLVPlayerSetup (1).exe (PUP.Optional.Cooltech) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katja\Downloads\FLVPlayerSetup (2).exe (PUP.Optional.Cooltech) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katja\Downloads\FLVPlayerSetup (3).exe (PUP.Optional.Cooltech) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katja\Downloads\FlvPlayerSetup (4).exe (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katja\Downloads\FLVPlayerSetup (5).exe (PUP.Optional.Cooltech) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katja\Downloads\FLVPlayerSetup.exe (PUP.Optional.Cooltech) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katja\Downloads\FreeVideoConverterSetup-r135-n-bc (1).exe (PUP.Optional.Koyote.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katja\Downloads\FreeVideoConverterSetup-r135-n-bc.exe (PUP.Optional.Koyote.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katja\Downloads\FreeYouTubeDownload (1).exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katja\Downloads\openoffice setup.exe (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katja\Downloads\setup (1).exe (PUP.Optional.AirInstaller) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katja\Downloads\setup (2).exe (PUP.Optional.AirInstaller) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katja\Downloads\setup (3).exe (PUP.Optional.Ignition.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katja\Downloads\setup.exe (PUP.Optional.AirInstaller) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katja\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katja\Downloads\SoftonicDownloader_fuer_mediahuman-youtube-to-mp3-converter.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katja\Downloads\VLCPlus_Setup (1).exe (Adware.Linkular) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katja\Downloads\VLCPlus_Setup.exe (Adware.Linkular) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 08/02/2014 um 16:23:38
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Katja - KATJASNETBOOK
# Gestartet von : C:\Users\Katja\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\boost_interprocess
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\FoxyDeal
Schlüssel Gelöscht : HKCU\Software\AppDataLow\FoxyDeal
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16384
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\f72g0f6s.default-1386231313305\prefs.js ]
-\\ Google Chrome v32.0.1700.107
[ Datei : C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
*************************
AdwCleaner[R0].txt - [19439 octets] - [21/01/2014 11:16:02]
AdwCleaner[R1].txt - [1289 octets] - [08/02/2014 16:06:30]
AdwCleaner[R2].txt - [1349 octets] - [08/02/2014 16:22:00]
AdwCleaner[S0].txt - [17193 octets] - [21/01/2014 11:18:36]
AdwCleaner[S1].txt - [1200 octets] - [08/02/2014 16:23:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1260 octets] ##########
Code:
ATTFilter Detected Windows version: 6.2 Build 9200
Installing direct disk access driver ...
Driver connection handle: 0x00000170
1 valid drive(s) found.
Details for Disk 0 - ST320LT020-9YG142 Rev 0010SDM1:
Device name : \\.\PhysicalDrive0
Geometry (C/H/S) : 38913/255/63
Boot loader reputation : Unknown
Cross view comparison : Passed
Partition table integrity: Passed
Boot loader hashes
SHA-1 : 639AC5CDF8A5CF3245975932C6A4215450A7B98F
MD5 : 5FB38429D5D77768867C76DCBDB35194
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8.1 x64
Ran by Katja on 08.02.2014 at 16:54:43,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\big fish"
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Program Files (x86)\free video converter"
~~~ FireFox
Emptied folder: C:\Users\Katja\AppData\Roaming\mozilla\firefox\profiles\f72g0f6s.default-1386231313305\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.02.2014 at 17:09:08,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by Katja (administrator) on KATJASNETBOOK on 08-02-2014 17:13:04
Running from C:\Users\Katja\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
(McAfee, Inc.) C:\Program Files\McAfee\AppStats\MfeASUM.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.56\opera.exe
() C:\Program Files (x86)\Opera\19.0.1326.56\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.56\opera.exe
() C:\Program Files (x86)\Opera\19.0.1326.56\opera_autoupdate.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.56\opera.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [McAfeeWrapperApplication] - C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe [453344 2011-05-11] (McAfee, Inc.)
HKLM-x32\...\Run: [BakupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - [X]
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2693933126-1470808564-1985995006-1001\...\Run: [AcerCloud] - C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [18222336 2013-12-04] (Acer Incorporated)
HKU\S-1-5-21-2693933126-1470808564-1985995006-1001\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - DefaultScope {BF18DC60-61D4-4CCD-8AD2-AB24B365DE47} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {BF18DC60-61D4-4CCD-8AD2-AB24B365DE47} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\f72g0f6s.default-1386231313305
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF SearchPlugin: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\f72g0f6s.default-1386231313305\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DuckDuckGo Plus - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\f72g0f6s.default-1386231313305\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-01-18]
FF Extension: NoTrace - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\f72g0f6s.default-1386231313305\Extensions\notrace@unisa.it.xpi [2014-02-06]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-06-20]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-06-20]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Extension: (Angry Birds) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-05-26]
CHR Extension: (Google Docs) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-19]
CHR Extension: (Google Drive) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-19]
CHR Extension: (YouTube) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-19]
CHR Extension: (Google-Suche) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-19]
CHR Extension: (Multiple Account Checker for Gmailâ„¢) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnimhgelcnggigekhdjlifjpndgmnglm [2013-09-09]
CHR Extension: (SiteAdvisor) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-05-19]
CHR Extension: (Animated Lion Theme) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jckhkbpmpbglbdkachfmedhpckaghenn [2013-05-24]
CHR Extension: (Scriffon) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpcogdkjlajlgojgnjaiojdfepaakkea [2013-09-09]
CHR Extension: (WordPress.com) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2013-09-11]
CHR Extension: (Checkthis) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgkcpocjciadmnmilkhnhcnfbddcbidp [2013-09-09]
CHR Extension: (Google Maps) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-05-26]
CHR Extension: (Google Wallet) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Outlook.com) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2013-06-01]
CHR Extension: (Google Mail) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-19]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-02-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2797312 2013-12-04] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-23] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [123384 2014-01-22] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MfeASUM; C:\Program Files\McAfee\AppStats\MfeASUM.exe [335216 2013-08-28] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-27] (Dritek System INC.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)
R1 MfeASKM; C:\Program Files\McAfee\AppStats\MfeASKM.sys [31408 2013-08-28] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-11-04] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-27] (Dritek System Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-27] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-08 17:09 - 2014-02-08 17:09 - 00000961 _____ () C:\Users\Katja\Desktop\JRT.txt
2014-02-08 16:51 - 2014-02-08 16:51 - 01037530 _____ (Thisisu) C:\Users\Katja\Downloads\JRT (1).exe
2014-02-08 16:33 - 2014-02-08 16:33 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-08 16:28 - 2014-02-08 16:28 - 00001340 _____ () C:\Users\Katja\Desktop\AdwCleaner[S1].txt
2014-02-08 16:25 - 2014-02-08 16:25 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-08 13:57 - 2014-02-08 13:57 - 01440846 _____ () C:\Users\Katja\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-02-08 12:15 - 2014-02-08 12:15 - 01037530 _____ (Thisisu) C:\Users\Katja\Downloads\JRT.exe
2014-02-08 12:14 - 2014-02-08 12:14 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 12:14 - 2014-02-08 12:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 12:14 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-08 12:13 - 2014-02-08 12:13 - 01166132 _____ () C:\Users\Katja\Downloads\adwcleaner.exe
2014-02-08 12:12 - 2014-02-08 12:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Katja\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 12:09 - 2014-02-08 12:09 - 00044189 _____ () C:\Users\Katja\Desktop\FRSTfrisch.txt
2014-02-07 19:03 - 2014-02-07 19:03 - 00431196 _____ () C:\Users\Katja\Desktop\Bestätigung Ihres Kaufs Acer Iconia Capacitive Stylus Pen schw (1).oxps
2014-02-07 19:02 - 2014-02-07 19:02 - 00431196 _____ () C:\Users\Katja\Documents\Bestätigung Ihres Kaufs Acer Iconia Capacitive Stylus Pen schw (1).oxps
2014-02-07 18:53 - 2014-02-07 18:53 - 00366244 ____T () C:\Users\Katja\Desktop\Ebay Kauf.oxps
2014-02-07 16:23 - 2014-02-07 16:23 - 00431185 _____ () C:\Users\Katja\Desktop\Bestätigung Ihres Kaufs Acer Iconia Capacitive Stylus Pen schw.oxps
2014-02-07 16:22 - 2014-02-07 16:22 - 00431185 _____ () C:\Users\Katja\Documents\Bestätigung Ihres Kaufs Acer Iconia Capacitive Stylus Pen schw.oxps
2014-02-07 16:19 - 2014-02-07 16:19 - 00494971 _____ () C:\Users\Katja\Documents\15 Euro für Sie Katja Funke!.oxps
2014-02-07 16:19 - 2014-02-07 16:19 - 00494971 _____ () C:\Users\Katja\Desktop\15 Euro für Sie Katja Funke!.oxps
2014-02-07 16:16 - 2014-02-07 16:16 - 00316626 _____ () C:\Users\Katja\Documents\Ihre Bestellung bei Alternate.oxps
2014-02-07 16:16 - 2014-02-07 16:16 - 00316626 _____ () C:\Users\Katja\Desktop\Ihre Bestellung bei Alternate.oxps
2014-02-07 14:36 - 2014-02-07 14:42 - 59521871 _____ () C:\Users\Katja\Downloads\User Manual_Acer_01.01.03_W8x86_A.zip
2014-02-07 13:46 - 2014-02-07 13:46 - 00000145 _____ () C:\Users\Katja\Desktop\emsi.zip
2014-02-07 13:45 - 2014-02-07 13:45 - 00000570 _____ () C:\Users\Katja\Desktop\MBRMastr_2014.02.07_13.45.54.txt
2014-02-07 13:45 - 2014-02-07 13:45 - 00000512 _____ () C:\Users\Katja\Desktop\emsi.mbr
2014-02-07 13:43 - 2014-02-07 13:43 - 00788728 _____ (Emsisoft GmbH) C:\Users\Katja\Downloads\mbrmastr.exe
2014-02-07 13:14 - 2014-02-07 13:14 - 00391784 _____ () C:\WINDOWS\Minidump\020714-26062-01.dmp
2014-02-07 11:40 - 2014-02-07 11:40 - 00238953 _____ () C:\Users\Katja\Desktop\TeamSpybot-20140207-114040.cab
2014-02-07 11:33 - 2014-02-07 11:38 - 00023829 _____ () C:\Users\Katja\Desktop\Trojaner-Board.odt
2014-02-07 11:16 - 2014-02-07 11:16 - 00194815 _____ () C:\Users\Katja\Desktop\TeamSpybot-20140207-111635.cab
2014-02-07 10:14 - 2014-02-07 10:14 - 00010970 _____ () C:\Users\Katja\Desktop\gmer3.txt
2014-02-07 10:06 - 2014-02-07 10:06 - 00338952 _____ () C:\WINDOWS\Minidump\020714-31281-01.dmp
2014-02-07 09:59 - 2014-02-07 09:59 - 00011528 _____ () C:\Users\Katja\Desktop\Gmer2.txt
2014-02-07 09:49 - 2014-02-07 13:14 - 670199130 _____ () C:\WINDOWS\MEMORY.DMP
2014-02-07 09:49 - 2014-02-07 13:14 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-07 09:49 - 2014-02-07 09:49 - 00284528 _____ () C:\WINDOWS\Minidump\020714-32562-01.dmp
2014-02-07 09:44 - 2014-02-07 09:44 - 00377309 _____ () C:\Users\Katja\Desktop\GmerFehlermeldung2.odt
2014-02-07 09:37 - 2014-02-07 09:37 - 00039720 _____ () C:\Users\Katja\Desktop\FRST2.txt
2014-02-07 09:33 - 2014-02-07 09:33 - 00000000 ____D () C:\Users\Katja\Downloads\FRST-OlderVersion
2014-02-07 09:32 - 2014-02-07 09:32 - 00000472 _____ () C:\WINDOWS\SysWOW64\defogger_disable.log
2014-02-07 08:29 - 2014-02-05 18:59 - 00450709 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140207-082908.backup
2014-02-05 18:59 - 2014-01-25 10:45 - 00450639 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140205-185954.backup
2014-02-02 07:42 - 2014-02-02 07:51 - 00000000 ____D () C:\Users\Katja\AppData\Local\Adobe
2014-01-26 20:34 - 2014-01-26 20:34 - 00002384 _____ () C:\Users\Public\Desktop\Spiel Royal Envoy - Campaign for the Crown Sammleredition.lnk
2014-01-26 20:32 - 2014-01-26 20:34 - 00000000 ____D () C:\Program Files (x86)\Royal Envoy - Campaign for the Crown Sammleredition
2014-01-26 20:32 - 2014-01-26 20:32 - 00000000 ____D () C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Royal Envoy - Campaign for the Crown Sammleredition
2014-01-26 20:02 - 2014-01-26 20:02 - 00236648 _____ (Big Fish Games) C:\Users\Katja\Downloads\bigfishgames_p203360593_s2_l2.exe
2014-01-26 17:47 - 2014-01-26 18:16 - 307143568 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\DerGesandteDesKoenigsKroneSE.exe
2014-01-26 14:47 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2014-01-25 18:01 - 2014-01-25 18:01 - 00000000 ____D () C:\Users\Katja\AppData\Roaming\BC Soft Games
2014-01-25 18:01 - 2014-01-25 18:01 - 00000000 ____D () C:\ProgramData\BC Soft Games
2014-01-25 14:21 - 2014-01-25 14:21 - 00000000 ____D () C:\ProgramData\ScreenSeven
2014-01-25 14:15 - 2014-01-25 14:18 - 27147304 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\MoorhuhnJDF.exe
2014-01-25 10:45 - 2014-01-19 10:20 - 00450639 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140125-104530.backup
2014-01-23 17:14 - 2014-01-23 17:15 - 00546095 ____T () C:\Users\Katja\Desktop\Was wir mit dem Bösen machen sollen.oxps
2014-01-23 13:33 - 2014-01-23 13:33 - 00000000 ____D () C:\ProgramData\Melesta
2014-01-23 13:22 - 2014-01-23 13:22 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-01-21 20:22 - 2014-01-21 20:22 - 00012869 _____ () C:\Users\Katja\Desktop\gmer.txt
2014-01-21 20:21 - 2014-01-21 20:21 - 00533567 _____ () C:\Users\Katja\Desktop\gmer fehlermeldung.odt
2014-01-21 20:01 - 2014-01-21 20:01 - 00039226 _____ () C:\Users\Katja\Desktop\FRST.txt
2014-01-21 12:17 - 2014-01-21 12:17 - 00026209 _____ () C:\Users\Katja\Desktop\Addition.txt
2014-01-21 12:14 - 2014-01-21 12:15 - 00370672 _____ () C:\Users\Katja\Downloads\gmer_2.1.19324.zip
2014-01-21 12:12 - 2014-01-21 12:16 - 00026209 _____ () C:\Users\Katja\Downloads\Addition.txt
2014-01-21 12:08 - 2014-02-08 17:13 - 00023000 _____ () C:\Users\Katja\Downloads\FRST.txt
2014-01-21 12:08 - 2014-02-08 17:13 - 00000000 ____D () C:\FRST
2014-01-21 12:07 - 2014-02-07 09:33 - 02079744 _____ (Farbar) C:\Users\Katja\Downloads\FRST64.exe
2014-01-21 12:05 - 2014-01-21 12:05 - 00000472 _____ () C:\Users\Katja\Downloads\defogger_disable.log
2014-01-21 12:05 - 2014-01-21 12:05 - 00000000 _____ () C:\Users\Katja\defogger_reenable
2014-01-21 12:03 - 2014-01-21 12:03 - 00050477 _____ () C:\Users\Katja\Downloads\Defogger.exe
2014-01-21 11:29 - 2014-01-21 11:29 - 01236282 _____ () C:\Users\Katja\Downloads\adwcleaner_3.017 (1).exe
2014-01-21 11:15 - 2014-02-08 16:23 - 00000000 ____D () C:\AdwCleaner
2014-01-21 11:15 - 2014-01-21 11:15 - 01236282 _____ () C:\Users\Katja\Downloads\adwcleaner_3.017.exe
2014-01-20 15:05 - 2014-01-20 15:12 - 84628320 _____ () C:\Users\Katja\Downloads\derek_prince_die_letzte_grosse_erschuetterung_DV9007GE_1.flv
2014-01-19 11:19 - 2014-01-19 11:19 - 00000000 ____D () C:\Users\Katja\Documents\ProcAlyzer Dumps
2014-01-19 10:20 - 2013-08-22 14:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140119-102057.backup
2014-01-19 09:23 - 2014-01-19 09:23 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-19 09:22 - 2014-02-07 09:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-19 09:22 - 2014-01-19 09:22 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-19 09:22 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-01-19 09:21 - 2014-01-19 15:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-19 09:19 - 2014-01-19 09:20 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Katja\Downloads\nw_27341_spybotexe.exe
2014-01-16 15:58 - 2014-01-16 16:02 - 00000000 ____D () C:\a2f621b105c6fcd8f273d7
2014-01-16 10:45 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-16 10:45 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-16 10:45 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-16 10:45 - 2013-11-27 11:34 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-01-16 10:45 - 2013-11-27 10:54 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-16 10:45 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-16 10:45 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-16 10:45 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-16 10:45 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-16 10:45 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-16 10:45 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-10 19:16 - 2014-01-10 19:16 - 00002079 _____ () C:\Users\Public\Desktop\McAfee Online-Backup-Service konfigurieren.lnk
==================== One Month Modified Files and Folders =======
2014-02-08 17:13 - 2014-01-21 12:08 - 00023000 _____ () C:\Users\Katja\Downloads\FRST.txt
2014-02-08 17:13 - 2014-01-21 12:08 - 00000000 ____D () C:\FRST
2014-02-08 17:09 - 2014-02-08 17:09 - 00000961 _____ () C:\Users\Katja\Desktop\JRT.txt
2014-02-08 17:02 - 2013-11-27 14:44 - 01343546 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-08 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-08 16:52 - 2013-04-21 09:22 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2693933126-1470808564-1985995006-1001
2014-02-08 16:51 - 2014-02-08 16:51 - 01037530 _____ (Thisisu) C:\Users\Katja\Downloads\JRT (1).exe
2014-02-08 16:49 - 2013-05-18 11:21 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-08 16:48 - 2013-11-28 11:38 - 00000000 __RDO () C:\Users\Katja\SkyDrive
2014-02-08 16:47 - 2013-02-13 13:55 - 00000000 __RSD () C:\Users\Katja\Documents\McAfee-Tresore
2014-02-08 16:46 - 2013-05-18 11:19 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-08 16:45 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-08 16:45 - 2013-08-22 14:25 - 02359296 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-08 16:33 - 2014-02-08 16:33 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-08 16:28 - 2014-02-08 16:28 - 00001340 _____ () C:\Users\Katja\Desktop\AdwCleaner[S1].txt
2014-02-08 16:25 - 2014-02-08 16:25 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-08 16:23 - 2014-01-21 11:15 - 00000000 ____D () C:\AdwCleaner
2014-02-08 15:55 - 2013-09-29 20:04 - 00015604 _____ () C:\WINDOWS\PFRO.log
2014-02-08 15:45 - 2013-05-18 11:19 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-08 15:45 - 2013-04-21 14:52 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-08 13:57 - 2014-02-08 13:57 - 01440846 _____ () C:\Users\Katja\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-02-08 12:15 - 2014-02-08 12:15 - 01037530 _____ (Thisisu) C:\Users\Katja\Downloads\JRT.exe
2014-02-08 12:14 - 2014-02-08 12:14 - 00001129 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 12:14 - 2014-02-08 12:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 12:13 - 2014-02-08 12:13 - 01166132 _____ () C:\Users\Katja\Downloads\adwcleaner.exe
2014-02-08 12:13 - 2014-02-08 12:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Katja\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 12:09 - 2014-02-08 12:09 - 00044189 _____ () C:\Users\Katja\Desktop\FRSTfrisch.txt
2014-02-08 11:13 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-08 11:08 - 2012-11-13 01:51 - 00000000 ____D () C:\Users\Katja\AppData\Local\Packages
2014-02-08 10:25 - 2013-05-02 15:57 - 00000000 ____D () C:\Users\Katja\AppData\Local\CrashDumps
2014-02-07 19:03 - 2014-02-07 19:03 - 00431196 _____ () C:\Users\Katja\Desktop\Bestätigung Ihres Kaufs Acer Iconia Capacitive Stylus Pen schw (1).oxps
2014-02-07 19:02 - 2014-02-07 19:02 - 00431196 _____ () C:\Users\Katja\Documents\Bestätigung Ihres Kaufs Acer Iconia Capacitive Stylus Pen schw (1).oxps
2014-02-07 18:53 - 2014-02-07 18:53 - 00366244 ____T () C:\Users\Katja\Desktop\Ebay Kauf.oxps
2014-02-07 18:53 - 2013-11-28 09:03 - 00509952 ___SH () C:\Users\Katja\Desktop\Thumbs.db
2014-02-07 16:23 - 2014-02-07 16:23 - 00431185 _____ () C:\Users\Katja\Desktop\Bestätigung Ihres Kaufs Acer Iconia Capacitive Stylus Pen schw.oxps
2014-02-07 16:22 - 2014-02-07 16:22 - 00431185 _____ () C:\Users\Katja\Documents\Bestätigung Ihres Kaufs Acer Iconia Capacitive Stylus Pen schw.oxps
2014-02-07 16:19 - 2014-02-07 16:19 - 00494971 _____ () C:\Users\Katja\Documents\15 Euro für Sie Katja Funke!.oxps
2014-02-07 16:19 - 2014-02-07 16:19 - 00494971 _____ () C:\Users\Katja\Desktop\15 Euro für Sie Katja Funke!.oxps
2014-02-07 16:16 - 2014-02-07 16:16 - 00316626 _____ () C:\Users\Katja\Documents\Ihre Bestellung bei Alternate.oxps
2014-02-07 16:16 - 2014-02-07 16:16 - 00316626 _____ () C:\Users\Katja\Desktop\Ihre Bestellung bei Alternate.oxps
2014-02-07 15:30 - 2013-03-06 10:29 - 00000000 ____D () C:\Users\Katja\Documents\Dokumente
2014-02-07 14:42 - 2014-02-07 14:36 - 59521871 _____ () C:\Users\Katja\Downloads\User Manual_Acer_01.01.03_W8x86_A.zip
2014-02-07 13:46 - 2014-02-07 13:46 - 00000145 _____ () C:\Users\Katja\Desktop\emsi.zip
2014-02-07 13:45 - 2014-02-07 13:45 - 00000570 _____ () C:\Users\Katja\Desktop\MBRMastr_2014.02.07_13.45.54.txt
2014-02-07 13:45 - 2014-02-07 13:45 - 00000512 _____ () C:\Users\Katja\Desktop\emsi.mbr
2014-02-07 13:43 - 2014-02-07 13:43 - 00788728 _____ (Emsisoft GmbH) C:\Users\Katja\Downloads\mbrmastr.exe
2014-02-07 13:18 - 2013-11-27 14:15 - 00000000 ____D () C:\Users\Katja
2014-02-07 13:15 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-07 13:14 - 2014-02-07 13:14 - 00391784 _____ () C:\WINDOWS\Minidump\020714-26062-01.dmp
2014-02-07 13:14 - 2014-02-07 09:49 - 670199130 _____ () C:\WINDOWS\MEMORY.DMP
2014-02-07 13:14 - 2014-02-07 09:49 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-07 11:40 - 2014-02-07 11:40 - 00238953 _____ () C:\Users\Katja\Desktop\TeamSpybot-20140207-114040.cab
2014-02-07 11:38 - 2014-02-07 11:33 - 00023829 _____ () C:\Users\Katja\Desktop\Trojaner-Board.odt
2014-02-07 11:16 - 2014-02-07 11:16 - 00194815 _____ () C:\Users\Katja\Desktop\TeamSpybot-20140207-111635.cab
2014-02-07 10:14 - 2014-02-07 10:14 - 00010970 _____ () C:\Users\Katja\Desktop\gmer3.txt
2014-02-07 10:06 - 2014-02-07 10:06 - 00338952 _____ () C:\WINDOWS\Minidump\020714-31281-01.dmp
2014-02-07 09:59 - 2014-02-07 09:59 - 00011528 _____ () C:\Users\Katja\Desktop\Gmer2.txt
2014-02-07 09:49 - 2014-02-07 09:49 - 00284528 _____ () C:\WINDOWS\Minidump\020714-32562-01.dmp
2014-02-07 09:44 - 2014-02-07 09:44 - 00377309 _____ () C:\Users\Katja\Desktop\GmerFehlermeldung2.odt
2014-02-07 09:37 - 2014-02-07 09:37 - 00039720 _____ () C:\Users\Katja\Desktop\FRST2.txt
2014-02-07 09:33 - 2014-02-07 09:33 - 00000000 ____D () C:\Users\Katja\Downloads\FRST-OlderVersion
2014-02-07 09:33 - 2014-01-21 12:07 - 02079744 _____ (Farbar) C:\Users\Katja\Downloads\FRST64.exe
2014-02-07 09:32 - 2014-02-07 09:32 - 00000472 _____ () C:\WINDOWS\SysWOW64\defogger_disable.log
2014-02-07 09:26 - 2014-01-19 09:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-06 07:37 - 2013-06-20 12:46 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-02-05 18:59 - 2014-02-07 08:29 - 00450709 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140207-082908.backup
2014-02-05 09:45 - 2013-04-21 14:52 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-02 07:51 - 2014-02-02 07:42 - 00000000 ____D () C:\Users\Katja\AppData\Local\Adobe
2014-01-31 14:41 - 2012-08-09 14:01 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-01-30 21:47 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-30 21:47 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-30 09:55 - 2013-08-18 08:16 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-01-27 08:30 - 2014-01-01 12:00 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT
2014-01-26 20:38 - 2013-11-20 17:07 - 00000000 ____D () C:\Users\Katja\AppData\Roaming\Playrix Entertainment
2014-01-26 20:34 - 2014-01-26 20:34 - 00002384 _____ () C:\Users\Public\Desktop\Spiel Royal Envoy - Campaign for the Crown Sammleredition.lnk
2014-01-26 20:34 - 2014-01-26 20:32 - 00000000 ____D () C:\Program Files (x86)\Royal Envoy - Campaign for the Crown Sammleredition
2014-01-26 20:32 - 2014-01-26 20:32 - 00000000 ____D () C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Royal Envoy - Campaign for the Crown Sammleredition
2014-01-26 20:02 - 2014-01-26 20:02 - 00236648 _____ (Big Fish Games) C:\Users\Katja\Downloads\bigfishgames_p203360593_s2_l2.exe
2014-01-26 19:47 - 2013-08-27 16:19 - 00002520 ____N () C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2014-01-26 18:36 - 2014-01-01 11:57 - 00001155 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk
2014-01-26 18:16 - 2014-01-26 17:47 - 307143568 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\DerGesandteDesKoenigsKroneSE.exe
2014-01-25 18:01 - 2014-01-25 18:01 - 00000000 ____D () C:\Users\Katja\AppData\Roaming\BC Soft Games
2014-01-25 18:01 - 2014-01-25 18:01 - 00000000 ____D () C:\ProgramData\BC Soft Games
2014-01-25 14:21 - 2014-01-25 14:21 - 00000000 ____D () C:\ProgramData\ScreenSeven
2014-01-25 14:18 - 2014-01-25 14:15 - 27147304 _____ (INTENIUM GmbH) C:\Users\Katja\Downloads\MoorhuhnJDF.exe
2014-01-25 10:45 - 2014-02-05 18:59 - 00450639 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140205-185954.backup
2014-01-23 17:15 - 2014-01-23 17:14 - 00546095 ____T () C:\Users\Katja\Desktop\Was wir mit dem Bösen machen sollen.oxps
2014-01-23 13:33 - 2014-01-23 13:33 - 00000000 ____D () C:\ProgramData\Melesta
2014-01-23 13:22 - 2014-01-23 13:22 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-01-23 13:21 - 2012-08-09 13:54 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-01-21 20:22 - 2014-01-21 20:22 - 00012869 _____ () C:\Users\Katja\Desktop\gmer.txt
2014-01-21 20:21 - 2014-01-21 20:21 - 00533567 _____ () C:\Users\Katja\Desktop\gmer fehlermeldung.odt
2014-01-21 20:01 - 2014-01-21 20:01 - 00039226 _____ () C:\Users\Katja\Desktop\FRST.txt
2014-01-21 12:17 - 2014-01-21 12:17 - 00026209 _____ () C:\Users\Katja\Desktop\Addition.txt
2014-01-21 12:16 - 2014-01-21 12:12 - 00026209 _____ () C:\Users\Katja\Downloads\Addition.txt
2014-01-21 12:15 - 2014-01-21 12:14 - 00370672 _____ () C:\Users\Katja\Downloads\gmer_2.1.19324.zip
2014-01-21 12:05 - 2014-01-21 12:05 - 00000472 _____ () C:\Users\Katja\Downloads\defogger_disable.log
2014-01-21 12:05 - 2014-01-21 12:05 - 00000000 _____ () C:\Users\Katja\defogger_reenable
2014-01-21 12:03 - 2014-01-21 12:03 - 00050477 _____ () C:\Users\Katja\Downloads\Defogger.exe
2014-01-21 11:29 - 2014-01-21 11:29 - 01236282 _____ () C:\Users\Katja\Downloads\adwcleaner_3.017 (1).exe
2014-01-21 11:26 - 2013-12-05 09:15 - 00000000 ____D () C:\Users\Katja\Desktop\Alte Firefox-Daten
2014-01-21 11:15 - 2014-01-21 11:15 - 01236282 _____ () C:\Users\Katja\Downloads\adwcleaner_3.017.exe
2014-01-20 15:12 - 2014-01-20 15:05 - 84628320 _____ () C:\Users\Katja\Downloads\derek_prince_die_letzte_grosse_erschuetterung_DV9007GE_1.flv
2014-01-19 15:04 - 2014-01-19 09:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-19 11:19 - 2014-01-19 11:19 - 00000000 ____D () C:\Users\Katja\Documents\ProcAlyzer Dumps
2014-01-19 10:20 - 2014-01-25 10:45 - 00450639 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140125-104530.backup
2014-01-19 09:23 - 2014-01-19 09:23 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-19 09:22 - 2014-01-19 09:22 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-19 09:20 - 2014-01-19 09:19 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Katja\Downloads\nw_27341_spybotexe.exe
2014-01-16 21:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-16 16:02 - 2014-01-16 15:58 - 00000000 ____D () C:\a2f621b105c6fcd8f273d7
2014-01-16 16:02 - 2013-07-20 17:35 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-16 15:58 - 2013-04-21 11:25 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-10 19:20 - 2013-07-02 14:01 - 00001308 _____ () C:\Users\Katja\Desktop\MediaHuman YouTube to MP3 Converter.lnk
2014-01-10 19:16 - 2014-01-10 19:16 - 00002079 _____ () C:\Users\Public\Desktop\McAfee Online-Backup-Service konfigurieren.lnk
Some content of TEMP:
====================
C:\Users\Katja\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-08 08:32
==================== End Of Log ============================
--- --- --- Jetzt schonmal Danke für Deine Hilfe! KUF |
|
09.02.2014, 09:46
| #6 |
| /// the machine /// TB-Ausbilder | McAffee und Spybot finden ein Problem und können es nicht beheben, dann ist das Problem plötzlich nicht mehr daESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> McAffee und Spybot finden ein Problem und können es nicht beheben, dann ist das Problem plötzlich nicht mehr da |
|
| Themen zu McAffee und Spybot finden ein Problem und können es nicht beheben, dann ist das Problem plötzlich nicht mehr da |
| administrator, adobe flash player, adware.linkular, launch, mobogenie, mobogenie entfernen, ntdll.dll, pup.optional.airinstaller, pup.optional.bundleinstaller.a, pup.optional.cooltech, pup.optional.ignition.a, pup.optional.installcore.a, pup.optional.koyote.a, pup.optional.nextlive.a, pup.optional.opencandy, pup.optional.softonic, pup.optional.softonic.a, safer networking, services.exe, siteadvisor, svchost.exe, trojaner unfindbar unlöschbar, wildtangent games, win32k.sys, windowsapps, winlogon.exe, wrapper |
Linear-Darstellung
