| |
| |||||||
Log-Analyse und Auswertung: Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.03.2014, 18:54
| #1 |
 |  Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware Hallo liebe Helfer! Ich habe vorhin seit langem mal wieder Malwarebytes Anti-Malware durchlaufen lassen und dabei leider zweimal einen Befall mit Trojan-SpyEyes gefunden. Ich habe zunächst bei MBAM nichts unternommen und die anderen 3 Programme durchlaufen lassen. Bei Defogger gab es kein Problem und daher auch keinen Bericht. Die beiden Berichte von FRST und GMER sowie den ursprünglichen Bericht von MBAM habe ich hier gepostet. FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014 Ran by Jörg (administrator) on JÖRG-PC on 12-03-2014 17:18:01 Running from C:\Users\Jörg\Desktop\Jörg Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (AMD) C:\Windows\system32\atieclxx.exe (B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Windows\system32\mfevtps.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe (SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Huawei Technologies Co., Ltd.) C:\Users\Jörg\AppData\Roaming\Telekom Internet Manager\ouc.exe () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe (Microsoft Corporation) C:\Windows\system32\taskmgr.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Sandbox\Jörg\Browser\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-26] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.) HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.) HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-26] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] () HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-25] (CyberLink Corp.) HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [DellSupportCenter] - "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter HKLM-x32\...\Run: [RemoteControl] - C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.) HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\Telekom\InternetManager_H\DataCardMonitor.exe [259424 2013-05-03] (Huawei Technologies Co., Ltd.) HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.) HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-09-17] (Softthinks) HKLM-x32\...\RunOnce: [STToasterLauncher] - C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-09-17] () HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKU\.DEFAULT\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [fheydbueyj.exe] - C:\fheydbueyj.exe\fheydbueyj.exe HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.6\ICQ.exe [127040 2011-10-10] (ICQ, LLC.) HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [306688 2012-03-26] (FileHippo.com) HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC) HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] - C:\Program Files (x86)\Telekom\InternetManager_H\UpdateDog\ouc.exe [116064 2010-12-28] (Huawei Technologies Co., Ltd.) HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\MountPoints2: {30fd19bd-7bc8-11e0-93b7-904ce5f5dda9} - F:\LaunchU3.exe -a HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\MountPoints2: {3896c37a-3e37-11df-a8dd-0026b911bb0f} - E:\EasySuite.exe HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\MountPoints2: {6d37b00c-b3fd-11e2-9846-0026b911bb0f} - E:\AutoRun.exe HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\MountPoints2: {6d37b01c-b3fd-11e2-9846-0026b911bb0f} - E:\AutoRun.exe HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\MountPoints2: {cbbe3de7-098f-11df-b382-0026b911bb0f} - E:\EasySuite.exe HKU\S-1-5-21-1349070987-1109131551-1287590056-1001\...\MountPoints2: {ebb8898e-075e-11df-b8b8-904ce5f5dda9} - F:\EasySuite.exe Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} URLSearchHook: HKLM-x32 - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File URLSearchHook: HKCU - QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Jörg\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/?query={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/?query={searchTerms} SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 SearchScopes: HKCU - DefaultScope {810C5518-649C-4767-A11C-59BFFAE36D78} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE105&p={SearchTerms} SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd SearchScopes: HKCU - {810C5518-649C-4767-A11C-59BFFAE36D78} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE105&p={SearchTerms} SearchScopes: HKCU - {86DB3314-17F2-4C6A-8F85-09C6A55AD9EB} URL = SearchScopes: HKCU - {9DB5AE8D-3204-4F85-A13A-773039C1C5B4} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/?query={searchTerms} SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 SearchScopes: HKCU - {E2D2B080-405E-4C81-904E-7410130A754E} URL = BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Jörg\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File DPF: HKLM-x32 {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} hxxp://www.ppiwidget.com/campaigns/startrek_AR/widget/de/Plugin/DFusionHomeWebPlugIn.Installer.exe Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchKeyword: mcafee CHR DefaultSearchProvider: McAfee CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?fr=mcafee&type=A211DE105&p={searchTerms} CHR DefaultNewTabURL: CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (D'Fusion @Home Web Plug-In (2.10.8863)) - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll () CHR Extension: (YouTube) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15] CHR Extension: (Adblock Plus) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-11] CHR Extension: (Google-Suche) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15] CHR Extension: (SiteAdvisor) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-11-01] CHR Extension: (Webseite Blocher (Beta)) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2013-04-11] CHR Extension: (Google Wallet) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-25] CHR Extension: (Google Mail) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15] ==================== Services (Whitelisted) ================= R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [344928 2011-01-28] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.) R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.) ==================== Drivers (Whitelisted) ==================== R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.) R3 CryptOSD; C:\Windows\System32\DRIVERS\CryptOSD.sys [431488 2009-06-25] (Phoenix Technologies) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.) R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.) R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.) R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.) R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.) R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [282440 2011-07-11] (PC Tools) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC) S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [13168 2011-07-13] (SMART Technologies ULC) S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [16368 2011-07-13] (SMART Technologies ULC) S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [24944 2011-07-13] (SMART Technologies ULC) R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation) R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-12 17:17 - 2014-03-12 17:18 - 00000000 ____D () C:\FRST 2014-03-12 17:14 - 2014-03-12 17:14 - 00000000 _____ () C:\Users\Jörg\defogger_reenable 2014-03-12 16:24 - 2014-03-12 16:24 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Malwarebytes 2014-03-12 16:23 - 2014-03-12 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-12 16:23 - 2014-03-12 16:23 - 00001075 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-12 16:23 - 2014-03-12 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-12 16:23 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-12 16:21 - 2014-03-12 16:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jörg\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-12 16:21 - 2014-03-12 16:21 - 00001141 _____ () C:\Users\Jörg\Desktop\Continue Zip Extractor Installation.lnk 2014-03-12 16:19 - 2014-03-12 16:19 - 00687744 _____ ( ) C:\Users\Jörg\Downloads\ZipExtractorSetup.exe 2014-03-11 22:20 - 2014-03-11 22:20 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-03-10 14:21 - 2014-03-10 14:21 - 00001431 _____ () C:\Users\Jörg\Desktop\sd9setup.exe.lnk 2014-03-10 14:21 - 2014-03-10 14:21 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\TestApp 2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup.exe 2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup (1).exe 2014-03-09 22:58 - 2014-03-09 22:58 - 00263332 _____ () C:\Windows\msxml4-KB2758694-enu.LOG 2014-03-09 22:42 - 2014-03-12 14:58 - 00006800 _____ () C:\Windows\PFRO.log 2014-03-09 09:00 - 2014-03-09 09:01 - 02434048 _____ () C:\Users\Jörg\Downloads\msxml.msi 2014-03-08 08:43 - 2014-03-08 08:50 - 00016778 _____ () C:\Windows\DPINST.LOG 2014-03-08 01:27 - 2014-03-12 17:08 - 00004010 _____ () C:\Windows\setupact.log 2014-03-08 01:27 - 2014-03-08 01:27 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-26 07:17 - 2014-02-27 03:11 - 01608640 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-14 03:04 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-14 03:04 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-14 03:02 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-14 03:02 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-14 03:02 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-14 03:02 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-14 03:02 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-14 03:02 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-14 03:02 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-14 03:02 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-14 03:02 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-14 03:02 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-14 03:02 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-14 03:02 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-14 03:02 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-14 03:02 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-14 03:02 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-14 03:02 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-14 03:02 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-14 03:02 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-14 03:02 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-14 03:02 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-14 03:02 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-14 03:02 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-14 03:02 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-14 03:02 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-14 03:02 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-14 03:02 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-14 03:02 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-14 03:02 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-14 03:02 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-14 03:02 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-14 03:02 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-14 03:02 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-14 03:02 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-14 03:02 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-14 03:02 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-14 03:02 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-14 03:02 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-14 03:02 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-14 03:02 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-13 21:54 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-02-13 21:54 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-13 21:54 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-02-13 21:54 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-13 21:54 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-13 21:54 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-13 21:54 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-02-13 21:54 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-02-13 21:54 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-13 21:54 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-13 21:54 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-13 21:54 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-13 21:54 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-13 21:54 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-13 21:54 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-13 21:54 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-13 21:54 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-13 21:54 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-02-13 21:54 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-02-13 21:54 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-02-13 21:54 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-02-13 21:54 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-02-13 21:54 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-02-13 21:54 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-02-13 21:54 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-02-13 21:54 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-02-13 21:54 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-02-13 21:54 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll ==================== One Month Modified Files and Folders ======= 2014-03-12 17:18 - 2014-03-12 17:17 - 00000000 ____D () C:\FRST 2014-03-12 17:18 - 2009-12-25 10:09 - 00000000 ____D () C:\Users\Jörg\Desktop\Jörg 2014-03-12 17:18 - 2009-07-14 06:10 - 01969125 _____ () C:\Windows\WindowsUpdate.log 2014-03-12 17:14 - 2014-03-12 17:14 - 00000000 _____ () C:\Users\Jörg\defogger_reenable 2014-03-12 17:14 - 2009-12-05 10:27 - 00000000 ____D () C:\Users\Jörg 2014-03-12 17:08 - 2014-03-08 01:27 - 00004010 _____ () C:\Windows\setupact.log 2014-03-12 17:02 - 2010-03-18 20:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-12 16:24 - 2014-03-12 16:24 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Malwarebytes 2014-03-12 16:24 - 2014-03-12 16:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-12 16:23 - 2014-03-12 16:23 - 00001075 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-12 16:23 - 2014-03-12 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-12 16:21 - 2014-03-12 16:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jörg\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-12 16:21 - 2014-03-12 16:21 - 00001141 _____ () C:\Users\Jörg\Desktop\Continue Zip Extractor Installation.lnk 2014-03-12 16:20 - 2012-04-04 11:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-12 16:19 - 2014-03-12 16:19 - 00687744 _____ ( ) C:\Users\Jörg\Downloads\ZipExtractorSetup.exe 2014-03-12 16:05 - 2012-04-12 19:32 - 00003486 _____ () C:\Windows\Sandboxie.ini 2014-03-12 15:49 - 2013-05-23 15:36 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask 2014-03-12 15:09 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-12 15:09 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-12 15:03 - 2014-02-08 14:37 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk 2014-03-12 15:02 - 2010-03-18 20:21 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-12 14:59 - 2009-12-05 10:27 - 00000000 ____D () C:\Users\Jörg\AppData\Local\SoftThinks 2014-03-12 14:59 - 2009-11-30 22:48 - 00000071 _____ () C:\Windows\SysWOW64\ToasterLauncherLog.log 2014-03-12 14:59 - 2009-11-30 22:22 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup 2014-03-12 14:58 - 2014-03-09 22:42 - 00006800 _____ () C:\Windows\PFRO.log 2014-03-12 14:58 - 2011-03-20 04:50 - 00000000 ____D () C:\Program Files (x86)\PC Tools Security 2014-03-12 14:58 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-12 14:56 - 2011-03-20 04:46 - 00000000 ____D () C:\ProgramData\PC Tools 2014-03-11 22:20 - 2014-03-11 22:20 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-03-11 22:20 - 2012-04-04 11:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-11 22:20 - 2012-04-04 11:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-11 22:20 - 2011-05-18 19:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-10 14:21 - 2014-03-10 14:21 - 00001431 _____ () C:\Users\Jörg\Desktop\sd9setup.exe.lnk 2014-03-10 14:21 - 2014-03-10 14:21 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\TestApp 2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup.exe 2014-03-10 14:20 - 2014-03-10 14:20 - 03834832 _____ (PC Tools) C:\Users\Jörg\Downloads\sd9setup (1).exe 2014-03-09 22:58 - 2014-03-09 22:58 - 00263332 _____ () C:\Windows\msxml4-KB2758694-enu.LOG 2014-03-09 22:43 - 2009-07-14 05:45 - 00319440 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-09 09:05 - 2010-01-18 01:04 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2014-03-09 09:01 - 2014-03-09 09:00 - 02434048 _____ () C:\Users\Jörg\Downloads\msxml.msi 2014-03-09 08:59 - 2010-01-06 23:12 - 00000000 ____D () C:\Users\Jörg\.gimp-2.6 2014-03-08 15:12 - 2011-03-20 04:50 - 02940846 _____ () C:\Windows\system32\Drivers\Cat.DB 2014-03-08 15:11 - 2009-11-30 22:40 - 00000000 ____D () C:\Program Files\Common Files\McAfee 2014-03-08 12:41 - 2009-12-05 10:28 - 00072368 _____ () C:\Users\Jörg\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-08 08:56 - 2009-12-25 10:10 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-03-08 08:50 - 2014-03-08 08:43 - 00016778 _____ () C:\Windows\DPINST.LOG 2014-03-08 08:50 - 2010-04-20 20:23 - 00000000 ____D () C:\ProgramData\SMART Technologies 2014-03-08 08:41 - 2012-11-26 19:11 - 00000000 ____D () C:\ProgramData\LAT 2.0 Deutsch 2014-03-08 01:27 - 2014-03-08 01:27 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-08 01:24 - 2010-01-26 23:38 - 00000000 ____D () C:\Windows\Minidump 2014-03-08 01:24 - 2009-11-30 23:38 - 00000000 ____D () C:\Windows\Panther 2014-03-08 00:57 - 2010-01-05 23:37 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-08 00:57 - 2010-01-05 23:37 - 00000000 ____D () C:\ProgramData\Skype 2014-02-27 03:11 - 2014-02-26 07:17 - 01608640 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-27 03:11 - 2009-07-14 18:58 - 00704520 _____ () C:\Windows\system32\perfh007.dat 2014-02-27 03:11 - 2009-07-14 18:58 - 00152326 _____ () C:\Windows\system32\perfc007.dat 2014-02-27 03:10 - 2009-07-14 06:13 - 01608640 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-23 20:13 - 2010-11-09 10:57 - 02967552 ___SH () C:\Users\Jörg\Desktop\Thumbs.db 2014-02-22 12:14 - 2013-05-23 15:34 - 00000000 ____D () C:\Program Files\My Dell 2014-02-22 12:14 - 2009-11-30 22:24 - 00000000 ____D () C:\ProgramData\PCDr 2014-02-17 03:08 - 2013-07-18 02:04 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-17 03:04 - 2009-12-25 19:00 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-14 04:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-02-13 14:57 - 2010-03-18 20:21 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-13 14:57 - 2010-03-18 20:21 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-12 15:56 - 2010-07-16 16:33 - 00000000 ____D () C:\Users\J�rg 2014-02-10 00:47 - 2011-08-02 10:33 - 00000000 ____D () C:\Users\Jörg\Desktop\Star Trek research Files to move or delete: ==================== C:\Users\Jörg\AmazonMP3Installer-de_DE.exe C:\Users\Jörg\gwave555.exe C:\Users\Jörg\vlc-1.1.0-win32.exe Some content of TEMP: ==================== C:\Users\Jörg\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe C:\Users\Jörg\AppData\Local\Temp\SandboxieInstall.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-11 19:44 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2014
Ran by Jörg at 2014-03-12 17:19:29
Running from C:\Users\Jörg\Desktop\Jörg
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version: - )
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0625.1811 - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4400 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0625.1812.30825 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help English (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help French (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help German (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
ccc-utility64 (Version: 2009.0625.1812.30825 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.44 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.2 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
Free Audio CD Burner version 1.4 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
GIMP 2.6.8 (HKLM-x32\...\WinGimp-2.0_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
ICQ7.6 (HKLM-x32\...\{7644E42D-B096-457F-8B5B-901238FC81AE}) (Version: 7.6 - ICQ)
Inkscape 0.47 (HKLM-x32\...\Inkscape) (Version: 0.47 - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version: - McAfee, Inc.) Hidden
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0000 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Opera 11.62 (HKLM-x32\...\Opera 11.62.1347) (Version: 11.62.1347 - Opera Software ASA)
PC Tools Registry Tool (HKLM-x32\...\PC Tools File and Registry Tool_is1) (Version: 1.0.0.14 - PC Tools Ltd.)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
PS_AIO_03_C4400_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.0 - Roxio)
Roxio Burn (x32 Version: 1.0.0 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skins (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Telekom Internet Manager (HKLM-x32\...\Telekom Internet Manager) (Version: 11.301.05.09.748 - Huawei Technologies Co.,Ltd)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VideoCam Suite 2.0 (HKLM-x32\...\{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}) (Version: 2.00.044.1031 - Panasonic Corporation)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
==================== Restore Points =========================
06-03-2014 02:02:31 Windows Update
07-03-2014 23:54:53 Removed Skype™ 6.11
08-03-2014 07:37:01 Removed SMART Notebook.
08-03-2014 07:46:40 Removed SMART Product Drivers.
08-03-2014 07:55:09 Removed Opera 11.00.
08-03-2014 07:56:56 Removed MyScript HWR (German).
09-03-2014 08:02:52 Installed MSXML 4.0 SP3 Parser
09-03-2014 21:56:38 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {052219DF-7EDE-4CB3-B5F6-C5A502F3F3BD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {4AF840D4-2DFF-4408-96A0-7A572239C85F} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {51A294B6-4EA6-4466-9BF9-8573A0D1ABDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {54984B76-92FC-4045-9581-396775EAFBC5} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {6BE2FC18-C842-467E-954F-634A34817486} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18] (Google Inc.)
Task: {9D8D3B84-87B8-4D6C-BDD7-4B38E3F23B31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18] (Google Inc.)
Task: {F6B514A7-39E1-4D1E-850C-B69C685529F9} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-01-28 05:03 - 2011-01-28 05:03 - 00344928 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2010-04-02 23:26 - 2010-03-15 10:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2009-07-02 01:54 - 2009-07-02 01:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-11-30 22:22 - 2009-09-17 20:06 - 00410864 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2009-11-13 16:15 - 2009-11-13 16:15 - 01807600 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2009-05-05 19:56 - 2009-05-05 19:56 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-11-30 22:09 - 2009-11-30 22:09 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-04-13 20:11 - 2010-04-13 20:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2009-11-30 22:22 - 2009-09-17 20:04 - 00115952 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00128240 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2009-11-30 22:22 - 2009-09-17 20:04 - 01123568 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00079088 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00234736 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00074992 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00111856 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00121072 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00025840 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00025840 ____N () C:\program files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
2009-11-30 22:22 - 2009-09-17 20:05 - 00025840 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00275696 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-09-11 19:05 - 2009-09-11 19:05 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00046320 _____ () C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00365808 _____ () C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00152816 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2014-02-22 01:08 - 2014-02-20 02:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-22 01:08 - 2014-02-20 02:02 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
2014-02-22 01:08 - 2014-02-20 02:02 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
2014-02-22 01:08 - 2014-02-20 02:03 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-22 01:08 - 2014-02-20 02:03 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-22 01:08 - 2014-02-20 02:02 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
2014-02-22 01:08 - 2014-02-20 02:03 - 13632840 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SMART Board-Werkzeuge.lnk => C:\Windows\pss\SMART Board-Werkzeuge.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VideoCam Suite 2.0.lnk => C:\Windows\pss\VideoCam Suite 2.0.lnk.CommonStartup
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: SMART Board Service => C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
MSCONFIG\startupreg: SMART SNMP Agent => C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e
==================== Faulty Device Manager Devices =============
Name: McAfee Inc. mfeapfk
Description: McAfee Inc. mfeapfk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfeapfk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/12/2014 03:01:55 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {78faee2e-1cd9-4a3b-9cd2-822f1a51bd00}
Error: (03/12/2014 02:56:04 PM) (Source: pctsSvc.exe) (User: )
Description: Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen
Error: (03/12/2014 02:49:59 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {e5a52f7d-dbc0-42c5-8507-44dd6125c947}
Error: (03/11/2014 10:21:27 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Adobe Flash Player 12 Plugin -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action NewCustomAction1, location: C:\Windows\TEMP\InstallPlugin_12_0_0_70.exe, command: -install -msi
Error: (03/11/2014 07:48:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (03/11/2014 06:44:01 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {2ca8537c-7a79-48e0-b379-b98b3b2e8b88}
Error: (03/10/2014 01:39:46 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {0c77f532-b1fb-40b3-8aa8-a700696683cf}
Error: (03/10/2014 05:59:04 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {61fe2c2a-fc89-424d-89bf-f9c28c2fe1d4}
Error: (03/09/2014 10:45:48 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {048e4290-a633-4aad-b9c3-b36ca494cedd}
Error: (03/09/2014 02:59:59 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
System errors:
=============
Error: (03/12/2014 05:09:58 PM) (Source: ACPI) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error: (03/12/2014 03:24:58 PM) (Source: ACPI) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error: (03/12/2014 02:58:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1243
Error: (03/12/2014 02:47:53 PM) (Source: NetBT) (User: )
Description: Der Name "JTRG-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21
registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (03/12/2014 02:47:53 PM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{5FBF464A-E371-4C48-A41B-CD5755B5B45C} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (03/12/2014 02:47:47 PM) (Source: NetBT) (User: )
Description: Der Name "JÖRG-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21
registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (03/12/2014 02:47:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1243
Error: (03/12/2014 02:55:33 AM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (03/11/2014 06:50:14 PM) (Source: DCOM) (User: )
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}
Error: (03/11/2014 06:41:57 PM) (Source: NetBT) (User: )
Description: Der Name "JTRG-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.21
registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Microsoft Office Sessions:
=========================
Error: (04/20/2013 01:08:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13756 seconds with 4080 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 78%
Total physical RAM: 4060.86 MB
Available physical RAM: 864.34 MB
Total Pagefile: 8119.89 MB
Available Pagefile: 2512.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:234.05 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 7ABE6F4D)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.12.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16518 Jörg :: JÖRG-PC [Administrator] Schutz: Aktiviert 12.03.2014 17:02:04 MBAM-log-2014-03-12 (17-09-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 271159 Laufzeit: 6 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\Software\AppDataLow\Software\PriceGong (PUP.Optional.PriceGong.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fheydbueyj.exe (Trojan.SpyEyes) -> Daten: C:\fheydbueyj.exe\fheydbueyj.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\fheydbueyj.exe (Trojan.SpyEyes) -> Keine Aktion durchgeführt. Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Jörg |
| Themen zu Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware |
| adobe, appdatalow, branding, browser, continue, converter, defender, der lokale bluetooth-adapter ist aus einem unbekannten grund fehlgeschlagen, desktop, error, excel, explorer, fehler, firefox, flash player, google, home, homepage, icreinstall, mcafee firewall, msiinstaller, netzwerk, phishing, problem, registry, scan, secunia psi, services.exe, siteadvisor, software, system, temp, winlogon.exe |
Baum-Darstellung