| |
| |||||||
Log-Analyse und Auswertung: Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in FirewallWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.10.2014, 14:01
| #1 |
 |  Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall Die Startseite im Browser meines Administrator-Users wurde verändert zu "hxxp://search.fbdownloader.com/?channel=de" Da ich normalerweise nicht als Administrator arbeite, kann ich nicht genau sagen, wie lange die Veränderung schon besteht. Möglich, dass ein Zusammenhang mit einem Virenfund von McAfee vom 04.09.2014 besteht. Gefunden und isoliert wurde damals: 1) C:\Users\admuser\AppData\Roaming\SCheck\ntcrxinst.exe Entdeckte Bedrohung: RDN/Generic.dx!dfb (Trojaner) 2) C:\Users\admuser\AppData\Local\Temp\nsg739E.tmp\netset\ntcrxinst.exe Entdeckte Bedrohung: RDN/Generic.dx!dfb (Trojaner) 3) C:\Users\admuser\AppData\Roaming\Snz\Snz.exe Entdeckte Bedrohung: RDN/Generic.dx!dfb (Trojaner) Gefunden wurde dies beim ersten Einloggen als Admin nach der Installation von McAfee Total Protection (vorher war McAfee Internet Security installiert) Mein Virenscanner "McAfee Total Protection" hat danach nichts mehr gefunden. Aktueller Befund von quickscan.bitdefender.com: "Ihr System wurde infiziert mit Gen:Adware.Heur.lu8@Yfys1Lli." Zusatzinfo: Auch auf diesem Rechner sind 3 mir unbekannten Netzwerke unter "Firewall --> Meine Netzwerkverbindungen" eingetragen gewesen und von mir gelöscht worden, nach ein paar Tagen wieder erschienen und jetzt von mir blockiert worden. (vgl. dazu den Thread für meinen anderen Rechner: http://www.trojaner-board.de/159595-...-gefunden.html ) Außerdem zeigt der Rechner bisweilen eine starke Festplattenaktivität und es dauert insb. beim Mail-Client Thunderbird teilweise sehr lange, bis dieser reagiert. Vielen Dank schon mal vorab für eure Hilfe! Die Logs zu diesem Rechner hänge ich hier an. --defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:28 on 10/10/2014 (fbroot)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014 01
Ran by admuser (administrator) on NBNIC on 10-10-2014 14:47:31
Running from C:\Users\user1\Desktop
Loaded Profiles: admuser & user1 (Available profiles: admuser & user1 & user2 & user3 & user4 & user5 & user6)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [533872 2014-09-04] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Run: [SSync] => C:\Users\admuser\AppData\Roaming\SSync\SSync.exe [37376 2013-12-09] ()
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Run: [SCheck] => C:\Users\admuser\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Run: [Snoozer] => C:\Users\admuser\AppData\Roaming\Snz\Snz.exe [1620853 2014-09-29] ()
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Run: [DataMgr] => C:\Users\admuser\AppData\Roaming\DataMgr\DataMgr.exe [168824 2014-03-04] (HTTO Group, Ltd.)
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Run: [Intermediate] => C:\Users\admuser\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Run: [Sixth] => C:\Users\admuser\AppData\Roaming\Sixth\Sixth.exe [63624 2014-08-04] ()
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Run: [Seventh] => C:\Users\admuser\AppData\Roaming\Seventh\Seventh.exe [83648 2014-08-04] ()
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2648181823-2077256216-1403455524-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2648181823-2077256216-1403455524-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk
ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> D:\Programme\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\Users\Default.alt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\admuser\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicyUsers\S-1-5-21-2648181823-2077256216-1403455524-1021\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2648181823-2077256216-1403455524-1020\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2648181823-2077256216-1403455524-1019\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2648181823-2077256216-1403455524-1006\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2648181823-2077256216-1403455524-1005\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://wisersearch.com/?channel=de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
SearchScopes: HKCU - {9BD969E1-5957-4CFA-B27F-11F01A8CF9BF} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Simple New Tab Bho -> {5C2DD58F-613F-4580-8AC0-F10D760AF938} -> C:\Users\admuser\AppData\Local\simple_new_tab\simple_new_tab.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.110\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.110\npchrome_frame.dll (Google Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF Homepage: hxxp://wisersearch.com/?channel=de
FF Keyword.URL: hxxp://wisersearch.com/search.php?channel=de&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default\searchplugins\search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: McAfee SafeKey - C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default\Extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B} [2014-10-09]
FF Extension: Bitdefender QuickScan - C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-10-10]
FF Extension: OfferMosquito - C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default\Extensions\om@offermosquito.com.xpi [2014-04-02]
FF Extension: Simple New Tab - C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default\Extensions\snt@dotlabs.co.xpi [2013-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-08-27]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-08-27]
Chrome:
=======
CHR HomePage: Default -> http:\/\/wisersearch.com\/?channel=de
CHR StartupUrls: Default -> "http:\/\/wisersearch.com\/?channel=de"
CHR Profile: C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (Google Drive) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (Google Search) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (SiteAdvisor) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-07-18]
CHR Extension: (OfferMosquito) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk [2014-08-27]
CHR Extension: (Google Wallet) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]
CHR Extension: (Gmail) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]
CHR Extension: (Simple New Tab) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga [2014-09-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-09-25]
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2014-08-27]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-01-20] (Atheros Commnucations) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 k57nd; C:\Windows\System32\DRIVERS\k57amd64.sys [343080 2010-05-14] (Broadcom Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2014-08-26] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
U3 pxldqpod; \??\C:\Users\admuser\AppData\Local\Temp\pxldqpod.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-10 14:47 - 2014-10-10 14:48 - 00023035 _____ () C:\Users\user1\Desktop\FRST.txt
2014-10-10 13:44 - 2014-10-10 14:13 - 00000000 ____D () C:\Temp
2014-10-10 13:30 - 2014-10-10 14:47 - 00000000 ____D () C:\FRST
2014-10-10 13:29 - 2014-10-10 13:43 - 00000000 ____D () C:\Users\user1\Desktop\Protokolle
2014-10-10 13:28 - 2014-10-10 13:28 - 00000000 _____ () C:\Users\admuser\defogger_reenable
2014-10-10 13:26 - 2014-10-10 11:14 - 00380416 _____ () C:\Users\user1\Desktop\Gmer-19357.exe
2014-10-10 13:26 - 2014-10-10 11:13 - 02109952 _____ (Farbar) C:\Users\user1\Desktop\FRST64.exe
2014-10-10 13:26 - 2014-10-10 11:11 - 00050477 _____ () C:\Users\user1\Desktop\Defogger.exe
2014-10-10 10:39 - 2014-10-10 10:43 - 00000000 ____D () C:\Users\user1\AppData\Roaming\QuickScan
2014-10-10 01:18 - 2014-10-10 10:45 - 00000000 ____D () C:\Users\admuser\AppData\Roaming\QuickScan
2014-10-09 23:21 - 2014-10-09 23:21 - 00000000 ____D () C:\Users\admuser\AppData\Local\Macromedia
2014-10-04 20:55 - 2014-10-04 20:55 - 00000000 ____D () C:\Users\admuser\AppData\Roaming\Snz
2014-10-01 22:55 - 2014-08-26 12:50 - 00076064 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2014-10-01 22:55 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-10-01 08:54 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 08:54 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-25 21:09 - 2014-09-25 21:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 11:13 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 11:13 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-10 16:31 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 16:31 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 16:31 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 16:31 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 16:31 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 16:31 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 16:31 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 16:31 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 16:31 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 16:31 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 16:31 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 16:31 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 16:31 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 16:31 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 16:31 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 16:31 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 16:31 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 16:31 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 16:31 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 16:31 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 16:31 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 16:31 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 16:31 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 16:31 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 16:31 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 16:31 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 16:31 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 16:31 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 16:31 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 16:31 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 16:31 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 16:31 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 16:31 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 16:31 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 16:31 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 16:31 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 16:31 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 16:31 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 16:31 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 16:31 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 16:31 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 16:31 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 16:31 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 16:31 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 16:31 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 16:31 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 16:31 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 16:31 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 16:31 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 16:31 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 16:31 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 16:31 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 16:31 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 16:31 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 16:31 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 16:31 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 16:12 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 16:12 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 15:05 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 15:05 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 15:02 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 15:02 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 15:02 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 15:02 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 15:02 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 15:02 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 15:02 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 15:01 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 15:01 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-10 14:46 - 2011-05-23 01:13 - 01936054 _____ () C:\Windows\WindowsUpdate.log
2014-10-10 14:29 - 2014-08-27 15:46 - 00000000 __RSD () C:\Users\user1\Documents\McAfee-Tresore
2014-10-10 14:29 - 2011-08-03 15:41 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-10 14:03 - 2014-05-11 13:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6d095ccc96cc.job
2014-10-10 13:59 - 2012-04-01 16:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-10 13:28 - 2011-05-22 13:19 - 00000000 ____D () C:\Users\admuser
2014-10-10 10:46 - 2014-08-27 15:29 - 00000000 __RSD () C:\Users\admuser\Documents\McAfee-Tresore
2014-10-10 10:44 - 2014-08-27 18:41 - 00000000 ____D () C:\Users\admuser\AppData\Roaming\Seventh
2014-10-10 10:36 - 2009-07-14 06:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-10 10:36 - 2009-07-14 06:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-10 10:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-10 10:29 - 2009-07-14 06:51 - 00258159 _____ () C:\Windows\setupact.log
2014-10-09 23:05 - 2013-12-06 21:39 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-10-09 17:56 - 2013-04-25 16:36 - 00000000 ____D () C:\Users\user4\AppData\Roaming\.minecraft
2014-10-09 17:52 - 2014-08-27 15:57 - 00000000 __RSD () C:\Users\user4\Documents\McAfee-Tresore
2014-10-09 17:37 - 2014-08-28 09:25 - 00000000 __RSD () C:\Users\user2\Documents\McAfee-Tresore
2014-10-09 17:35 - 2012-04-15 20:28 - 00000000 ____D () C:\Users\user2\AppData\Roaming\Dropbox
2014-10-09 15:02 - 2010-11-21 08:50 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-10-09 15:02 - 2010-11-21 08:50 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-10-09 15:02 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-09 12:16 - 2014-08-30 16:34 - 00000000 __RSD () C:\Users\user6\Documents\McAfee-Tresore
2014-10-08 13:55 - 2014-08-31 18:43 - 00000000 __RSD () C:\Users\user3\Documents\McAfee-Tresore
2014-10-08 11:35 - 2014-08-27 16:29 - 00000000 __RSD () C:\Users\user5\Documents\McAfee-Tresore
2014-10-04 21:05 - 2012-05-28 14:00 - 00000000 ____D () C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-04 20:55 - 2014-03-14 00:31 - 00000000 ____D () C:\Users\admuser\AppData\Roaming\DataMgr
2014-10-02 09:05 - 2014-08-27 15:28 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-10-01 22:56 - 2014-08-27 15:16 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-09-30 16:01 - 2011-05-31 16:09 - 00004678 __RSH () C:\Users\user3\ntuser.pol
2014-09-30 16:01 - 2011-05-31 16:09 - 00000000 ____D () C:\Users\user3
2014-09-28 15:28 - 2012-05-28 11:08 - 00001328 __RSH () C:\Users\user5\ntuser.pol
2014-09-28 15:28 - 2012-05-28 11:08 - 00000000 ____D () C:\Users\user5
2014-09-28 14:14 - 2014-06-08 11:37 - 00001326 __RSH () C:\Users\user6\ntuser.pol
2014-09-28 14:14 - 2014-06-08 11:37 - 00000000 ____D () C:\Users\user6
2014-09-28 12:49 - 2011-05-22 22:59 - 00001108 __RSH () C:\Users\user2\ntuser.pol
2014-09-28 12:49 - 2011-05-22 22:59 - 00000000 ____D () C:\Users\user2
2014-09-27 20:13 - 2013-03-02 15:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-27 20:10 - 2011-05-22 22:28 - 00000680 __RSH () C:\Users\user1\ntuser.pol
2014-09-27 20:10 - 2011-05-22 15:22 - 00000000 ____D () C:\Users\user1
2014-09-26 19:35 - 2012-05-28 11:07 - 00004682 __RSH () C:\Users\user4\ntuser.pol
2014-09-26 19:35 - 2012-05-28 11:07 - 00000000 ____D () C:\Users\user4
2014-09-26 19:33 - 2011-05-22 16:40 - 00000680 __RSH () C:\Users\admuser\ntuser.pol
2014-09-26 19:32 - 2014-06-07 22:00 - 00000000 ____D () C:\Users\admuser\AppData\Roaming\SCheck
2014-09-26 19:32 - 2011-05-22 13:19 - 00000000 ____D () C:\Users\admuser\AppData\Local\VirtualStore
2014-09-26 09:21 - 2010-11-21 05:47 - 00411868 _____ () C:\Windows\PFRO.log
2014-09-25 21:16 - 2012-08-19 13:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 17:16 - 2012-04-01 16:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-25 14:59 - 2012-04-01 16:20 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-25 14:59 - 2011-06-04 12:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 13:26 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-24 09:26 - 2011-06-06 09:56 - 00000000 ____D () C:\Users\user2\QMS Abtei-Apotheke
2014-09-23 19:56 - 2014-06-19 17:02 - 00000000 ____D () C:\Users\user4\AppData\Roaming\edu.media.mit.Scratch2Editor
2014-09-22 17:15 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-22 17:11 - 2013-03-19 16:54 - 00000000 ____D () C:\Users\user3\Documents\Gymnasium
2014-09-22 16:09 - 2014-07-18 11:31 - 00000000 ____D () C:\Users\user4\Documents\Scratch Projects
2014-09-20 17:53 - 2013-02-19 19:41 - 00000000 ____D () C:\Windows\rescache
2014-09-18 08:36 - 2012-05-28 14:12 - 00001017 _____ () C:\Users\user2\Desktop\Dropbox.lnk
2014-09-11 15:44 - 2014-03-05 21:09 - 00000000 ____D () C:\Users\user3\AppData\Local\Google
2014-09-10 16:30 - 2011-05-22 15:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 16:29 - 2014-01-29 10:55 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 16:28 - 2013-08-11 23:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 16:13 - 2011-05-22 16:04 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 16:12 - 2014-05-06 18:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
Some content of TEMP:
====================
C:\Users\admuser\AppData\Local\Temp\ose00000.exe
C:\Users\user2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjk8m6c.dll
C:\Users\user4\AppData\Local\Temp\UnityWebPlayer7574248470200475468.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-20 17:45
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-10-2014 01
Ran by admuser at 2014-10-10 14:48:33
Running from C:\Users\user1\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.56 - Atheros Communications)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon iP4800 series Benutzerregistrierung (HKLM-x32\...\Canon iP4800 series Benutzerregistrierung) (Version: - )
Canon iP4800 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft)
DynaGeo 3.8b (HKLM-x32\...\DynaGeo_is1) (Version: - Roland Mechling)
EaseUS Partition Master 9.2.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Chrome Frame (HKLM-x32\...\{4F2EAFFD-6D9A-3804-A77B-5A450D3201F6}) (Version: 65.107.16494 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
LEGO MINDSTORMS EV3 (HKLM-x32\...\LEGO_SW.{5B0CB826-E499-4E6B-94F0-75B6327ED934}) (Version: 1.0.0 - The LEGO Group)
LEGO MINDSTORMS EV3 Home Content (x32 Version: 1.0.259 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Home deutscher Support (x32 Version: 1.0.228 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Home Edition (x32 Version: 1.0.346 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Uninstaller (x32 Version: 1.0.11 - The LEGO Group) Hidden
LEGO MINDSTORMS NXT x64 Driver (HKLM\...\{A0831C28-A6FA-49A3-86AE-B5AE3C9EE19C}) (Version: 1.20.115.0 - LEGO)
McAfee All Access – Total Protection (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version: - McAfee, Inc.) Hidden
McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.1.10 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 5.1 (x32 Version: 5.1.4001 - National Instruments) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
NI .NET Framework 4 (x32 Version: 4.00.49152 - National Instruments) Hidden
NI EulaDepot (x32 Version: 3.11.190 - National Instruments) Hidden
NI MDF Support (x32 Version: 3.11.190 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) Hidden
NI Uninstaller (x32 Version: 3.11.190 - National Instruments) Hidden
NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden
NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
Saturn Fotoservice (HKLM-x32\...\Saturn Fotoservice) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Scratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
Scratch 2 Offline Editor (HKLM-x32\...\edu.media.mit.Scratch2Editor) (Version: 404 - MIT Media Lab)
Scratch 2 Offline Editor (x32 Version: 255 - MIT Media Lab) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
XMedia Recode Version 3.1.7.6 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.6 - XMedia Recode)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2648181823-2077256216-1403455524-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2648181823-2077256216-1403455524-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2648181823-2077256216-1403455524-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2648181823-2077256216-1403455524-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00287E99-7F0D-4EA3-9A04-C293FA657C29} - System32\Tasks\Fifth => C:\Users\admuser\AppData\Roaming\Fifth\Fifth.exe [2014-05-07] () <==== ATTENTION
Task: {3F90B54B-F506-4C23-B230-843268F1FD59} - System32\Tasks\OMESupervisor => C:\Users\admuser\AppData\Local\omesuperv.exe [2014-05-07] () <==== ATTENTION
Task: {5B32EB14-B86C-46BE-86B4-179891DAEE55} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6d095ccc96cc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03] (Google Inc.)
Task: {5F2B684D-A0C0-49F0-A5C3-467824816706} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03] (Google Inc.)
Task: {948D6ABE-C8B9-4B13-BF96-B555467DB0A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6d095ccc96cc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-04-13 20:11 - 2010-04-13 20:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2014-09-10 17:49 - 2014-09-10 17:49 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\dd49b882285401662f1addb58b7d0ce6\IsdiInterop.ni.dll
2011-05-22 14:18 - 2010-04-13 09:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-09-25 21:09 - 2014-09-25 21:09 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-04 23:25 - 2014-09-04 23:25 - 01012224 _____ () C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\i0kq8f1y.default\extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B}\platform\WINNT_x86-msvc\components\mcxpcom.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\user3\Documents\Halloween.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-2648181823-2077256216-1403455524-500 - Administrator - Disabled)
admuser (S-1-5-21-2648181823-2077256216-1403455524-1000 - Administrator - Enabled) => C:\Users\admuser
user1 (S-1-5-21-2648181823-2077256216-1403455524-1003 - Limited - Enabled) => C:\Users\user1
Gast (S-1-5-21-2648181823-2077256216-1403455524-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2648181823-2077256216-1403455524-1002 - Limited - Enabled)
user3 (S-1-5-21-2648181823-2077256216-1403455524-1006 - Limited - Enabled) => C:\Users\user3
user5 (S-1-5-21-2648181823-2077256216-1403455524-1020 - Limited - Enabled) => C:\Users\user5
user2 (S-1-5-21-2648181823-2077256216-1403455524-1005 - Limited - Enabled) => C:\Users\user2
user6 (S-1-5-21-2648181823-2077256216-1403455524-1021 - Limited - Enabled) => C:\Users\user6
user4 (S-1-5-21-2648181823-2077256216-1403455524-1019 - Limited - Enabled) => C:\Users\user4
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/10/2014 10:31:42 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {901c2646-15dd-4949-91b6-670a39c6e029}
Error: (10/10/2014 10:31:42 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2648181823-2077256216-1403455524-1003.old)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {0a74d42d-f699-4cb5-857b-cf35ad93a210}
Error: (10/10/2014 10:31:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/09/2014 11:19:59 PM) (Source: MsiInstaller) (EventID: 11925) (User: nbnic)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1925.Sie besitzen keine ausreichenden Berechtigungen, um diese Installation für alle Benutzer dieses Computers auszuführen. Melden Sie sich als Administrator an, und wiederholen Sie diese Installation.
Error: (10/09/2014 08:56:22 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {3860913c-02ab-4152-a108-f1532e6bf07c}
Error: (10/09/2014 08:56:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2648181823-2077256216-1403455524-1003.old)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {c219143e-6c68-49be-afb2-473c66a1d487}
Error: (10/09/2014 08:55:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/09/2014 05:51:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2648181823-2077256216-1403455524-1003.old)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {1de3be56-a49b-4bfa-9635-033f79bda73b}
Error: (10/09/2014 05:51:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {825843b3-fab8-43ea-bb05-586fe84da3e3}
Error: (10/09/2014 05:51:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (10/10/2014 11:32:56 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{5CE786F6-9CFE-4D1E-BAE9-02508515207C}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (10/10/2014 10:44:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {211EBA3A-EA5A-496B-A021-5C6BEB365E4C}
Error: (10/09/2014 10:16:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (10/09/2014 10:47:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1062
Error: (10/09/2014 10:47:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Server" wurde mit folgendem Fehler beendet:
%%14
Error: (10/08/2014 01:54:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC}
Error: (10/08/2014 01:41:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B77C4C36-0154-4C52-AB49-FAA03837E47F}
Error: (10/07/2014 01:19:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC}
Error: (10/05/2014 05:29:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC}
Error: (10/04/2014 08:55:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC}
Microsoft Office Sessions:
=========================
Error: (10/10/2014 10:31:42 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {901c2646-15dd-4949-91b6-670a39c6e029}
Error: (10/10/2014 10:31:42 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2648181823-2077256216-1403455524-1003.old)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {0a74d42d-f699-4cb5-857b-cf35ad93a210}
Error: (10/10/2014 10:31:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/09/2014 11:19:59 PM) (Source: MsiInstaller) (EventID: 11925) (User: nbnic)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1925.Sie besitzen keine ausreichenden Berechtigungen, um diese Installation für alle Benutzer dieses Computers auszuführen. Melden Sie sich als Administrator an, und wiederholen Sie diese Installation.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/09/2014 08:56:22 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {3860913c-02ab-4152-a108-f1532e6bf07c}
Error: (10/09/2014 08:56:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2648181823-2077256216-1403455524-1003.old)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {c219143e-6c68-49be-afb2-473c66a1d487}
Error: (10/09/2014 08:55:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/09/2014 05:51:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2648181823-2077256216-1403455524-1003.old)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {1de3be56-a49b-4bfa-9635-033f79bda73b}
Error: (10/09/2014 05:51:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {825843b3-fab8-43ea-bb05-586fe84da3e3}
Error: (10/09/2014 05:51:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-10-01 22:55:13.827
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_4_6\VSC3870.tmp\vscore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-01 22:55:13.827
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_4_6\VSC3870.tmp\vscore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-01 22:55:13.827
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_4_6\VSC3870.tmp\vscore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-01 22:55:13.827
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_4_6\VSC3870.tmp\vscore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-05 21:55:18.713
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSCA6E9.tmp\vscore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-05 21:55:18.713
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSCA6E9.tmp\vscore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-05 21:55:18.713
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSCA6E9.tmp\vscore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-05 21:55:18.703
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSCA6E9.tmp\vscore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 45%
Total physical RAM: 4025.97 MB
Available physical RAM: 2187.57 MB
Total Pagefile: 5048.15 MB
Available Pagefile: 3135.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:67.47 GB) (Free:21.25 GB) NTFS
Drive d: () (Fixed) (Total:165.31 GB) (Free:92.66 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 24532453)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=67.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=165.3 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-10 14:27:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB2O 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\admuser\AppData\Local\Temp\pxldqpod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033c1000 63 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff800033c1040 13 bytes [01, 80, AC, 16, A0, F8, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[1456] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077646440 5 bytes JMP 00000001734be4b0
.text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[1456] C:\Windows\system32\kernel32.dll!LoadLibraryA 0000000077646530 5 bytes JMP 00000001734be390
---- EOF - GMER 2.1 ----
|
|
10.10.2014, 14:14
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall hi,
__________________Scan mit Combofix
__________________ |
|
10.10.2014, 17:40
| #3 |
| | Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall McAfee stuft den Download von Combofix als potenziell gefährlich ein. Wie muss ich das interpretieren?
__________________Da es vielleicht relevant ist: Als ich den Rechner vorhin herunter fahren wollte, hat das erst im zweiten Anlauf geklappt. Beim 1. Versuch hat er das abgebrochen und ist dann wieder hochgefahren. Die Meldung dazu konnte ich mir leider nicht merken. ERgänzend noch eine Frage: Vermute mal, ich soll Combofix trotzdem herunterladen und ausführen. Benötige ich dann während der Ausführung Internetzugriff. Falls nicht würde ich den trennen wollen solange die Schutzsoftware deaktiviert ist. Geändert von usoche (10.10.2014 um 18:15 Uhr) Grund: Ergänzung |
|
11.10.2014, 11:50
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall McAfee deaktivieren, aber den Rechner online lassen. Solange Du nicht sonst wo rum surfst passiert da nix.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.10.2014, 13:06
| #5 |
| | Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall Hallo, anbei das gewünschte Combofix-log. Dazu noch folgende Hinweise: 1) Die Warnung, dass es sich um ein potenziell gefährliches Programm handelt, kam von McAfee trotzdem noch, obwohl ich zum Download bereits McAfee deaktiviert hatte. 2) Danach ist Combofix ohne zu meckern durchgelaufen, hat allerdings statt der prognostizierten 10 Minuten ca. 25 Minuten benötigt und mit dem Öffnen des Log-Files verschwand die Taskleiste, d.h. eigentlich nur die Icons incl Windwos-Button. - STRG + ALT + Entf und Abbrechen führte zu schwarzem Bildschirm - STRG + ALT + Entf + Abmelden und danach wieder anmelden hat funktioniert um den Desktop inkl. Taskleiste wieder sichtbar zu machen, bekam dann aber beim Einloggen folgende Meldung: "C:\Windows\system32\GfsUI.exe Ein an das System angeschlossenes Gerät funktioniert nicht" 3) Ein automatischer Neustart ist nicht erfolgt; bin mir nach deiner Anweisung nicht sicher, ob das hätte sein sollen. Ich habe aber noch einen manuellen Neustart gemacht und danach bekam ich auch die Fehlermeldung beim Einloggen (siehe 2)) nicht mehr. --Combofix.txt Code:
ATTFilter Combofix Logfile: |
|
12.10.2014, 10:10
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall |
|
12.10.2014, 12:01
| #7 |
| | Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall Hallo Schrauber, hier kommen die gewünschten gesammelten Werke mit folgender Anmerkung: Nach dem Ausführen des JRT musste ich neu starten, da z.B. das Kontextmenu im Explorer nicht mehr funktionierte und auch ein Öffnen von Dateien nicht mehr möglich war. --mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 12.10.2014 Suchlauf-Zeit: 11:27:38 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.10.12.03 Rootkit Datenbank: v2014.10.11.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: admuser Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 639914 Verstrichene Zeit: 27 Min, 20 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 10 PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, In Quarantäne, [4390e231fe7e00367d3ae4b77290cc34], PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8DAA9564-C7BF-43E1-ADB9-17B44DA980A6}, In Quarantäne, [4390e231fe7e00367d3ae4b77290cc34], PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, In Quarantäne, [4390e231fe7e00367d3ae4b77290cc34], PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-2648181823-2077256216-1403455524-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, In Quarantäne, [4390e231fe7e00367d3ae4b77290cc34], PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-2648181823-2077256216-1403455524-1019-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, In Quarantäne, [4390e231fe7e00367d3ae4b77290cc34], PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-2648181823-2077256216-1403455524-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, In Quarantäne, [4390e231fe7e00367d3ae4b77290cc34], PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-2648181823-2077256216-1403455524-1019-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, In Quarantäne, [4390e231fe7e00367d3ae4b77290cc34], PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-2648181823-2077256216-1403455524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SimpleNewTab, In Quarantäne, [8c47eb284b313cfa1bd50d25b350db25], PUP.Optional.Softonic.A, HKU\S-1-5-21-2648181823-2077256216-1403455524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [349fdc37bac2f93de58904368d760000], PUP.Optional.Softonic.A, HKU\S-1-5-21-2648181823-2077256216-1403455524-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [9a393bd85c203afc8ae4d96145befe02], Registrierungswerte: 1 PUP.Optional.DataMgr.A, HKU\S-1-5-21-2648181823-2077256216-1403455524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DataMgr, "C:\Users\admuser\AppData\Roaming\DataMgr\DataMgr.exe", In Quarantäne, [02d1f91a88f445f1b7b01a69877d867a] Registrierungsdaten: 0 (No malicious items detected) Ordner: 9 PUP.Optional.SimpleNewTab.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga, In Quarantäne, [9d368e853c4030066ee6995db74b4ab6], PUP.Optional.SimpleNewTab.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0, In Quarantäne, [9d368e853c4030066ee6995db74b4ab6], PUP.Optional.SimpleNewTab.A, C:\Users\admuser\AppData\Local\simple_new_tab, In Quarantäne, [b91adc376b11d85ee57023d3d92923dd], PUP.Optional.SimpleNewTab.A, C:\Users\admuser\AppData\Local\simple_new_tab\htmls, In Quarantäne, [b91adc376b11d85ee57023d3d92923dd], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Roaming\OfferMosquito, In Quarantäne, [04cfbe55e5976fc7c096c03608fafa06], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk, In Quarantäne, [a42ffe15e09ce551cb8da94d15ed7b85], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0, In Quarantäne, [a42ffe15e09ce551cb8da94d15ed7b85], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\sams, In Quarantäne, [a42ffe15e09ce551cb8da94d15ed7b85], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito, In Quarantäne, [a72c8a89215bfa3c184113e39f63e61a], Dateien: 28 PUP.Optional.SimpleNewTab.A, C:\Users\admuser\AppData\Local\simple_new_tab\simple_new_tab.dll, In Quarantäne, [4390e231fe7e00367d3ae4b77290cc34], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default\extensions\om@offermosquito.com.xpi, In Quarantäne, [a92a0013c3b91e18fbf872c04bb8966a], PUP.Optional.DataMgr.A, C:\Users\admuser\AppData\Roaming\DataMgr\DataMgr.exe, In Quarantäne, [02d1f91a88f445f1b7b01a69877d867a], PUP.Optional.SimpleNewTab.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0\manifest.json, In Quarantäne, [9d368e853c4030066ee6995db74b4ab6], PUP.Optional.SimpleNewTab.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0\newtab.js, In Quarantäne, [9d368e853c4030066ee6995db74b4ab6], PUP.Optional.SimpleNewTab.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0\options.html, In Quarantäne, [9d368e853c4030066ee6995db74b4ab6], PUP.Optional.SimpleNewTab.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0\options.js, In Quarantäne, [9d368e853c4030066ee6995db74b4ab6], PUP.Optional.SimpleNewTab.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0\snt.html, In Quarantäne, [9d368e853c4030066ee6995db74b4ab6], PUP.Optional.SimpleNewTab.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0\snt.js, In Quarantäne, [9d368e853c4030066ee6995db74b4ab6], PUP.Optional.SimpleNewTab.A, C:\Users\admuser\AppData\Local\simple_new_tab\htmls\index.html, In Quarantäne, [b91adc376b11d85ee57023d3d92923dd], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\ads.js, In Quarantäne, [a42ffe15e09ce551cb8da94d15ed7b85], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\contextualClickProcessor.js, In Quarantäne, [a42ffe15e09ce551cb8da94d15ed7b85], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\country.js, In Quarantäne, [a42ffe15e09ce551cb8da94d15ed7b85], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\deferredXhr.js, In Quarantäne, [a42ffe15e09ce551cb8da94d15ed7b85], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\dependencies.js, In Quarantäne, [a42ffe15e09ce551cb8da94d15ed7b85], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\icon.png, In Quarantäne, [a42ffe15e09ce551cb8da94d15ed7b85], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\main.js, In Quarantäne, [a42ffe15e09ce551cb8da94d15ed7b85], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\manifest.json, In Quarantäne, [a42ffe15e09ce551cb8da94d15ed7b85], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\ping.js, In Quarantäne, [a42ffe15e09ce551cb8da94d15ed7b85], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\pingurl.txt, In Quarantäne, [a42ffe15e09ce551cb8da94d15ed7b85], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\rmPopup.js, In Quarantäne, [a42ffe15e09ce551cb8da94d15ed7b85], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\sams.json, In Quarantäne, [a42ffe15e09ce551cb8da94d15ed7b85], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\sss.js, In Quarantäne, [a42ffe15e09ce551cb8da94d15ed7b85], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\tracking.js, In Quarantäne, [a42ffe15e09ce551cb8da94d15ed7b85], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\utils.js, In Quarantäne, [a42ffe15e09ce551cb8da94d15ed7b85], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\sams\background.js, In Quarantäne, [a42ffe15e09ce551cb8da94d15ed7b85], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\2.4_0\sams\content.js, In Quarantäne, [a42ffe15e09ce551cb8da94d15ed7b85], PUP.Optional.OfferMosquito.A, C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx, In Quarantäne, [a72c8a89215bfa3c184113e39f63e61a], Physische Sektoren: 0 (No malicious items detected) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.311 - Bericht erstellt am 12/10/2014 um 12:13:03
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : admuser - NBNIC
# Gestartet von : C:\Users\user1\Desktop\AdwCleaner_3.311.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\admuser\AppData\Roaming\Common\LuaRT
Ordner Gelöscht : C:\Users\admuser\AppData\Roaming\DataMgr
Ordner Gelöscht : C:\Users\admuser\AppData\Roaming\Fifth
Ordner Gelöscht : C:\Users\admuser\AppData\Roaming\Intermediate
Ordner Gelöscht : C:\Users\admuser\AppData\Roaming\SCheck
Ordner Gelöscht : C:\Users\admuser\AppData\Roaming\Seventh
Ordner Gelöscht : C:\Users\admuser\AppData\Roaming\Sixth
Ordner Gelöscht : C:\Users\admuser\AppData\Roaming\Snz
Ordner Gelöscht : C:\Users\admuser\AppData\Roaming\SSync
Datei Gelöscht : C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default\Extensions\snt@dotlabs.co.xpi
Datei Gelöscht : C:\Users\user2\AppData\Roaming\Mozilla\Firefox\Profiles\ih2j2kb8.default\searchplugins\11-suche.xml
***** [ Tasks ] *****
Task Gelöscht : Fifth
Task Gelöscht : OMESupervisor
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Sixth]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Snoozer]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ssync]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\OfferMosquito
Schlüssel Gelöscht : HKCU\Software\Protector
Schlüssel Gelöscht : HKCU\Software\Softonic
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v32.0.3 (x86 de)
[ Datei : C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://wisersearch.com/search.php?channel=de&q=");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://wisersearch.com/?channel=de");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://wisersearch.com/search.php?channel=de&q=");
[ Datei : C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\i0kq8f1y.default\prefs.js ]
[ Datei : C:\Users\user3\AppData\Roaming\Mozilla\Firefox\Profiles\96dkfrg3.default\prefs.js ]
[ Datei : C:\Users\user5\AppData\Roaming\Mozilla\Firefox\Profiles\b1triv8j.default\prefs.js ]
[ Datei : C:\Users\user2\AppData\Roaming\Mozilla\Firefox\Profiles\ih2j2kb8.default\prefs.js ]
[ Datei : C:\Users\user6\AppData\Roaming\Mozilla\Firefox\Profiles\1vfy5pel.default\prefs.js ]
[ Datei : C:\Users\user4\AppData\Roaming\Mozilla\Firefox\Profiles\bcxgz2mr.default\prefs.js ]
-\\ Google Chrome v37.0.2062.124
[ Datei : C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Startup_urls] : hxxp://wisersearch.com/?channel=de
Gelöscht [Homepage] : hxxp://wisersearch.com/?channel=de
Gelöscht [Extension] : gbmdkmlcnbapgegninelmjbfibaghdmk
[ Datei : C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\user3\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\user5\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\user2\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\user6\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\user4\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4598 octets] - [12/10/2014 12:09:49]
AdwCleaner[S0].txt - [4212 octets] - [12/10/2014 12:13:03]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4272 octets] ##########
[/CODE] --JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Professional x64
Ran by admuser on 12.10.2014 at 12:32:19,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.10.2014 at 12:38:04,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014 01
Ran by admuser (administrator) on NBNIC on 12-10-2014 12:43:08
Running from C:\Users\admuser\Desktop
Loaded Profile: admuser (Available profiles: admuser & user1 & user2 & user3 & user4 & user5 & user6)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [533872 2014-09-04] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk
ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> D:\Programme\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\Users\Default.alt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\admuser\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
GroupPolicyUsers\S-1-5-21-2648181823-2077256216-1403455524-1021\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2648181823-2077256216-1403455524-1020\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2648181823-2077256216-1403455524-1019\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2648181823-2077256216-1403455524-1006\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2648181823-2077256216-1403455524-1005\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {9BD969E1-5957-4CFA-B27F-11F01A8CF9BF} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.110\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.110\npchrome_frame.dll (Google Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default
FF DefaultSearchEngine: Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: McAfee SafeKey - C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default\Extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B} [2014-10-09]
FF Extension: Bitdefender QuickScan - C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-10-10]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-08-27]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-08-27]
Chrome:
=======
CHR HomePage: Default -> http:\/\/wisersearch.com\/?channel=de
CHR StartupUrls: Default -> "http:\/\/wisersearch.com\/?channel=de"
CHR Profile: C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (Google Drive) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (Google Search) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (SiteAdvisor) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-07-18]
CHR Extension: (Google Wallet) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]
CHR Extension: (Gmail) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-09-25]
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2014-08-27]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-01-20] (Atheros Commnucations) [File not signed]
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
S2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 k57nd; C:\Windows\System32\DRIVERS\k57amd64.sys [343080 2010-05-14] (Broadcom Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2014-08-26] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 12:43 - 2014-10-12 12:44 - 00019388 _____ () C:\Users\admuser\Desktop\FRST.txt
2014-10-12 12:42 - 2014-10-10 11:13 - 02109952 _____ (Farbar) C:\Users\admuser\Desktop\FRST64.exe
2014-10-12 12:38 - 2014-10-12 12:38 - 00000626 _____ () C:\Users\admuser\Desktop\JRT.txt
2014-10-12 12:20 - 2014-10-12 12:20 - 00000000 ____D () C:\Windows\ERUNT
2014-10-12 12:19 - 2014-10-12 11:23 - 01705755 _____ (Thisisu) C:\Users\user1\Desktop\JRT.exe
2014-10-12 12:09 - 2014-10-12 12:13 - 00000000 ____D () C:\AdwCleaner
2014-10-12 12:09 - 2014-10-12 11:23 - 01375089 _____ () C:\Users\user1\Desktop\AdwCleaner_3.311.exe
2014-10-12 12:08 - 2014-10-12 12:08 - 00010660 _____ () C:\Users\user1\Desktop\mbam.txt
2014-10-12 11:26 - 2014-10-12 11:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-12 11:26 - 2014-10-12 11:26 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-12 11:25 - 2014-10-12 11:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-12 11:25 - 2014-10-12 11:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-12 11:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-12 11:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-12 11:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-11 13:39 - 2014-10-11 13:39 - 00026999 _____ () C:\ComboFix.txt
2014-10-11 13:07 - 2014-10-11 13:39 - 00000000 ____D () C:\Qoobox
2014-10-11 13:07 - 2014-10-11 13:37 - 00000000 ____D () C:\Windows\erdnt
2014-10-11 13:07 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-11 13:07 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-11 13:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-11 13:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-11 13:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-11 13:07 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-11 13:07 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-11 13:07 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-11 13:06 - 2014-10-11 13:05 - 05582481 ____R (Swearware) C:\Users\user1\Desktop\ComboFix.exe
2014-10-10 18:01 - 2014-10-10 18:01 - 00578744 _____ () C:\Windows\Minidump\101014-47252-01.dmp
2014-10-10 18:01 - 2014-10-10 18:01 - 00000000 ____D () C:\Windows\Minidump
2014-10-10 18:00 - 2014-10-10 18:00 - 528644871 ____N () C:\Windows\MEMORY.DMP
2014-10-10 13:44 - 2014-10-12 12:19 - 00000000 ____D () C:\Temp
2014-10-10 13:30 - 2014-10-12 12:43 - 00000000 ____D () C:\FRST
2014-10-10 13:28 - 2014-10-10 13:28 - 00000000 _____ () C:\Users\admuser\defogger_reenable
2014-10-10 13:26 - 2014-10-10 11:14 - 00380416 _____ () C:\Users\user1\Desktop\Gmer-19357.exe
2014-10-10 13:26 - 2014-10-10 11:13 - 02109952 _____ (Farbar) C:\Users\user1\Desktop\FRST64.exe
2014-10-10 13:26 - 2014-10-10 11:11 - 00050477 _____ () C:\Users\user1\Desktop\Defogger.exe
2014-10-10 10:39 - 2014-10-10 10:43 - 00000000 ____D () C:\Users\user1\AppData\Roaming\QuickScan
2014-10-10 01:18 - 2014-10-10 10:45 - 00000000 ____D () C:\Users\admuser\AppData\Roaming\QuickScan
2014-10-09 23:21 - 2014-10-09 23:21 - 00000000 ____D () C:\Users\admuser\AppData\Local\Macromedia
2014-10-01 22:55 - 2014-08-26 12:50 - 00076064 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2014-10-01 22:55 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-10-01 08:54 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 08:54 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-25 21:09 - 2014-09-25 21:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 11:13 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 11:13 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 12:44 - 2014-08-27 15:29 - 00000000 __RSD () C:\Users\admuser\Documents\McAfee-Tresore
2014-10-12 12:41 - 2011-08-03 15:41 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-12 12:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-12 12:41 - 2009-07-14 06:51 - 00258663 _____ () C:\Windows\setupact.log
2014-10-12 12:40 - 2011-05-23 01:13 - 02011799 _____ () C:\Windows\WindowsUpdate.log
2014-10-12 12:38 - 2009-07-14 06:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-12 12:38 - 2009-07-14 06:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 12:33 - 2014-08-27 15:46 - 00000000 __RSD () C:\Users\user1\Documents\McAfee-Tresore
2014-10-12 12:30 - 2010-11-21 05:47 - 00427950 _____ () C:\Windows\PFRO.log
2014-10-12 12:13 - 2014-03-14 00:28 - 00000000 ____D () C:\Users\admuser\AppData\Roaming\Common
2014-10-12 12:03 - 2014-05-11 13:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6d095ccc96cc.job
2014-10-12 11:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security
2014-10-12 10:59 - 2012-04-01 16:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-11 13:39 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-10-11 13:35 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-11 13:31 - 2011-05-22 15:22 - 00000000 ____D () C:\Users\user1
2014-10-11 13:03 - 2012-02-08 20:42 - 00000000 ____D () C:\Users\user1\AppData\Local\CrashDumps
2014-10-10 15:26 - 2013-02-19 19:41 - 00000000 ____D () C:\Windows\rescache
2014-10-10 13:28 - 2011-05-22 13:19 - 00000000 ____D () C:\Users\admuser
2014-10-09 23:05 - 2013-12-06 21:39 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-10-09 17:56 - 2013-04-25 16:36 - 00000000 ____D () C:\Users\user4\AppData\Roaming\.minecraft
2014-10-09 17:52 - 2014-08-27 15:57 - 00000000 __RSD () C:\Users\user4\Documents\McAfee-Tresore
2014-10-09 17:37 - 2014-08-28 09:25 - 00000000 __RSD () C:\Users\user2\Documents\McAfee-Tresore
2014-10-09 17:35 - 2012-04-15 20:28 - 00000000 ____D () C:\Users\user2\AppData\Roaming\Dropbox
2014-10-09 15:02 - 2010-11-21 08:50 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-10-09 15:02 - 2010-11-21 08:50 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-10-09 15:02 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-09 12:16 - 2014-08-30 16:34 - 00000000 __RSD () C:\Users\user6\Documents\McAfee-Tresore
2014-10-08 13:55 - 2014-08-31 18:43 - 00000000 __RSD () C:\Users\user3\Documents\McAfee-Tresore
2014-10-08 11:35 - 2014-08-27 16:29 - 00000000 __RSD () C:\Users\user5\Documents\McAfee-Tresore
2014-10-04 21:05 - 2012-05-28 14:00 - 00000000 ____D () C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-02 09:05 - 2014-08-27 15:28 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-10-01 22:56 - 2014-08-27 15:16 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-09-30 16:01 - 2011-05-31 16:09 - 00004678 __RSH () C:\Users\user3\ntuser.pol
2014-09-30 16:01 - 2011-05-31 16:09 - 00000000 ____D () C:\Users\user3
2014-09-28 15:28 - 2012-05-28 11:08 - 00001328 __RSH () C:\Users\user5\ntuser.pol
2014-09-28 15:28 - 2012-05-28 11:08 - 00000000 ____D () C:\Users\user5
2014-09-28 14:14 - 2014-06-08 11:37 - 00001326 __RSH () C:\Users\user6\ntuser.pol
2014-09-28 14:14 - 2014-06-08 11:37 - 00000000 ____D () C:\Users\user6
2014-09-28 12:49 - 2011-05-22 22:59 - 00001108 __RSH () C:\Users\user2\ntuser.pol
2014-09-28 12:49 - 2011-05-22 22:59 - 00000000 ____D () C:\Users\user2
2014-09-27 20:13 - 2013-03-02 15:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-27 20:10 - 2011-05-22 22:28 - 00000680 __RSH () C:\Users\user1\ntuser.pol
2014-09-26 19:35 - 2012-05-28 11:07 - 00004682 __RSH () C:\Users\user4\ntuser.pol
2014-09-26 19:35 - 2012-05-28 11:07 - 00000000 ____D () C:\Users\user4
2014-09-26 19:33 - 2011-05-22 16:40 - 00000680 __RSH () C:\Users\admuser\ntuser.pol
2014-09-26 19:32 - 2011-05-22 13:19 - 00000000 ____D () C:\Users\admuser\AppData\Local\VirtualStore
2014-09-25 21:16 - 2012-08-19 13:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 17:16 - 2012-04-01 16:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-25 14:59 - 2012-04-01 16:20 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-25 14:59 - 2011-06-04 12:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 13:26 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-24 09:26 - 2011-06-06 09:56 - 00000000 ____D () C:\Users\user2\QMS Abtei-Apotheke
2014-09-23 19:56 - 2014-06-19 17:02 - 00000000 ____D () C:\Users\user4\AppData\Roaming\edu.media.mit.Scratch2Editor
2014-09-22 17:15 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-22 17:11 - 2013-03-19 16:54 - 00000000 ____D () C:\Users\user3\Documents\Gymnasium
2014-09-22 16:09 - 2014-07-18 11:31 - 00000000 ____D () C:\Users\user4\Documents\Scratch Projects
2014-09-18 08:36 - 2012-05-28 14:12 - 00001017 _____ () C:\Users\user2\Desktop\Dropbox.lnk
Some content of TEMP:
====================
C:\Users\admuser\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-10 15:19
==================== End Of Log ============================
--- --- --- |
|
13.10.2014, 09:18
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in FirewallESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.10.2014, 22:16
| #9 |
| | Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall Hallo Schrauber, für mich als Laie sieht's schon mal ganz gut aus. Ich hoffe, du kannst das auch bestätigen. Hier die gewünschten Logs --ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=42b1e1da1f590d449beceba70ca3f83e
# engine=20574
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-13 08:35:58
# local_time=2014-10-13 10:35:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4085677 164862408 0 0
# scanned=280074
# found=0
# cleaned=0
# scan_time=8475
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
McAfee Anti-Virus und Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
McAfee SiteAdvisor
Java 7 Update 67
Adobe Flash Player 15.0.0.152
Adobe Reader XI
Mozilla Firefox (32.0.3)
Mozilla Thunderbird (24.6.0)
Google Chrome 37.0.2062.120
Google Chrome 37.0.2062.124
````````Process Check: objlist.exe by Laurent````````
McAfee Online Backup MOBKbackup.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by admuser (administrator) on NBNIC on 13-10-2014 23:04:30
Running from C:\Users\user1\Desktop
Loaded Profiles: admuser & user1 (Available profiles: admuser & user1 & user2 & user3 & user4 & user5 & user6)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [533872 2014-09-04] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2648181823-2077256216-1403455524-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2648181823-2077256216-1403455524-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2648181823-2077256216-1403455524-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk
ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> D:\Programme\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\Users\Default.alt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\admuser\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
GroupPolicyUsers\S-1-5-21-2648181823-2077256216-1403455524-1021\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2648181823-2077256216-1403455524-1020\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2648181823-2077256216-1403455524-1019\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2648181823-2077256216-1403455524-1006\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2648181823-2077256216-1403455524-1005\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {9BD969E1-5957-4CFA-B27F-11F01A8CF9BF} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.110\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\27.0.1453.110\npchrome_frame.dll (Google Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default
FF DefaultSearchEngine: Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: McAfee SafeKey - C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default\Extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B} [2014-10-09]
FF Extension: Bitdefender QuickScan - C:\Users\admuser\AppData\Roaming\Mozilla\Firefox\Profiles\4irez8pr.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-10-10]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-08-27]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-08-27]
Chrome:
=======
CHR StartupUrls: Default -> "http:\/\/wisersearch.com\/?channel=de"
CHR Profile: C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (Google Drive) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (Google Search) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (SiteAdvisor) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-07-18]
CHR Extension: (Google Wallet) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]
CHR Extension: (Gmail) - C:\Users\admuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-09-25]
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2014-08-27]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-01-20] (Atheros Commnucations) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 k57nd; C:\Windows\System32\DRIVERS\k57amd64.sys [343080 2010-05-14] (Broadcom Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2014-08-26] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-13 23:04 - 2014-10-13 23:05 - 00019997 _____ () C:\Users\user1\Desktop\FRST.txt
2014-10-13 23:04 - 2014-10-13 23:04 - 00000000 ____D () C:\Users\user1\Desktop\FRST-OlderVersion
2014-10-13 22:55 - 2014-10-13 17:59 - 00854417 _____ () C:\Users\admuser\Desktop\SecurityCheck.exe
2014-10-13 18:04 - 2014-10-13 17:58 - 02347384 _____ (ESET) C:\Users\user1\Desktop\esetsmartinstaller_deu.exe
2014-10-12 17:59 - 2014-10-12 17:59 - 00000000 ____D () C:\Users\user1\Desktop\Alte Firefox-Daten
2014-10-12 12:45 - 2014-10-12 12:45 - 00028853 _____ () C:\Users\admuser\Desktop\Addition.txt
2014-10-12 12:43 - 2014-10-12 12:45 - 00030672 _____ () C:\Users\admuser\Desktop\FRST.txt
2014-10-12 12:42 - 2014-10-10 11:13 - 02109952 _____ (Farbar) C:\Users\admuser\Desktop\FRST64.exe
2014-10-12 12:38 - 2014-10-12 12:38 - 00000626 _____ () C:\Users\admuser\Desktop\JRT.txt
2014-10-12 12:20 - 2014-10-12 12:20 - 00000000 ____D () C:\Windows\ERUNT
2014-10-12 12:19 - 2014-10-12 11:23 - 01705755 _____ (Thisisu) C:\Users\user1\Desktop\JRT.exe
2014-10-12 12:09 - 2014-10-12 12:13 - 00000000 ____D () C:\AdwCleaner
2014-10-12 12:09 - 2014-10-12 11:23 - 01375089 _____ () C:\Users\user1\Desktop\AdwCleaner_3.311.exe
2014-10-12 12:08 - 2014-10-12 12:08 - 00010660 _____ () C:\Users\user1\Desktop\mbam.txt
2014-10-12 11:26 - 2014-10-12 11:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-12 11:26 - 2014-10-12 11:26 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-12 11:25 - 2014-10-12 11:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-12 11:25 - 2014-10-12 11:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-12 11:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-12 11:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-12 11:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-11 13:39 - 2014-10-11 13:39 - 00026999 _____ () C:\ComboFix.txt
2014-10-11 13:07 - 2014-10-11 13:39 - 00000000 ____D () C:\Qoobox
2014-10-11 13:07 - 2014-10-11 13:37 - 00000000 ____D () C:\Windows\erdnt
2014-10-11 13:07 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-11 13:07 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-11 13:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-11 13:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-11 13:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-11 13:07 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-11 13:07 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-11 13:07 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-11 13:06 - 2014-10-11 13:05 - 05582481 ____R (Swearware) C:\Users\user1\Desktop\ComboFix.exe
2014-10-10 18:01 - 2014-10-10 18:01 - 00578744 _____ () C:\Windows\Minidump\101014-47252-01.dmp
2014-10-10 18:01 - 2014-10-10 18:01 - 00000000 ____D () C:\Windows\Minidump
2014-10-10 18:00 - 2014-10-10 18:00 - 528644871 ____N () C:\Windows\MEMORY.DMP
2014-10-10 13:44 - 2014-10-13 22:50 - 00000000 ____D () C:\Temp
2014-10-10 13:30 - 2014-10-13 23:04 - 00000000 ____D () C:\FRST
2014-10-10 13:28 - 2014-10-10 13:28 - 00000000 _____ () C:\Users\admuser\defogger_reenable
2014-10-10 13:26 - 2014-10-13 23:04 - 02110464 _____ (Farbar) C:\Users\user1\Desktop\FRST64.exe
2014-10-10 13:26 - 2014-10-10 11:14 - 00380416 _____ () C:\Users\user1\Desktop\Gmer-19357.exe
2014-10-10 13:26 - 2014-10-10 11:11 - 00050477 _____ () C:\Users\user1\Desktop\Defogger.exe
2014-10-10 10:39 - 2014-10-10 10:43 - 00000000 ____D () C:\Users\user1\AppData\Roaming\QuickScan
2014-10-10 01:18 - 2014-10-10 10:45 - 00000000 ____D () C:\Users\admuser\AppData\Roaming\QuickScan
2014-10-09 23:21 - 2014-10-09 23:21 - 00000000 ____D () C:\Users\admuser\AppData\Local\Macromedia
2014-10-01 22:55 - 2014-08-26 12:50 - 00076064 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2014-10-01 22:55 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-10-01 08:54 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 08:54 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-25 21:09 - 2014-09-25 21:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 11:13 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 11:13 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-13 23:03 - 2014-05-11 13:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6d095ccc96cc.job
2014-10-13 22:59 - 2012-04-01 16:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-13 22:53 - 2014-08-27 15:29 - 00000000 __RSD () C:\Users\admuser\Documents\McAfee-Tresore
2014-10-13 22:52 - 2011-08-03 15:41 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-13 20:18 - 2009-07-14 06:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-13 20:18 - 2009-07-14 06:45 - 00031872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-13 20:14 - 2011-05-23 01:13 - 02046364 _____ () C:\Windows\WindowsUpdate.log
2014-10-13 20:13 - 2014-08-27 15:46 - 00000000 __RSD () C:\Users\user1\Documents\McAfee-Tresore
2014-10-13 20:12 - 2010-11-21 08:50 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-10-13 20:12 - 2010-11-21 08:50 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-10-13 20:12 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-13 20:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-13 20:10 - 2009-07-14 06:51 - 00258887 _____ () C:\Windows\setupact.log
2014-10-12 12:30 - 2010-11-21 05:47 - 00427950 _____ () C:\Windows\PFRO.log
2014-10-12 12:13 - 2014-03-14 00:28 - 00000000 ____D () C:\Users\admuser\AppData\Roaming\Common
2014-10-12 11:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security
2014-10-11 13:39 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-10-11 13:35 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-11 13:31 - 2011-05-22 15:22 - 00000000 ____D () C:\Users\user1
2014-10-11 13:03 - 2012-02-08 20:42 - 00000000 ____D () C:\Users\user1\AppData\Local\CrashDumps
2014-10-10 15:26 - 2013-02-19 19:41 - 00000000 ____D () C:\Windows\rescache
2014-10-10 13:28 - 2011-05-22 13:19 - 00000000 ____D () C:\Users\admuser
2014-10-09 23:05 - 2013-12-06 21:39 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-10-09 17:56 - 2013-04-25 16:36 - 00000000 ____D () C:\Users\user4\AppData\Roaming\.minecraft
2014-10-09 17:52 - 2014-08-27 15:57 - 00000000 __RSD () C:\Users\user4\Documents\McAfee-Tresore
2014-10-09 17:37 - 2014-08-28 09:25 - 00000000 __RSD () C:\Users\user2\Documents\McAfee-Tresore
2014-10-09 17:35 - 2012-04-15 20:28 - 00000000 ____D () C:\Users\user2\AppData\Roaming\Dropbox
2014-10-09 12:16 - 2014-08-30 16:34 - 00000000 __RSD () C:\Users\user6\Documents\McAfee-Tresore
2014-10-08 13:55 - 2014-08-31 18:43 - 00000000 __RSD () C:\Users\user3\Documents\McAfee-Tresore
2014-10-08 11:35 - 2014-08-27 16:29 - 00000000 __RSD () C:\Users\user5\Documents\McAfee-Tresore
2014-10-04 21:05 - 2012-05-28 14:00 - 00000000 ____D () C:\Users\user2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-02 09:05 - 2014-08-27 15:28 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-10-01 22:56 - 2014-08-27 15:16 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-09-30 16:01 - 2011-05-31 16:09 - 00004678 __RSH () C:\Users\user3\ntuser.pol
2014-09-30 16:01 - 2011-05-31 16:09 - 00000000 ____D () C:\Users\user3
2014-09-28 15:28 - 2012-05-28 11:08 - 00001328 __RSH () C:\Users\user5\ntuser.pol
2014-09-28 15:28 - 2012-05-28 11:08 - 00000000 ____D () C:\Users\user5
2014-09-28 14:14 - 2014-06-08 11:37 - 00001326 __RSH () C:\Users\user6\ntuser.pol
2014-09-28 14:14 - 2014-06-08 11:37 - 00000000 ____D () C:\Users\user6
2014-09-28 12:49 - 2011-05-22 22:59 - 00001108 __RSH () C:\Users\user2\ntuser.pol
2014-09-28 12:49 - 2011-05-22 22:59 - 00000000 ____D () C:\Users\user2
2014-09-27 20:13 - 2013-03-02 15:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-27 20:10 - 2011-05-22 22:28 - 00000680 __RSH () C:\Users\user1\ntuser.pol
2014-09-26 19:35 - 2012-05-28 11:07 - 00004682 __RSH () C:\Users\user4\ntuser.pol
2014-09-26 19:35 - 2012-05-28 11:07 - 00000000 ____D () C:\Users\user4
2014-09-26 19:33 - 2011-05-22 16:40 - 00000680 __RSH () C:\Users\admuser\ntuser.pol
2014-09-26 19:32 - 2011-05-22 13:19 - 00000000 ____D () C:\Users\admuser\AppData\Local\VirtualStore
2014-09-25 21:16 - 2012-08-19 13:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 17:16 - 2012-04-01 16:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-25 14:59 - 2012-04-01 16:20 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-25 14:59 - 2011-06-04 12:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 13:26 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-24 09:26 - 2011-06-06 09:56 - 00000000 ____D () C:\Users\user2\QMS Abtei-Apotheke
2014-09-23 19:56 - 2014-06-19 17:02 - 00000000 ____D () C:\Users\user4\AppData\Roaming\edu.media.mit.Scratch2Editor
2014-09-22 17:15 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-22 17:11 - 2013-03-19 16:54 - 00000000 ____D () C:\Users\user3\Documents\Gymnasium
2014-09-22 16:09 - 2014-07-18 11:31 - 00000000 ____D () C:\Users\user4\Documents\Scratch Projects
2014-09-18 08:36 - 2012-05-28 14:12 - 00001017 _____ () C:\Users\user2\Desktop\Dropbox.lnk
Some content of TEMP:
====================
C:\Users\admuser\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-10 15:19
==================== End Of Log ============================
--- --- --- |
|
14.10.2014, 13:58
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.10.2014, 15:31
| #11 |
| | Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall Hallo Schrauber, habe FRST mit Fix gestartet (log s.u.), Defogger mit re-enable gestartet --> OK Danach wie beschrieben Combofix /uninstall gestartet, allerdings hätte ich vermutlich vorher noch McAfee deaktivieren müssen. Zumindest ist jetzt die Combofix.exe von McAfee isoliert worden mit der Meldung McAfee hat automatisch eine infizierte Datei auf Ihrem Gerät isoliert Info zu d. Trojaner Entdeckt: Artemis!C3EA49297086 (Trojaner) Isoliert von C:\Users\user1\Desktop\ComboFix.exe Zuvor hat sich ComboFix noch ein Update herunter geladen. Was nun? Weitere Aufräumarbeiten habe ich jetzt nicht mehr vorgenommen. Gerade noch gesehen, dass - vermutlich von ComboFix - ein neuer Ordner C:\32788R22FWJFW angelegt wurde, bevor die Datei isoliert wurde (Uhrzeit passt jedenfalls) Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2014 02
Ran by admuser at 2014-10-15 16:10:56 Run:1
Running from C:\Users\user1\Desktop
Loaded Profiles: admuser & user1 (Available profiles: admuser & user1 & user2 & user3 & user4 & user5 & user6)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
==== End of Fixlog ====
Geändert von usoche (15.10.2014 um 15:37 Uhr) |
|
15.10.2014, 21:06
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall combofix neu laden, dann Uninstall. Und das scheiss McAfee abschalten
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.10.2014, 22:57
| #13 |
| | Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall Intuitiv wäre ich auch so vorgegangen, aber mit Expertenanweisung ist das natürlich besser. Nach dem Ausschalten von McAfee hat dann auch alles funktioniert, inkl. DelFix. Vielen herzlichen Dank für die Hilfe und die abschließenden Tipps. Darum und um eine Unterstützung für Euch werde ich mich jetzt allerdings nicht mehr heute Nacht kümmern, denke aber dass ich das hinbekommen werde - teilweise beherzige ich das ohnehin schon, so dass du das Thema gerne schon aus deinen Abos löschen kannst. Eine kleine Frage habe ich allerdings noch zum Schluss. In den Tipps wird Malwarebytes Anti Malware als zusätzlicher Schutz zu einer Antiviren-Software aufgeführt. MalwareBytes Anti Malware ist doch eigentlich eine Antiviren-Software - zumindest in der Kaufversion mit dem Hintergrundwächter, oder hab ich da was falsch verstanden? McAfee werde ich wohl in absehbarer Zeit ersetzen, da ich damit nicht wirklich zufrieden bin (auch nach den aktuellen Erfahrungen) und da würde sich ja dann z.B. MalwareBytes Anti Malware anbieten oder was wäre sonst zu empfehlen - ggf. in Verbindung mit Malwarebytes Anti Malware als zusätzlichem Schutz. |
|
16.10.2014, 17:49
| #14 | |
| /// the machine /// TB-Ausbilder | Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall Ich empfehle immer Emsisoft. Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall |
| alternate, association, blockiert, bluescreen 0x80070005, browser, canon, farbar, fehler, fehlercode 0x5, fehlercode windows, flash player, homepage, install.exe, internet, mcafee firewall, mozilla, national, nicht gefunden, plug-in, pup.optional.datamgr.a, pup.optional.offermosquito.a, pup.optional.simplenewtab.a, pup.optional.softonic.a, rdn/generic.dx!dfb, services.exe, seventh.exe, siteadvisor, snoozer, software, svchost.exe, trojaner, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
