Windows 8.0 - RocketTab in Symbolleiste; (falsches Installationsdatum der Dropbox) und auffinden mehrerer ungewollter Programme

Nathius · 14.08.2014, 22:45

Guten Abend allerseits,

Ich habe heute Vormittag in meiner Symbolleiste ein mir unbekanntes Symbol entdeckt. On-Mouse-Over ergab

den Namen RocketTab - ein Programm das ich sicher nicht absichtlich auf meinen PC geladen habe. Ich habe

das Programm in der Liste der installierten Programme entdeckt: ich hätte es angeblich vor mehreren Tagen

installiert. Außerdem hat sich in der Liste meine Dropbox als gestern installiert angezeigt, was mir auch

spanisch vor kam. Mein Virenscanner (McAfee) hatte im Quicksearch nichts gefunden. Es gab also bisher

keine wirklichen Symptome, ich möchte aber sicher gehen, dass ich clean bin.

Ich habe hier im Forum Beiträge über RocketTab gefunden, und angefangen der Anweisung zu folgen. Als

erstes Malwarebytes.

Hier das log:

Zitat:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 14.08.2014
Scan Time: 11:46:47
Logfile: scan_log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.14.03
Rootkit Database: v2014.08.04.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374046
Time Elapsed: 22 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 11
PUP.Optional.FindRight.A, HKU\S-1-5-21-2423286125-108942895-335680897-1003-{ED1FC765-E35E-4C3D-BF15-

2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2C774641-5504-46A8-B63F-

6715AE3FE376}, Quarantined, [5a21448292e9b2842b5915581be7cc34],
PUP.Optional.FindRight.A, HKU\S-1-5-21-2423286125-108942895-335680897-1003-{ED1FC765-E35E-4C3D-BF15-

2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2C774641-5504-46A8-B63F-

6715AE3FE376}, Quarantined, [5a21448292e9b2842b5915581be7cc34],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-

49120163DE86}, Quarantined, [cfac7155e29991a5432178b3d62e32ce],
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, Quarantined,

[334856705c1fae88b89386ae10f4c838],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-

4226-BDF6-49120163DE86}, Quarantined, [6813e4e23843b383a8bc1c0f17ed44bc],
PUP.Optional.BrowserSafeGuard, HKU\S-1-5-21-2423286125-108942895-335680897-1001-{ED1FC765-E35E-4C3D-BF15

-2C2B11260CE4}-0\SOFTWARE\BrowserSafeguard, Quarantined, [6e0d7d49e8933204dc66e2f912f003fd],
PUP.Optional.BrowserSafeGuard.A, HKU\S-1-5-21-2423286125-108942895-335680897-1001-{ED1FC765-E35E-4C3D-

BF15-2C2B11260CE4}-0\SOFTWARE\BrowserSafeguardInstalled, Quarantined, [e5962c9ae893290d003b8561c83a8b75],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2423286125-108942895-335680897-1003-{ED1FC765-E35E-4C3D-BF15-

2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [3249299dabd01521c0dd4cbdf70c5aa6],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2423286125-108942895-335680897-1003-{ED1FC765-E35E-4C3D-BF15-

2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [a5d6f5d194e71521a312819e9a6a44bc],
PUP.Optional.Updater.A, HKU\S-1-5-21-2423286125-108942895-335680897-1003-{ED1FC765-E35E-4C3D-BF15-

2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Digital Sites, Quarantined,

[88f33c8a0f6c32048c48a033f30f9868],
PUP.Optional.BrowserSafeGuard, HKU\S-1-5-21-2423286125-108942895-335680897-1001-{ED1FC765-E35E-4C3D-BF15

-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BrowserSafeguard, Quarantined,

[6b108d3998e36bcb7fd15b7d0bf734cc],

Registry Values: 3
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2423286125-108942895-335680897-1003-{ED1FC765-E35E-4C3D-BF15-

2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0B1G1O1S0V1G1F, Quarantined, [a5d6f5d194e71521a312819e9a6a44bc]
PUP.Optional.BrowserSafeGuard, HKU\S-1-5-21-2423286125-108942895-335680897-1001-{ED1FC765-E35E-4C3D-BF15

-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BrowserSafeguard, "C:\Users\******

\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe", Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc]
PUP.Optional.BrowserSafeGuard, HKU\S-1-5-21-2423286125-108942895-335680897-1001-{ED1FC765-E35E-4C3D-BF15

-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BrowserSafeguard Update Task, "C:\Users

\******\AppData\Local\BrowserSafeguard\uninstall.BrowserSafeguard.exe" /CheckUpdate=true, Quarantined,

[6b108d3998e36bcb7fd15b7d0bf734cc]

Registry Data: 7
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:

\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?

type=sc&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991, Good:

(iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?

type=sc&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991),Replaced,

[d9a23591c3b896a08fcc25aab153916f]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL,

hxxp://www.sweet-page.com/web/?

type=ds&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991&q={searchTerms},

Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/web/?

type=ds&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991&q=

{searchTerms}),Replaced,[27549b2bc5b65fd74c1112bd52b247b9]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-

page.com/web/?type=ds&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991&q=

{searchTerms}, Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/web/?

type=ds&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991&q=

{searchTerms}),Replaced,[fe7db115cfac4fe7d36a418307fd02fe]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN

\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?

type=sc&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991, Good:

(iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?

type=sc&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991),Replaced,

[e596ba0c36455cda6dee735c8b79b34d]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL,

hxxp://www.sweet-page.com/web/?

type=ds&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991&q={searchTerms},

Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/web/?

type=ds&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991&q=

{searchTerms}),Replaced,[afcc85411d5e0135a7b613bc1ee6639d]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page,

hxxp://www.sweet-page.com/web/?

type=ds&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991&q={searchTerms},

Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/web/?

type=ds&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991&q=

{searchTerms}),Replaced,[8af1982e1962ed498eaf05bf6b9935cb]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope,

{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-

99AF-4226-BDF6-49120163DE86}),Replaced,[a7d4bf07215a0135817538965ea645bb]

Folders: 3
PUP.Optional.Updater.A, C:\Users\admin\AppData\Roaming\DigitalSites\UpdateProc, Quarantined,

[88f33c8a0f6c32048c48a033f30f9868],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard, Quarantined,

[6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\Resources, Quarantined,

[6b108d3998e36bcb7fd15b7d0bf734cc],

Files: 24
PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, Quarantined,

[6813c402dba08babcf1d4229e81912ee],
PUP.Optional.SkyTech.A, C:\Users\admin\AppData\Roaming\sweet-page\QQBrowserFrame.dll, Quarantined,

[3f3c24a24b30f3433606ae84d7296e92],
PUP.Optional.SkyTech.A, C:\Users\admin\AppData\Local\Temp\is357113909\178129994_stp\Feb09sweetpage.exe,

Quarantined, [057600c61e5d3ef8f54c3829b44d3cc4],
PUP.Optional.FindRight.A, C:\Users\admin\AppData\Local\Temp\is357113909\178130053_stp\FindRightSetup.exe,

Quarantined, [b6c544828deed16503996334b05417e9],
PUP.Optional.SkyTech.A, C:\Users\admin\AppData\Local\Temp\fullpackage_temp1392246703\package1.zip,

Quarantined, [fd7e735368139e981f1d77bb02fe57a9],
PUP.Optional.SkyTech.A, C:\Users\admin\AppData\Local\Temp\fullpackage_temp1392246703\QQBrowserFrame.dll,

Quarantined, [b6c56f57750646f061dbe84a2fd1de22],
PUP.Optional.WpManager, C:\Users\admin\AppData\Local\Temp\fullpackage_temp1392246703\tmp\wpm.exe,

Quarantined, [5b20fbcb13687bbb6f7dde8d10f15fa1],
PUP.Optional.Updater.A, C:\Users\admin\AppData\Roaming\DigitalSites\UpdateProc\config.dat, Quarantined,

[88f33c8a0f6c32048c48a033f30f9868],
PUP.Optional.Updater.A, C:\Users\admin\AppData\Roaming\DigitalSites\UpdateProc\info.dat, Quarantined,

[88f33c8a0f6c32048c48a033f30f9868],
PUP.Optional.Updater.A, C:\Users\admin\AppData\Roaming\DigitalSites\UpdateProc\prod.dat, Quarantined,

[88f33c8a0f6c32048c48a033f30f9868],
PUP.Optional.Updater.A, C:\Users\admin\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe,

Quarantined, [88f33c8a0f6c32048c48a033f30f9868],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe,

Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\config.dat, Quarantined,

[6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\cookies.dat, Quarantined,

[6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\makecert.exe, Quarantined,

[6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\TrustedRoot.cer,

Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard

\uninstall.BrowserSafeguard.exe, Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\Resources\certutil.exe,

Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\Resources\libnspr4.dll,

Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\Resources\libplc4.dll,

Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\Resources\libplds4.dll,

Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\Resources\nss3.dll,

Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\Resources\smime3.dll,

Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\Resources\softokn3.dll,

Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc],

Physical Sectors: 0
(No malicious items detected)

(end)

Anschließend habe ich mich mit den Forenregeln beschäftigt und die weiteren Scans laufen lassen.

Defogger:

Zitat:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:59 on 14/08/2014 (admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

FRST:

Zitat:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2014 01
Ran by admin (administrator) on MAIUS-PC on 14-08-2014 20:13:09
Running from C:\Users\******\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-

tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-

tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-

recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL

\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcupdmgr.exe
(McAfee, Inc.) C:\Program Files\mcafee\mqs\QcShm.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcinfo.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\msm\McSmtFwk.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dropbox, Inc.) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\mcods.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\Core\mchost.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
() C:\Users\******\Desktop\Defogger.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The

file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-06]

(Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-05] (Realtek

Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-05]

(Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3049200 2013-05-14] (Synaptics

Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

[286704 2013-05-08] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth

\btmshellex.dll",TrayApp
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25]

(McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904

2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes

Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent

\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-

4FAFCB61972D}\Icon09DB8A851.exe ()
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: DBARFileBackuped -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows

\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: DBARFileNotBackuped -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows

\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to

default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startseite24.net
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {362175DD-2B68-4001-A277-B558F342098B} URL =

hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKLM - {362175DD-2B68-4001-A277-B558F342098B} URL = hxxp://www.startseite24.net/?q=

{searchTerms}
SearchScopes: HKLM - {90BB64F5-8335-4872-B575-0DEB6C419345} URL = hxxp://www.bing.com/search?q=

{searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {90BB64F5-8335-4872-B575-0DEB6C419345} URL = hxxp://www.bing.com/search?q=

{searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKCU - DefaultScope {362175DD-2B68-4001-A277-B558F342098B} URL =

hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKCU - {362175DD-2B68-4001-A277-B558F342098B} URL = hxxp://www.startseite24.net/?q=

{searchTerms}
SearchScopes: HKCU - {90BB64F5-8335-4872-B575-0DEB6C419345} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java

\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java

\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF

Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files

(x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files

(x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files

(x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc

\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files

(x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yk75s72c.default
FF Homepage: hxxp://www.startseite24.net
FF Keyword.URL: hxxp://www.startseite24.net/?q=
FF SearchEngineOrder.1: Websuche
FF SelectedSearchEngine: Websuche
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files

\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin

\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

(Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program

Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files

\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin

\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel

\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R)

Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin

\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin

\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo

Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll

(Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update

\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update

\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program

Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe

Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program

Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yk75s72c.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems

Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

(Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yk75s72c.default\searchplugins

\search_engine_trovi.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files

(x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect

\FFPDFArchitectExt [2014-03-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-12-24]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not

be moved unless listed separately.)

S2 0305491405441979mcinstcleanup; C:\Windows\TEMP\030549~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-11-11]

(Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30]

(McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344

2013-05-08] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe

[731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client

\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth

\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [668984 2013-03-01] (Intel Corporation)
R2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-

03-14] ()
S3 iumsvc; c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

[169432 2013-05-14] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12]

(Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12]

(Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30]

(McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30]

(McAfee, Inc.)
R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30]

(McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30]

(McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30]

(McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee,

Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30]

(McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04

-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08]

(pdfforge GmbH)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek

Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1911312 2013-08-30]

(SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel®

Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not

be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [104960 2012-07-07] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-03-25] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources,

Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S0 hswultpep; C:\Windows\System32\drivers\hswultpep.sys [62968 2013-02-09] (Intel Corporation)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24056 2013-02-09] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99832 2013-02-09] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [84472 2013-02-09] (Intel Corporation)
S3 iaLPSS_UART; C:\Windows\System32\drivers\iaLPSS_UART.sys [142840 2013-02-09] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [86472 2013-04-25] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2013-03-01] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-03-14] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-14] (Malwarebytes

Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes

Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99800 2013-05-14] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3648480 2013-10-08] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft

Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft

Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2013-05-14] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-07-15] ()
U0 ykmpb; C:\Windows\System32\drivers\oklmire.sys [79064 2014-08-14] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could

be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 20:13 - 2014-08-14 20:13 - 00024272 _____ () C:\Users\******\Desktop\FRST.txt
2014-08-14 20:13 - 2014-08-14 20:13 - 00000000 ____D () C:\FRST
2014-08-14 20:11 - 2014-08-14 20:11 - 02100224 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-08-14 19:59 - 2014-08-14 19:59 - 00000472 _____ () C:\Users\******\Desktop\defogger_disable.log
2014-08-14 19:59 - 2014-08-14 19:59 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-08-14 19:56 - 2014-08-14 19:56 - 00050477 _____ () C:\Users\******\Desktop\Defogger.exe
2014-08-14 19:20 - 2014-08-14 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\McAfee
2014-08-14 12:11 - 2014-08-14 12:11 - 00079064 _____ (Malwarebytes Corporation) C:\Windows

\system32\Drivers\oklmire.sys
2014-08-14 11:44 - 2014-08-14 11:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows

\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 11:39 - 2014-08-14 11:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-

Malware.lnk
2014-08-14 11:39 - 2014-08-14 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\ Malwarebytes Anti-Malware
2014-08-14 11:39 - 2014-08-14 11:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 11:39 - 2014-08-14 11:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-14 11:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows

\system32\Drivers\mbamchameleon.sys
2014-08-14 11:39 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows

\system32\Drivers\mwac.sys
2014-08-14 11:39 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows

\system32\Drivers\mbam.sys
2014-08-14 11:22 - 2014-08-14 12:23 - 00000000 ____D () C:\Users\******\AppData\Roaming\vlc
2014-08-14 11:21 - 2014-08-14 11:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\******\Desktop

\mbam-setup-2.0.2.1012.exe
2014-08-14 11:21 - 2014-08-14 11:21 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-14 11:21 - 2014-08-14 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\VideoLAN
2014-08-14 11:20 - 2014-08-14 11:20 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-11 22:01 - 2014-08-11 22:39 - 00000000 ____D () C:\Users\******\AppData\Roaming\Mp3tag
2014-08-11 22:00 - 2014-08-11 22:00 - 00000981 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-08-11 22:00 - 2014-08-11 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\Mp3tag
2014-08-11 22:00 - 2014-08-11 22:00 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-08-08 20:26 - 2014-08-08 20:26 - 00001851 _____ () C:\Users\Public\Desktop\JabRef 2.10.lnk
2014-08-08 20:26 - 2014-08-08 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\JabRef
2014-08-08 20:26 - 2014-08-08 20:26 - 00000000 ____D () C:\Program Files (x86)\JabRef
2014-08-06 00:07 - 2014-05-15 03:02 - 00059424 _____ (Microsoft Corporation) C:\Windows

\system32\wuauclt.exe
2014-08-06 00:07 - 2014-05-15 00:43 - 03286528 _____ (Microsoft Corporation) C:\Windows

\system32\wuaueng.dll
2014-08-06 00:07 - 2014-05-15 00:43 - 01623040 _____ (Microsoft Corporation) C:\Windows

\system32\wucltux.dll
2014-08-06 00:07 - 2014-05-15 00:43 - 00253440 _____ (Microsoft Corporation) C:\Windows

\system32\WUSettingsProvider.dll
2014-08-06 00:07 - 2014-05-15 00:42 - 00176640 _____ (Microsoft Corporation) C:\Windows

\system32\storewuauth.dll
2014-07-25 18:59 - 2014-07-25 18:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-15 21:14 - 2014-07-15 21:14 - 00000000 ____D () C:\Users\******\AppData\Local\Adobe
2014-07-15 21:04 - 2014-07-15 21:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\Adobe Reader XI.lnk
2014-07-15 21:04 - 2014-07-15 21:04 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-07-15 21:03 - 2014-07-15 21:15 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-15 21:03 - 2014-07-15 21:03 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-15 09:44 - 2014-07-15 09:44 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 20:13 - 2014-08-14 20:13 - 00024272 _____ () C:\Users\******\Desktop\FRST.txt
2014-08-14 20:13 - 2014-08-14 20:13 - 00000000 ____D () C:\FRST
2014-08-14 20:11 - 2014-08-14 20:11 - 02100224 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-08-14 20:07 - 2014-02-16 13:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-14 20:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-14 19:59 - 2014-08-14 19:59 - 00000472 _____ () C:\Users\******\Desktop\defogger_disable.log
2014-08-14 19:59 - 2014-08-14 19:59 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-08-14 19:59 - 2014-02-11 09:41 - 00000000 ____D () C:\Users\admin
2014-08-14 19:56 - 2014-08-14 19:56 - 00050477 _____ () C:\Users\******\Desktop\Defogger.exe
2014-08-14 19:42 - 2014-05-10 02:45 - 00001136 _____ () C:\Windows\Tasks

\GoogleUpdateTaskMachineUA1cf6be922e07b1a.job
2014-08-14 19:41 - 2013-12-24 07:18 - 01932837 _____ () C:\Windows\WindowsUpdate.log
2014-08-14 19:20 - 2014-08-14 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\McAfee
2014-08-14 19:18 - 2014-02-26 18:34 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-14 19:18 - 2014-02-10 23:10 - 00000000 ___RD () C:\Users\******\Dropbox
2014-08-14 19:18 - 2014-02-10 23:07 - 00000000 ____D () C:\Users\******\AppData\Roaming\Dropbox
2014-08-14 12:23 - 2014-08-14 11:22 - 00000000 ____D () C:\Users\******\AppData\Roaming\vlc
2014-08-14 12:16 - 2014-02-10 23:06 - 00000000 ____D () C:\Users\******\Desktop\setups
2014-08-14 12:15 - 2014-02-13 01:11 - 00000310 _____ () C:\Windows\Tasks\Digital Sites.job
2014-08-14 12:11 - 2014-08-14 12:11 - 00079064 _____ (Malwarebytes Corporation) C:\Windows

\system32\Drivers\oklmire.sys
2014-08-14 12:11 - 2014-02-13 01:13 - 00000000 ____D () C:\ProgramData\WPM
2014-08-14 12:11 - 2014-02-13 01:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\sweet-page
2014-08-14 12:11 - 2014-02-13 01:11 - 00000000 ____D () C:\Users\admin\AppData\Roaming\DigitalSites
2014-08-14 12:11 - 2012-07-26 10:18 - 00000000 ____D () C:\Windows\DigitalLocker
2014-08-14 11:53 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-14 11:50 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-14 11:45 - 2014-08-14 11:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows

\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 11:39 - 2014-08-14 11:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-

Malware.lnk
2014-08-14 11:39 - 2014-08-14 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\ Malwarebytes Anti-Malware
2014-08-14 11:39 - 2014-08-14 11:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 11:39 - 2014-08-14 11:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-14 11:21 - 2014-08-14 11:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\******\Desktop

\mbam-setup-2.0.2.1012.exe
2014-08-14 11:21 - 2014-08-14 11:21 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-14 11:21 - 2014-08-14 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\VideoLAN
2014-08-14 11:20 - 2014-08-14 11:20 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-14 05:27 - 2014-02-12 23:01 - 00000000 ____D () C:\Users\******\AppData\Local\CrashDumps
2014-08-13 13:34 - 2014-02-10 23:10 - 00000984 _____ () C:\Users\******\Desktop\Dropbox.lnk
2014-08-13 13:34 - 2014-02-10 23:07 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft

\Windows\Start Menu\Programs\Dropbox
2014-08-11 22:39 - 2014-08-11 22:01 - 00000000 ____D () C:\Users\******\AppData\Roaming\Mp3tag
2014-08-11 22:00 - 2014-08-11 22:00 - 00000981 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-08-11 22:00 - 2014-08-11 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\Mp3tag
2014-08-11 22:00 - 2014-08-11 22:00 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-08-11 20:09 - 2014-02-13 00:44 - 00000349 _____ () C:\Users\******\.dsa4.properties
2014-08-08 20:26 - 2014-08-08 20:26 - 00001851 _____ () C:\Users\Public\Desktop\JabRef 2.10.lnk
2014-08-08 20:26 - 2014-08-08 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\JabRef
2014-08-08 20:26 - 2014-08-08 20:26 - 00000000 ____D () C:\Program Files (x86)\JabRef
2014-08-08 20:25 - 2014-05-20 11:52 - 00000000 ____D () C:\Users\******\Documents\Bibliographix 10
2014-08-07 20:19 - 2014-02-10 15:58 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu

Cache Files-S-1-5-21-2423286125-108942895-335680897-1001
2014-08-05 20:06 - 2014-02-10 15:13 - 00000000 ____D () C:\Users\******\AppData\Local\Packages
2014-07-27 23:43 - 2014-02-10 15:59 - 00000000 ____D () C:\Users\******\AppData\Local\Thunderbird
2014-07-25 18:59 - 2014-07-25 18:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-25 18:44 - 2014-06-20 15:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-25 18:44 - 2014-02-10 15:59 - 00002100 _____ () C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\Mozilla Thunderbird.lnk
2014-07-25 18:44 - 2014-02-10 15:59 - 00002088 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-07-25 18:44 - 2014-02-10 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance

Service
2014-07-20 22:24 - 2012-07-26 12:27 - 00754172 _____ () C:\Windows\system32\perfh007.dat
2014-07-20 22:24 - 2012-07-26 12:27 - 00156362 _____ () C:\Windows\system32\perfc007.dat
2014-07-20 22:24 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-19 21:01 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-16 00:14 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-07-15 21:15 - 2014-07-15 21:03 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-15 21:14 - 2014-07-15 21:14 - 00000000 ____D () C:\Users\******\AppData\Local\Adobe
2014-07-15 21:14 - 2014-02-10 15:13 - 00000000 ____D () C:\Users\******\AppData\Roaming\Adobe
2014-07-15 21:04 - 2014-07-15 21:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\Adobe Reader XI.lnk
2014-07-15 21:04 - 2014-07-15 21:04 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-07-15 21:03 - 2014-07-15 21:03 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-15 18:32 - 2013-12-24 07:32 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-07-15 09:44 - 2014-07-15 09:44 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery
2014-07-15 09:44 - 2013-12-24 07:33 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-07-15 09:44 - 2013-12-24 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu

\Programs\Dell
2014-07-15 09:41 - 2014-02-10 15:12 - 00094656 _____ (CACE Technologies) C:\Windows

\system32\WPRO_41_2001woem.tmp
2014-07-15 09:41 - 2013-12-24 07:39 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-07-15 09:41 - 2013-12-24 07:14 - 00026186 _____ () C:\Windows\PFRO.log
2014-07-15 09:41 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\AskSLib.dll
C:\Users\admin\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\admin\AppData\Local\Temp\sqlite3.exe
C:\Users\admin\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\admin\AppData\Local\Temp\xmlUpdater.exe
C:\Users\******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-

3e3e7ecf0d81}.tmpzle7hr.dll
C:\Users\******\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\******\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\******\AppData\Local\Temp\sqlite3.exe
C:\Users\******\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite75081.dll
C:\Users\******\AppData\Local\Temp\vpnclient_setup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-11 21:26

==================== End Of Log ============================

addition:

Zitat:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2014 01
Ran by admin at 2014-08-14 20:14:37
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware

programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor

Pavlov)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute

Software)
ActivePerl 5.16.3 Build 1603 (64-bit) (HKLM\...\{8C327061-E39D-4696-84A8-E84533ADDD7D}) (Version:

5.16.1603 - ActiveState)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe

Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version:

11.0.07 - Adobe Systems Incorporated)
Bibliographix 8 (HKLM-x32\...\Bibliographix 8_is1) (Version: - Bibliographix GbR)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 -

Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49})

(Version: 1.6.0.3 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.0.3 - Dell

Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell

Products, LP)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.5.0.42 - Synaptics Incorporated)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel Anti-Theft Discovery App (HKLM-x32\...\{707248B9-2D34-4D77-A5C6-2A8A54848E5A}) (Version: 1.1.0.7 -

Intel Corporation)
Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420})

(Version: 1.9.0.8 - Intel)
Intel(R) Experience Center Driver (Version: 1.9.0.8 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version:

9.5.2.1489 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3145

- Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.1.1.0084 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1304-

148929CC1385}) (Version: 3.0.1304.0338 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version:

3.0.0.1008 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001

- Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.5.4.1001 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573})

(Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Smart Connect Technology 4.1 x64 (HKLM\...\{1EF24D7D-7B14-4EBA-A686-9E91C9C6763D}) (Version:

4.1.40.2143 - Intel)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel

Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 -

Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
JabRef 2.10 (HKLM-x32\...\JabRef 2.10) (Version: 2.10 - JabRef Team)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version:

2.0.2.1012 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 -

Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8})

(Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version:

4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-

22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-

87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-

6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-

68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.0 (x86 de)) (Version: 31.0 -

Mozilla)
Mp3tag v2.62 (HKLM-x32\...\Mp3tag) (Version: v2.62 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.3.1.0 - NXP Semiconductors)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache

Software Foundation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge

GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software

Products Ltd)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
R for Windows 3.1.1 (HKLM\...\R for Windows 3.1.1_is1) (Version: 3.1.1 - R Core Team)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:

6.0.1.6966 - Realtek Semiconductor Corp.)
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.501 - RStudio)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Texmaker (HKLM-x32\...\Texmaker) (Version: - )
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
XMind 2013 (v3.4.1) (HKLM-x32\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)
Zip Opener Packages (HKCU\...\Zip Opener Packages) (Version: - ) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be

moved.)

CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-

C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox,

Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox,

Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox,

Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox,

Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox,

Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox,

Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox,

Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox,

Inc.)

==================== Restore Points =========================

26-07-2014 22:59:33 Geplanter Prüfpunkt
05-08-2014 22:06:15 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be

listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain

\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1C9EEE91-C928-4215-BED7-028DFFE007DD} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 =>

C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS

\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3E411475-1ED6-4F03-BDA3-ED1C7C24058D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-

Logon => c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {4AFD7D1C-C8A6-4D14-8831-BF9E72747373} - System32\Tasks\Intel® Rapid Start Technology Manager =>

C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-03-01] (Intel)
Task: {5D8BBF55-33C6-4684-BBAD-4A9397F786F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows

\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {621296FC-F2E2-4370-BEC9-ACAF72F6F9DE} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program

Files\My Dell\uaclauncher.exe [2013-08-22] (PC-Doctor, Inc.)
Task: {673EBA73-1691-406A-919A-BE75D6473EC9} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {84B394E4-1930-48DD-9388-43EDFC4CFD63} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6be922e07b1a =>

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation =>

Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B5729544-BA28-444A-9EE5-005070A62032} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My

Dell\sessionchecker.exe [2013-08-22] (PC-Doctor, Inc.)
Task: {C0A0F6C0-B406-4DD2-9998-061205E7ED07} - System32\Tasks\Digital Sites => C:\Users\admin\AppData

\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {C564D97C-CAB3-4389-B8D9-7AE9CB4A5049} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB =>

C:\Windows\system32\MRT.exe [2014-07-12] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData

\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience

\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EEF12551-2881-498F-B432-FFCA92096EFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program

Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)
Task: {FEA595F6-75C2-4DA2-99A9-E4C02EE27F94} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR

Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\admin\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE

<==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6be922e07b1a.job => C:\Program Files (x86)\Google

\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-14 15:42 - 2013-03-14 15:42 - 00182248 _____ () c:\Program Files\Intel\Intel(R) Smart Connect

Technology Agent\iSCTAgent.exe
2013-03-14 15:42 - 2013-03-14 15:42 - 00059880 _____ () c:\Program Files\Intel\Intel(R) Smart Connect

Technology Agent\NetworkHeuristic.dll
2013-12-24 07:34 - 2013-08-19 11:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery

\Components\Shell\DBROverlayIcon.dll
2013-12-24 07:34 - 2013-08-19 11:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery

\Components\Shell\DBROverlayNotBackuped.dll
2013-12-24 07:34 - 2013-08-19 11:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery

\Components\Shell\DBRShellExtension.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-08-14 19:56 - 2014-08-14 19:56 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client

\vpnapi.dll
2013-12-24 07:28 - 2013-05-14 19:39 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management

Engine Components\LMS\ACE.dll
2014-04-10 14:30 - 2014-04-10 14:30 - 00134664 _____ () C:\Program Files (x86)\Dell Digital Delivery

\ServiceTagPlusPlus.dll
2014-08-14 19:18 - 2014-08-14 19:18 - 00043008 _____ () c:\users\*****\appdata\local\temp

\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzle7hr.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin

\libcef.dll
2014-07-25 18:59 - 2014-07-25 18:59 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00113171 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 02396691 _____ () C:\Program Files (x86)\VideoLAN\VLC

\libvlccore.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00268307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\access\libdshow_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\audio_output\libdirectsound_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00031251 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\audio_output\libwaveout_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00066579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\video_output\libdirectdraw_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 02043411 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\access\liblibbluray_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00100371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\access\libaccess_bd_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00244243 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\access\libdvdnav_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00076307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\access\libaccess_vdr_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00045587 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\access\libfilesystem_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00060947 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\stream_filter\libsmooth_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00531475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\stream_filter\libhttplive_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00708627 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\stream_filter\libdash_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00114195 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\access\libzip_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00040467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\access\libstream_filter_rar_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\stream_filter\librecord_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00133139 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\demux\libplaylist_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01512467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\meta_engine\libtaglib_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00296979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua

\liblua_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01248787 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc

\libxml_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00054291 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\control\libhotkeys_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00189971 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\demux\libmp4_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00038419 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\control\libglobalhotkeys_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00091667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\demux\libavi_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00067603 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\demux\libasf_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 11148307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui

\libqt4_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00077331 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\demux\libflacsys_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\demux\libes_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00074259 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\demux\libmpc_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00016403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\demux\libtta_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00023059 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\demux\libnuv_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00021523 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\demux\libwav_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00929299 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\demux\libsid_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00118803 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\services_discovery\libsap_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00144403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\demux\libogg_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01194003 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\demux\libmkv_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00292371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\codec\libpng_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00017939 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\codec\libcdg_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01280019 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\codec\libschroedinger_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00018451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\codec\libdts_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00336403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\codec\libtheora_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00344595 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\codec\libfaad_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00198675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\codec\libflac_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00027155 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\codec\libg711_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00015891 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\codec\libaes3_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01393171 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\codec\liblibass_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00146451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\codec\libspeex_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00022035 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\codec\liblpcm_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00733203 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\codec\libvorbis_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\codec\libmpeg_audio_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00026131 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\codec\libaraw_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00171027 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\codec\libopus_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00019475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\codec\liba52_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\codec\libspudec_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 10447379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\codec\libavcodec_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00746515 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\text_renderer\libfreetype_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\audio_mixer\libfloat_mixer_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00026643 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\sse2\libi420_yuy2_sse2_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\audio_filter\libscaletempo_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00130579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\audio_filter\libmpgatofixed32_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx

\libi420_yuy2_mmx_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00587283 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\video_filter\libswscale_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00168979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\audio_filter\libdtstofloat32_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00058899 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\audio_filter\liba52tofloat32_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00113683 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\sse2\libi420_rgb_sse2_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\sse2\libi422_yuy2_sse2_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01496083 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\audio_filter\libsamplerate_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx

\libi422_yuy2_mmx_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00019475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\audio_filter\libsimple_channel_mixer_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00053779 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx

\libi420_rgb_mmx_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00013331 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\audio_filter\liba52tospdif_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00016915 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\video_chroma\libyuy2_i422_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\audio_filter\libdtstospdif_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\video_chroma\libgrey_yuv_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\audio_filter\libdolby_surround_decoder_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\audio_filter\libugly_resampler_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00032275 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\video_chroma\libi420_rgb_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\audio_filter\libtrivial_channel_mixer_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\video_chroma\libi420_yuy2_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\audio_filter\libaudio_format_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00020499 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\video_chroma\libyuy2_i420_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00017427 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\video_chroma\libi422_yuy2_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\video_chroma\libi422_i420_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\video_filter\libscale_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\video_filter\libyuvp_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00068115 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins

\video_output\libdirect3d_plugin.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will

be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be

removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable

Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2014 07:18:49 PM) (Source: MsiInstaller) (EventID: 1024) (User: MAIUS-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-

7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle

erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu

sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu

erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/14/2014 00:24:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Explorer.EXE
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 000007FE69D2DA38

Error: (08/14/2014 05:34:25 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User:

)
Description: 80070005

Error: (08/14/2014 05:27:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel:

0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1478
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (08/14/2014 05:23:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: McSmtFwk.exe, Version: 4.8.704.0, Zeitstempel: 0x51f7f8d2
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000f14c80
ID des fehlerhaften Prozesses: 0x1cfc
Startzeit der fehlerhaften Anwendung: 0xMcSmtFwk.exe0
Pfad der fehlerhaften Anwendung: McSmtFwk.exe1
Pfad des fehlerhaften Moduls: McSmtFwk.exe2
Berichtskennung: McSmtFwk.exe3
Vollständiger Name des fehlerhaften Pakets: McSmtFwk.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: McSmtFwk.exe5

Error: (08/14/2014 05:00:06 AM) (Source: MsiInstaller) (EventID: 1024) (User: MAIUS-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-

7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle

erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu

sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu

erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/13/2014 02:03:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: McSmtFwk.exe, Version: 4.8.704.0, Zeitstempel: 0x51f7f8d2
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000001274c80
ID des fehlerhaften Prozesses: 0x2a4
Startzeit der fehlerhaften Anwendung: 0xMcSmtFwk.exe0
Pfad der fehlerhaften Anwendung: McSmtFwk.exe1
Pfad des fehlerhaften Moduls: McSmtFwk.exe2
Berichtskennung: McSmtFwk.exe3
Vollständiger Name des fehlerhaften Pakets: McSmtFwk.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: McSmtFwk.exe5

Error: (08/13/2014 01:34:20 PM) (Source: MsiInstaller) (EventID: 1024) (User: MAIUS-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-

7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle

erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu

sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu

erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/11/2014 10:40:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: prevhost.exe, Version: 6.2.9200.16384, Zeitstempel:

0x50109c9c
Name des fehlerhaften Moduls: XCShInfo.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x512b699e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fe5fb04c8c
ID des fehlerhaften Prozesses: 0x1a74
Startzeit der fehlerhaften Anwendung: 0xprevhost.exe0
Pfad der fehlerhaften Anwendung: prevhost.exe1
Pfad des fehlerhaften Moduls: prevhost.exe2
Berichtskennung: prevhost.exe3
Vollständiger Name des fehlerhaften Pakets: prevhost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: prevhost.exe5

Error: (08/11/2014 09:26:31 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in

Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

System errors:
=============
Error: (08/14/2014 07:18:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-

B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht

verfügbarNicht verfügbar

Error: (08/14/2014 07:18:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-

B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht

verfügbarNicht verfügbar

Error: (08/14/2014 11:01:32 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-

B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht

verfügbarNicht verfügbar

Error: (08/14/2014 11:01:32 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-

B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht

verfügbarNicht verfügbar

Error: (08/14/2014 05:48:35 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-

B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht

verfügbarNicht verfügbar

Error: (08/14/2014 05:48:35 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-

B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht

verfügbarNicht verfügbar

Error: (08/14/2014 04:59:27 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-

B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht

verfügbarNicht verfügbar

Error: (08/14/2014 04:59:27 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-

B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht

verfügbarNicht verfügbar

Error: (08/13/2014 02:58:16 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-

B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht

verfügbarNicht verfügbar

Error: (08/13/2014 02:58:16 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-

B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht

verfügbarNicht verfügbar

Microsoft Office Sessions:
=========================
Error: (08/14/2014 07:18:49 PM) (Source: MsiInstaller) (EventID: 1024) (User: MAIUS-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)

(NULL)

Error: (08/14/2014 00:24:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Explorer.EXE
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 000007FE69D2DA38

Error: (08/14/2014 05:34:25 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User:

)
Description: 80070005

Error: (08/14/2014 05:27:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-

container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b147801cfb76d1c0b699bC:

\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox

\mozalloc.dllf52435bb-2362-11e4-be83-5c514f7d3a60

Error: (08/14/2014 05:23:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description:

McSmtFwk.exe4.8.704.051f7f8d2unknown0.0.0.000000000c00000050000000000f14c801cfc01cfb707ae875472C:

\PROGRA~1\COMMON~1\McAfee\Platform\MSM\McSmtFwk.exeunknown4eb2bb0c-2362-11e4-be83-5c514f7d3a60

Error: (08/14/2014 05:00:06 AM) (Source: MsiInstaller) (EventID: 1024) (User: MAIUS-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)

(NULL)

Error: (08/13/2014 02:03:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description:

McSmtFwk.exe4.8.704.051f7f8d2unknown0.0.0.000000000c00000050000000001274c802a401cfb59a32a72d9dC:

\PROGRA~1\COMMON~1\McAfee\Platform\MSM\McSmtFwk.exeunknownc77601b5-22e1-11e4-be83-5c514f7d3a60

Error: (08/13/2014 01:34:20 PM) (Source: MsiInstaller) (EventID: 1024) (User: MAIUS-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)

(NULL)

Error: (08/11/2014 10:40:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description:

prevhost.exe6.2.9200.1638450109c9cXCShInfo.dll_unloaded0.0.0.0512b699ec0000005000007fe5fb04c8c1a7401cfb59

214b468b1C:\Windows\system32\prevhost.exeXCShInfo.dllc5298bc9-2197-11e4-be83-5c514f7d3a60

Error: (08/11/2014 09:26:31 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityprocessorArchitecturex64C:\Program Files\R\R-3.1.1\Tcl\bin64\tk85.dllC:

\Program Files\R\R-3.1.1\Tcl\bin64\tk85.dll9

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 93%
Total physical RAM: 8097.37 MB
Available physical RAM: 541.13 MB
Total Pagefile: 10844.3 MB
Available Pagefile: 2272.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:217.78 GB) (Free:42.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238 GB) (Disk ID: 768E35E4)

Partition: GPT Partition Type.

==================== End Of Log ============================

GMER:
Hier hatte ich Fehlermeldungen dass auf einzelne Dateien der Zugriff verweigert würde. Eventuell hat das

damit zu tun, dass ich nicht in der Lage war McAfee vorübergehend auszuschalten, und ich es ungern

Deinstallieren will. Auf Anweisung und mit Rückversicherung kann ich das tun. Hier das Log:

Zitat:

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-14 20:56:14
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000004e SAMSUNG_SSD_SM841_mSATA_256GB

rev.DXM44D0Q 238,47GB
Running: Gmer-19357.exe; Driver: C:\Users\admin\AppData\Local\Temp\fgloypog.sys

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1716] C:\Windows\system32\PSAPI.DLL!

GetProcessImageFileNameA + 306

000007fe7e7f177a 4 bytes [7F, 7E, FE, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1716] C:\Windows\system32\PSAPI.DLL!

GetProcessImageFileNameA + 314

000007fe7e7f1782 4 bytes [7F, 7E, FE, 07]
.text c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1908] C:\Windows

\SYSTEM32\MSIMG32.dll!GradientFill + 690

000007fe79441532 4 bytes [44, 79, FE, 07]
.text c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1908] C:\Windows

\SYSTEM32\MSIMG32.dll!GradientFill + 698

000007fe7944153a 4 bytes [44, 79, FE, 07]
.text c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1908] C:\Windows

\SYSTEM32\MSIMG32.dll!TransparentBlt + 246

000007fe7944165a 4 bytes [44, 79, FE, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2072] C:\Windows

\SYSTEM32\MSIMG32.dll!GradientFill + 690

000007fe79441532 4 bytes [44, 79, FE, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2072] C:\Windows

\SYSTEM32\MSIMG32.dll!GradientFill + 698

000007fe7944153a 4 bytes [44, 79, FE, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2072] C:\Windows

\SYSTEM32\MSIMG32.dll!TransparentBlt + 246

000007fe7944165a 4 bytes [44, 79, FE, 07]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2200] C:\Windows\system32\PSAPI.DLL!

GetProcessImageFileNameA + 306

000007fe7e7f177a 4 bytes [7F, 7E, FE, 07]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2200] C:\Windows\system32\PSAPI.DLL!

GetProcessImageFileNameA + 314

000007fe7e7f1782 4 bytes [7F, 7E, FE, 07]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[6156] C:\Windows\system32\psapi.dll!

GetProcessImageFileNameA + 306

000007fe7e7f177a 4 bytes [7F, 7E, FE, 07]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[6156] C:\Windows\system32\psapi.dll!

GetProcessImageFileNameA + 314

000007fe7e7f1782 4 bytes [7F, 7E, FE, 07]
.text C:\Windows\Explorer.EXE[4032] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690

000007fe79441532 4 bytes [44, 79, FE, 07]
.text C:\Windows\Explorer.EXE[4032] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698

000007fe7944153a 4 bytes [44, 79, FE, 07]
.text C:\Windows\Explorer.EXE[4032] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246

000007fe7944165a 4 bytes [44, 79, FE, 07]
.text C:\Windows\Explorer.EXE[4032] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306

000007fe7e7f177a 4 bytes [7F, 7E, FE, 07]
.text C:\Windows\Explorer.EXE[4032] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314

000007fe7e7f1782 4 bytes [7F, 7E, FE, 07]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2348] C:\Windows

\system32\psapi.dll!GetProcessImageFileNameA + 306

000007fe7e7f177a 4 bytes [7F, 7E, FE, 07]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2348] C:\Windows

\system32\psapi.dll!GetProcessImageFileNameA + 314

000007fe7e7f1782 4 bytes [7F, 7E, FE, 07]

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\csrss.exe [7308:9156]

fffff960009155e8
---- Processes - GMER 2.1 ----

Process C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\*****

\AppData\Roaming\Dropbox\bin\Dropbox.exe [6504] (FILE NOT FOUND)

0000000000400000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users

\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6504](2014-07-30 00:20:20)

0000000004460000
Library c:\users\*****\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-

3e3e7ecf0d81}.tmpzle7hr.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe

[6504](2014-08-14 17:18:39) 0000000004b30000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\*****

\AppData\Roaming\Dropbox\bin\Dropbox.exe [6504](2013-08-23 19:01:44)

000000005d500000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\*****

\AppData\Roaming\Dropbox\bin\Dropbox.exe [6504] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42)

000000005cb70000

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0

unknown MBR code

---- EOF - GMER 2.1 ----

Abschließend habe ich auch einen McAfee kompletscan durchgeführt. Leider war ich nicht in der Lage eine

log-datei zu finden. Folgende Informationen wurden mir aber angezeigt:

Zitat:

Isolierte Elemente:

Element Bedrohung Entdeckt Status

VOPackage_20140624.exe RDN/Generic.dx!ddl 14.08.2014 05:28 Entdeckt
VOPackage_20140624[1].exe RDN/Generic.dx!ddl 14.08.2014 05:28 Entdeckt
jgaasetup.1.3.0[1].exe Artemis! 5DE7E3EE84A4 14.08.2014 05:29 Entdeckt

Isolierte potentiell unerwünschte Programme.

Name der Bedrohung Betroff. Elemente Entdeckt Status

Artemis!1916EF0FCBA 1 14.08.2014 05:29 Entdeckt
Speicherort:
C:\Users\****\Desktop\iLividSetup-r362-n-bf.exe

Artemis!1916EF0FCBA 1 14.08.2014 05:29 Entdeckt
Speicherort:
C:\Users\****\Desktop\iLividSetup-r362-n-bf(1).exe

Crossrider 1 14.08.2014 20:37 Entdeckt
Speicherort:
C:\Users\****\AppData\Local\Microsoft\Windows\TemporaryInternetFiles\Content.IE5\57YD7U7F

\searchproject_w_precheker[1].exe

Artemis!95D8FCE965ED 1 14.08.2014 20:37 Entdeckt
Speicherort:
C:\Users\****\AppData\Local\Microsoft\Windows\TemporaryInternetFiles

\Content.IE5\C8JXP312\ssupsetup_binstall3[1].exe

adwcleaner:

Zitat:

# AdwCleaner v3.305 - Bericht erstellt am 14/08/2014 um 22:26:05
# Aktualisiert 14/08/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : admin - MAIUS-PC
# Gestartet von : C:\Users\Marius\Desktop\adwcleaner_3.305.exe
# Option : Löschen

***** [ Dienste ] *****

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\sweet-page
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yk75s72c.default\user.js

***** [ Tasks ] *****

Task Gelöscht : Digital Sites

***** [ Verknüpfungen ] *****

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-

43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-

E1063801134F}]
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.17028

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yk75s72c.default\prefs.js ]

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\7lvsfbht.default\prefs.js ]

[ Datei : C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\le41jy31.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [2487 octets] - [14/08/2014 22:24:07]
AdwCleaner[S0].txt - [2306 octets] - [14/08/2014 22:26:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2366 octets] ##########

JRT:

Zitat:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by admin on 14.08.2014 at 23:02:25,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.08.2014 at 23:13:58,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SC-cleaner:

Zitat:

Shortcut Cleaner 1.3.3 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 8
Program started at: 08/14/2014 11:26:09 PM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\admin\Desktop

0 bad shortcuts found.

Program finished at: 08/14/2014 11:26:11 PM
Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)

Ich hoffe jetzt alles erledigt zu haben, und würde mich über Rückmeldung ob ich mich jetzt als clean ansehen kann sehr freuen.

Beste Grüße,
Nathius

schrauber · 15.08.2014, 05:39

hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Sind die FRST Logs aktuell, also nach all den Tools?

Nathius · 17.08.2014, 09:32

Hallo Schrauber,

Danke, dass du dich meinem Problem annimmst, und entschuldigung für die hohe Responsezeit. Ich hatte Probleme mit dem entsprechenden Gerät online zu kommen.

Zu deiner Frage: Die Codes sind in der Reihenfolge gepostet, in der die Scans durchgeführt wurden.

Ich habe auf deine Anfrage hin einen neuen FRST-Scan gemacht, eventuell hat sich ja etwas verändert.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2014 01
Ran by marius (ATTENTION: The logged in user is not administrator) on MAIUS-PC on 15-08-2014 19:01:59
Running from C:\Users\Marius\Desktop\Trojanerboard
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-05] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3049200 2013-05-14] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
Startup: C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Marius\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DBARFileBackuped -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: DBARFileNotBackuped -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marius\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marius\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marius\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marius\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marius\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marius\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marius\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {362175DD-2B68-4001-A277-B558F342098B} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKLM - {90BB64F5-8335-4872-B575-0DEB6C419345} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - {90BB64F5-8335-4872-B575-0DEB6C419345} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKCU - {90BB64F5-8335-4872-B575-0DEB6C419345} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\le41jy31.default
FF DefaultSearchEngine: Websuche
FF SearchEngineOrder.1: Websuche
FF SelectedSearchEngine: Websuche
FF Homepage: www.spiegel.de
FF Keyword.URL: hxxp://www.startseite24.net/?q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoScript - C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\le41jy31.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-10]
FF Extension: LeechBlock - C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\le41jy31.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-02-10]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-12-24]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-11-11] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-08] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [668984 2013-03-01] (Intel Corporation)
R2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()
S3 iumsvc; c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-14] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1911312 2013-08-30] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [104960 2012-07-07] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-03-25] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S0 hswultpep; C:\Windows\System32\drivers\hswultpep.sys [62968 2013-02-09] (Intel Corporation)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24056 2013-02-09] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99832 2013-02-09] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [84472 2013-02-09] (Intel Corporation)
S3 iaLPSS_UART; C:\Windows\System32\drivers\iaLPSS_UART.sys [142840 2013-02-09] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [86472 2013-04-25] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2013-03-01] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-03-14] ()
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99800 2013-05-14] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3648480 2013-10-08] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2013-05-14] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-08-14] ()
U3 fgloypog; \??\C:\Users\admin\AppData\Local\Temp\fgloypog.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 18:56 - 2014-08-15 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-14 23:47 - 2014-08-15 19:01 - 00000000 ____D () C:\Users\Marius\Desktop\Trojanerboard
2014-08-14 23:25 - 2014-08-14 23:26 - 00001742 _____ () C:\sc-cleaner.txt
2014-08-14 23:13 - 2014-08-14 23:13 - 00000612 _____ () C:\Users\admin\Desktop\JRT.txt
2014-08-14 23:02 - 2014-08-14 23:02 - 00000000 ____D () C:\Windows\ERUNT
2014-08-14 22:28 - 2014-08-14 22:28 - 00307760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-14 22:20 - 2014-08-14 22:26 - 00000000 ____D () C:\AdwCleaner
2014-08-14 21:15 - 2014-08-14 21:15 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Intel Corporation
2014-08-14 21:15 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-14 21:14 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 21:14 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 20:13 - 2014-08-15 19:02 - 00000000 ____D () C:\FRST
2014-08-14 19:59 - 2014-08-14 19:59 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-08-14 11:52 - 2014-08-07 08:33 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 11:52 - 2014-08-07 05:09 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 11:39 - 2014-08-14 11:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 11:22 - 2014-08-14 20:30 - 00000000 ____D () C:\Users\Marius\AppData\Roaming\vlc
2014-08-14 11:21 - 2014-08-14 11:21 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-14 11:21 - 2014-08-14 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-14 11:20 - 2014-08-14 11:20 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-14 05:02 - 2014-07-24 14:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 05:02 - 2014-07-24 14:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 05:02 - 2014-07-24 14:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 05:02 - 2014-07-24 14:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 05:02 - 2014-07-24 14:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 05:02 - 2014-07-24 12:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 05:02 - 2014-07-24 12:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 05:02 - 2014-07-24 12:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 05:02 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 05:02 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-14 05:01 - 2014-07-24 14:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 05:01 - 2014-07-24 14:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 05:01 - 2014-07-24 14:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-14 05:01 - 2014-07-24 14:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 05:01 - 2014-07-24 14:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 05:01 - 2014-07-24 12:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 05:01 - 2014-07-24 12:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 05:01 - 2014-07-24 12:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 05:01 - 2014-07-24 12:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 05:01 - 2014-07-24 12:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 05:01 - 2014-07-24 12:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 05:01 - 2014-07-24 10:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-14 05:01 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 05:01 - 2014-07-16 00:55 - 04035072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 05:01 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 05:00 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 05:00 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 05:00 - 2014-06-05 19:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 05:00 - 2014-06-05 19:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-14 05:00 - 2014-06-05 19:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 05:00 - 2014-06-05 19:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 05:00 - 2014-06-05 19:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 05:00 - 2014-06-05 19:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-14 05:00 - 2014-06-05 15:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-14 05:00 - 2014-06-05 15:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 05:00 - 2014-06-05 15:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 05:00 - 2014-06-05 15:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 05:00 - 2014-06-05 15:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-14 05:00 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-14 05:00 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-11 22:01 - 2014-08-11 22:39 - 00000000 ____D () C:\Users\Marius\AppData\Roaming\Mp3tag
2014-08-11 22:00 - 2014-08-11 22:00 - 00000981 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-08-11 22:00 - 2014-08-11 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-08-11 22:00 - 2014-08-11 22:00 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-08-08 20:26 - 2014-08-08 20:26 - 00001851 _____ () C:\Users\Public\Desktop\JabRef 2.10.lnk
2014-08-08 20:26 - 2014-08-08 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JabRef
2014-08-08 20:26 - 2014-08-08 20:26 - 00000000 ____D () C:\Program Files (x86)\JabRef
2014-08-06 00:06 - 2014-05-20 04:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-06 00:06 - 2014-05-20 01:45 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-06 00:06 - 2014-05-20 01:45 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-06 00:06 - 2014-05-20 01:24 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-06 00:06 - 2014-05-20 01:24 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-06 00:06 - 2014-05-20 01:24 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-06 00:06 - 2014-05-20 01:24 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-06 00:06 - 2014-05-20 01:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-06 00:06 - 2014-05-20 01:24 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-06 00:06 - 2014-05-15 00:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-06 00:06 - 2014-05-15 00:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-06 00:06 - 2014-05-15 00:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-06 00:06 - 2014-05-15 00:42 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-25 18:59 - 2014-07-25 18:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 19:02 - 2014-08-14 20:13 - 00000000 ____D () C:\FRST
2014-08-15 19:01 - 2014-08-14 23:47 - 00000000 ____D () C:\Users\Marius\Desktop\Trojanerboard
2014-08-15 19:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-15 18:56 - 2014-08-15 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-15 18:54 - 2014-02-26 18:34 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-15 18:53 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-08-14 23:52 - 2014-02-10 23:10 - 00000000 ___RD () C:\Users\Marius\Dropbox
2014-08-14 23:42 - 2014-05-10 02:45 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6be922e07b1a.job
2014-08-14 23:31 - 2013-12-24 07:33 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-08-14 23:28 - 2012-07-26 12:27 - 00754172 _____ () C:\Windows\system32\perfh007.dat
2014-08-14 23:28 - 2012-07-26 12:27 - 00156362 _____ () C:\Windows\system32\perfc007.dat
2014-08-14 23:28 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-14 23:26 - 2014-08-14 23:25 - 00001742 _____ () C:\sc-cleaner.txt
2014-08-14 23:24 - 2014-02-10 23:07 - 00000000 ____D () C:\Users\Marius\AppData\Roaming\Dropbox
2014-08-14 23:23 - 2014-02-10 15:12 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-08-14 23:23 - 2013-12-24 07:39 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-08-14 23:23 - 2013-12-24 07:14 - 00035448 _____ () C:\Windows\PFRO.log
2014-08-14 23:23 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-14 23:16 - 2013-12-24 07:18 - 02062520 _____ () C:\Windows\WindowsUpdate.log
2014-08-14 23:13 - 2014-08-14 23:13 - 00000612 _____ () C:\Users\admin\Desktop\JRT.txt
2014-08-14 23:07 - 2014-02-16 13:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-14 23:02 - 2014-08-14 23:02 - 00000000 ____D () C:\Windows\ERUNT
2014-08-14 22:28 - 2014-08-14 22:28 - 00307760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-14 22:28 - 2014-02-10 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-14 22:28 - 2013-12-24 07:32 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-08-14 22:28 - 2012-07-26 10:18 - 00000000 ____D () C:\Windows\DigitalLocker
2014-08-14 22:27 - 2014-07-14 16:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 22:27 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-14 22:27 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-14 22:26 - 2014-08-14 22:20 - 00000000 ____D () C:\AdwCleaner
2014-08-14 21:23 - 2014-02-10 23:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 21:21 - 2014-02-10 23:31 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 21:15 - 2014-08-14 21:15 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Intel Corporation
2014-08-14 20:30 - 2014-08-14 11:22 - 00000000 ____D () C:\Users\Marius\AppData\Roaming\vlc
2014-08-14 19:59 - 2014-08-14 19:59 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-08-14 19:59 - 2014-02-11 09:41 - 00000000 ____D () C:\Users\admin
2014-08-14 12:16 - 2014-02-10 23:06 - 00000000 ____D () C:\Users\Marius\Desktop\setups
2014-08-14 11:53 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-14 11:39 - 2014-08-14 11:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 11:21 - 2014-08-14 11:21 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-14 11:21 - 2014-08-14 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-14 11:20 - 2014-08-14 11:20 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-14 05:27 - 2014-02-12 23:01 - 00000000 ____D () C:\Users\Marius\AppData\Local\CrashDumps
2014-08-13 13:34 - 2014-02-10 23:10 - 00000984 _____ () C:\Users\Marius\Desktop\Dropbox.lnk
2014-08-13 13:34 - 2014-02-10 23:07 - 00000000 ____D () C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-11 22:39 - 2014-08-11 22:01 - 00000000 ____D () C:\Users\Marius\AppData\Roaming\Mp3tag
2014-08-11 22:00 - 2014-08-11 22:00 - 00000981 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-08-11 22:00 - 2014-08-11 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-08-11 22:00 - 2014-08-11 22:00 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-08-11 20:09 - 2014-02-13 00:44 - 00000349 _____ () C:\Users\Marius\.dsa4.properties
2014-08-08 20:26 - 2014-08-08 20:26 - 00001851 _____ () C:\Users\Public\Desktop\JabRef 2.10.lnk
2014-08-08 20:26 - 2014-08-08 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JabRef
2014-08-08 20:26 - 2014-08-08 20:26 - 00000000 ____D () C:\Program Files (x86)\JabRef
2014-08-08 20:25 - 2014-05-20 11:52 - 00000000 ____D () C:\Users\Marius\Documents\Bibliographix 10
2014-08-07 08:33 - 2014-08-14 11:52 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 05:09 - 2014-08-14 11:52 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 20:06 - 2014-02-10 15:13 - 00000000 ____D () C:\Users\Marius\AppData\Local\Packages
2014-08-02 02:15 - 2012-07-26 10:14 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 02:15 - 2012-07-26 10:14 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-27 23:43 - 2014-02-10 15:59 - 00000000 ____D () C:\Users\Marius\AppData\Local\Thunderbird
2014-07-25 18:59 - 2014-07-25 18:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-25 18:44 - 2014-06-20 15:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-25 18:44 - 2014-02-10 15:59 - 00002100 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-07-25 18:44 - 2014-02-10 15:59 - 00002088 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-07-24 14:11 - 2014-08-14 05:01 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-24 14:10 - 2014-08-14 05:02 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 14:10 - 2014-08-14 05:01 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 14:10 - 2014-08-14 05:01 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-24 14:10 - 2014-08-14 05:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-24 14:09 - 2014-08-14 05:02 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 14:09 - 2014-08-14 05:02 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 14:09 - 2014-08-14 05:02 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 14:09 - 2014-08-14 05:02 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 14:09 - 2014-08-14 05:01 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-24 12:52 - 2014-08-14 05:01 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-24 12:52 - 2014-08-14 05:01 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 12:52 - 2014-08-14 05:01 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-24 12:51 - 2014-08-14 05:02 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-24 12:51 - 2014-08-14 05:02 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-24 12:51 - 2014-08-14 05:02 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-24 12:51 - 2014-08-14 05:01 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-24 12:33 - 2014-08-14 05:01 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 12:29 - 2014-08-14 05:01 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-24 10:03 - 2014-08-14 05:01 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-16 01:03 - 2014-08-14 05:01 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-07-16 00:55 - 2014-08-14 05:01 - 04035072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-16 00:51 - 2014-08-14 21:15 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\AskSLib.dll
C:\Users\admin\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\admin\AppData\Local\Temp\Quarantine.exe
C:\Users\admin\AppData\Local\Temp\sqlite3.exe
C:\Users\admin\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\admin\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Marius\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpohtvgd.dll
C:\Users\Marius\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Marius\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Marius\AppData\Local\Temp\sqlite3.exe
C:\Users\Marius\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Marius\AppData\Local\Temp\System.Data.SQLite75081.dll
C:\Users\Marius\AppData\Local\Temp\vpnclient_setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

--- --- ---
[\code]

schrauber · 17.08.2014, 14:54

Zitat:

Ran by marius (ATTENTION: The logged in user is not administrator) on MAIUS-PC on 15-08-2014 19:01:59

Bitte nochmal, unsre Tools brauchen immer Adminrechte.

Nathius · 19.08.2014, 15:47

Hallo Schrauber,

ich war der Ansicht, dass "Als Administrator ausführen" reicht. Scheinbar wohl nicht. Ich habe jetzt den ganzen Prozess erneut im Admin-Konto durchgeführt. Im Folgenden die Log-files in der Reihenfolge der Durchführung:

MalwareBytes: (keine Funde)

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 19.08.2014
Scan Time: 15:23:44
Logfile: Malwarebytes-no findings.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.19.05
Rootkit Database: v2014.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377390
Time Elapsed: 9 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

AdwCleaner:

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.305 - Bericht erstellt am 19/08/2014 um 15:48:04
# Aktualisiert 14/08/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : admin - MAIUS-PC
# Gestartet von : C:\Users\admin\Desktop\Trojanerboard\adwcleaner_3.305.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.17054


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yk75s72c.default\prefs.js ]


[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\7lvsfbht.default\prefs.js ]


[ Datei : C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\le41jy31.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2487 octets] - [14/08/2014 22:24:07]
AdwCleaner[R1].txt - [1146 octets] - [19/08/2014 15:46:25]
AdwCleaner[S0].txt - [2446 octets] - [14/08/2014 22:26:05]
AdwCleaner[S1].txt - [1068 octets] - [19/08/2014 15:48:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1128 octets] ##########

--- --- ---

[/CODE]

Junkware Removal Tool: (keine Funde)

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by admin on 19.08.2014 at 15:52:52,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.08.2014 at 16:09:12,25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Shortcut Cleaner: (keine Funde)

Code:

ATTFilter

Shortcut Cleaner 1.3.3 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 8 
Program started at: 08/19/2014 04:12:19 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\admin\Desktop


0 bad shortcuts found.

Program finished at: 08/19/2014 04:12:20 PM
Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)

Und jetzt die Scans die zu jedem Hilfsgesuch gehören:

defogger: (keine Fehlermeldung)

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:17 on 19/08/2014 (admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2014 01
Ran by admin (administrator) on MAIUS-PC on 19-08-2014 16:21:34
Running from C:\Users\admin\Desktop\Trojanerboard
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\admin\Desktop\Trojanerboard\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-05] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3049200 2013-05-14] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
Startup: C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: DBARFileBackuped -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: DBARFileNotBackuped -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/index.html
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {362175DD-2B68-4001-A277-B558F342098B} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKLM - {90BB64F5-8335-4872-B575-0DEB6C419345} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - {90BB64F5-8335-4872-B575-0DEB6C419345} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKCU - {362175DD-2B68-4001-A277-B558F342098B} URL = 
SearchScopes: HKCU - {90BB64F5-8335-4872-B575-0DEB6C419345} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yk75s72c.default
FF SearchEngineOrder.1: Websuche
FF Homepage: hxxp://www.spiegel.de/
FF Keyword.URL: hxxp://www.startseite24.net/?q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-12-24]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-11-11] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-08] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [668984 2013-03-01] (Intel Corporation)
R2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()
S3 iumsvc; c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-14] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-06-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1911312 2013-08-30] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [104960 2012-07-07] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-03-25] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S0 hswultpep; C:\Windows\System32\drivers\hswultpep.sys [62968 2013-02-09] (Intel Corporation)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24056 2013-02-09] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99832 2013-02-09] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [84472 2013-02-09] (Intel Corporation)
S3 iaLPSS_UART; C:\Windows\System32\drivers\iaLPSS_UART.sys [142840 2013-02-09] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [86472 2013-04-25] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2013-03-01] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-03-14] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99800 2013-05-14] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-06-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-06-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3648480 2013-10-08] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2013-05-14] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-08-19] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 15:53 - 2014-08-19 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-19 15:45 - 2014-08-19 15:45 - 00068291 _____ () C:\Users\admin\Desktop\RocketTab entfernen - Trojaner-Board.htm
2014-08-19 15:45 - 2014-08-19 15:45 - 00064865 _____ () C:\Users\admin\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
2014-08-19 15:45 - 2014-08-19 15:45 - 00000000 ____D () C:\Users\admin\Desktop\RocketTab entfernen - Trojaner-Board-Dateien
2014-08-19 15:45 - 2014-08-19 15:45 - 00000000 ____D () C:\Users\admin\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board-Dateien
2014-08-19 15:42 - 2014-08-19 15:42 - 00001059 _____ () C:\Users\admin\Desktop\Malwarebytes-no findings.txt
2014-08-19 15:06 - 2014-08-19 16:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 15:05 - 2014-08-19 15:05 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-19 15:05 - 2014-08-19 15:05 - 00000000 ____D () C:\Users\admin\AppData\Local\Macromedia
2014-08-19 15:05 - 2014-08-19 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-19 15:05 - 2014-08-19 15:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-19 15:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-19 15:05 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-19 15:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-19 14:58 - 2014-08-19 14:58 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Macromedia
2014-08-19 14:50 - 2014-08-19 14:50 - 00000060 _____ () C:\Users\admin\Desktop\url.txt
2014-08-14 23:47 - 2014-08-19 16:21 - 00000000 ____D () C:\Users\admin\Desktop\Trojanerboard
2014-08-14 23:02 - 2014-08-14 23:02 - 00000000 ____D () C:\Windows\ERUNT
2014-08-14 22:57 - 2014-08-19 16:09 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2423286125-108942895-335680897-1003
2014-08-14 22:28 - 2014-08-14 22:28 - 00307760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-14 22:20 - 2014-08-19 15:48 - 00000000 ____D () C:\AdwCleaner
2014-08-14 21:15 - 2014-08-14 21:15 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Intel Corporation
2014-08-14 21:15 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-14 21:14 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 21:14 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 20:13 - 2014-08-19 16:21 - 00000000 ____D () C:\FRST
2014-08-14 19:59 - 2014-08-14 19:59 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-08-14 11:52 - 2014-08-07 08:33 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 11:52 - 2014-08-07 05:09 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 11:39 - 2014-08-14 11:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 11:22 - 2014-08-14 20:30 - 00000000 ____D () C:\Users\Marius\AppData\Roaming\vlc
2014-08-14 11:21 - 2014-08-14 11:21 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-14 11:21 - 2014-08-14 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-14 11:20 - 2014-08-14 11:20 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-14 05:02 - 2014-07-24 14:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 05:02 - 2014-07-24 14:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 05:02 - 2014-07-24 14:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 05:02 - 2014-07-24 14:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 05:02 - 2014-07-24 14:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 05:02 - 2014-07-24 12:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 05:02 - 2014-07-24 12:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 05:02 - 2014-07-24 12:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 05:02 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 05:02 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-14 05:01 - 2014-07-24 14:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 05:01 - 2014-07-24 14:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 05:01 - 2014-07-24 14:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-14 05:01 - 2014-07-24 14:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 05:01 - 2014-07-24 14:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 05:01 - 2014-07-24 14:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 05:01 - 2014-07-24 12:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 05:01 - 2014-07-24 12:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 05:01 - 2014-07-24 12:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 05:01 - 2014-07-24 12:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 05:01 - 2014-07-24 12:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 05:01 - 2014-07-24 12:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 05:01 - 2014-07-24 12:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 05:01 - 2014-07-24 10:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-14 05:01 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 05:01 - 2014-07-16 00:55 - 04035072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 05:01 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 05:00 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 05:00 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 05:00 - 2014-06-05 19:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 05:00 - 2014-06-05 19:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-14 05:00 - 2014-06-05 19:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 05:00 - 2014-06-05 19:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 05:00 - 2014-06-05 19:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 05:00 - 2014-06-05 19:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-14 05:00 - 2014-06-05 15:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-14 05:00 - 2014-06-05 15:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 05:00 - 2014-06-05 15:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 05:00 - 2014-06-05 15:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 05:00 - 2014-06-05 15:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-14 05:00 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-14 05:00 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-11 22:01 - 2014-08-11 22:39 - 00000000 ____D () C:\Users\Marius\AppData\Roaming\Mp3tag
2014-08-11 22:00 - 2014-08-11 22:00 - 00000981 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-08-11 22:00 - 2014-08-11 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-08-11 22:00 - 2014-08-11 22:00 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-08-08 20:26 - 2014-08-08 20:26 - 00001851 _____ () C:\Users\Public\Desktop\JabRef 2.10.lnk
2014-08-08 20:26 - 2014-08-08 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JabRef
2014-08-08 20:26 - 2014-08-08 20:26 - 00000000 ____D () C:\Program Files (x86)\JabRef
2014-08-06 00:06 - 2014-05-20 04:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-06 00:06 - 2014-05-20 01:45 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-06 00:06 - 2014-05-20 01:45 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-06 00:06 - 2014-05-20 01:24 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-06 00:06 - 2014-05-20 01:24 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-06 00:06 - 2014-05-20 01:24 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-06 00:06 - 2014-05-20 01:24 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-06 00:06 - 2014-05-20 01:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-06 00:06 - 2014-05-20 01:24 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-06 00:06 - 2014-05-15 00:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-06 00:06 - 2014-05-15 00:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-06 00:06 - 2014-05-15 00:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-06 00:06 - 2014-05-15 00:42 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-25 18:59 - 2014-07-25 18:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 16:21 - 2014-08-14 23:47 - 00000000 ____D () C:\Users\admin\Desktop\Trojanerboard
2014-08-19 16:21 - 2014-08-14 20:13 - 00000000 ____D () C:\FRST
2014-08-19 16:09 - 2014-08-14 22:57 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2423286125-108942895-335680897-1003
2014-08-19 16:07 - 2014-02-16 13:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-19 16:03 - 2014-08-19 15:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 16:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-19 15:56 - 2013-12-24 07:33 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-08-19 15:55 - 2012-07-26 12:27 - 00754172 _____ () C:\Windows\system32\perfh007.dat
2014-08-19 15:55 - 2012-07-26 12:27 - 00156362 _____ () C:\Windows\system32\perfc007.dat
2014-08-19 15:55 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-19 15:53 - 2014-08-19 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-19 15:49 - 2013-12-24 07:31 - 00003314 _____ () C:\Windows\System32\Tasks\Intel® Rapid Start Technology Manager
2014-08-19 15:48 - 2014-08-14 22:20 - 00000000 ____D () C:\AdwCleaner
2014-08-19 15:48 - 2014-02-26 18:34 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-19 15:48 - 2014-02-10 15:12 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-08-19 15:48 - 2013-12-24 07:39 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-08-19 15:48 - 2013-12-24 07:32 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-08-19 15:48 - 2013-12-24 07:14 - 00037596 _____ () C:\Windows\PFRO.log
2014-08-19 15:48 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 15:48 - 2012-07-26 07:26 - 01048576 ___SH () C:\Windows\system32\config\BBI
2014-08-19 15:45 - 2014-08-19 15:45 - 00068291 _____ () C:\Users\admin\Desktop\RocketTab entfernen - Trojaner-Board.htm
2014-08-19 15:45 - 2014-08-19 15:45 - 00064865 _____ () C:\Users\admin\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
2014-08-19 15:45 - 2014-08-19 15:45 - 00000000 ____D () C:\Users\admin\Desktop\RocketTab entfernen - Trojaner-Board-Dateien
2014-08-19 15:45 - 2014-08-19 15:45 - 00000000 ____D () C:\Users\admin\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board-Dateien
2014-08-19 15:42 - 2014-08-19 15:42 - 00001059 _____ () C:\Users\admin\Desktop\Malwarebytes-no findings.txt
2014-08-19 15:42 - 2014-05-10 02:45 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6be922e07b1a.job
2014-08-19 15:05 - 2014-08-19 15:05 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-19 15:05 - 2014-08-19 15:05 - 00000000 ____D () C:\Users\admin\AppData\Local\Macromedia
2014-08-19 15:05 - 2014-08-19 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-19 15:05 - 2014-08-19 15:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-19 14:58 - 2014-08-19 14:58 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Macromedia
2014-08-19 14:50 - 2014-08-19 14:50 - 00000060 _____ () C:\Users\admin\Desktop\url.txt
2014-08-19 14:50 - 2014-02-10 23:10 - 00000000 ___RD () C:\Users\Marius\Dropbox
2014-08-19 14:48 - 2014-02-10 23:07 - 00000000 ____D () C:\Users\Marius\AppData\Roaming\Dropbox
2014-08-19 14:31 - 2013-12-24 07:18 - 01197508 _____ () C:\Windows\WindowsUpdate.log
2014-08-18 02:08 - 2013-12-24 07:32 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-08-18 02:08 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-08-17 10:49 - 2014-02-13 00:44 - 00000349 _____ () C:\Users\Marius\.dsa4.properties
2014-08-16 17:07 - 2014-02-12 23:01 - 00000000 ____D () C:\Users\Marius\AppData\Local\CrashDumps
2014-08-15 19:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-15 18:53 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-08-14 23:38 - 2014-02-10 15:58 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2423286125-108942895-335680897-1001
2014-08-14 23:23 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-14 23:02 - 2014-08-14 23:02 - 00000000 ____D () C:\Windows\ERUNT
2014-08-14 22:28 - 2014-08-14 22:28 - 00307760 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-14 22:28 - 2014-02-10 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-14 22:28 - 2012-07-26 10:18 - 00000000 ____D () C:\Windows\DigitalLocker
2014-08-14 22:27 - 2014-07-14 16:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 22:27 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-14 22:27 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-14 21:23 - 2014-02-10 23:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 21:21 - 2014-02-10 23:31 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 21:15 - 2014-08-14 21:15 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Intel Corporation
2014-08-14 20:30 - 2014-08-14 11:22 - 00000000 ____D () C:\Users\Marius\AppData\Roaming\vlc
2014-08-14 19:59 - 2014-08-14 19:59 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-08-14 19:59 - 2014-02-11 09:41 - 00000000 ____D () C:\Users\admin
2014-08-14 12:16 - 2014-02-10 23:06 - 00000000 ____D () C:\Users\Marius\Desktop\setups
2014-08-14 11:53 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-14 11:39 - 2014-08-14 11:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 11:21 - 2014-08-14 11:21 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-14 11:21 - 2014-08-14 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-14 11:20 - 2014-08-14 11:20 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-13 13:34 - 2014-02-10 23:10 - 00000984 _____ () C:\Users\Marius\Desktop\Dropbox.lnk
2014-08-13 13:34 - 2014-02-10 23:07 - 00000000 ____D () C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-11 22:39 - 2014-08-11 22:01 - 00000000 ____D () C:\Users\Marius\AppData\Roaming\Mp3tag
2014-08-11 22:00 - 2014-08-11 22:00 - 00000981 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-08-11 22:00 - 2014-08-11 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-08-11 22:00 - 2014-08-11 22:00 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-08-08 20:26 - 2014-08-08 20:26 - 00001851 _____ () C:\Users\Public\Desktop\JabRef 2.10.lnk
2014-08-08 20:26 - 2014-08-08 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JabRef
2014-08-08 20:26 - 2014-08-08 20:26 - 00000000 ____D () C:\Program Files (x86)\JabRef
2014-08-08 20:25 - 2014-05-20 11:52 - 00000000 ____D () C:\Users\Marius\Documents\Bibliographix 10
2014-08-07 08:33 - 2014-08-14 11:52 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 05:09 - 2014-08-14 11:52 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 20:06 - 2014-02-10 15:13 - 00000000 ____D () C:\Users\Marius\AppData\Local\Packages
2014-08-02 02:15 - 2012-07-26 10:14 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 02:15 - 2012-07-26 10:14 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-27 23:43 - 2014-02-10 15:59 - 00000000 ____D () C:\Users\Marius\AppData\Local\Thunderbird
2014-07-25 18:59 - 2014-07-25 18:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-25 18:44 - 2014-06-20 15:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-25 18:44 - 2014-02-10 15:59 - 00002100 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-07-25 18:44 - 2014-02-10 15:59 - 00002088 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-07-24 14:11 - 2014-08-14 05:01 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-24 14:10 - 2014-08-14 05:02 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 14:10 - 2014-08-14 05:01 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 14:10 - 2014-08-14 05:01 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-24 14:10 - 2014-08-14 05:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-24 14:09 - 2014-08-14 05:02 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 14:09 - 2014-08-14 05:02 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 14:09 - 2014-08-14 05:02 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 14:09 - 2014-08-14 05:02 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 14:09 - 2014-08-14 05:01 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 14:09 - 2014-08-14 05:01 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-24 12:52 - 2014-08-14 05:01 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-24 12:52 - 2014-08-14 05:01 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 12:52 - 2014-08-14 05:01 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-24 12:51 - 2014-08-14 05:02 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-24 12:51 - 2014-08-14 05:02 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-24 12:51 - 2014-08-14 05:02 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-24 12:51 - 2014-08-14 05:01 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-24 12:51 - 2014-08-14 05:01 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-24 12:33 - 2014-08-14 05:01 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 12:29 - 2014-08-14 05:01 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-24 10:03 - 2014-08-14 05:01 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\AskSLib.dll
C:\Users\admin\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\admin\AppData\Local\Temp\Quarantine.exe
C:\Users\admin\AppData\Local\Temp\sqlite3.exe
C:\Users\admin\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\admin\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Marius\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxz8xsz.dll
C:\Users\Marius\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Marius\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Marius\AppData\Local\Temp\sqlite3.exe
C:\Users\Marius\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Marius\AppData\Local\Temp\System.Data.SQLite75081.dll
C:\Users\Marius\AppData\Local\Temp\vpnclient_setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-18 17:05

==================== End Of Log ============================

--- --- ---

GMER:

Code:

ATTFilter

GMER Logfile:

	Code: 

 ATTFilter

  
	GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-19 16:37:23
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000004e SAMSUNG_SSD_SM841_mSATA_256GB rev.DXM44D0Q 238,47GB
Running: Gmer-19357.exe; Driver: C:\Users\admin\AppData\Local\Temp\fgloypog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1088] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                          000007fa3d111532 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1088] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                          000007fa3d11153a 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1088] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                        000007fa3d11165a 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1096] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                          000007fa3d111532 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1096] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                          000007fa3d11153a 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1096] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                        000007fa3d11165a 4 bytes [11, 3D, FA, 07]
.text   C:\Windows\system32\WLANExt.exe[1384] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                               000007fa419d177a 4 bytes [9D, 41, FA, 07]
.text   C:\Windows\system32\WLANExt.exe[1384] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                               000007fa419d1782 4 bytes [9D, 41, FA, 07]
.text   C:\Windows\system32\WLANExt.exe[1384] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                                         000007fa3d111532 4 bytes [11, 3D, FA, 07]
.text   C:\Windows\system32\WLANExt.exe[1384] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                                         000007fa3d11153a 4 bytes [11, 3D, FA, 07]
.text   C:\Windows\system32\WLANExt.exe[1384] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                                       000007fa3d11165a 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1832] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                              000007fa3d111532 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1832] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                              000007fa3d11153a 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1832] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                            000007fa3d11165a 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1832] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                    000007fa419d177a 4 bytes [9D, 41, FA, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1832] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                    000007fa419d1782 4 bytes [9D, 41, FA, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1832] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                  000007fa38f61b32 4 bytes [F6, 38, FA, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1832] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                  000007fa38f61b3a 4 bytes [F6, 38, FA, 07]
.text   c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2028] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306  000007fa419d177a 4 bytes [9D, 41, FA, 07]
.text   c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2028] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314  000007fa419d1782 4 bytes [9D, 41, FA, 07]
.text   c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2028] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690            000007fa3d111532 4 bytes [11, 3D, FA, 07]
.text   c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2028] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698            000007fa3d11153a 4 bytes [11, 3D, FA, 07]
.text   c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2028] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246          000007fa3d11165a 4 bytes [11, 3D, FA, 07]
.text   C:\Windows\system32\mfevtps.exe[2152] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306                                               000007fa419d177a 4 bytes [9D, 41, FA, 07]
.text   C:\Windows\system32\mfevtps.exe[2152] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314                                               000007fa419d1782 4 bytes [9D, 41, FA, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                000007fa419d177a 4 bytes [9D, 41, FA, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                000007fa419d1782 4 bytes [9D, 41, FA, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                          000007fa3d111532 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                          000007fa3d11153a 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2344] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                        000007fa3d11165a 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2400] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                   000007fa3d111532 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2400] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                   000007fa3d11153a 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2400] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                 000007fa3d11165a 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2400] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                         000007fa419d177a 4 bytes [9D, 41, FA, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2400] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                         000007fa419d1782 4 bytes [9D, 41, FA, 07]
.text   C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2444] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306             000007fa419d177a 4 bytes [9D, 41, FA, 07]
.text   C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2444] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314             000007fa419d1782 4 bytes [9D, 41, FA, 07]
.text   C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2444] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                       000007fa3d111532 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2444] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                       000007fa3d11153a 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe[2444] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                     000007fa3d11165a 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2596] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                      000007fa419d177a 4 bytes [9D, 41, FA, 07]
.text   C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2596] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                      000007fa419d1782 4 bytes [9D, 41, FA, 07]
.text   C:\Windows\system32\wbem\wmiprvse.exe[2736] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                         000007fa419d177a 4 bytes [9D, 41, FA, 07]
.text   C:\Windows\system32\wbem\wmiprvse.exe[2736] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                         000007fa419d1782 4 bytes [9D, 41, FA, 07]
.text   C:\Windows\system32\wbem\wmiprvse.exe[2736] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                   000007fa3d111532 4 bytes [11, 3D, FA, 07]
.text   C:\Windows\system32\wbem\wmiprvse.exe[2736] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                   000007fa3d11153a 4 bytes [11, 3D, FA, 07]
.text   C:\Windows\system32\wbem\wmiprvse.exe[2736] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                 000007fa3d11165a 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4616] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                        000007fa3d111532 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4616] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                        000007fa3d11153a 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4616] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                      000007fa3d11165a 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4684] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                          000007fa3d111532 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4684] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                          000007fa3d11153a 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4684] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                        000007fa3d11165a 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4728] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                          000007fa3d111532 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4728] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                          000007fa3d11153a 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4728] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                        000007fa3d11165a 4 bytes [11, 3D, FA, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4816] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                 000007fa419d177a 4 bytes [9D, 41, FA, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4816] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                 000007fa419d1782 4 bytes [9D, 41, FA, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5092] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                              000007fa419d177a 4 bytes [9D, 41, FA, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5092] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                              000007fa419d1782 4 bytes [9D, 41, FA, 07]
.text   C:\Windows\explorer.exe[3716] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                 000007fa3d111532 4 bytes [11, 3D, FA, 07]
.text   C:\Windows\explorer.exe[3716] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                 000007fa3d11153a 4 bytes [11, 3D, FA, 07]
.text   C:\Windows\explorer.exe[3716] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                               000007fa3d11165a 4 bytes [11, 3D, FA, 07]
.text   C:\Windows\explorer.exe[3716] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306                                                       000007fa419d177a 4 bytes [9D, 41, FA, 07]
.text   C:\Windows\explorer.exe[3716] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314                                                       000007fa419d1782 4 bytes [9D, 41, FA, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [660:684]                                                                                                          fffff9600093b5e8

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                            unknown MBR code

---- EOF - GMER 2.1 ----
         
 --- --- ---

Ich hoffe, jetzt alle Informationen richtig zusammengetragen zu haben.

Gruß, Nathius

schrauber · 20.08.2014, 09:21

Sieht soweit gut aus, was besteht noch an Problemen?

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte.

Nathius · 20.08.2014, 15:10

Hallo Schrauber,

ich habe keine weiteren Probleme feststellen können. Am Meisten Sorgen macht mir meine Dropbox, aber außer dem geänderten Installationsdatum habe ich dort auch keine Abweichungen der Norm bemerkt.
Ein Problem habe ich allerdings noch, obwohl das (denke ich) nichts mit RocketTab oder ähnlicher Malware zu tun hat: Mein Ladekabel ist abgeschmiert. Daher werde ich wohl frühestens in 1-2 Wochen wieder Zugang zum fraglichen Gerät haben.

ESET hatte ich nicht laufen lassen, da ich seit Wochen kein externes Gerät mehr angeschlossen hatte. Ich kann das aber noch wiederholen, sobald ich wieder Strom drauf habe. Das selbe für Security Check.

Beste Grüße,
Nathius

schrauber · 21.08.2014, 10:56

ESET scant ja auch den PC ansich auf Reste.

Nathius · 21.10.2014, 09:44

Hallo Schrauber,
nach langem hin und her habe ich nun endlich wieder Strom auf dem Kasten. Entsprechend jetzt die noch fehlenden Scans.

ESET hatte ich kurz abgebrochen und im Admin wieder neu gestartet, weil das beim letzten mal Probleme gemacht hat. Sollte sich in der Logfile wiederspiegeln.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6623492d26b3a740b4744b89ae656a4f
# engine=20694
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-20 11:42:38
# local_time=2014-10-21 01:42:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5129 16777214 100 97 24695 100267174 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 13654548 25958134 0 0
# scanned=13920
# found=2
# cleaned=0
# scan_time=325
sh=205ED35C8F767789F847B10F15DCABE289CA6690 ft=1 fh=c71c0011642367b2 vn="Variante von Win32/InstallCore.JK evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2423286125-108942895-335680897-1001\$RK2KG06.exe"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\admin\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6623492d26b3a740b4744b89ae656a4f
# engine=20694
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-21 08:09:25
# local_time=2014-10-21 10:09:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5129 16777214 100 97 55102 100297581 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 13684955 25988541 0 0
# scanned=282992
# found=8
# cleaned=0
# scan_time=30316
sh=205ED35C8F767789F847B10F15DCABE289CA6690 ft=1 fh=c71c0011642367b2 vn="Variante von Win32/InstallCore.JK evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2423286125-108942895-335680897-1001\$RK2KG06.exe"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\admin\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe.vir"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\admin\AppData\Local\Temp\is357113909\178129964_stp\wajam_validate.exe"
sh=175A8A0C7650EF29B0E1AE7137F5F48FDFCD6588 ft=1 fh=deea2a09617af006 vn="Variante von Win32/AdWare.SpeedingUpMyPC.G Anwendung" ac=I fn="C:\Users\admin\AppData\Local\Temp\is357113909\178130334_stp\PCSpeedMaximizer_AQDE_AFD_PPI.exe"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\admin\AppData\Local\Temp\is357113909\178130359_stp\uninstaller.exe"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marius\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57YD7U7F\sp-downloader[1].exe"
sh=34B9D1640D13BE7E0D8EE9E2C9024B52FEE6E3D7 ft=1 fh=3629e850807bd909 vn="MSIL/Adware.iBryte.F Anwendung" ac=I fn="C:\Users\Marius\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C8JXP3I2\rtinstaller[1].exe"
sh=FBBE31F08E493A8B0702FE72F3ABA6DF996E20C6 ft=1 fh=1055b3d0ea15ac02 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marius\Desktop\setups\PDFCreator-1_7_2_setup.exe"

Security Check:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.87  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
McAfee Anti-Virus und Anti-Spyware   
Windows Defender                     
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
 Java version out of Date! 
 Adobe Flash Player 	15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox (33.0) 
 Mozilla Thunderbird (31.0.) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST - log:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by admin (administrator) on MAIUS-PC on 21-10-2014 10:38:05
Running from C:\Users\admin\Desktop\Trojanerboard
Loaded Profiles: marius & admin (Available profiles: marius & admin & Gast)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McA906B.tmp
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dropbox, Inc.) C:\Users\Marius\AppData\Roaming\Dropbox\bin\Dropbox.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\Core\mchost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe
() C:\Users\admin\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-05] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3049200 2013-05-14] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2423286125-108942895-335680897-1003\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe [854192 2014-10-20] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
Startup: C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/index.html
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {362175DD-2B68-4001-A277-B558F342098B} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKLM - {90BB64F5-8335-4872-B575-0DEB6C419345} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - {90BB64F5-8335-4872-B575-0DEB6C419345} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKCU - {362175DD-2B68-4001-A277-B558F342098B} URL = 
SearchScopes: HKCU - {90BB64F5-8335-4872-B575-0DEB6C419345} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yk75s72c.default
FF SearchEngineOrder.1: Websuche
FF Homepage: hxxp://www.spiegel.de/
FF Keyword.URL: hxxp://www.startseite24.net/?q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-12-24]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0081061413823832mcinstcleanup; C:\Windows\TEMP\008106~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-11-11] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-08] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [668984 2013-03-01] (Intel Corporation)
R2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()
S3 iumsvc; c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-14] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1911312 2013-08-30] (SoftThinks SAS)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [104960 2012-07-07] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-03-25] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S0 hswultpep; C:\Windows\System32\drivers\hswultpep.sys [62968 2013-02-09] (Intel Corporation)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24056 2013-02-09] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99832 2013-02-09] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [84472 2013-02-09] (Intel Corporation)
S3 iaLPSS_UART; C:\Windows\System32\drivers\iaLPSS_UART.sys [142840 2013-02-09] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [86472 2013-04-25] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2013-03-01] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-03-14] ()
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99800 2013-05-14] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
U3 mfencbdc01; No ImagePath
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3648480 2013-10-08] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2013-05-14] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-08-19] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 01:42 - 2014-10-20 18:43 - 02347384 _____ (ESET) C:\Users\admin\Desktop\esetsmartinstaller_deu.exe
2014-10-21 01:38 - 2014-10-21 01:38 - 00854417 _____ () C:\Users\admin\Desktop\SecurityCheck.exe
2014-10-21 01:35 - 2014-10-21 01:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-21 01:34 - 2014-10-21 01:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-10-20 18:52 - 2014-08-09 10:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-10-20 18:52 - 2014-08-09 10:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-10-20 18:44 - 2014-10-20 18:44 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-20 18:43 - 2014-10-20 18:43 - 02347384 _____ (ESET) C:\Users\Marius\Desktop\esetsmartinstaller_deu.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 10:38 - 2014-08-14 23:47 - 00000000 ____D () C:\Users\admin\Desktop\Trojanerboard
2014-10-21 10:38 - 2014-08-14 20:13 - 00000000 ____D () C:\FRST
2014-10-21 10:34 - 2013-12-24 07:18 - 01997057 _____ () C:\Windows\WindowsUpdate.log
2014-10-21 10:34 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-21 10:30 - 2014-08-14 22:57 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2423286125-108942895-335680897-1003
2014-10-21 10:07 - 2014-02-16 13:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-21 10:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-10-21 09:42 - 2014-05-10 02:45 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6be922e07b1a.job
2014-10-21 01:35 - 2014-02-10 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-21 01:31 - 2014-02-26 18:34 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-21 01:31 - 2014-02-10 23:10 - 00000000 ___RD () C:\Users\Marius\Dropbox
2014-10-21 01:31 - 2014-02-10 23:07 - 00000000 ____D () C:\Users\Marius\AppData\Roaming\Dropbox
2014-10-21 01:29 - 2013-12-24 07:31 - 00003308 _____ () C:\Windows\System32\Tasks\Intel® Rapid Start Technology Manager
2014-10-20 20:07 - 2014-02-16 13:44 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-20 19:28 - 2014-02-10 23:10 - 00000984 _____ () C:\Users\Marius\Desktop\Dropbox.lnk
2014-10-20 19:28 - 2014-02-10 23:07 - 00000000 ____D () C:\Users\Marius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-20 19:04 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-10-20 19:01 - 2014-02-10 23:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-20 18:55 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-10-20 18:50 - 2013-12-24 07:32 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-10-20 18:50 - 2013-12-24 07:32 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-10-20 18:50 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-03 10:02 - 2014-02-10 23:31 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\AskSLib.dll
C:\Users\admin\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\admin\AppData\Local\Temp\Quarantine.exe
C:\Users\admin\AppData\Local\Temp\sqlite3.exe
C:\Users\admin\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\admin\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Marius\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpryy7hj.dll
C:\Users\Marius\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Marius\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Marius\AppData\Local\Temp\sqlite3.exe
C:\Users\Marius\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Marius\AppData\Local\Temp\System.Data.SQLite75081.dll
C:\Users\Marius\AppData\Local\Temp\vpnclient_setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-20 18:54

==================== End Of Log ============================

--- --- ---

FRST - Additional:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2014
Ran by admin at 2014-10-21 10:39:07
Running from C:\Users\admin\Desktop\Trojanerboard
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
ActivePerl 5.16.3 Build 1603 (64-bit) (HKLM\...\{8C327061-E39D-4696-84A8-E84533ADDD7D}) (Version: 5.16.1603 - ActiveState)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Bibliographix 8 (HKLM-x32\...\Bibliographix 8_is1) (Version:  - Bibliographix GbR)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.0.3 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.0.3 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.5.0.42 - Synaptics Incorporated)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel Anti-Theft Discovery App (HKLM-x32\...\{707248B9-2D34-4D77-A5C6-2A8A54848E5A}) (Version: 1.1.0.7 - Intel Corporation)
Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel(R) Experience Center Driver (Version: 1.9.0.8 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.2.1489 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3145 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.1.1.0084 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1304-148929CC1385}) (Version: 3.0.1304.0338 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1008 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.5.4.1001 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Smart Connect Technology 4.1 x64 (HKLM\...\{1EF24D7D-7B14-4EBA-A686-9E91C9C6763D}) (Version: 4.1.40.2143 - Intel)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
JabRef 2.10 (HKLM-x32\...\JabRef 2.10) (Version: 2.10 - JabRef Team)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mp3tag v2.62 (HKLM-x32\...\Mp3tag) (Version: v2.62 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.3.1.0 - NXP Semiconductors)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
R for Windows 3.1.1 (HKLM\...\R for Windows 3.1.1_is1) (Version: 3.1.1 - R Core Team)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6966 - Realtek Semiconductor Corp.)
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.501 - RStudio)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Texmaker (HKLM-x32\...\Texmaker) (Version:  - )
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
XMind 2013 (v3.4.1) (HKLM-x32\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Marius\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marius\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marius\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marius\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marius\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marius\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marius\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marius\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marius\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

14-08-2014 19:13:31 Windows Update
20-10-2014 16:54:18 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1AE766F1-2EB0-43A2-B552-416478ECF118} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-03-01] (Intel)
Task: {1C9EEE91-C928-4215-BED7-028DFFE007DD} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3E411475-1ED6-4F03-BDA3-ED1C7C24058D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {5D8BBF55-33C6-4684-BBAD-4A9397F786F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-20] (Adobe Systems Incorporated)
Task: {621296FC-F2E2-4370-BEC9-ACAF72F6F9DE} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-08-22] (PC-Doctor, Inc.)
Task: {673EBA73-1691-406A-919A-BE75D6473EC9} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {84B394E4-1930-48DD-9388-43EDFC4CFD63} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6be922e07b1a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B5729544-BA28-444A-9EE5-005070A62032} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-08-22] (PC-Doctor, Inc.)
Task: {BEF01342-1E24-411E-8945-9D16D153E205} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-03] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EEF12551-2881-498F-B432-FFCA92096EFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)
Task: {FEA595F6-75C2-4DA2-99A9-E4C02EE27F94} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6be922e07b1a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-14 15:42 - 2013-03-14 15:42 - 00182248 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-03-14 15:42 - 2013-03-14 15:42 - 00059880 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-24 07:34 - 2013-08-19 11:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2013-12-24 07:34 - 2013-08-19 11:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2013-12-24 15:40 - 2013-04-08 23:52 - 00525824 _____ () C:\Program Files\WindowsApps\McAfeeInc.01.McAfeeSecurityAdvisorforDell_1.5.0.7_x64__n49tcsmxt2t2c\McMetroShim.dll
2013-12-24 15:40 - 2013-04-08 23:52 - 00220104 _____ () C:\Program Files\WindowsApps\McAfeeInc.01.McAfeeSecurityAdvisorforDell_1.5.0.7_x64__n49tcsmxt2t2c\McIHART.dll
2014-10-21 01:38 - 2014-10-21 01:38 - 00854417 _____ () C:\Users\admin\Desktop\SecurityCheck.exe
2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2014-04-10 14:30 - 2014-04-10 14:30 - 00134664 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2013-12-24 07:28 - 2013-05-14 19:39 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-10-21 01:31 - 2014-10-21 01:31 - 00043008 _____ () c:\users\marius\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpryy7hj.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Marius\AppData\Roaming\Dropbox\bin\libcef.dll
2014-10-21 01:35 - 2014-10-21 01:35 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-07-18 23:07 - 2011-07-18 23:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2011-09-21 22:46 - 2011-09-21 22:46 - 01673728 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

admin (S-1-5-21-2423286125-108942895-335680897-1003 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2423286125-108942895-335680897-500 - Administrator - Disabled)
Gast (S-1-5-21-2423286125-108942895-335680897-501 - Limited - Enabled) => C:\Users\Gast
marius (S-1-5-21-2423286125-108942895-335680897-1001 - Limited - Enabled) => C:\Users\Marius

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/21/2014 01:46:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (10/21/2014 01:43:09 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (10/21/2014 01:43:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (10/21/2014 01:43:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (10/21/2014 01:43:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (10/21/2014 01:42:06 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (10/21/2014 01:41:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (10/21/2014 01:32:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (10/21/2014 01:31:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (10/21/2014 01:31:55 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.


System errors:
=============
Error: (10/21/2014 09:31:17 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (10/21/2014 09:31:17 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (10/21/2014 01:31:50 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (10/21/2014 01:31:50 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (10/21/2014 01:29:42 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (10/21/2014 01:29:42 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (10/20/2014 06:50:00 PM) (Source: DCOM) (EventID: 10010) (User: MAIUS-PC)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (10/20/2014 06:41:13 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (10/20/2014 06:41:13 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (08/20/2014 05:32:59 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


Microsoft Office Sessions:
=========================
Error: (10/21/2014 01:46:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (10/21/2014 01:43:09 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\admin\Desktop\esetsmartinstaller_deu.exe

Error: (10/21/2014 01:43:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\admin\Desktop\esetsmartinstaller_deu.exe

Error: (10/21/2014 01:43:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\admin\Desktop\esetsmartinstaller_deu.exe

Error: (10/21/2014 01:43:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\admin\Desktop\esetsmartinstaller_deu.exe

Error: (10/21/2014 01:42:06 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\admin\Desktop\esetsmartinstaller_deu.exe

Error: (10/21/2014 01:41:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Marius\Desktop\esetsmartinstaller_deu.exe

Error: (10/21/2014 01:32:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Marius\Desktop\esetsmartinstaller_deu.exe

Error: (10/21/2014 01:31:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Marius\Desktop\esetsmartinstaller_deu.exe

Error: (10/21/2014 01:31:55 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Marius\Desktop\esetsmartinstaller_deu.exe


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 51%
Total physical RAM: 8097.37 MB
Available physical RAM: 3928.01 MB
Total Pagefile: 10081.37 MB
Available Pagefile: 5393.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:217.78 GB) (Free:39.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 768E35E4)

Partition: GPT Partition Type.

==================== End Of Log ============================

Beste Grüße,
Nathius

schrauber · 22.10.2014, 07:15

Java updaten. Temps leeren mit CCleaner oder Boardmitteln.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

21.08.2014, 10:56	#8
schrauber /// the machine /// TB-Ausbilder	Windows 8.0 - RocketTab in Symbolleiste; (falsches Installationsdatum der Dropbox) und auffinden mehrerer ungewollter Programme ESET scant ja auch den PC ansich auf Reste. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows 8.0 - RocketTab in Symbolleiste; (falsches Installationsdatum der Dropbox) und auffinden mehrerer ungewollter Programme

Log-Analyse und Auswertung: Windows 8.0 - RocketTab in Symbolleiste; (falsches Installationsdatum der Dropbox) und auffinden mehrerer ungewollter Programme