| |  Windows 8.0 - RocketTab in Symbolleiste; (falsches Installationsdatum der Dropbox) und auffinden mehrerer ungewollter Programme
 Guten Abend allerseits,
Ich habe heute Vormittag in meiner Symbolleiste ein mir unbekanntes Symbol entdeckt. On-Mouse-Over ergab
den Namen RocketTab - ein Programm das ich sicher nicht absichtlich auf meinen PC geladen habe. Ich habe
das Programm in der Liste der installierten Programme entdeckt: ich hätte es angeblich vor mehreren Tagen
installiert. Außerdem hat sich in der Liste meine Dropbox als gestern installiert angezeigt, was mir auch
spanisch vor kam. Mein Virenscanner (McAfee) hatte im Quicksearch nichts gefunden. Es gab also bisher
keine wirklichen Symptome, ich möchte aber sicher gehen, dass ich clean bin.
Ich habe hier im Forum Beiträge über RocketTab gefunden, und angefangen der Anweisung zu folgen. Als
erstes Malwarebytes.
Hier das log: Zitat: Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 14.08.2014
Scan Time: 11:46:47
Logfile: scan_log.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.14.03
Rootkit Database: v2014.08.04.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 8
CPU: x64
File System: NTFS
User: admin
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374046
Time Elapsed: 22 min, 41 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 11
PUP.Optional.FindRight.A, HKU\S-1-5-21-2423286125-108942895-335680897-1003-{ED1FC765-E35E-4C3D-BF15-
2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2C774641-5504-46A8-B63F-
6715AE3FE376}, Quarantined, [5a21448292e9b2842b5915581be7cc34],
PUP.Optional.FindRight.A, HKU\S-1-5-21-2423286125-108942895-335680897-1003-{ED1FC765-E35E-4C3D-BF15-
2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2C774641-5504-46A8-B63F-
6715AE3FE376}, Quarantined, [5a21448292e9b2842b5915581be7cc34],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-
49120163DE86}, Quarantined, [cfac7155e29991a5432178b3d62e32ce],
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, Quarantined,
[334856705c1fae88b89386ae10f4c838],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-
4226-BDF6-49120163DE86}, Quarantined, [6813e4e23843b383a8bc1c0f17ed44bc],
PUP.Optional.BrowserSafeGuard, HKU\S-1-5-21-2423286125-108942895-335680897-1001-{ED1FC765-E35E-4C3D-BF15
-2C2B11260CE4}-0\SOFTWARE\BrowserSafeguard, Quarantined, [6e0d7d49e8933204dc66e2f912f003fd],
PUP.Optional.BrowserSafeGuard.A, HKU\S-1-5-21-2423286125-108942895-335680897-1001-{ED1FC765-E35E-4C3D-
BF15-2C2B11260CE4}-0\SOFTWARE\BrowserSafeguardInstalled, Quarantined, [e5962c9ae893290d003b8561c83a8b75],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2423286125-108942895-335680897-1003-{ED1FC765-E35E-4C3D-BF15-
2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [3249299dabd01521c0dd4cbdf70c5aa6],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2423286125-108942895-335680897-1003-{ED1FC765-E35E-4C3D-BF15-
2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [a5d6f5d194e71521a312819e9a6a44bc],
PUP.Optional.Updater.A, HKU\S-1-5-21-2423286125-108942895-335680897-1003-{ED1FC765-E35E-4C3D-BF15-
2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Digital Sites, Quarantined,
[88f33c8a0f6c32048c48a033f30f9868],
PUP.Optional.BrowserSafeGuard, HKU\S-1-5-21-2423286125-108942895-335680897-1001-{ED1FC765-E35E-4C3D-BF15
-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BrowserSafeguard, Quarantined,
[6b108d3998e36bcb7fd15b7d0bf734cc],
Registry Values: 3
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2423286125-108942895-335680897-1003-{ED1FC765-E35E-4C3D-BF15-
2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0B1G1O1S0V1G1F, Quarantined, [a5d6f5d194e71521a312819e9a6a44bc]
PUP.Optional.BrowserSafeGuard, HKU\S-1-5-21-2423286125-108942895-335680897-1001-{ED1FC765-E35E-4C3D-BF15
-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BrowserSafeguard, "C:\Users\******
\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe", Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc]
PUP.Optional.BrowserSafeGuard, HKU\S-1-5-21-2423286125-108942895-335680897-1001-{ED1FC765-E35E-4C3D-BF15
-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BrowserSafeguard Update Task, "C:\Users
\******\AppData\Local\BrowserSafeguard\uninstall.BrowserSafeguard.exe" /CheckUpdate=true, Quarantined,
[6b108d3998e36bcb7fd15b7d0bf734cc]
Registry Data: 7
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:
\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?
type=sc&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991, Good:
(iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?
type=sc&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991),Replaced,
[d9a23591c3b896a08fcc25aab153916f]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL,
hxxp://www.sweet-page.com/web/?
type=ds&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991&q={searchTerms},
Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/web/?
type=ds&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991&q=
{searchTerms}),Replaced,[27549b2bc5b65fd74c1112bd52b247b9]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-
page.com/web/?type=ds&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991&q=
{searchTerms}, Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/web/?
type=ds&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991&q=
{searchTerms}),Replaced,[fe7db115cfac4fe7d36a418307fd02fe]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN
\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?
type=sc&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991, Good:
(iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?
type=sc&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991),Replaced,
[e596ba0c36455cda6dee735c8b79b34d]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL,
hxxp://www.sweet-page.com/web/?
type=ds&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991&q={searchTerms},
Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/web/?
type=ds&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991&q=
{searchTerms}),Replaced,[afcc85411d5e0135a7b613bc1ee6639d]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page,
hxxp://www.sweet-page.com/web/?
type=ds&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991&q={searchTerms},
Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/web/?
type=ds&ts=1392246756&from=cor&uid=SAMSUNGXSSDXSM841XmSATAX256GB_S131NYADB00991B00991&q=
{searchTerms}),Replaced,[8af1982e1962ed498eaf05bf6b9935cb]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope,
{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-
99AF-4226-BDF6-49120163DE86}),Replaced,[a7d4bf07215a0135817538965ea645bb]
Folders: 3
PUP.Optional.Updater.A, C:\Users\admin\AppData\Roaming\DigitalSites\UpdateProc, Quarantined,
[88f33c8a0f6c32048c48a033f30f9868],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard, Quarantined,
[6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\Resources, Quarantined,
[6b108d3998e36bcb7fd15b7d0bf734cc],
Files: 24
PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, Quarantined,
[6813c402dba08babcf1d4229e81912ee],
PUP.Optional.SkyTech.A, C:\Users\admin\AppData\Roaming\sweet-page\QQBrowserFrame.dll, Quarantined,
[3f3c24a24b30f3433606ae84d7296e92],
PUP.Optional.SkyTech.A, C:\Users\admin\AppData\Local\Temp\is357113909\178129994_stp\Feb09sweetpage.exe,
Quarantined, [057600c61e5d3ef8f54c3829b44d3cc4],
PUP.Optional.FindRight.A, C:\Users\admin\AppData\Local\Temp\is357113909\178130053_stp\FindRightSetup.exe,
Quarantined, [b6c544828deed16503996334b05417e9],
PUP.Optional.SkyTech.A, C:\Users\admin\AppData\Local\Temp\fullpackage_temp1392246703\package1.zip,
Quarantined, [fd7e735368139e981f1d77bb02fe57a9],
PUP.Optional.SkyTech.A, C:\Users\admin\AppData\Local\Temp\fullpackage_temp1392246703\QQBrowserFrame.dll,
Quarantined, [b6c56f57750646f061dbe84a2fd1de22],
PUP.Optional.WpManager, C:\Users\admin\AppData\Local\Temp\fullpackage_temp1392246703\tmp\wpm.exe,
Quarantined, [5b20fbcb13687bbb6f7dde8d10f15fa1],
PUP.Optional.Updater.A, C:\Users\admin\AppData\Roaming\DigitalSites\UpdateProc\config.dat, Quarantined,
[88f33c8a0f6c32048c48a033f30f9868],
PUP.Optional.Updater.A, C:\Users\admin\AppData\Roaming\DigitalSites\UpdateProc\info.dat, Quarantined,
[88f33c8a0f6c32048c48a033f30f9868],
PUP.Optional.Updater.A, C:\Users\admin\AppData\Roaming\DigitalSites\UpdateProc\prod.dat, Quarantined,
[88f33c8a0f6c32048c48a033f30f9868],
PUP.Optional.Updater.A, C:\Users\admin\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe,
Quarantined, [88f33c8a0f6c32048c48a033f30f9868],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe,
Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\config.dat, Quarantined,
[6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\cookies.dat, Quarantined,
[6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\makecert.exe, Quarantined,
[6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\TrustedRoot.cer,
Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard
\uninstall.BrowserSafeguard.exe, Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\Resources\certutil.exe,
Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\Resources\libnspr4.dll,
Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\Resources\libplc4.dll,
Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\Resources\libplds4.dll,
Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\Resources\nss3.dll,
Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\Resources\smime3.dll,
Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc],
PUP.Optional.BrowserSafeGuard, C:\Users\******\AppData\Local\BrowserSafeguard\Resources\softokn3.dll,
Quarantined, [6b108d3998e36bcb7fd15b7d0bf734cc],
Physical Sectors: 0
(No malicious items detected)
(end)
| Anschließend habe ich mich mit den Forenregeln beschäftigt und die weiteren Scans laufen lassen.
Defogger: Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:59 on 14/08/2014 (admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
| FRST: Zitat:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2014 01
Ran by admin (administrator) on MAIUS-PC on 14-08-2014 20:13:09
Running from C:\Users\******\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-
tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-
tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-
recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL
\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcupdmgr.exe
(McAfee, Inc.) C:\Program Files\mcafee\mqs\QcShm.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcinfo.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\msm\McSmtFwk.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dropbox, Inc.) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\mcods.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\Core\mchost.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
() C:\Users\******\Desktop\Defogger.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The
file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-06]
(Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-05] (Realtek
Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-05]
(Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3049200 2013-05-14] (Synaptics
Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
[286704 2013-05-08] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth
\btmshellex.dll",TrayApp
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25]
(McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904
2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes
Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent
\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-
4FAFCB61972D}\Icon09DB8A851.exe ()
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: DBARFileBackuped -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows
\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: DBARFileNotBackuped -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows
\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to
default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startseite24.net
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {362175DD-2B68-4001-A277-B558F342098B} URL =
hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKLM - {362175DD-2B68-4001-A277-B558F342098B} URL = hxxp://www.startseite24.net/?q=
{searchTerms}
SearchScopes: HKLM - {90BB64F5-8335-4872-B575-0DEB6C419345} URL = hxxp://www.bing.com/search?q=
{searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {90BB64F5-8335-4872-B575-0DEB6C419345} URL = hxxp://www.bing.com/search?q=
{searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKCU - DefaultScope {362175DD-2B68-4001-A277-B558F342098B} URL =
hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKCU - {362175DD-2B68-4001-A277-B558F342098B} URL = hxxp://www.startseite24.net/?q=
{searchTerms}
SearchScopes: HKCU - {90BB64F5-8335-4872-B575-0DEB6C419345} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java
\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java
\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF
Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files
(x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files
(x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files
(x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc
\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files
(x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yk75s72c.default
FF Homepage: hxxp://www.startseite24.net
FF Keyword.URL: hxxp://www.startseite24.net/?q=
FF SearchEngineOrder.1: Websuche
FF SelectedSearchEngine: Websuche
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files
\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin
\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
(Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program
Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files
\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin
\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel
\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R)
Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin
\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin
\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo
Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll
(Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update
\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update
\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program
Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe
Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program
Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yk75s72c.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems
Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
(Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yk75s72c.default\searchplugins
\search_engine_trovi.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files
(x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect
\FFPDFArchitectExt [2014-03-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-12-24]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not
be moved unless listed separately.)
S2 0305491405441979mcinstcleanup; C:\Windows\TEMP\030549~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-11-11]
(Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30]
(McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344
2013-05-08] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe
[731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client
\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth
\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [668984 2013-03-01] (Intel Corporation)
R2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-
03-14] ()
S3 iumsvc; c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
[169432 2013-05-14] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12]
(Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12]
(Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30]
(McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30]
(McAfee, Inc.)
R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30]
(McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30]
(McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30]
(McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee,
Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30]
(McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04
-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08]
(pdfforge GmbH)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek
Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1911312 2013-08-30]
(SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel®
Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not
be moved unless listed separately.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [104960 2012-07-07] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-03-25] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources,
Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S0 hswultpep; C:\Windows\System32\drivers\hswultpep.sys [62968 2013-02-09] (Intel Corporation)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24056 2013-02-09] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99832 2013-02-09] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [84472 2013-02-09] (Intel Corporation)
S3 iaLPSS_UART; C:\Windows\System32\drivers\iaLPSS_UART.sys [142840 2013-02-09] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [86472 2013-04-25] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2013-03-01] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-03-14] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-14] (Malwarebytes
Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes
Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99800 2013-05-14] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3648480 2013-10-08] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft
Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft
Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2013-05-14] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-07-15] ()
U0 ykmpb; C:\Windows\System32\drivers\oklmire.sys [79064 2014-08-14] (Malwarebytes Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could
be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-14 20:13 - 2014-08-14 20:13 - 00024272 _____ () C:\Users\******\Desktop\FRST.txt
2014-08-14 20:13 - 2014-08-14 20:13 - 00000000 ____D () C:\FRST
2014-08-14 20:11 - 2014-08-14 20:11 - 02100224 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-08-14 19:59 - 2014-08-14 19:59 - 00000472 _____ () C:\Users\******\Desktop\defogger_disable.log
2014-08-14 19:59 - 2014-08-14 19:59 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-08-14 19:56 - 2014-08-14 19:56 - 00050477 _____ () C:\Users\******\Desktop\Defogger.exe
2014-08-14 19:20 - 2014-08-14 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu
\Programs\McAfee
2014-08-14 12:11 - 2014-08-14 12:11 - 00079064 _____ (Malwarebytes Corporation) C:\Windows
\system32\Drivers\oklmire.sys
2014-08-14 11:44 - 2014-08-14 11:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows
\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 11:39 - 2014-08-14 11:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-
Malware.lnk
2014-08-14 11:39 - 2014-08-14 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu
\Programs\ Malwarebytes Anti-Malware
2014-08-14 11:39 - 2014-08-14 11:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 11:39 - 2014-08-14 11:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-14 11:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows
\system32\Drivers\mbamchameleon.sys
2014-08-14 11:39 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows
\system32\Drivers\mwac.sys
2014-08-14 11:39 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows
\system32\Drivers\mbam.sys
2014-08-14 11:22 - 2014-08-14 12:23 - 00000000 ____D () C:\Users\******\AppData\Roaming\vlc
2014-08-14 11:21 - 2014-08-14 11:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\******\Desktop
\mbam-setup-2.0.2.1012.exe
2014-08-14 11:21 - 2014-08-14 11:21 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-14 11:21 - 2014-08-14 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu
\Programs\VideoLAN
2014-08-14 11:20 - 2014-08-14 11:20 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-11 22:01 - 2014-08-11 22:39 - 00000000 ____D () C:\Users\******\AppData\Roaming\Mp3tag
2014-08-11 22:00 - 2014-08-11 22:00 - 00000981 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-08-11 22:00 - 2014-08-11 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu
\Programs\Mp3tag
2014-08-11 22:00 - 2014-08-11 22:00 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-08-08 20:26 - 2014-08-08 20:26 - 00001851 _____ () C:\Users\Public\Desktop\JabRef 2.10.lnk
2014-08-08 20:26 - 2014-08-08 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu
\Programs\JabRef
2014-08-08 20:26 - 2014-08-08 20:26 - 00000000 ____D () C:\Program Files (x86)\JabRef
2014-08-06 00:07 - 2014-05-15 03:02 - 00059424 _____ (Microsoft Corporation) C:\Windows
\system32\wuauclt.exe
2014-08-06 00:07 - 2014-05-15 00:43 - 03286528 _____ (Microsoft Corporation) C:\Windows
\system32\wuaueng.dll
2014-08-06 00:07 - 2014-05-15 00:43 - 01623040 _____ (Microsoft Corporation) C:\Windows
\system32\wucltux.dll
2014-08-06 00:07 - 2014-05-15 00:43 - 00253440 _____ (Microsoft Corporation) C:\Windows
\system32\WUSettingsProvider.dll
2014-08-06 00:07 - 2014-05-15 00:42 - 00176640 _____ (Microsoft Corporation) C:\Windows
\system32\storewuauth.dll
2014-07-25 18:59 - 2014-07-25 18:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-15 21:14 - 2014-07-15 21:14 - 00000000 ____D () C:\Users\******\AppData\Local\Adobe
2014-07-15 21:04 - 2014-07-15 21:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu
\Programs\Adobe Reader XI.lnk
2014-07-15 21:04 - 2014-07-15 21:04 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-07-15 21:03 - 2014-07-15 21:15 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-15 21:03 - 2014-07-15 21:03 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-15 09:44 - 2014-07-15 09:44 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-14 20:13 - 2014-08-14 20:13 - 00024272 _____ () C:\Users\******\Desktop\FRST.txt
2014-08-14 20:13 - 2014-08-14 20:13 - 00000000 ____D () C:\FRST
2014-08-14 20:11 - 2014-08-14 20:11 - 02100224 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-08-14 20:07 - 2014-02-16 13:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-14 20:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-14 19:59 - 2014-08-14 19:59 - 00000472 _____ () C:\Users\******\Desktop\defogger_disable.log
2014-08-14 19:59 - 2014-08-14 19:59 - 00000000 _____ () C:\Users\admin\defogger_reenable
2014-08-14 19:59 - 2014-02-11 09:41 - 00000000 ____D () C:\Users\admin
2014-08-14 19:56 - 2014-08-14 19:56 - 00050477 _____ () C:\Users\******\Desktop\Defogger.exe
2014-08-14 19:42 - 2014-05-10 02:45 - 00001136 _____ () C:\Windows\Tasks
\GoogleUpdateTaskMachineUA1cf6be922e07b1a.job
2014-08-14 19:41 - 2013-12-24 07:18 - 01932837 _____ () C:\Windows\WindowsUpdate.log
2014-08-14 19:20 - 2014-08-14 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu
\Programs\McAfee
2014-08-14 19:18 - 2014-02-26 18:34 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-14 19:18 - 2014-02-10 23:10 - 00000000 ___RD () C:\Users\******\Dropbox
2014-08-14 19:18 - 2014-02-10 23:07 - 00000000 ____D () C:\Users\******\AppData\Roaming\Dropbox
2014-08-14 12:23 - 2014-08-14 11:22 - 00000000 ____D () C:\Users\******\AppData\Roaming\vlc
2014-08-14 12:16 - 2014-02-10 23:06 - 00000000 ____D () C:\Users\******\Desktop\setups
2014-08-14 12:15 - 2014-02-13 01:11 - 00000310 _____ () C:\Windows\Tasks\Digital Sites.job
2014-08-14 12:11 - 2014-08-14 12:11 - 00079064 _____ (Malwarebytes Corporation) C:\Windows
\system32\Drivers\oklmire.sys
2014-08-14 12:11 - 2014-02-13 01:13 - 00000000 ____D () C:\ProgramData\WPM
2014-08-14 12:11 - 2014-02-13 01:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\sweet-page
2014-08-14 12:11 - 2014-02-13 01:11 - 00000000 ____D () C:\Users\admin\AppData\Roaming\DigitalSites
2014-08-14 12:11 - 2012-07-26 10:18 - 00000000 ____D () C:\Windows\DigitalLocker
2014-08-14 11:53 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-14 11:50 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-14 11:45 - 2014-08-14 11:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows
\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 11:39 - 2014-08-14 11:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-
Malware.lnk
2014-08-14 11:39 - 2014-08-14 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu
\Programs\ Malwarebytes Anti-Malware
2014-08-14 11:39 - 2014-08-14 11:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 11:39 - 2014-08-14 11:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-14 11:21 - 2014-08-14 11:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\******\Desktop
\mbam-setup-2.0.2.1012.exe
2014-08-14 11:21 - 2014-08-14 11:21 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-14 11:21 - 2014-08-14 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu
\Programs\VideoLAN
2014-08-14 11:20 - 2014-08-14 11:20 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-08-14 05:27 - 2014-02-12 23:01 - 00000000 ____D () C:\Users\******\AppData\Local\CrashDumps
2014-08-13 13:34 - 2014-02-10 23:10 - 00000984 _____ () C:\Users\******\Desktop\Dropbox.lnk
2014-08-13 13:34 - 2014-02-10 23:07 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft
\Windows\Start Menu\Programs\Dropbox
2014-08-11 22:39 - 2014-08-11 22:01 - 00000000 ____D () C:\Users\******\AppData\Roaming\Mp3tag
2014-08-11 22:00 - 2014-08-11 22:00 - 00000981 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-08-11 22:00 - 2014-08-11 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu
\Programs\Mp3tag
2014-08-11 22:00 - 2014-08-11 22:00 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-08-11 20:09 - 2014-02-13 00:44 - 00000349 _____ () C:\Users\******\.dsa4.properties
2014-08-08 20:26 - 2014-08-08 20:26 - 00001851 _____ () C:\Users\Public\Desktop\JabRef 2.10.lnk
2014-08-08 20:26 - 2014-08-08 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu
\Programs\JabRef
2014-08-08 20:26 - 2014-08-08 20:26 - 00000000 ____D () C:\Program Files (x86)\JabRef
2014-08-08 20:25 - 2014-05-20 11:52 - 00000000 ____D () C:\Users\******\Documents\Bibliographix 10
2014-08-07 20:19 - 2014-02-10 15:58 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu
Cache Files-S-1-5-21-2423286125-108942895-335680897-1001
2014-08-05 20:06 - 2014-02-10 15:13 - 00000000 ____D () C:\Users\******\AppData\Local\Packages
2014-07-27 23:43 - 2014-02-10 15:59 - 00000000 ____D () C:\Users\******\AppData\Local\Thunderbird
2014-07-25 18:59 - 2014-07-25 18:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-25 18:44 - 2014-06-20 15:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-25 18:44 - 2014-02-10 15:59 - 00002100 _____ () C:\ProgramData\Microsoft\Windows\Start Menu
\Programs\Mozilla Thunderbird.lnk
2014-07-25 18:44 - 2014-02-10 15:59 - 00002088 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-07-25 18:44 - 2014-02-10 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance
Service
2014-07-20 22:24 - 2012-07-26 12:27 - 00754172 _____ () C:\Windows\system32\perfh007.dat
2014-07-20 22:24 - 2012-07-26 12:27 - 00156362 _____ () C:\Windows\system32\perfc007.dat
2014-07-20 22:24 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-19 21:01 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-16 00:14 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-07-15 21:15 - 2014-07-15 21:03 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-15 21:14 - 2014-07-15 21:14 - 00000000 ____D () C:\Users\******\AppData\Local\Adobe
2014-07-15 21:14 - 2014-02-10 15:13 - 00000000 ____D () C:\Users\******\AppData\Roaming\Adobe
2014-07-15 21:04 - 2014-07-15 21:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu
\Programs\Adobe Reader XI.lnk
2014-07-15 21:04 - 2014-07-15 21:04 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-07-15 21:03 - 2014-07-15 21:03 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-15 18:32 - 2013-12-24 07:32 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-07-15 09:44 - 2014-07-15 09:44 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery
2014-07-15 09:44 - 2013-12-24 07:33 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-07-15 09:44 - 2013-12-24 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu
\Programs\Dell
2014-07-15 09:41 - 2014-02-10 15:12 - 00094656 _____ (CACE Technologies) C:\Windows
\system32\WPRO_41_2001woem.tmp
2014-07-15 09:41 - 2013-12-24 07:39 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-07-15 09:41 - 2013-12-24 07:14 - 00026186 _____ () C:\Windows\PFRO.log
2014-07-15 09:41 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\AskSLib.dll
C:\Users\admin\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\admin\AppData\Local\Temp\sqlite3.exe
C:\Users\admin\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\admin\AppData\Local\Temp\xmlUpdater.exe
C:\Users\******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-
3e3e7ecf0d81}.tmpzle7hr.dll
C:\Users\******\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\******\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\******\AppData\Local\Temp\sqlite3.exe
C:\Users\******\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite75081.dll
C:\Users\******\AppData\Local\Temp\vpnclient_setup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-11 21:26
==================== End Of Log ============================
| addition: Zitat:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2014 01
Ran by admin at 2014-08-14 20:14:37
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware
programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor
Pavlov)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute
Software)
ActivePerl 5.16.3 Build 1603 (64-bit) (HKLM\...\{8C327061-E39D-4696-84A8-E84533ADDD7D}) (Version:
5.16.1603 - ActiveState)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe
Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version:
11.0.07 - Adobe Systems Incorporated)
Bibliographix 8 (HKLM-x32\...\Bibliographix 8_is1) (Version: - Bibliographix GbR)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 -
Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49})
(Version: 1.6.0.3 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.0.3 - Dell
Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell
Products, LP)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.5.0.42 - Synaptics Incorporated)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel Anti-Theft Discovery App (HKLM-x32\...\{707248B9-2D34-4D77-A5C6-2A8A54848E5A}) (Version: 1.1.0.7 -
Intel Corporation)
Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420})
(Version: 1.9.0.8 - Intel)
Intel(R) Experience Center Driver (Version: 1.9.0.8 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version:
9.5.2.1489 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3145
- Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.1.1.0084 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1304-
148929CC1385}) (Version: 3.0.1304.0338 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version:
3.0.0.1008 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001
- Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.5.4.1001 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573})
(Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Smart Connect Technology 4.1 x64 (HKLM\...\{1EF24D7D-7B14-4EBA-A686-9E91C9C6763D}) (Version:
4.1.40.2143 - Intel)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel
Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 -
Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
JabRef 2.10 (HKLM-x32\...\JabRef 2.10) (Version: 2.10 - JabRef Team)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version:
2.0.2.1012 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 -
Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8})
(Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version:
4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-
22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-
87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-
6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-
68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.0 (x86 de)) (Version: 31.0 -
Mozilla)
Mp3tag v2.62 (HKLM-x32\...\Mp3tag) (Version: v2.62 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.3.1.0 - NXP Semiconductors)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache
Software Foundation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge
GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software
Products Ltd)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
R for Windows 3.1.1 (HKLM\...\R for Windows 3.1.1_is1) (Version: 3.1.1 - R Core Team)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:
6.0.1.6966 - Realtek Semiconductor Corp.)
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.501 - RStudio)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Texmaker (HKLM-x32\...\Texmaker) (Version: - )
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
XMind 2013 (v3.4.1) (HKLM-x32\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)
Zip Opener Packages (HKCU\...\Zip Opener Packages) (Version: - ) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be
moved.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-
C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-
CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox,
Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-
CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox,
Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-
CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox,
Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-
CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox,
Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-
CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox,
Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-
CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox,
Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-
CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox,
Inc.)
CustomCLSID: HKU\S-1-5-21-2423286125-108942895-335680897-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-
CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox,
Inc.)
==================== Restore Points =========================
26-07-2014 22:59:33 Geplanter Prüfpunkt
05-08-2014 22:06:15 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be
listed separately to be moved.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain
\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1C9EEE91-C928-4215-BED7-028DFFE007DD} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 =>
C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS
\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3E411475-1ED6-4F03-BDA3-ED1C7C24058D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-
Logon => c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {4AFD7D1C-C8A6-4D14-8831-BF9E72747373} - System32\Tasks\Intel® Rapid Start Technology Manager =>
C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-03-01] (Intel)
Task: {5D8BBF55-33C6-4684-BBAD-4A9397F786F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows
\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {621296FC-F2E2-4370-BEC9-ACAF72F6F9DE} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program
Files\My Dell\uaclauncher.exe [2013-08-22] (PC-Doctor, Inc.)
Task: {673EBA73-1691-406A-919A-BE75D6473EC9} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {84B394E4-1930-48DD-9388-43EDFC4CFD63} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6be922e07b1a =>
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation =>
Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B5729544-BA28-444A-9EE5-005070A62032} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My
Dell\sessionchecker.exe [2013-08-22] (PC-Doctor, Inc.)
Task: {C0A0F6C0-B406-4DD2-9998-061205E7ED07} - System32\Tasks\Digital Sites => C:\Users\admin\AppData
\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {C564D97C-CAB3-4389-B8D9-7AE9CB4A5049} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB =>
C:\Windows\system32\MRT.exe [2014-07-12] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData
\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience
\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EEF12551-2881-498F-B432-FFCA92096EFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program
Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-26] (Google Inc.)
Task: {FEA595F6-75C2-4DA2-99A9-E4C02EE27F94} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR
Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash
\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\admin\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
<==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update
\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6be922e07b1a.job => C:\Program Files (x86)\Google
\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-03-14 15:42 - 2013-03-14 15:42 - 00182248 _____ () c:\Program Files\Intel\Intel(R) Smart Connect
Technology Agent\iSCTAgent.exe
2013-03-14 15:42 - 2013-03-14 15:42 - 00059880 _____ () c:\Program Files\Intel\Intel(R) Smart Connect
Technology Agent\NetworkHeuristic.dll
2013-12-24 07:34 - 2013-08-19 11:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery
\Components\Shell\DBROverlayIcon.dll
2013-12-24 07:34 - 2013-08-19 11:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery
\Components\Shell\DBROverlayNotBackuped.dll
2013-12-24 07:34 - 2013-08-19 11:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery
\Components\Shell\DBRShellExtension.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-08-14 19:56 - 2014-08-14 19:56 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client
\vpnapi.dll
2013-12-24 07:28 - 2013-05-14 19:39 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management
Engine Components\LMS\ACE.dll
2014-04-10 14:30 - 2014-04-10 14:30 - 00134664 _____ () C:\Program Files (x86)\Dell Digital Delivery
\ServiceTagPlusPlus.dll
2014-08-14 19:18 - 2014-08-14 19:18 - 00043008 _____ () c:\users\*****\appdata\local\temp
\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzle7hr.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin
\libcef.dll
2014-07-25 18:59 - 2014-07-25 18:59 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00113171 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 02396691 _____ () C:\Program Files (x86)\VideoLAN\VLC
\libvlccore.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00268307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\access\libdshow_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\audio_output\libdirectsound_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00031251 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\audio_output\libwaveout_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00066579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\video_output\libdirectdraw_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 02043411 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\access\liblibbluray_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00100371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\access\libaccess_bd_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00244243 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\access\libdvdnav_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00076307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\access\libaccess_vdr_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00045587 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\access\libfilesystem_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00060947 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\stream_filter\libsmooth_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00531475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\stream_filter\libhttplive_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00708627 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\stream_filter\libdash_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00114195 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\access\libzip_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00040467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\access\libstream_filter_rar_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\stream_filter\librecord_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00133139 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\demux\libplaylist_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01512467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\meta_engine\libtaglib_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00296979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua
\liblua_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01248787 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc
\libxml_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00054291 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\control\libhotkeys_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00189971 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\demux\libmp4_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00038419 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\control\libglobalhotkeys_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00091667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\demux\libavi_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00067603 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\demux\libasf_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 11148307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui
\libqt4_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00077331 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\demux\libflacsys_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\demux\libes_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00074259 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\demux\libmpc_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00016403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\demux\libtta_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00023059 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\demux\libnuv_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00021523 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\demux\libwav_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00929299 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\demux\libsid_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00118803 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\services_discovery\libsap_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00144403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\demux\libogg_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01194003 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\demux\libmkv_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00292371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\codec\libpng_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00017939 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\codec\libcdg_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01280019 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\codec\libschroedinger_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00018451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\codec\libdts_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00336403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\codec\libtheora_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00344595 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\codec\libfaad_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00198675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\codec\libflac_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00027155 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\codec\libg711_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00015891 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\codec\libaes3_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01393171 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\codec\liblibass_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00146451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\codec\libspeex_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00022035 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\codec\liblpcm_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00733203 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\codec\libvorbis_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\codec\libmpeg_audio_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00026131 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\codec\libaraw_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00171027 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\codec\libopus_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00019475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\codec\liba52_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\codec\libspudec_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 10447379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\codec\libavcodec_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00746515 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\text_renderer\libfreetype_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\audio_mixer\libfloat_mixer_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00026643 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\sse2\libi420_yuy2_sse2_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\audio_filter\libscaletempo_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00130579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\audio_filter\libmpgatofixed32_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx
\libi420_yuy2_mmx_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00587283 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\video_filter\libswscale_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00168979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\audio_filter\libdtstofloat32_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00058899 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\audio_filter\liba52tofloat32_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00113683 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\sse2\libi420_rgb_sse2_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\sse2\libi422_yuy2_sse2_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01496083 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\audio_filter\libsamplerate_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx
\libi422_yuy2_mmx_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00019475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\audio_filter\libsimple_channel_mixer_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00053779 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx
\libi420_rgb_mmx_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00013331 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\audio_filter\liba52tospdif_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00016915 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\video_chroma\libyuy2_i422_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\audio_filter\libdtstospdif_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\video_chroma\libgrey_yuv_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\audio_filter\libdolby_surround_decoder_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\audio_filter\libugly_resampler_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00032275 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\video_chroma\libi420_rgb_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\audio_filter\libtrivial_channel_mixer_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\video_chroma\libi420_yuy2_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\audio_filter\libaudio_format_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00020499 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\video_chroma\libyuy2_i420_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00017427 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\video_chroma\libi422_yuy2_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\video_chroma\libi422_i420_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\video_filter\libscale_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\video_filter\libyuvp_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00068115 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins
\video_output\libdirect3d_plugin.dll
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will
be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be
removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable
Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/14/2014 07:18:49 PM) (Source: MsiInstaller) (EventID: 1024) (User: MAIUS-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-
7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle
erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu
sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu
erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/14/2014 00:24:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Explorer.EXE
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 000007FE69D2DA38
Error: (08/14/2014 05:34:25 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User:
)
Description: 80070005
Error: (08/14/2014 05:27:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel:
0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1478
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (08/14/2014 05:23:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: McSmtFwk.exe, Version: 4.8.704.0, Zeitstempel: 0x51f7f8d2
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000f14c80
ID des fehlerhaften Prozesses: 0x1cfc
Startzeit der fehlerhaften Anwendung: 0xMcSmtFwk.exe0
Pfad der fehlerhaften Anwendung: McSmtFwk.exe1
Pfad des fehlerhaften Moduls: McSmtFwk.exe2
Berichtskennung: McSmtFwk.exe3
Vollständiger Name des fehlerhaften Pakets: McSmtFwk.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: McSmtFwk.exe5
Error: (08/14/2014 05:00:06 AM) (Source: MsiInstaller) (EventID: 1024) (User: MAIUS-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-
7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle
erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu
sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu
erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/13/2014 02:03:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: McSmtFwk.exe, Version: 4.8.704.0, Zeitstempel: 0x51f7f8d2
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000001274c80
ID des fehlerhaften Prozesses: 0x2a4
Startzeit der fehlerhaften Anwendung: 0xMcSmtFwk.exe0
Pfad der fehlerhaften Anwendung: McSmtFwk.exe1
Pfad des fehlerhaften Moduls: McSmtFwk.exe2
Berichtskennung: McSmtFwk.exe3
Vollständiger Name des fehlerhaften Pakets: McSmtFwk.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: McSmtFwk.exe5
Error: (08/13/2014 01:34:20 PM) (Source: MsiInstaller) (EventID: 1024) (User: MAIUS-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-
7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle
erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu
sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu
erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/11/2014 10:40:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: prevhost.exe, Version: 6.2.9200.16384, Zeitstempel:
0x50109c9c
Name des fehlerhaften Moduls: XCShInfo.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x512b699e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fe5fb04c8c
ID des fehlerhaften Prozesses: 0x1a74
Startzeit der fehlerhaften Anwendung: 0xprevhost.exe0
Pfad der fehlerhaften Anwendung: prevhost.exe1
Pfad des fehlerhaften Moduls: prevhost.exe2
Berichtskennung: prevhost.exe3
Vollständiger Name des fehlerhaften Pakets: prevhost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: prevhost.exe5
Error: (08/11/2014 09:26:31 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in
Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (08/14/2014 07:18:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-
B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht
verfügbarNicht verfügbar
Error: (08/14/2014 07:18:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-
B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht
verfügbarNicht verfügbar
Error: (08/14/2014 11:01:32 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-
B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht
verfügbarNicht verfügbar
Error: (08/14/2014 11:01:32 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-
B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht
verfügbarNicht verfügbar
Error: (08/14/2014 05:48:35 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-
B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht
verfügbarNicht verfügbar
Error: (08/14/2014 05:48:35 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-
B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht
verfügbarNicht verfügbar
Error: (08/14/2014 04:59:27 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-
B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht
verfügbarNicht verfügbar
Error: (08/14/2014 04:59:27 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-
B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht
verfügbarNicht verfügbar
Error: (08/13/2014 02:58:16 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-
B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht
verfügbarNicht verfügbar
Error: (08/13/2014 02:58:16 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{6505CB19-31A0-42CF-9D95-E1A007A6E0AB}{4FC3EBED-AFCB-49C0-
B37E-63B872010746}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht
verfügbarNicht verfügbar
Microsoft Office Sessions:
=========================
Error: (08/14/2014 07:18:49 PM) (Source: MsiInstaller) (EventID: 1024) (User: MAIUS-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)
(NULL)
Error: (08/14/2014 00:24:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Explorer.EXE
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 000007FE69D2DA38
Error: (08/14/2014 05:34:25 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User:
)
Description: 80070005
Error: (08/14/2014 05:27:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-
container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b147801cfb76d1c0b699bC:
\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox
\mozalloc.dllf52435bb-2362-11e4-be83-5c514f7d3a60
Error: (08/14/2014 05:23:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description:
McSmtFwk.exe4.8.704.051f7f8d2unknown0.0.0.000000000c00000050000000000f14c801cfc01cfb707ae875472C:
\PROGRA~1\COMMON~1\McAfee\Platform\MSM\McSmtFwk.exeunknown4eb2bb0c-2362-11e4-be83-5c514f7d3a60
Error: (08/14/2014 05:00:06 AM) (Source: MsiInstaller) (EventID: 1024) (User: MAIUS-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)
(NULL)
Error: (08/13/2014 02:03:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description:
McSmtFwk.exe4.8.704.051f7f8d2unknown0.0.0.000000000c00000050000000001274c802a401cfb59a32a72d9dC:
\PROGRA~1\COMMON~1\McAfee\Platform\MSM\McSmtFwk.exeunknownc77601b5-22e1-11e4-be83-5c514f7d3a60
Error: (08/13/2014 01:34:20 PM) (Source: MsiInstaller) (EventID: 1024) (User: MAIUS-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)
(NULL)
Error: (08/11/2014 10:40:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description:
prevhost.exe6.2.9200.1638450109c9cXCShInfo.dll_unloaded0.0.0.0512b699ec0000005000007fe5fb04c8c1a7401cfb59
214b468b1C:\Windows\system32\prevhost.exeXCShInfo.dllc5298bc9-2197-11e4-be83-5c514f7d3a60
Error: (08/11/2014 09:26:31 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityprocessorArchitecturex64C:\Program Files\R\R-3.1.1\Tcl\bin64\tk85.dllC:
\Program Files\R\R-3.1.1\Tcl\bin64\tk85.dll9
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 93%
Total physical RAM: 8097.37 MB
Available physical RAM: 541.13 MB
Total Pagefile: 10844.3 MB
Available Pagefile: 2272.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:217.78 GB) (Free:42.81 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 238 GB) (Disk ID: 768E35E4)
Partition: GPT Partition Type.
==================== End Of Log ============================
| GMER:
Hier hatte ich Fehlermeldungen dass auf einzelne Dateien der Zugriff verweigert würde. Eventuell hat das
damit zu tun, dass ich nicht in der Lage war McAfee vorübergehend auszuschalten, und ich es ungern
Deinstallieren will. Auf Anweisung und mit Rückversicherung kann ich das tun. Hier das Log: Zitat:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-14 20:56:14
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000004e SAMSUNG_SSD_SM841_mSATA_256GB
rev.DXM44D0Q 238,47GB
Running: Gmer-19357.exe; Driver: C:\Users\admin\AppData\Local\Temp\fgloypog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1716] C:\Windows\system32\PSAPI.DLL!
GetProcessImageFileNameA + 306
000007fe7e7f177a 4 bytes [7F, 7E, FE, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1716] C:\Windows\system32\PSAPI.DLL!
GetProcessImageFileNameA + 314
000007fe7e7f1782 4 bytes [7F, 7E, FE, 07]
.text c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1908] C:\Windows
\SYSTEM32\MSIMG32.dll!GradientFill + 690
000007fe79441532 4 bytes [44, 79, FE, 07]
.text c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1908] C:\Windows
\SYSTEM32\MSIMG32.dll!GradientFill + 698
000007fe7944153a 4 bytes [44, 79, FE, 07]
.text c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1908] C:\Windows
\SYSTEM32\MSIMG32.dll!TransparentBlt + 246
000007fe7944165a 4 bytes [44, 79, FE, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2072] C:\Windows
\SYSTEM32\MSIMG32.dll!GradientFill + 690
000007fe79441532 4 bytes [44, 79, FE, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2072] C:\Windows
\SYSTEM32\MSIMG32.dll!GradientFill + 698
000007fe7944153a 4 bytes [44, 79, FE, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2072] C:\Windows
\SYSTEM32\MSIMG32.dll!TransparentBlt + 246
000007fe7944165a 4 bytes [44, 79, FE, 07]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2200] C:\Windows\system32\PSAPI.DLL!
GetProcessImageFileNameA + 306
000007fe7e7f177a 4 bytes [7F, 7E, FE, 07]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2200] C:\Windows\system32\PSAPI.DLL!
GetProcessImageFileNameA + 314
000007fe7e7f1782 4 bytes [7F, 7E, FE, 07]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[6156] C:\Windows\system32\psapi.dll!
GetProcessImageFileNameA + 306
000007fe7e7f177a 4 bytes [7F, 7E, FE, 07]
.text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[6156] C:\Windows\system32\psapi.dll!
GetProcessImageFileNameA + 314
000007fe7e7f1782 4 bytes [7F, 7E, FE, 07]
.text C:\Windows\Explorer.EXE[4032] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690
000007fe79441532 4 bytes [44, 79, FE, 07]
.text C:\Windows\Explorer.EXE[4032] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698
000007fe7944153a 4 bytes [44, 79, FE, 07]
.text C:\Windows\Explorer.EXE[4032] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246
000007fe7944165a 4 bytes [44, 79, FE, 07]
.text C:\Windows\Explorer.EXE[4032] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306
000007fe7e7f177a 4 bytes [7F, 7E, FE, 07]
.text C:\Windows\Explorer.EXE[4032] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314
000007fe7e7f1782 4 bytes [7F, 7E, FE, 07]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2348] C:\Windows
\system32\psapi.dll!GetProcessImageFileNameA + 306
000007fe7e7f177a 4 bytes [7F, 7E, FE, 07]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2348] C:\Windows
\system32\psapi.dll!GetProcessImageFileNameA + 314
000007fe7e7f1782 4 bytes [7F, 7E, FE, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [7308:9156]
fffff960009155e8
---- Processes - GMER 2.1 ----
Process C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\*****
\AppData\Roaming\Dropbox\bin\Dropbox.exe [6504] (FILE NOT FOUND)
0000000000400000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users
\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [6504](2014-07-30 00:20:20)
0000000004460000
Library c:\users\*****\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-
3e3e7ecf0d81}.tmpzle7hr.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
[6504](2014-08-14 17:18:39) 0000000004b30000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\*****
\AppData\Roaming\Dropbox\bin\Dropbox.exe [6504](2013-08-23 19:01:44)
000000005d500000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\*****
\AppData\Roaming\Dropbox\bin\Dropbox.exe [6504] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42)
000000005cb70000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0
unknown MBR code
---- EOF - GMER 2.1 ----
| Abschließend habe ich auch einen McAfee kompletscan durchgeführt. Leider war ich nicht in der Lage eine
log-datei zu finden. Folgende Informationen wurden mir aber angezeigt: Zitat:
Isolierte Elemente:
Element Bedrohung Entdeckt Status
VOPackage_20140624.exe RDN/Generic.dx!ddl 14.08.2014 05:28 Entdeckt
VOPackage_20140624[1].exe RDN/Generic.dx!ddl 14.08.2014 05:28 Entdeckt
jgaasetup.1.3.0[1].exe Artemis! 5DE7E3EE84A4 14.08.2014 05:29 Entdeckt
Isolierte potentiell unerwünschte Programme.
Name der Bedrohung Betroff. Elemente Entdeckt Status
Artemis!1916EF0FCBA 1 14.08.2014 05:29 Entdeckt
Speicherort:
C:\Users\****\Desktop\iLividSetup-r362-n-bf.exe
Artemis!1916EF0FCBA 1 14.08.2014 05:29 Entdeckt
Speicherort:
C:\Users\****\Desktop\iLividSetup-r362-n-bf(1).exe
Crossrider 1 14.08.2014 20:37 Entdeckt
Speicherort:
C:\Users\****\AppData\Local\Microsoft\Windows\TemporaryInternetFiles\Content.IE5\57YD7U7F
\searchproject_w_precheker[1].exe
Artemis!95D8FCE965ED 1 14.08.2014 20:37 Entdeckt
Speicherort:
C:\Users\****\AppData\Local\Microsoft\Windows\TemporaryInternetFiles
\Content.IE5\C8JXP312\ssupsetup_binstall3[1].exe
| adwcleaner: Zitat:
# AdwCleaner v3.305 - Bericht erstellt am 14/08/2014 um 22:26:05
# Aktualisiert 14/08/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : admin - MAIUS-PC
# Gestartet von : C:\Users\Marius\Desktop\adwcleaner_3.305.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\sweet-page
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yk75s72c.default\user.js
***** [ Tasks ] *****
Task Gelöscht : Digital Sites
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-
43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-
E1063801134F}]
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.17028
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yk75s72c.default\prefs.js ]
[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\7lvsfbht.default\prefs.js ]
[ Datei : C:\Users\Marius\AppData\Roaming\Mozilla\Firefox\Profiles\le41jy31.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [2487 octets] - [14/08/2014 22:24:07]
AdwCleaner[S0].txt - [2306 octets] - [14/08/2014 22:26:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2366 octets] ##########
| JRT: Zitat:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by admin on 14.08.2014 at 23:02:25,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.08.2014 at 23:13:58,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| SC-cleaner: Zitat:
Shortcut Cleaner 1.3.3 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/
Windows Version: Windows 8
Program started at: 08/14/2014 11:26:09 PM.
Scanning for registry hijacks:
* No issues found in the Registry.
Searching for Hijacked Shortcuts:
Searching C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
Searching C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
Searching C:\Users\Public\Desktop\
Searching C:\Users\admin\Desktop
0 bad shortcuts found.
Program finished at: 08/14/2014 11:26:11 PM
Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)
| Ich hoffe jetzt alles erledigt zu haben, und würde mich über Rückmeldung ob ich mich jetzt als clean ansehen kann sehr freuen.
Beste Grüße,
Nathius
|
14.08.2014, 22:45
Baum-Darstellung