Windows 7: wie entferne ich Profiler.gen.ac und Win32/Matsnu.L?

Riela15 · 13.01.2015, 16:51

Hallo,
unser PC ist seit einiger Zeit sehr langsam geworden. Das Antivirusprogramm McAfee meldet bei jedem Neustart den Trojaner Profiler.gen.ac, allerdings immer an einem anderen Ort.
Im Nachhinein weiß ich, dass wir eine eMail mit einer Mahnung aufgemacht haben...
Das Schlimmste ist, wir können beim OnlineBanking uns zwar einloggen, aber dann kommt eine Meldung (eine Maske, die nicht zu schließen ist), die wir nicht übergehen können. Es wird verlangt etweder sofort 4.850 Euro zurück zu überweisen oder den Zugriff auf das komplette Konto zu erlauben.

Auf den anderen Trojaner Win 32/Matsnu.L hat mich "Microsoft Tools zum Entfernen bösartiger Software" aufmerksam gemacht, wenn es denn eine echte Microsoftmeldung war.

Ich habe die Informationen zusammengestellt, allerdings wurde GMER plötzlich abgebrochen mit dem z.Z. häufigem Hinweis "Programm funktioniert jetzt nicht mehr".

Bitte, wenn Ihr etwas für uns tun könnt... Danke!

defogger_disable.txt

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:20 on 13/01/2015 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST.txt

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by ***** (administrator) on PAULUSSCHWESTER on 13-01-2015 15:32:52
Running from C:\Users\*****\Desktop
Loaded Profile: ***** (Available profiles: *****)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
() C:\Program Files\MaxUp Video Downloader\maxup.exe
(EasyBits Software AS) C:\ProgramData\GameXN\GameXNGO.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\authority_key_identifier\search_icon.exe
() C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\health_record.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Windows\System32\find.exe
(Microsoft Corporation) C:\Windows\System32\label.exe
(Microsoft Corporation) C:\Windows\System32\attrib.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\diskperf.exe
(Microsoft Corporation) C:\Windows\System32\runonce.exe
(Microsoft Corporation) C:\Windows\System32\doskey.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
() C:\Users\*****\Desktop\Defogger.exe
(Ipswitch) C:\Program Files\WS_FTP Pro\WsftpCOMHelper.exe
(Company 'gora-sah') C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\live_export.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [514832 2014-10-06] (McAfee, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [MaxUp Video Downloader] => C:\Program Files\MaxUp Video Downloader\maxup.exe [30720 2010-02-11] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [GameXN GO] => C:\ProgramData\GameXN\GameXNGO.exe [347008 2012-02-25] (EasyBits Software AS)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [kkiiweuu] => C:\Users\*****\AppData\Local\Lpsgds\kvsewweuu.exe [80384 2014-10-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [sfjeyykp] => C:\Users\*****\AppData\Local\Temp\Gubfc\ctthhrpyykp.exe [58880 2014-10-11] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [uvkvdwyw] => C:\Users\*****\AppData\Local\Gorebxesay\elenidwyw.exe [58880 2014-10-11] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ohpjimak] => C:\Users\*****\AppData\Local\Temp\Khybp\cqgfcimak.exe [179200 2015-01-10] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [cmomffmv] => C:\Users\*****\AppData\Local\Temp\Piaiohqqbm\pgwcyqfffmv.exe [64512 2014-10-13] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [scriptplugin32] => C:\Users\*****\AppData\Roaming\Script\scriptplugin32.exe [135168 2014-10-30] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [script-dll] => C:\Users\*****\AppData\Roaming\Script\script-dll.exe [55808 2014-10-31] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [update] => C:\Users\*****\AppData\Roaming\Update\update.exe [72704 2014-11-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [updateservice32] => C:\Users\*****\AppData\Local\Temp\Update\updateservice32.exe [72704 2014-11-10] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [updatestage] => C:\Users\*****\AppData\Local\Temp\Update\updatestage.exe [71680 2014-11-06] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [sim_pin] => C:\Program Files\Adobe\Reader 11.0\Reader\Browser\question\social_updates.exe [150016 2012-10-23] (American Megatrends, Inc)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [run] => C:\Users\*****\AppData\Roaming\Run\run.exe [90112 2014-11-22] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [loader-help] => C:\Users\*****\AppData\Roaming\Loader\loader-help.exe [90112 2014-11-22] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [firefox64-print64] => C:\Users\*****\AppData\Local\Firefox64\firefox64-print64.exe [78336 2014-11-24] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [avira32frame] => C:\Users\*****\AppData\Roaming\Avira32\avira32frame.exe [78336 2014-11-24] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] (Лаборатория Касперского НО ПУТИН ВСЕ РАВНО ХУЙЛО)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [data_sense] => C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1031-7B44-AB0000000001}\mjgbgq\inventory_order\refresh.exe [336384 2010-10-19] (Glarysoft Ltd)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mortgage-plant] => C:\Users\*****\AppData\Roaming\Mortgage_imagine\mortgage_station.exe [151040 2015-01-10] (Лаборатория Касперского НО ПУТИН ВСЕ РАВНО ХУЙЛО)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mountain-choose] => C:\Users\*****\AppData\Local\Temp\Mountain-task\mountain_appear.exe [251904 2015-01-13] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [space] => C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\authority_key_identifier\search_icon.exe [255488 2014-09-12] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [emergency_room] => C:\ProgramData\GameXN\Chat\windows_calendar\web_filtering.exe [350208 2011-09-19] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [validation] => C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\health_record.exe [350208 2014-12-28] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] (Лаборатория Касперского НО ПУТИН ВСЕ РАВНО ХУЙЛО)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [mortgage-plant] => C:\Users\*****\AppData\Roaming\Mortgage_imagine\mortgage_station.exe [151040 2015-01-10] (Лаборатория Касперского НО ПУТИН ВСЕ РАВНО ХУЙЛО)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [mountain-choose] => C:\Users\*****\AppData\Local\Temp\Mountain-task\mountain_appear.exe [251904 2015-01-13] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\MountPoints2: {e9c492e8-c7fe-11e1-b6ec-002421af38dd} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000 -> DefaultScope {3A28514C-0D87-4C90-A786-E1FE060B9784} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140325&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000 -> {3A28514C-0D87-4C90-A786-E1FE060B9784} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140325&p={SearchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {142DC14B-63E4-453E-8B4B-AE36A52BF049} hxxp://appdown.naver.com/naver/sports/Cabs/NLiveCastX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\5hgb4j72.default
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Homepage: hxxp://www.paulus-schwestern.de
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE0D20140325&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/O1DPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-12-10]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-03-25]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-25]
FF HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-12-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\Mcafee\ActWiz\McAWFwk.exe [287728 2013-04-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [40448 2009-08-28] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 15:32 - 2015-01-13 15:34 - 00023550 _____ () C:\Users\*****\Desktop\FRST.txt
2015-01-13 15:32 - 2015-01-13 15:32 - 00000000 ____D () C:\FRST
2015-01-13 15:31 - 2015-01-13 15:31 - 01115648 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2015-01-13 15:20 - 2015-01-13 15:20 - 00000496 _____ () C:\Users\*****\Desktop\defogger_disable.log
2015-01-13 15:20 - 2015-01-13 15:20 - 00000000 _____ () C:\Users\*****\defogger_reenable
2015-01-13 15:18 - 2015-01-13 15:18 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2015-01-10 16:14 - 2015-01-10 16:14 - 00000000 ___HD () C:\Users\*****\AppData\Local\Price-deposit
2015-01-10 15:55 - 2015-01-10 15:55 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage_imagine
2015-01-09 09:15 - 2015-01-09 09:15 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-command
2015-01-09 09:06 - 2015-01-09 09:06 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-joke
2015-01-08 09:23 - 2015-01-08 09:28 - 00785408 _____ () C:\Users\*****\Desktop\Formular Inventur Düsseldorf 2014.xls
2015-01-08 09:12 - 2015-01-10 16:16 - 00000000 ___HD () C:\Users\*****\AppData\Local\Cpecwmjid
2015-01-08 08:40 - 2015-01-08 08:40 - 00000000 ___HD () C:\Users\*****\AppData\Local\Pin-phase
2015-01-06 10:37 - 2015-01-08 17:17 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Farmer-cook
2015-01-05 18:40 - 2015-01-05 18:40 - 00005816 _____ () C:\Users\*****\AppData\Roaming\out.bin
2015-01-05 15:18 - 2015-01-05 15:18 - 00182784 _____ () C:\Users\*****\AppData\Roaming\salmagundis.c
2015-01-02 08:17 - 2015-01-02 08:17 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-golf
2014-12-26 08:26 - 2015-01-05 10:00 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Ppqbxpput
2014-12-19 21:10 - 2014-12-23 20:56 - 00000000 ____D () C:\Users\*****\Desktop\Presentazione Düsseldorf -
2014-12-19 09:26 - 2014-12-19 09:26 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-shoulder
2014-12-18 11:08 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:47 - 2014-12-18 11:23 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Fbkkan
2014-12-18 10:45 - 2014-12-18 10:47 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Wiyuws
2014-12-18 10:35 - 2014-12-18 10:45 - 00000000 ___HD () C:\Users\*****\AppData\Local\Nfnbbvqez
2014-12-15 10:05 - 2014-12-18 10:35 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Ktaqfpqp
2014-12-15 09:55 - 2014-12-24 10:46 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage-explain

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 15:31 - 2012-02-25 19:45 - 00000000 ____D () C:\ProgramData\GameXN
2015-01-13 15:29 - 2010-12-12 13:09 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA.job
2015-01-13 15:27 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 15:27 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 15:20 - 2009-12-11 11:59 - 00000000 ____D () C:\Users\*****
2015-01-13 15:18 - 2009-12-11 11:40 - 01382871 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 15:11 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 15:10 - 2009-12-11 12:35 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-13 15:10 - 2009-12-11 12:10 - 00853394 _____ () C:\Windows\PFRO.log
2015-01-13 15:10 - 2009-07-14 05:39 - 00251262 _____ () C:\Windows\setupact.log
2015-01-13 15:04 - 2009-12-11 14:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2015-01-13 14:03 - 2014-10-16 15:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Win
2015-01-13 13:56 - 2012-02-25 19:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\go
2015-01-12 17:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-10 21:32 - 2013-08-15 09:14 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-10 16:35 - 2009-12-11 14:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Apple Computer
2015-01-06 15:46 - 2009-12-11 11:54 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 18:34 - 2014-10-10 14:47 - 00000000 ____D () C:\ProgramData\kjsdym
2014-12-22 14:50 - 2013-06-23 09:48 - 00000000 ____D () C:\Users\*****\Documents\Agnes
2014-12-20 16:55 - 2012-10-27 09:57 - 00000000 ____D () C:\Users\*****\Documents\Gabriela
2014-12-19 10:33 - 2013-02-27 13:02 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-12-19 10:33 - 2011-12-04 21:26 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-15 16:07 - 2011-10-20 21:01 - 00000000 ____D () C:\Users\*****\Desktop\gemeinschaft

Files to move or delete:
====================
C:\Users\*****\AppData\Local\Temp\Gubfc\ctthhrpyykp.exe
C:\Users\*****\AppData\Local\Temp\Khybp\cqgfcimak.exe
C:\Users\*****\AppData\Local\Temp\Piaiohqqbm\pgwcyqfffmv.exe
C:\Users\*****\AppData\Local\Temp\Update\updateservice32.exe
C:\Users\*****\AppData\Local\Temp\Update\updatestage.exe
C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe
C:\Users\*****\AppData\Local\Temp\Mountain-task\mountain_appear.exe
C:\Users\*****\install_reader11_de_ltr5x32d_awc_aih.exe


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\camera.exe
C:\Users\*****\AppData\Local\Temp\contentDATs.exe
C:\Users\*****\AppData\Local\Temp\FileSystemView.dll
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate08.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate09.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate10.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate11.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate12.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate13.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate14.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate15.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate16.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate17.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate18.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate19.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate20.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate21.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate22.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate23.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate24.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate25.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate26.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate27.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate28.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate29.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate30.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate31.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate32.exe
C:\Users\*****\AppData\Local\Temp\GUR5F06.exe
C:\Users\*****\AppData\Local\Temp\GUR98D5.exe
C:\Users\*****\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\*****\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\_is11FB.exe
C:\Users\*****\AppData\Local\Temp\_is37A.exe
C:\Users\*****\AppData\Local\Temp\_is453B.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-12 17:07

==================== End Of Log ============================

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02
Ran by Paulus Schwestern at 2015-01-13 15:35:00
Running from C:\Users\Paulus Schwestern\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
d71kibj5usy (HKLM\...\{2028b740-5aa6-4f26-b77c-db4d43d458a2}.sdb) (Version:  - )
Epson Easy Photo Print 2 (HKLM\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Stylus Office BX300F_TX300F Handbuch (HKLM\...\EPSON Stylus Office BX300F_TX300F Benutzerhandbuch) (Version:  - )
GameXN GO (HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Game Organizer) (Version:  - GameXN AS)
Garmin City Navigator Europe NT 2010.31 Update (HKLM\...\{D22F5242-773E-4270-AB1F-492021BCABBE}) (Version: 13.31.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{15F4085A-BC98-4590-AFFD-03BBBE49524E}) (Version: 2.9.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Ipswitch WS_FTP 12 (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.4 - Ipswitch)
Ipswitch WS_FTP Pro Uninstall (HKLM\...\WS_FTPPro) (Version:  - )
iTunes (HKLM\...\{81063354-9060-42B2-A000-1EBE96778AA9}) (Version: 9.0.3.15 - Apple Inc.)
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
MaxUp Video Downloader 1.0 (HKLM\...\MaxUp Video Downloader_is1) (Version:  - )
McAfee Internet Security (HKLM\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero 7 Essentials (HKLM\...\{F17F7703-1E72-40C1-A0DD-E5B365661031}) (Version: 7.02.0794 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
oryvs1aqn (HKLM\...\{9d31bfce-bd21-4218-bb95-90d535e179ad}.sdb) (Version:  - )
Pacchetto di compatibilità per Office System 2007 (HKLM\...\{90120000-0020-0410-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skype Toolbars (HKLM\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.19045 - TeamViewer)
Voipwise (HKLM\...\Voipwise_is1) (Version: 4.04 build 550 - Finarea S.A. Switzerland)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Paulus Schwestern\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

09-08-2014 08:56:16 Windows Update
10-08-2014 02:00:42 Windows Update
13-08-2014 08:13:20 Windows Update
13-08-2014 11:42:12 Windows Update
14-08-2014 15:45:31 Windows Update
15-08-2014 02:00:59 Windows Update
15-08-2014 06:39:58 Windows Update
15-08-2014 08:56:54 Windows Update
15-08-2014 15:46:44 Windows Update
15-08-2014 18:52:37 Windows Update
16-08-2014 15:21:32 Windows Update
16-08-2014 17:29:54 Windows Update
24-08-2014 14:29:40 Windows Update
24-08-2014 16:58:16 Windows Update
25-08-2014 19:56:20 Windows Update
26-08-2014 04:55:22 Windows Update
26-08-2014 20:07:12 Windows Update
27-08-2014 03:41:53 Windows Update
27-08-2014 11:03:58 Windows Update
27-08-2014 11:19:31 Windows Update
27-08-2014 17:48:37 Windows Update
28-08-2014 11:03:42 Windows Update
28-08-2014 12:06:41 Windows Update
28-08-2014 15:41:36 Windows Update
28-08-2014 19:15:34 Windows Update
28-08-2014 20:18:58 Windows Update
29-08-2014 08:11:48 Windows Update
29-08-2014 18:57:49 Windows Update
30-08-2014 09:36:02 Windows Update
30-08-2014 17:54:55 Windows Update
31-08-2014 09:25:08 Windows Update
31-08-2014 17:07:02 Windows Update
01-09-2014 10:50:30 Windows Update
01-09-2014 18:26:52 Windows Update
02-09-2014 18:45:20 Windows Update
03-09-2014 17:21:59 Windows Update
04-09-2014 10:50:38 Windows Update
04-09-2014 19:08:12 Windows Update
05-09-2014 10:58:22 Windows Update
05-09-2014 16:46:13 Windows Update
05-09-2014 17:28:20 Windows Update
06-09-2014 18:48:51 Windows Update
07-09-2014 05:58:34 Windows Update
07-09-2014 11:08:41 Windows Update
07-09-2014 18:05:49 Windows Update
08-09-2014 06:57:55 Windows Update
08-09-2014 07:46:53 Windows Update
08-09-2014 19:23:15 Windows Update
10-09-2014 02:00:40 Windows Update
11-09-2014 09:48:30 Windows Update
19-09-2014 18:28:52 Geplanter Prüfpunkt
24-09-2014 13:25:20 Windows Update
01-10-2014 17:52:13 Windows Update
09-10-2014 17:36:19 Geplanter Prüfpunkt
17-10-2014 10:53:55 Windows Update
28-10-2014 11:30:44 Geplanter Prüfpunkt
10-11-2014 09:42:48 Geplanter Prüfpunkt
23-11-2014 16:49:01 Windows Update
09-12-2014 12:41:10 Geplanter Prüfpunkt
11-12-2014 17:16:41 Windows Update
12-12-2014 11:19:46 Windows Update
18-12-2014 11:56:46 Windows Update
12-01-2015 17:15:48 Geplanter Prüfpunkt
13-01-2015 14:55:35 Pacchetto di compatibilità per Office System 2007 rimosso

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {206CE3E2-8524-4F1C-B7FF-CDE721B58C9E} - System32\Tasks\{B442546E-03F9-4483-BC3C-58AA2C567E8A} => C:\Program Files\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {43404FC0-9F2A-45FE-AD73-62205FC36867} - System32\Tasks\{7146788D-B689-4C90-9E0F-54F548C2E2C3} => pcalua.exe -a "C:\Users\Paulus Schwestern\Desktop\garmin_rmu_cneunt2010_30c.exe" -d "C:\Users\Paulus Schwestern\Desktop"
Task: {6D19F507-D68A-44A8-8607-57C33CAA7633} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA => C:\Users\Paulus Schwestern\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {99AE1380-A9DE-4929-ABEC-236142A35B77} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9DFC69C3-8097-41C6-B432-ED2B1334BB5C} - System32\Tasks\{EBF9F240-B55D-44CE-B449-5BF99E3F757B} => pcalua.exe -a "E:\WS_FTP Pro 6.0 GER\wsftpsup.exe" -d "E:\WS_FTP Pro 6.0 GER"
Task: {F21621DF-23FF-4F93-B32B-9B421CF7A1FE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core => C:\Users\Paulus Schwestern\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {F5C0661C-94A5-4F91-92D3-2EA7CFEE4519} - System32\Tasks\{579295C0-AD4F-418C-A9F7-C0C85BCB4C22} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {F7BF453F-D5E8-4E5E-8ECB-C7A3E9BFC313} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core.job => C:\Users\Paulus Schwestern\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA.job => C:\Users\Paulus Schwestern\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
1999-07-23 08:08 - 1999-07-23 08:08 - 00045568 _____ () C:\Program Files\WS_FTP Pro\nsftpch.dll
2014-04-22 18:06 - 2012-10-12 15:39 - 06622288 _____ () C:\Program Files\WS_FTP Pro\res0407.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-07-16 15:34 - 2009-07-16 15:34 - 02140944 _____ () C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 07704336 _____ () C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00968976 _____ () C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00475408 _____ () C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00363792 _____ () C:\Program Files\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00199952 _____ () C:\Program Files\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00027408 _____ () C:\Program Files\Logitech\Logitech Vid\SDL.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 11311888 _____ () C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00291600 _____ () C:\Program Files\Logitech\Logitech Vid\phonon4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00028944 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00035088 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00138000 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 00181592 _____ () C:\Program Files\Common Files\LogiShrd\LvApi11\LvApi11.dll
2010-04-11 12:45 - 2010-02-11 22:26 - 00030720 _____ () C:\Program Files\MaxUp Video Downloader\maxup.exe
2010-04-11 12:45 - 2009-11-03 13:03 - 00043008 _____ () C:\Program Files\MaxUp Video Downloader\_socket.pyd
2010-04-11 12:45 - 2009-11-03 13:03 - 00805376 _____ () C:\Program Files\MaxUp Video Downloader\_ssl.pyd
2010-04-11 12:45 - 2009-11-20 17:23 - 01169920 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtCore.pyd
2010-04-11 12:45 - 2009-10-22 19:52 - 01951744 _____ () C:\Program Files\MaxUp Video Downloader\QtCore4.dll
2010-04-11 12:45 - 2009-11-20 17:10 - 00059904 _____ () C:\Program Files\MaxUp Video Downloader\sip.pyd
2010-04-11 12:45 - 2009-11-20 17:28 - 04477952 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtGui.pyd
2010-04-11 12:45 - 2009-10-22 20:00 - 07236608 _____ () C:\Program Files\MaxUp Video Downloader\QtGui4.dll
2010-04-11 12:45 - 2009-11-20 17:29 - 00151040 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtWebKit.pyd
2010-04-11 12:45 - 2009-10-22 20:38 - 08476672 _____ () C:\Program Files\MaxUp Video Downloader\QtWebKit4.dll
2010-04-11 12:45 - 2009-10-22 20:04 - 00241664 _____ () C:\Program Files\MaxUp Video Downloader\phonon4.dll
2010-04-11 12:45 - 2009-10-22 19:53 - 00875520 _____ () C:\Program Files\MaxUp Video Downloader\QtNetwork4.dll
2010-04-11 12:45 - 2009-11-20 17:28 - 00343040 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtNetwork.pyd
2010-04-11 12:45 - 2009-11-03 12:35 - 00092160 _____ () C:\Program Files\MaxUp Video Downloader\win32api.pyd
2010-04-11 12:45 - 2009-11-03 13:04 - 00107520 _____ () C:\Program Files\MaxUp Video Downloader\pywintypes26.dll
2010-04-11 12:45 - 2009-11-03 13:04 - 00353792 _____ () C:\Program Files\MaxUp Video Downloader\pythoncom26.dll
2010-04-11 12:45 - 2009-11-03 12:43 - 00244736 _____ () C:\Program Files\MaxUp Video Downloader\win32com.shell.shell.pyd
2010-01-23 11:22 - 2014-09-12 08:20 - 00255488 _____ () C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\authority_key_identifier\search_icon.exe
2014-12-17 05:57 - 2014-12-28 09:48 - 00350208 _____ () C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\health_record.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-12-10 10:18 - 2014-12-10 10:18 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-01-13 15:18 - 2015-01-13 15:18 - 00050477 _____ () C:\Users\Paulus Schwestern\Desktop\Defogger.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2950267747-3488905677-2633809525-500 - Administrator - Disabled)
Gast (S-1-5-21-2950267747-3488905677-2633809525-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2950267747-3488905677-2633809525-1005 - Limited - Enabled)
Paulus Schwestern (S-1-5-21-2950267747-3488905677-2633809525-1000 - Administrator - Enabled) => C:\Users\Paulus Schwestern

==================== Faulty Device Manager Devices =============

Name: H:\
Description: Multi-Card      
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2015 03:15:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17496, Zeitstempel: 0x546fddcc
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000001
ID des fehlerhaften Prozesses: 0x22d8
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (01/13/2015 03:13:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mortgage_station.exe, Version: 8.5.0.7, Zeitstempel: 0x54775874
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x8d8
Startzeit der fehlerhaften Anwendung: 0xmortgage_station.exe0
Pfad der fehlerhaften Anwendung: mortgage_station.exe1
Pfad des fehlerhaften Moduls: mortgage_station.exe2
Berichtskennung: mortgage_station.exe3

Error: (01/13/2015 03:05:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: lodctr.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc107
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7ff80050
ID des fehlerhaften Prozesses: 0x2184
Startzeit der fehlerhaften Anwendung: 0xlodctr.exe0
Pfad der fehlerhaften Anwendung: lodctr.exe1
Pfad des fehlerhaften Moduls: lodctr.exe2
Berichtskennung: lodctr.exe3

Error: (01/13/2015 03:05:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chkntfs.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bbff9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7ff80050
ID des fehlerhaften Prozesses: 0x718
Startzeit der fehlerhaften Anwendung: 0xchkntfs.exe0
Pfad der fehlerhaften Anwendung: chkntfs.exe1
Pfad des fehlerhaften Moduls: chkntfs.exe2
Berichtskennung: chkntfs.exe3

Error: (01/13/2015 03:05:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wiaacmgr.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bce11
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7ff80050
ID des fehlerhaften Prozesses: 0x1d3c
Startzeit der fehlerhaften Anwendung: 0xwiaacmgr.exe0
Pfad der fehlerhaften Anwendung: wiaacmgr.exe1
Pfad des fehlerhaften Moduls: wiaacmgr.exe2
Berichtskennung: wiaacmgr.exe3

Error: (01/13/2015 03:05:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: expand.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bbf6d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7ff80050
ID des fehlerhaften Prozesses: 0x1a44
Startzeit der fehlerhaften Anwendung: 0xexpand.exe0
Pfad der fehlerhaften Anwendung: expand.exe1
Pfad des fehlerhaften Moduls: expand.exe2
Berichtskennung: expand.exe3

Error: (01/13/2015 03:04:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475e0b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000001
ID des fehlerhaften Prozesses: 0x1c68
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (01/13/2015 03:04:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475e0b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000001
ID des fehlerhaften Prozesses: 0x304
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (01/13/2015 03:04:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475e0b9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000001
ID des fehlerhaften Prozesses: 0xd1c
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (01/13/2015 03:03:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mortgage_station.exe, Version: 8.5.0.7, Zeitstempel: 0x54775874
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x10b4
Startzeit der fehlerhaften Anwendung: 0xmortgage_station.exe0
Pfad der fehlerhaften Anwendung: mortgage_station.exe1
Pfad des fehlerhaften Moduls: mortgage_station.exe2
Berichtskennung: mortgage_station.exe3


System errors:
=============
Error: (01/13/2015 03:15:08 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (01/13/2015 03:14:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/13/2015 03:14:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.

Error: (01/13/2015 03:04:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (01/13/2015 03:04:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/13/2015 03:04:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.

Error: (01/13/2015 03:03:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (01/13/2015 03:02:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht.

Error: (01/13/2015 02:08:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/13/2015 02:08:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.


Microsoft Office Sessions:
=========================
Error: (01/13/2015 03:15:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17496546fddccunknown0.0.0.000000000c00000050000000122d801d02f3b62ea44eeC:\Program Files\Internet Explorer\iexplore.exeunknownab61c98c-9b2e-11e4-a070-002421af38dd

Error: (01/13/2015 03:13:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mortgage_station.exe8.5.0.754775874unknown0.0.0.000000000c0000005000000008d801d02f3ae0d6ef0eC:\Users\Paulus Schwestern\AppData\Roaming\Mortgage_imagine\mortgage_station.exeunknown61b09291-9b2e-11e4-a070-002421af38dd

Error: (01/13/2015 03:05:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: lodctr.exe6.1.7600.163854a5bc107unknown0.0.0.000000000c00000057ff80050218401d02f39e518cd3aC:\Windows\system32\lodctr.exeunknown45b083e6-9b2d-11e4-afc1-002421af38dd

Error: (01/13/2015 03:05:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chkntfs.exe6.1.7600.163854a5bbff9unknown0.0.0.000000000c00000057ff8005071801d02f39df01b8d5C:\Windows\system32\chkntfs.exeunknown439479ce-9b2d-11e4-afc1-002421af38dd

Error: (01/13/2015 03:05:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wiaacmgr.exe6.1.7600.163854a5bce11unknown0.0.0.000000000c00000057ff800501d3c01d02f39de6130bcC:\Windows\system32\wiaacmgr.exeunknown404b0edc-9b2d-11e4-afc1-002421af38dd

Error: (01/13/2015 03:05:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: expand.exe6.1.7600.163854a5bbf6dunknown0.0.0.000000000c00000057ff800501a4401d02f39de786293C:\Windows\system32\expand.exeunknown3edc373d-9b2d-11e4-afc1-002421af38dd

Error: (01/13/2015 03:04:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe34.0.5.54435475e0b9unknown0.0.0.000000000c0000005000000011c6801d02f39b872663bC:\Program Files\Mozilla Firefox\firefox.exeunknown0bd359e0-9b2d-11e4-afc1-002421af38dd

Error: (01/13/2015 03:04:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe34.0.5.54435475e0b9unknown0.0.0.000000000c00000050000000130401d02f39984b7d86C:\Program Files\Mozilla Firefox\firefox.exeunknown0a29c255-9b2d-11e4-afc1-002421af38dd

Error: (01/13/2015 03:04:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe34.0.5.54435475e0b9unknown0.0.0.000000000c000000500000001d1c01d02f3997e0d346C:\Program Files\Mozilla Firefox\firefox.exeunknown08aba83d-9b2d-11e4-afc1-002421af38dd

Error: (01/13/2015 03:03:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mortgage_station.exe8.5.0.754775874unknown0.0.0.000000000c00000050000000010b401d02f395efe87acC:\Users\Paulus Schwestern\AppData\Roaming\Mortgage_imagine\mortgage_station.exeunknown01deaeaf-9b2d-11e4-afc1-002421af38dd


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 47%
Total physical RAM: 3070.18 MB
Available physical RAM: 1622.18 MB
Total Pagefile: 6138.65 MB
Available Pagefile: 4087.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1875.79 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:583.49 GB) (Free:468.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.67 GB) (Free:1.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=583.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 13.01.2015, 17:01

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Riela15 · 13.01.2015, 21:41

Danke, cosinus, das war superschnell.

Ich bin ein Anfänger, wo krieg ich die logs her?
Soll ich den McAfee deinstallieren, dafür eine der angegebenen (eg. ESET Online Scan) installieren? McAfee selbst zeigt mir nur im Sicherheitsbericht, da: "Gesamtaktivität" an, dass er 93 Trojaner entfernt hat...
Was ich mir seit vorgestern notiert habee, als die Meldung von McAfee kam, waren:

Code:

ATTFilter

C:\users\*****\appdata\local\price-deposit\price-claset.exe

Code:

ATTFilter

C:\users\*****\appdata\local\moutainshoot\mountainlack.exe

Code:

ATTFilter

C:\users\*****\appdata\local\farmer-joke\farmer-manage.exe

cosinus · 13.01.2015, 23:11

Bitte ein Log mit MBAR machen:

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Riela15 · 14.01.2015, 21:15

Habe drei Scans durchgeführt, nach jedem CleanUp betätigt. Beim Vierten keine Bedrohung mehr gefunden. Hier die Logfiles:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.14.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
***** :: +++++ [administrator]

14.01.2015 17:04:26
mbar-log-2015-01-14 (17-04-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 319659
Time elapsed: 23 minute(s), 

Memory Processes Detected: 1
C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\office_web_apps.exe (Trojan.Downloader) -> 5840 -> Delete on reboot. [df70c7309fea92a4a525eb12d62b9769]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 16
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kkiiweuu (Trojan.Agent.EAJGen) -> Data: C:\Users\*****\AppData\Local\Lpsgds\kvsewweuu.exe -> Delete on reboot. [dc731fd86e1b5adc2b1e14cb7e830af6]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sfjeyykp (Trojan.Agent.EAJGen) -> Data: C:\Users\*****\AppData\Local\Temp\Gubfc\ctthhrpyykp.exe -> Delete on reboot. [a5aabd3a6c1d3df991ba7a652ed3f010]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uvkvdwyw (Trojan.Agent.EAJGen) -> Data: C:\Users\*****\AppData\Local\Gorebxesay\elenidwyw.exe -> Delete on reboot. [8ec104f3f4959c9a53f889569968c13f]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cmomffmv (Trojan.Agent.EAJGen) -> Data: C:\Users\*****\AppData\Local\Temp\Piaiohqqbm\pgwcyqfffmv.exe -> Delete on reboot. [eb64f403f29766d04a942ab5d9282bd5]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|scriptplugin32 (Trojan.Agent.WSTGen) -> Data: C:\Users\*****\AppData\Roaming\Script\scriptplugin32.exe -> Delete on reboot. [e56a19de5d2cee482dfce702837ee31d]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|script-dll (Trojan.Krypt) -> Data: C:\Users\*****\AppData\Roaming\Script\script-dll.exe -> Delete on reboot. [1e3100f7becbc67022514a9f04fd1de3]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|update (Trojan.Krypt) -> Data: C:\Users\*****\AppData\Roaming\Update\update.exe -> Delete on reboot. [cd82b146553480b6501be507e0210df3]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|updateservice32 (Trojan.Krypt) -> Data: C:\Users\PAULUS~1\AppData\Local\Temp\Update\updateservice32.exe -> Delete on reboot. [88c7ca2d46433105412abc307988cf31]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|updatestage (Trojan.Krypt) -> Data: C:\Users\PAULUS~1\AppData\Local\Temp\Update\updatestage.exe -> Delete on reboot. [b69947b0dbae142297d459936b96e020]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sim_pin (Trojan.Agent) -> Data: C:\Program Files\Adobe\Reader 11.0\Reader\Browser\question\social_updates.exe -> Delete on reboot. [024d07f0068356e093e220c36f92946c]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|run (Spyware.Citadel) -> Data: C:\Users\*****\AppData\Roaming\Run\run.exe -> Delete on reboot. [46099b5c8504b0866eb7c72c6e931ae6]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|loader-help (Spyware.Citadel) -> Data: C:\Users\*****\AppData\Roaming\Loader\loader-help.exe -> Delete on reboot. [5af5fff8fa8f3df968bdfef5e120a55b]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|firefox64-print64 (Trojan.Inject) -> Data: C:\Users\*****\AppData\Local\Firefox64\firefox64-print64.exe -> Delete on reboot. [fc53797e1178a393cd0267f8c23e8a76]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|avira32frame (Trojan.Inject) -> Data: C:\Users\*****\AppData\Roaming\Avira32\avira32frame.exe -> Delete on reboot. [8ec1797ef79259dd25aa72ed0ef2a759]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|data_sense (Trojan.Tinba) -> Data: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1031-7B44-AB0000000001}\mjgbgq\inventory_order\refresh.exe -> Delete on reboot. [0d42787f1a6fb77fd4cf9a63e02146ba]
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|space (Backdoor.Bot) -> Data: C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\authority_key_identifier\search_icon.exe -> Delete on reboot. [c7886b8c2366f640218e54b20cf66e92]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 87
C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\office_web_apps.exe (Trojan.Downloader) -> Delete on reboot. [df70c7309fea92a4a525eb12d62b9769]
C:\Users\*****\AppData\Local\Lpsgds\kvsewweuu.exe (Trojan.Agent.EAJGen) -> Delete on reboot. [dc731fd86e1b5adc2b1e14cb7e830af6]
C:\Users\*****\AppData\Local\Temp\Gubfc\ctthhrpyykp.exe (Trojan.Agent.EAJGen) -> Delete on reboot. [a5aabd3a6c1d3df991ba7a652ed3f010]
C:\Users\*****\AppData\Local\Gorebxesay\elenidwyw.exe (Trojan.Agent.EAJGen) -> Delete on reboot. [8ec104f3f4959c9a53f889569968c13f]
C:\Users\*****\AppData\Local\Temp\Piaiohqqbm\pgwcyqfffmv.exe (Trojan.Agent.EAJGen) -> Delete on reboot. [eb64f403f29766d04a942ab5d9282bd5]
C:\Users\*****\AppData\Roaming\Script\scriptplugin32.exe (Trojan.Agent.WSTGen) -> Delete on reboot. [e56a19de5d2cee482dfce702837ee31d]
C:\Users\*****\AppData\Roaming\Script\script-dll.exe (Trojan.Krypt) -> Delete on reboot. [1e3100f7becbc67022514a9f04fd1de3]
C:\Users\*****\AppData\Roaming\Update\update.exe (Trojan.Krypt) -> Delete on reboot. [cd82b146553480b6501be507e0210df3]
C:\Users\*****\AppData\Local\Temp\Update\updateservice32.exe (Trojan.Krypt) -> Delete on reboot. [88c7ca2d46433105412abc307988cf31]
C:\Users\*****\AppData\Local\Temp\Update\updatestage.exe (Trojan.Krypt) -> Delete on reboot. [b69947b0dbae142297d459936b96e020]
C:\Program Files\Adobe\Reader 11.0\Reader\Browser\question\social_updates.exe (Trojan.Agent) -> Delete on reboot. [024d07f0068356e093e220c36f92946c]
C:\Users\*****\AppData\Roaming\Run\run.exe (Spyware.Citadel) -> Delete on reboot. [46099b5c8504b0866eb7c72c6e931ae6]
C:\Users\*****\AppData\Roaming\Loader\loader-help.exe (Spyware.Citadel) -> Delete on reboot. [5af5fff8fa8f3df968bdfef5e120a55b]
C:\Users\*****\AppData\Local\Firefox64\firefox64-print64.exe (Trojan.Inject) -> Delete on reboot. [fc53797e1178a393cd0267f8c23e8a76]
C:\Users\*****\AppData\Roaming\Avira32\avira32frame.exe (Trojan.Inject) -> Delete on reboot. [8ec1797ef79259dd25aa72ed0ef2a759]
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1031-7B44-AB0000000001}\mjgbgq\inventory_order\refresh.exe (Trojan.Tinba) -> Delete on reboot. [0d42787f1a6fb77fd4cf9a63e02146ba]
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\authority_key_identifier\search_icon.exe (Backdoor.Bot) -> Delete on reboot. [c7886b8c2366f640218e54b20cf66e92]
C:\Users\*****\AppData\Roaming\Farmer_picture\farmer_roof.exe (Backdoor.Agent.STL) -> Delete on reboot. [92bdac4bf396c96d20ee33c9de2326da]
C:\Users\*****\AppData\Roaming\Office7reg\win.exe (Trojan.Inject) -> Delete on reboot. [f25d22d519705adc9e31342b42be2bd5]
C:\Users\*****\AppData\Local\Temp\14B9.tmp (Trojan.Krypt) -> Delete on reboot. [94bb1ed90f7a3303c642558ae71a52ae]
C:\Users\*****\AppData\Local\Temp\1B4E.tmp (Trojan.Krypt) -> Delete on reboot. [242b3bbc08817fb709ff7c630cf5d22e]
C:\Users\*****\AppData\Local\Temp\1B8C.tmp (Trojan.Agent.ED) -> Delete on reboot. [d07f0ee94f3ac76fabaf02fd719018e8]
C:\Users\*****\AppData\Local\Temp\27EA.tmp (Trojan.Agent.ED) -> Delete on reboot. [1d32589f325787af2a304fb0d62bb24e]
C:\Users\*****\AppData\Local\Temp\2A2B.tmp (Trojan.Downloader) -> Delete on reboot. [e46b4ea9acdda0964486a459fc057a86]
C:\Users\*****\AppData\Local\Temp\C11.tmp (Trojan.Agent) -> Delete on reboot. [6ce3a552147524127afbbd2648b91be5]
C:\Users\*****\AppData\Local\Temp\C255.tmp (Trojan.Downloader) -> Delete on reboot. [d17eee094940af87b416b34a4fb247b9]
C:\Users\*****\AppData\Local\Temp\C39D.tmp (Trojan.Agent.ED) -> Delete on reboot. [8bc425d26128e155ce8cf20daf52946c]
C:\Users\*****\AppData\Local\Temp\C7A4.tmp (Trojan.Agent.ED) -> Delete on reboot. [fd52b3446a1faf8732284cb337ca7789]
C:\Users\*****\AppData\Local\Temp\C9D4.tmp (Spyware.Password) -> Delete on reboot. [e16ef9feacdd9e98add856a7a65b32ce]
C:\Users\*****\AppData\Local\Temp\camera.exe (Trojan.Agent.ED) -> Delete on reboot. [ada2f1066029ce68aeace8179869fe02]
C:\Users\*****\AppData\Local\Temp\D972.tmp (Trojan.Agent.ED) -> Delete on reboot. [d37cf8ffb4d57eb87bdf8d7240c1a957]
C:\Users\*****\AppData\Local\Temp\DD92.tmp (Trojan.Downloader) -> Delete on reboot. [eb6419de67224de98149da238180c43c]
C:\Users\*****\AppData\Local\Temp\586B.tmp (Spyware.Password) -> Delete on reboot. [4807f6012663d264de7aca36ba4841bf]
C:\Users\*****\AppData\Local\Temp\5C81.tmp (Trojan.Agent.ED) -> Delete on reboot. [3916bf38583152e4a7b337c820e140c0]
C:\Users\*****\AppData\Local\Temp\5E35.tmp (Trojan.Downloader) -> Delete on reboot. [69e63eb9355477bfac1e9865a859b54b]
C:\Users\*****\AppData\Local\Temp\5EA4.tmp (Trojan.Krypt) -> Delete on reboot. [afa0cc2bc3c654e2ca3e2cb34ab7f907]
C:\Users\*****\AppData\Local\Temp\6962.tmp (Spyware.Password) -> Delete on reboot. [a0af43b42e5b3402df79c93728da1ce4]
C:\Users\*****\AppData\Local\Temp\6BFC.tmp (Trojan.Agent.ED) -> Delete on reboot. [e46b6097f3967fb7ca9058a7b74a58a8]
C:\Users\*****\AppData\Local\Temp\6D52.tmp (Trojan.Agent.ED) -> Delete on reboot. [9db2f9fe622739fd0d4ddf20c23fcd33]
C:\Users\*****\AppData\Local\Temp\B6B2.tmp (Trojan.FakeAdobe.ED) -> Delete on reboot. [0c43f304a1e8b185e88f1de208f9936d]
C:\Users\*****\AppData\Local\Temp\BC1F.tmp (Trojan.Downloader) -> Delete on reboot. [4906ee09e4a551e504c624d9956c817f]
C:\Users\*****\AppData\Local\Temp\{00000083-EBE5-FC76} (Trojan.Agent.WSTGen) -> Delete on reboot. [f45b29ceacddc27427ca9851827fa45c]
c:\Users\*****\AppData\Local\Temp\{000004ef-4bfa-ae2d} (Trojan.Agent.ED) -> Delete on reboot. [85cacc2b36532610fb450fda946d33cd]
C:\Users\*****\AppData\Local\Temp\{000017FC-E9C0-92A9} (Trojan.Downloader) -> Delete on reboot. [1d32a651c2c7f442bf0b40bdf40d16ea]
C:\Users\*****\AppData\Local\Temp\{00001DB9-2C57-79FF} (Trojan.Agent) -> Delete on reboot. [57f8f403b5d4a78f3c398d56a958966a]
C:\Users\*****\AppData\Local\Temp\{00004135-627D-B9A} (Trojan.Agent.ED) -> Delete on reboot. [1738a7500a7fe650c4c549baff03dc24]
C:\Users\*****\AppData\Local\Temp\{00004C57-8CF7-DC6E} (Trojan.Agent.WSTGen) -> Delete on reboot. [74db8275addcbf77c928c42521e040c0]
C:\Users\*****\AppData\Local\Temp\{00006FB3-C6C9-842A} (Trojan.Agent.ED) -> Delete on reboot. [aba436c14049122476c86288e41d40c0]
C:\Users\*****\AppData\Local\Temp\E0EE.tmp (Trojan.Agent.ED) -> Delete on reboot. [27284fa8b6d38fa768b9f3f5e71a1de3]
C:\Users\*****\AppData\Local\Temp\E523.tmp (Trojan.Agent.ED) -> Delete on reboot. [ff509f585732f343fb4504e5ad54a65a]
C:\Users\*****\AppData\Local\Temp\E9C3.tmp (Trojan.Krypt) -> Delete on reboot. [50ff3abdfc8d1d19c93f5887867bbb45]
C:\Users\*****\AppData\Local\Temp\EA19.tmp (Trojan.Downloader) -> Delete on reboot. [64ebe71072178babf3d7ba437d8445bb]
C:\Users\*****\AppData\Local\Temp\ECF.tmp (Trojan.Krypt) -> Delete on reboot. [1b341cdb6a1f9d998187508f4eb35fa1]
C:\Users\*****\AppData\Local\Temp\EDF.tmp (Trojan.Agent.ED) -> Delete on reboot. [6de29265f29776c07b94d8273ec37e82]
C:\Users\*****\AppData\Local\Temp\fqjmyvktlq.pre (Trojan.Agent.WSTGen) -> Delete on reboot. [57f8c433ec9d22149b8e638634cd1ee2]
C:\Users\*****\AppData\Local\Temp\CB69.tmp (Trojan.Agent.ED) -> Delete on reboot. [d976e215d2b7bb7b5a00ef109e63738d]
C:\Users\*****\AppData\Local\Temp\81FC.tmp (Trojan.Agent.ED) -> Delete on reboot. [fc53f8ff58315dd9da808c730cf59c64]
C:\Users\*****\AppData\Local\Temp\8BB0.tmp (Trojan.Agent.ED) -> Delete on reboot. [94bb896e89007cbaec6edf209f62c040]
C:\Users\*****\AppData\Local\Temp\8CE4.tmp (Trojan.Agent.ED) -> Delete on reboot. [dd729e59cebbe452d08a7f80da2737c9]
C:\Users\*****\AppData\Local\Temp\904F.tmp (Trojan.Agent.ED) -> Delete on reboot. [212edd1ae8a11224a23e4fa4b34e7b85]
C:\Users\*****\AppData\Local\Temp\93D6.tmp (Trojan.Downloader) -> Delete on reboot. [db74e80fb2d70f27ca002cd1ac55de22]
C:\Users\*****\AppData\Local\Temp\9434.tmp (Trojan.Krypt) -> Delete on reboot. [d47bc4337c0da393699f4b941ce5d62a]
C:\Users\*****\AppData\Local\Temp\9EDD.tmp (Spyware.Password) -> Delete on reboot. [084702f5226750e6cd8b14eccd3517e9]
C:\Users\*****\AppData\Local\Temp\9EFD.tmp (Trojan.Agent.ED) -> Delete on reboot. [cd82c6318cfdee483921cc337d8421df]
C:\Users\*****\AppData\Local\Temp\A46A.tmp (Trojan.Krypt) -> Delete on reboot. [2a25a15619701323cd3b88574cb5aa56]
C:\Users\*****\AppData\Local\Temp\ABF.tmp (Spyware.Password) -> Delete on reboot. [a2add91e44457eb8bb9dcb35d13106fa]
C:\Users\*****\AppData\Local\Temp\35C1.tmp (Trojan.Agent.ED) -> Delete on reboot. [2827c92ecdbcac8a5ce4b2372dd423dd]
C:\Users\*****\AppData\Local\Temp\36E8.tmp (Trojan.Agent.ED) -> Delete on reboot. [99b6c6318405ff37dd441fc9976a916f]
C:\Users\*****\AppData\Local\Temp\F68F.tmp (Trojan.Agent.ED) -> Delete on reboot. [8ac5d720d1b8979f3d03ae3bd130936d]
C:\Users\*****\AppData\Local\Temp\F824.tmp (Trojan.Agent.ED) -> Delete on reboot. [a9a64baca2e7e155fc5e54abbe435ea2]
C:\Users\*****\AppData\Local\Temp\FAB3.tmp (Spyware.Password) -> Delete on reboot. [9eb1de1985044de94d0bd12f946ea858]
C:\Users\*****\AppData\Local\Temp\FD8.tmp (Trojan.Downloader) -> Delete on reboot. [2926cb2c335664d2c70356a702ff6d93]
C:\Users\*****\AppData\Local\Temp\FDC0.tmp (Trojan.Agent.ED) -> Delete on reboot. [63ecac4bbacfab8b71e9af5018e9ac54]
C:\Users\*****\AppData\Local\Temp\7AE.tmp (Trojan.Agent) -> Delete on reboot. [a3ac7e798efbd95dee8715ce33cea957]
c:\Users\*****\AppData\Local\Temp\{000095d1-cab1-5a2e} (Trojan.Agent.ED) -> Delete on reboot. [08471bdc4643aa8c934d3bb8ad5432ce]
c:\Users\*****\AppData\Local\Temp\{0000aad6-f152-336} (Trojan.Agent.ED) -> Delete on reboot. [ef60cb2cb8d1a19564dc3cadb74a1ce4]
C:\Users\*****\AppData\Local\Temp\{0000D09C-2AFE-5B50} (Trojan.Agent.ED) -> Delete on reboot. [5df2a94e137642f4471017eac0427789]
C:\Users\*****\AppData\Local\Temp\DFA4.tmp (Trojan.Agent.ED) -> Delete on reboot. [d37c8f68048582b481d98976c9388a76]
C:\Users\*****\AppData\Local\Temp\40E6.tmp (Trojan.Agent.ED) -> Delete on reboot. [c9864daa3e4b181e1d3db847a55cbf41]
C:\Users\*****\AppData\Local\Temp\4144.tmp (Trojan.Agent.ED) -> Delete on reboot. [4c03d225fe8b63d39dbde51a51b0768a]
C:\Users\*****\AppData\Local\Temp\47AA.tmp (Spyware.Password) -> Delete on reboot. [fa55ee097d0ce4520e4ad62aa959e917]
C:\Users\*****\AppData\Local\Temp\4CA9.tmp (Trojan.Downloader) -> Delete on reboot. [59f61fd8454489adb812ab52c43d946c]
C:\Users\*****\AppData\Local\Temp\4FF3.tmp (Trojan.Agent.ED) -> Delete on reboot. [d679fef9f59467cff7631ae5b54cb44c]
C:\Users\*****\AppData\Local\Temp\Doctor-thank\doctor-project.exe (Backdoor.Agent.STL) -> Delete on reboot. [b699bb3caddcd95d66815ea0669b06fa]
C:\Users\*****\AppData\Local\Doctor-shoulder\doctor_enjoy.exe (Backdoor.Agent.STL) -> Delete on reboot. [ce812bcc29601c1aac3b7f7fe51c966a]
C:\Users\*****\AppData\Local\Rnepwrqbck\uinnimak.exe (Trojan.Agent.WSTGen) -> Delete on reboot. [004f42b503863df9ae947c799a67639d]
C:\Users\*****\AppData\Local\Farmer-golf\farmer_distance.exe (Backdoor.Agent.STLGen) -> Delete on reboot. [9eb144b38aff82b4fa849c6adc26fb05]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.14.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
***** :: +++++ [administrator]

14.01.2015 17:39:37
mbar-log-2015-01-14 (17-39-37).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 319473
Time elapsed: 17 minute(s), 27 second(s)

Memory Processes Detected: 1
C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\navigation_pane.exe (Trojan.Downloader) -> 13048 -> Delete on reboot. [58f7a0576326ed492e9ceb12a9585ba5]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\navigation_pane.exe (Trojan.Downloader) -> Delete on reboot. [58f7a0576326ed492e9ceb12a9585ba5]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.14.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
***** :: +++++ [administrator]

14.01.2015 20:22:00
mbar-log-2015-01-14 (20-22-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 319344
Time elapsed: 15 minute(s), 27 second(s)

Memory Processes Detected: 1
C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\people_tags.exe (Trojan.Downloader) -> 4744 -> Delete on reboot. [cc85b83f1b6e48ee70606796d829dc24]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\people_tags.exe (Trojan.Downloader) -> Delete on reboot. [cc85b83f1b6e48ee70606796d829dc24]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 14.01.2015, 21:44

Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Riela15 · 15.01.2015, 00:07

Code:

ATTFilter

# AdwCleaner v4.107 - Bericht erstellt am 14/01/2015 um 23:07:01
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : ***** - +++++
# Gestartet von : C:\Users\*****\Desktop\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 de)


*************************

AdwCleaner[R0].txt - [1132 octets] - [14/01/2015 23:00:38]
AdwCleaner[S0].txt - [1054 octets] - [14/01/2015 23:07:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1114 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x86
Ran by ***** on 14.01.2015 at 23:18:03,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\DRIVERQUERY.EXE-DAB827CD.pf



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.01.2015 at 23:20:17,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-01-2015 01
Ran by ***** (administrator) on +++++ on 14-01-2015 23:40:42
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** (Available profiles: *****)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe
() C:\Program Files\MaxUp Video Downloader\maxup.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(EasyBits Software AS) C:\ProgramData\GameXN\GameXNGO.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(Microsoft Corporation) C:\Windows\System32\runas.exe
(Microsoft Corporation) C:\Windows\System32\dxdiag.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\Core\mchost.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [514832 2014-10-06] (McAfee, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [110348472 2015-01-14] (Microsoft Corporation)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [MaxUp Video Downloader] => C:\Program Files\MaxUp Video Downloader\maxup.exe [30720 2010-02-11] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [GameXN GO] => C:\ProgramData\GameXN\GameXNGO.exe [347008 2012-02-25] (EasyBits Software AS)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ohpjimak] => C:\Users\*****\AppData\Roaming\Cmqyzsh\ypedimak.exe [117248 2015-01-14] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] (Лаборатория Касперского НО ПУТИН ВСЕ РАВНО ХУЙЛО)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mountain-choose] => C:\Users\*****\AppData\Local\Temp\Mountain-task\mountain_appear.exe [251904 2015-01-13] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [emergency_room] => C:\ProgramData\GameXN\Chat\windows_calendar\prepopulation.exe [434176 2014-08-26] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [validation] => C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\handwriting.exe [434176 2012-08-08] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\MountPoints2: {e9c492e8-c7fe-11e1-b6ec-002421af38dd} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000 -> {3A28514C-0D87-4C90-A786-E1FE060B9784} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140325&p={SearchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {142DC14B-63E4-453E-8B4B-AE36A52BF049} hxxp://appdown.naver.com/naver/sports/Cabs/NLiveCastX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\5hgb4j72.default
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Homepage: hxxp://www.******.de
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE0D20140325&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/O1DPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-12-10]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-03-25]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-25]
FF HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-12-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\Mcafee\ActWiz\McAWFwk.exe [287728 2013-04-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [40448 2009-08-28] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 23:40 - 2015-01-14 23:40 - 00000000 ____D () C:\Users\*****\Desktop\FRST-OlderVersion
2015-01-14 23:20 - 2015-01-14 23:40 - 00000705 _____ () C:\Users\*****\Desktop\JRT.txt
2015-01-14 23:18 - 2015-01-14 23:18 - 00000000 ____D () C:\Windows\ERUNT
2015-01-14 23:17 - 2015-01-14 23:17 - 01707939 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2015-01-14 23:04 - 2015-01-14 23:04 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Cmqyzsh
2015-01-14 23:00 - 2015-01-14 23:07 - 00000000 ____D () C:\AdwCleaner
2015-01-14 22:59 - 2015-01-14 22:59 - 02191360 _____ () C:\Users\*****\Desktop\AdwCleaner_4.107.exe
2015-01-14 17:04 - 2015-01-14 22:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-14 17:04 - 2015-01-14 20:47 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 17:04 - 2015-01-14 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 17:01 - 2015-01-14 20:46 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 17:00 - 2015-01-14 21:01 - 00000000 ____D () C:\Users\*****\Desktop\mbar
2015-01-14 16:58 - 2015-01-14 16:59 - 16448208 _____ (Malwarebytes Corp.) C:\Users\*****\Desktop\mbar-1.08.2.1001.exe
2015-01-14 12:04 - 2015-01-14 12:04 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2015-01-14 12:03 - 2015-01-14 12:03 - 00000000 ____D () C:\3172b0be09dd49095d85
2015-01-14 09:27 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:27 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:27 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 09:27 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:27 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:27 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:26 - 2015-01-13 16:49 - 00000236 _____ () C:\Users\*****\Desktop\defogger_disable.txt
2015-01-13 15:56 - 2015-01-13 15:56 - 00152400 _____ () C:\Windows\Minidump\011315-24242-01.dmp
2015-01-13 15:38 - 2015-01-13 15:38 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2015-01-13 15:35 - 2015-01-13 15:35 - 00038436 _____ () C:\Users\*****\Desktop\Addition.txt
2015-01-13 15:32 - 2015-01-14 23:40 - 00018620 _____ () C:\Users\*****\Desktop\FRST.txt
2015-01-13 15:32 - 2015-01-14 23:40 - 00000000 ____D () C:\FRST
2015-01-13 15:31 - 2015-01-14 23:40 - 01116672 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2015-01-13 15:20 - 2015-01-13 16:49 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log
2015-01-13 15:20 - 2015-01-13 15:20 - 00000000 _____ () C:\Users\*****\defogger_reenable
2015-01-13 15:18 - 2015-01-13 15:18 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2015-01-10 16:14 - 2015-01-10 16:14 - 00000000 ___HD () C:\Users\*****\AppData\Local\Price-deposit
2015-01-10 15:55 - 2015-01-10 15:55 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage_imagine
2015-01-09 09:15 - 2015-01-09 09:15 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-command
2015-01-09 09:06 - 2015-01-09 09:06 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-joke
2015-01-08 09:23 - 2015-01-08 09:28 - 00785408 _____ () C:\Users\*****\Desktop\Formular Inventur Düsseldorf 2014.xls
2015-01-08 09:12 - 2015-01-10 16:16 - 00000000 ___HD () C:\Users\*****\AppData\Local\Cpecwmjid
2015-01-08 08:40 - 2015-01-08 08:40 - 00000000 ___HD () C:\Users\*****\AppData\Local\Pin-phase
2015-01-06 10:37 - 2015-01-08 17:17 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Farmer-cook
2015-01-05 18:40 - 2015-01-05 18:40 - 00005816 _____ () C:\Users\*****\AppData\Roaming\out.bin
2015-01-05 15:18 - 2015-01-05 15:18 - 00182784 _____ () C:\Users\*****\AppData\Roaming\salmagundis.c
2015-01-02 08:17 - 2015-01-14 17:29 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-golf
2014-12-26 08:26 - 2015-01-05 10:00 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Ppqbxpput
2014-12-19 21:10 - 2014-12-23 20:56 - 00000000 ____D () C:\Users\*****\Desktop\Presentazione Düsseldorf -
2014-12-19 09:26 - 2015-01-14 17:29 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-shoulder
2014-12-18 11:08 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:47 - 2014-12-18 11:23 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Fbkkan
2014-12-18 10:45 - 2014-12-18 10:47 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Wiyuws
2014-12-18 10:35 - 2014-12-18 10:45 - 00000000 ___HD () C:\Users\*****\AppData\Local\Nfnbbvqez
2014-12-15 10:05 - 2014-12-18 10:35 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Ktaqfpqp
2014-12-15 09:55 - 2014-12-24 10:46 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage-explain

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 23:41 - 2012-02-25 19:45 - 00000000 ____D () C:\ProgramData\GameXN
2015-01-14 23:29 - 2010-12-12 13:09 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA.job
2015-01-14 23:17 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 23:17 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 23:14 - 2009-12-11 14:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2015-01-14 23:08 - 2009-12-11 12:10 - 00880956 _____ () C:\Windows\PFRO.log
2015-01-14 23:08 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 23:08 - 2009-07-14 05:39 - 00251822 _____ () C:\Windows\setupact.log
2015-01-14 23:07 - 2009-12-11 11:40 - 01646037 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 20:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-14 20:29 - 2010-12-12 13:09 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core.job
2015-01-14 17:33 - 2012-02-25 19:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\go
2015-01-14 17:32 - 2014-11-24 21:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Avira32
2015-01-14 17:32 - 2014-11-24 16:42 - 00000000 ___HD () C:\Users\*****\AppData\Local\Firefox64
2015-01-14 17:32 - 2014-11-22 19:41 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Loader
2015-01-14 17:32 - 2014-11-22 19:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Run
2015-01-14 17:32 - 2014-10-16 12:24 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Script
2015-01-14 17:32 - 2014-10-11 10:21 - 00000000 ___HD () C:\Users\*****\AppData\Local\Gorebxesay
2015-01-14 17:32 - 2014-10-10 10:12 - 00000000 ___HD () C:\Users\*****\AppData\Local\Lpsgds
2015-01-14 17:29 - 2014-12-13 05:22 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Farmer_picture
2015-01-14 17:29 - 2014-11-24 16:13 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Office7reg
2015-01-14 17:29 - 2014-11-22 20:22 - 00000000 ___HD () C:\Users\*****\AppData\Local\Rnepwrqbck
2015-01-14 17:29 - 2014-10-17 09:43 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Update
2015-01-14 12:03 - 2013-08-15 09:14 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 12:03 - 2009-12-11 12:06 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 15:56 - 2014-08-07 10:26 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 15:56 - 2014-08-07 10:25 - 380116606 _____ () C:\Windows\MEMORY.DMP
2015-01-13 15:20 - 2009-12-11 11:59 - 00000000 ____D () C:\Users\*****
2015-01-13 15:10 - 2009-12-11 12:35 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-13 14:03 - 2014-10-16 15:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Win
2015-01-12 17:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-10 16:35 - 2009-12-11 14:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Apple Computer
2015-01-06 15:46 - 2009-12-11 11:54 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 18:34 - 2014-10-10 14:47 - 00000000 ____D () C:\ProgramData\kjsdym
2014-12-22 14:50 - 2013-06-23 09:48 - 00000000 ____D () C:\Users\*****\Documents\Agnes
2014-12-20 16:55 - 2012-10-27 09:57 - 00000000 ____D () C:\Users\*****\Documents\Gabriela
2014-12-19 10:33 - 2013-02-27 13:02 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-12-19 10:33 - 2011-12-04 21:26 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-15 16:07 - 2011-10-20 21:01 - 00000000 ____D () C:\Users\*****\Desktop\gemeinschaft

Files to move or delete:
====================
C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe
C:\Users\*****\AppData\Local\Temp\Mountain-task\mountain_appear.exe
C:\Users\*****\install_reader11_de_ltr5x32d_awc_aih.exe


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\contentDATs.exe
C:\Users\*****\AppData\Local\Temp\FileSystemView.dll
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate08.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate09.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate10.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate11.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate12.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate13.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate14.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate15.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate16.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate17.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate18.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate19.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate20.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate21.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate22.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate23.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate24.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate25.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate26.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate27.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate28.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate29.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate30.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate31.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate32.exe
C:\Users\*****\AppData\Local\Temp\GUR5F06.exe
C:\Users\*****\AppData\Local\Temp\GUR98D5.exe
C:\Users\*****\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.dll
C:\Users\*****\AppData\Local\Temp\_is11FB.exe
C:\Users\*****\AppData\Local\Temp\_is37A.exe
C:\Users\*****\AppData\Local\Temp\_is453B.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 12:19

==================== End Of Log ============================

--- --- ---

Mit der Addition.txt war ich weniger erfolgreich, habe vergessen die gestrige Datei vom Desktop zu löschen. So hat er keine neue erstellt. Jetzt scanne ich zum 2. Mal, dauert aber ewig. werde ihn jetzt irgendwie beenden und morgen noch mal versuchen.

cosinus · 15.01.2015, 00:16

Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

Riela15 · 15.01.2015, 11:42

Morgen! Das Häkchen war gestern gesetzt. Heute habe ich genauso gestartet, er scannt jetzt fast 40 Minuten... "Listing installed Programms..." steht da.
Ich hatte das Programm gestern nicht neu downgeloadet, sd. das von vorgestern genommen, das ich auf dem Desktop hatte. Ist das ok?

warte, vorläufiges Ergebnis (da er ja weiter scannt):

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-01-2015 01
Ran by ***** at 2015-01-15 09:58:29
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

FRST scannt immer noch... und lässt sich nicht schließen. Ist das normal?

cosinus · 15.01.2015, 12:30

Hm...auch bei dir ist das Log unvollständig...

FRST löschen, neu runterladen auf den Desktop und erneut ausführen

Riela15 · 15.01.2015, 15:05

sieht besser aus!

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015
Ran by ***** (administrator) on +++++ on 15-01-2015 14:59:13
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** (Available profiles: *****)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe
() C:\Program Files\MaxUp Video Downloader\maxup.exe
(EasyBits Software AS) C:\ProgramData\GameXN\GameXNGO.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Moritz Bunkus) C:\ProgramData\GameXN\Chat\windows_calendar\shuffle_all.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Ipswitch) C:\Program Files\WS_FTP Pro\WsftpCOMHelper.exe
(Microsoft Corporation) C:\Windows\System32\regini.exe
(Microsoft Corporation) C:\Windows\System32\gpresult.exe
(Microsoft Corporation) C:\Windows\System32\sethc.exe
(Microsoft Corporation) C:\Windows\System32\xcopy.exe
(Microsoft Corporation) C:\Windows\System32\dvdupgrd.exe
(Microsoft Corporation) C:\Windows\System32\sfc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Company 'gora-sah') C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\branch_code.exe
(Company 'gora-sah') C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\kit_item.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [514832 2014-10-06] (McAfee, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [110348472 2015-01-14] (Microsoft Corporation)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [MaxUp Video Downloader] => C:\Program Files\MaxUp Video Downloader\maxup.exe [30720 2010-02-11] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [GameXN GO] => C:\ProgramData\GameXN\GameXNGO.exe [347008 2012-02-25] (EasyBits Software AS)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ohpjimak] => C:\Users\*****\AppData\Roaming\Cmqyzsh\ypedimak.exe [117248 2015-01-14] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [emergency_room] => C:\ProgramData\GameXN\Chat\windows_calendar\shuffle_all.exe [239616 2012-05-01] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [validation] => C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\live_mesh.exe [239616 2014-11-25] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\MountPoints2: {e9c492e8-c7fe-11e1-b6ec-002421af38dd} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000 -> {3A28514C-0D87-4C90-A786-E1FE060B9784} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140325&p={SearchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {142DC14B-63E4-453E-8B4B-AE36A52BF049} hxxp://appdown.naver.com/naver/sports/Cabs/NLiveCastX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\5hgb4j72.default
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Homepage: hxxp://www.******.de
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE0D20140325&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/O1DPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-12-10]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-03-25]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-25]
FF HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-12-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\Mcafee\ActWiz\McAWFwk.exe [287728 2013-04-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [40448 2009-08-28] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 14:59 - 2015-01-15 14:59 - 00019721 _____ () C:\Users\*****\Desktop\FRST.txt
2015-01-15 14:57 - 2015-01-15 14:57 - 01116672 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2015-01-15 10:50 - 2015-01-15 10:50 - 00000000 ___HD () C:\Users\*****\AppData\Local\Mountainproposed
2015-01-15 10:28 - 2015-01-15 10:32 - 00000944 _____ () C:\Users\*****\Desktop\Neues Textdokument.txt
2015-01-14 23:44 - 2015-01-15 14:54 - 00000000 ____D () C:\Users\*****\Desktop\alte ERgebnisse
2015-01-14 23:20 - 2015-01-14 23:40 - 00000705 _____ () C:\Users\*****\Desktop\JRT.txt
2015-01-14 23:18 - 2015-01-14 23:18 - 00000000 ____D () C:\Windows\ERUNT
2015-01-14 23:17 - 2015-01-14 23:17 - 01707939 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2015-01-14 23:04 - 2015-01-14 23:04 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Cmqyzsh
2015-01-14 23:00 - 2015-01-14 23:07 - 00000000 ____D () C:\AdwCleaner
2015-01-14 22:59 - 2015-01-14 22:59 - 02191360 _____ () C:\Users\*****\Desktop\AdwCleaner_4.107.exe
2015-01-14 17:04 - 2015-01-14 22:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-14 17:04 - 2015-01-14 20:47 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 17:04 - 2015-01-14 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 17:01 - 2015-01-14 20:46 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 17:00 - 2015-01-14 21:01 - 00000000 ____D () C:\Users\*****\Desktop\mbar
2015-01-14 16:58 - 2015-01-14 16:59 - 16448208 _____ (Malwarebytes Corp.) C:\Users\*****\Desktop\mbar-1.08.2.1001.exe
2015-01-14 12:04 - 2015-01-14 16:47 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2015-01-14 12:03 - 2015-01-14 12:03 - 00000000 ____D () C:\3172b0be09dd49095d85
2015-01-14 09:27 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:27 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:27 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 09:27 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:27 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:27 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:26 - 2015-01-13 16:49 - 00000236 _____ () C:\Users\*****\Desktop\defogger_disable.txt
2015-01-13 15:56 - 2015-01-13 15:56 - 00152400 _____ () C:\Windows\Minidump\011315-24242-01.dmp
2015-01-13 15:38 - 2015-01-13 15:38 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2015-01-13 15:32 - 2015-01-15 14:59 - 00000000 ____D () C:\FRST
2015-01-13 15:20 - 2015-01-13 16:49 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log
2015-01-13 15:20 - 2015-01-13 15:20 - 00000000 _____ () C:\Users\*****\defogger_reenable
2015-01-13 15:18 - 2015-01-13 15:18 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2015-01-10 16:14 - 2015-01-10 16:14 - 00000000 ___HD () C:\Users\*****\AppData\Local\Price-deposit
2015-01-10 15:55 - 2015-01-10 15:55 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage_imagine
2015-01-09 09:15 - 2015-01-09 09:15 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-command
2015-01-09 09:06 - 2015-01-09 09:06 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-joke
2015-01-08 09:23 - 2015-01-08 09:28 - 00785408 _____ () C:\Users\*****\Desktop\Formular Inventur Düsseldorf 2014.xls
2015-01-08 09:12 - 2015-01-10 16:16 - 00000000 ___HD () C:\Users\*****\AppData\Local\Cpecwmjid
2015-01-08 08:40 - 2015-01-08 08:40 - 00000000 ___HD () C:\Users\*****\AppData\Local\Pin-phase
2015-01-06 10:37 - 2015-01-08 17:17 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Farmer-cook
2015-01-05 18:40 - 2015-01-05 18:40 - 00005816 _____ () C:\Users\*****\AppData\Roaming\out.bin
2015-01-05 15:18 - 2015-01-05 15:18 - 00182784 _____ () C:\Users\*****\AppData\Roaming\salmagundis.c
2015-01-02 08:17 - 2015-01-14 17:29 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-golf
2014-12-26 08:26 - 2015-01-05 10:00 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Ppqbxpput
2014-12-19 21:10 - 2014-12-23 20:56 - 00000000 ____D () C:\Users\*****\Desktop\Presentazione Düsseldorf -
2014-12-19 09:26 - 2015-01-14 17:29 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-shoulder
2014-12-18 11:08 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:47 - 2014-12-18 11:23 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Fbkkan
2014-12-18 10:45 - 2014-12-18 10:47 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Wiyuws
2014-12-18 10:35 - 2014-12-18 10:45 - 00000000 ___HD () C:\Users\*****\AppData\Local\Nfnbbvqez

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 14:56 - 2009-12-11 11:40 - 01698272 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 14:55 - 2009-12-11 14:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2015-01-15 14:51 - 2012-02-25 19:45 - 00000000 ____D () C:\ProgramData\GameXN
2015-01-15 14:50 - 2012-02-25 19:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\go
2015-01-15 14:49 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 14:49 - 2009-07-14 05:39 - 00252046 _____ () C:\Windows\setupact.log
2015-01-15 14:48 - 2009-12-11 12:10 - 00881544 _____ () C:\Windows\PFRO.log
2015-01-15 14:34 - 2010-12-12 13:09 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA.job
2015-01-15 09:10 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 09:10 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 20:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-14 20:29 - 2010-12-12 13:09 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core.job
2015-01-14 17:32 - 2014-11-24 21:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Avira32
2015-01-14 17:32 - 2014-11-24 16:42 - 00000000 ___HD () C:\Users\*****\AppData\Local\Firefox64
2015-01-14 17:32 - 2014-11-22 19:41 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Loader
2015-01-14 17:32 - 2014-11-22 19:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Run
2015-01-14 17:32 - 2014-10-16 12:24 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Script
2015-01-14 17:32 - 2014-10-11 10:21 - 00000000 ___HD () C:\Users\*****\AppData\Local\Gorebxesay
2015-01-14 17:32 - 2014-10-10 10:12 - 00000000 ___HD () C:\Users\*****\AppData\Local\Lpsgds
2015-01-14 17:29 - 2014-12-13 05:22 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Farmer_picture
2015-01-14 17:29 - 2014-11-24 16:13 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Office7reg
2015-01-14 17:29 - 2014-11-22 20:22 - 00000000 ___HD () C:\Users\*****\AppData\Local\Rnepwrqbck
2015-01-14 17:29 - 2014-10-17 09:43 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Update
2015-01-14 12:03 - 2013-08-15 09:14 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 12:03 - 2009-12-11 12:06 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 15:56 - 2014-08-07 10:26 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 15:56 - 2014-08-07 10:25 - 380116606 _____ () C:\Windows\MEMORY.DMP
2015-01-13 15:20 - 2009-12-11 11:59 - 00000000 ____D () C:\Users\*****
2015-01-13 15:10 - 2009-12-11 12:35 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-13 14:03 - 2014-10-16 15:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Win
2015-01-12 17:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-10 16:35 - 2009-12-11 14:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Apple Computer
2015-01-06 15:46 - 2009-12-11 11:54 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 18:34 - 2014-10-10 14:47 - 00000000 ____D () C:\ProgramData\kjsdym
2014-12-24 10:46 - 2014-12-15 09:55 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage-explain
2014-12-22 14:50 - 2013-06-23 09:48 - 00000000 ____D () C:\Users\*****\Documents\Agnes
2014-12-20 16:55 - 2012-10-27 09:57 - 00000000 ____D () C:\Users\*****\Documents\Gabriela
2014-12-19 10:33 - 2013-02-27 13:02 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-12-19 10:33 - 2011-12-04 21:26 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-18 10:35 - 2014-12-15 10:05 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Ktaqfpqp

Files to move or delete:
====================
C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe
C:\Users\*****\install_reader11_de_ltr5x32d_awc_aih.exe


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\contentDATs.exe
C:\Users\*****\AppData\Local\Temp\FileSystemView.dll
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate08.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate09.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate10.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate11.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate12.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate13.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate14.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate15.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate16.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate17.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate18.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate19.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate20.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate21.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate22.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate23.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate24.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate25.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate26.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate27.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate28.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate29.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate30.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate31.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate32.exe
C:\Users\*****\AppData\Local\Temp\GUR5F06.exe
C:\Users\*****\AppData\Local\Temp\GUR98D5.exe
C:\Users\*****\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.dll
C:\Users\*****\AppData\Local\Temp\_is11FB.exe
C:\Users\*****\AppData\Local\Temp\_is37A.exe
C:\Users\*****\AppData\Local\Temp\_is453B.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 12:19

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015
Ran by ***** at 2015-01-15 15:00:05
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
d71kibj5usy (HKLM\...\{2028b740-5aa6-4f26-b77c-db4d43d458a2}.sdb) (Version:  - )
Epson Easy Photo Print 2 (HKLM\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Stylus Office BX300F_TX300F Handbuch (HKLM\...\EPSON Stylus Office BX300F_TX300F Benutzerhandbuch) (Version:  - )
GameXN GO (HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Game Organizer) (Version:  - GameXN AS)
Garmin City Navigator Europe NT 2010.31 Update (HKLM\...\{D22F5242-773E-4270-AB1F-492021BCABBE}) (Version: 13.31.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{15F4085A-BC98-4590-AFFD-03BBBE49524E}) (Version: 2.9.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Ipswitch WS_FTP 12 (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.4 - Ipswitch)
Ipswitch WS_FTP Pro Uninstall (HKLM\...\WS_FTPPro) (Version:  - )
iTunes (HKLM\...\{81063354-9060-42B2-A000-1EBE96778AA9}) (Version: 9.0.3.15 - Apple Inc.)
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
MaxUp Video Downloader 1.0 (HKLM\...\MaxUp Video Downloader_is1) (Version:  - )
McAfee Internet Security (HKLM\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero 7 Essentials (HKLM\...\{F17F7703-1E72-40C1-A0DD-E5B365661031}) (Version: 7.02.0794 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
oryvs1aqn (HKLM\...\{9d31bfce-bd21-4218-bb95-90d535e179ad}.sdb) (Version:  - )
Pacchetto di compatibilità per Office System 2007 (HKLM\...\{90120000-0020-0410-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
pkauey3tjte (HKLM\...\{668f6d88-11ad-439a-8277-66a1790133df}.sdb) (Version:  - )
QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.19045 - TeamViewer)
Voipwise (HKLM\...\Voipwise_is1) (Version: 4.04 build 550 - Finarea S.A. Switzerland)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

14-08-2014 15:45:31 Windows Update
15-08-2014 02:00:59 Windows Update
15-08-2014 06:39:58 Windows Update
15-08-2014 08:56:54 Windows Update
15-08-2014 15:46:44 Windows Update
15-08-2014 18:52:37 Windows Update
16-08-2014 15:21:32 Windows Update
16-08-2014 17:29:54 Windows Update
24-08-2014 14:29:40 Windows Update
24-08-2014 16:58:16 Windows Update
25-08-2014 19:56:20 Windows Update
26-08-2014 04:55:22 Windows Update
26-08-2014 20:07:12 Windows Update
27-08-2014 03:41:53 Windows Update
27-08-2014 11:03:58 Windows Update
27-08-2014 11:19:31 Windows Update
27-08-2014 17:48:37 Windows Update
28-08-2014 11:03:42 Windows Update
28-08-2014 12:06:41 Windows Update
28-08-2014 15:41:36 Windows Update
28-08-2014 19:15:34 Windows Update
28-08-2014 20:18:58 Windows Update
29-08-2014 08:11:48 Windows Update
29-08-2014 18:57:49 Windows Update
30-08-2014 09:36:02 Windows Update
30-08-2014 17:54:55 Windows Update
31-08-2014 09:25:08 Windows Update
31-08-2014 17:07:02 Windows Update
01-09-2014 10:50:30 Windows Update
01-09-2014 18:26:52 Windows Update
02-09-2014 18:45:20 Windows Update
03-09-2014 17:21:59 Windows Update
04-09-2014 10:50:38 Windows Update
04-09-2014 19:08:12 Windows Update
05-09-2014 10:58:22 Windows Update
05-09-2014 16:46:13 Windows Update
05-09-2014 17:28:20 Windows Update
06-09-2014 18:48:51 Windows Update
07-09-2014 05:58:34 Windows Update
07-09-2014 11:08:41 Windows Update
07-09-2014 18:05:49 Windows Update
08-09-2014 06:57:55 Windows Update
08-09-2014 07:46:53 Windows Update
08-09-2014 19:23:15 Windows Update
10-09-2014 02:00:40 Windows Update
11-09-2014 09:48:30 Windows Update
19-09-2014 18:28:52 Geplanter Prüfpunkt
24-09-2014 13:25:20 Windows Update
01-10-2014 17:52:13 Windows Update
09-10-2014 17:36:19 Geplanter Prüfpunkt
17-10-2014 10:53:55 Windows Update
28-10-2014 11:30:44 Geplanter Prüfpunkt
10-11-2014 09:42:48 Geplanter Prüfpunkt
23-11-2014 16:49:01 Windows Update
09-12-2014 12:41:10 Geplanter Prüfpunkt
11-12-2014 17:16:41 Windows Update
12-12-2014 11:19:46 Windows Update
18-12-2014 11:56:46 Windows Update
12-01-2015 17:15:48 Geplanter Prüfpunkt
13-01-2015 14:55:35 Pacchetto di compatibilità per Office System 2007 rimosso
14-01-2015 12:02:19 Windows Update
14-01-2015 17:28:35 Malwarebytes Anti-Rootkit Restore Point
14-01-2015 20:14:21 Malwarebytes Anti-Rootkit Restore Point
14-01-2015 20:37:53 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {206CE3E2-8524-4F1C-B7FF-CDE721B58C9E} - System32\Tasks\{B442546E-03F9-4483-BC3C-58AA2C567E8A} => C:\Program Files\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {43404FC0-9F2A-45FE-AD73-62205FC36867} - System32\Tasks\{7146788D-B689-4C90-9E0F-54F548C2E2C3} => pcalua.exe -a "C:\Users\*****\Desktop\garmin_rmu_cneunt2010_30c.exe" -d "C:\Users\*****\Desktop"
Task: {6D19F507-D68A-44A8-8607-57C33CAA7633} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {99AE1380-A9DE-4929-ABEC-236142A35B77} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9DFC69C3-8097-41C6-B432-ED2B1334BB5C} - System32\Tasks\{EBF9F240-B55D-44CE-B449-5BF99E3F757B} => pcalua.exe -a "E:\WS_FTP Pro 6.0 GER\wsftpsup.exe" -d "E:\WS_FTP Pro 6.0 GER"
Task: {F21621DF-23FF-4F93-B32B-9B421CF7A1FE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {F5C0661C-94A5-4F91-92D3-2EA7CFEE4519} - System32\Tasks\{579295C0-AD4F-418C-A9F7-C0C85BCB4C22} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {F7BF453F-D5E8-4E5E-8ECB-C7A3E9BFC313} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
1999-07-23 08:08 - 1999-07-23 08:08 - 00045568 _____ () C:\Program Files\WS_FTP Pro\nsftpch.dll
2014-04-22 18:06 - 2012-10-12 15:39 - 06622288 _____ () C:\Program Files\WS_FTP Pro\res0407.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-07-16 15:34 - 2009-07-16 15:34 - 02140944 _____ () C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 07704336 _____ () C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00968976 _____ () C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00475408 _____ () C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00363792 _____ () C:\Program Files\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00199952 _____ () C:\Program Files\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00027408 _____ () C:\Program Files\Logitech\Logitech Vid\SDL.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 11311888 _____ () C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00291600 _____ () C:\Program Files\Logitech\Logitech Vid\phonon4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00028944 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00035088 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00138000 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2010-04-11 12:45 - 2010-02-11 22:26 - 00030720 _____ () C:\Program Files\MaxUp Video Downloader\maxup.exe
2010-04-11 12:45 - 2009-11-03 13:03 - 00043008 _____ () C:\Program Files\MaxUp Video Downloader\_socket.pyd
2010-04-11 12:45 - 2009-11-03 13:03 - 00805376 _____ () C:\Program Files\MaxUp Video Downloader\_ssl.pyd
2010-04-11 12:45 - 2009-11-20 17:23 - 01169920 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtCore.pyd
2010-04-11 12:45 - 2009-10-22 19:52 - 01951744 _____ () C:\Program Files\MaxUp Video Downloader\QtCore4.dll
2010-04-11 12:45 - 2009-11-20 17:10 - 00059904 _____ () C:\Program Files\MaxUp Video Downloader\sip.pyd
2010-04-11 12:45 - 2009-11-20 17:28 - 04477952 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtGui.pyd
2010-04-11 12:45 - 2009-10-22 20:00 - 07236608 _____ () C:\Program Files\MaxUp Video Downloader\QtGui4.dll
2010-04-11 12:45 - 2009-11-20 17:29 - 00151040 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtWebKit.pyd
2010-04-11 12:45 - 2009-10-22 20:38 - 08476672 _____ () C:\Program Files\MaxUp Video Downloader\QtWebKit4.dll
2010-04-11 12:45 - 2009-10-22 20:04 - 00241664 _____ () C:\Program Files\MaxUp Video Downloader\phonon4.dll
2010-04-11 12:45 - 2009-10-22 19:53 - 00875520 _____ () C:\Program Files\MaxUp Video Downloader\QtNetwork4.dll
2010-04-11 12:45 - 2009-11-20 17:28 - 00343040 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtNetwork.pyd
2010-04-11 12:45 - 2009-11-03 12:35 - 00092160 _____ () C:\Program Files\MaxUp Video Downloader\win32api.pyd
2010-04-11 12:45 - 2009-11-03 13:04 - 00107520 _____ () C:\Program Files\MaxUp Video Downloader\pywintypes26.dll
2010-04-11 12:45 - 2009-11-03 13:04 - 00353792 _____ () C:\Program Files\MaxUp Video Downloader\pythoncom26.dll
2010-04-11 12:45 - 2009-11-03 12:43 - 00244736 _____ () C:\Program Files\MaxUp Video Downloader\win32com.shell.shell.pyd
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-12-10 10:18 - 2014-12-10 10:18 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2950267747-3488905677-2633809525-500 - Administrator - Disabled)
Gast (S-1-5-21-2950267747-3488905677-2633809525-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2950267747-3488905677-2633809525-1005 - Limited - Enabled)
***** (S-1-5-21-2950267747-3488905677-2633809525-1000 - Administrator - Enabled) => C:\Users\*****

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2015 02:55:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:55:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:46:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:46:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:35:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST.exe, Version 14.1.2015.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2744

Startzeit: 01d030a14a85ebf6

Endzeit: 6

Anwendungspfad: C:\Users\*****\Desktop\FRST.exe

Berichts-ID:

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3026

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3026

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/15/2015 00:12:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028

Error: (01/15/2015 00:12:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028


System errors:
=============
Error: (01/15/2015 02:53:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/15/2015 02:53:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.

Error: (01/15/2015 02:50:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (01/15/2015 02:50:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "iPod-Dienst" wurde mit folgendem Fehler beendet: 
%%-2147417831

Error: (01/15/2015 09:04:43 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (01/15/2015 09:04:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/15/2015 09:04:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.


Microsoft Office Sessions:
=========================
Error: (01/15/2015 02:55:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:55:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:46:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:46:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:35:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe14.1.2015.1274401d030a14a85ebf66C:\Users\*****\Desktop\FRST.exe

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3026

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3026

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/15/2015 00:12:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028

Error: (01/15/2015 00:12:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 56%
Total physical RAM: 3070.18 MB
Available physical RAM: 1349.69 MB
Total Pagefile: 6138.65 MB
Available Pagefile: 4049.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.11 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:583.49 GB) (Free:468.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.67 GB) (Free:1.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=583.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Riela15 · 15.01.2015, 15:28

seltsam, hab vor ner halben Stunde was gepostet...
Also, nochmal. Ergebnis sieht besser aus:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015
Ran by ***** (administrator) on +++++ on 15-01-2015 14:59:13
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** (Available profiles: *****)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe
() C:\Program Files\MaxUp Video Downloader\maxup.exe
(EasyBits Software AS) C:\ProgramData\GameXN\GameXNGO.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Moritz Bunkus) C:\ProgramData\GameXN\Chat\windows_calendar\shuffle_all.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Ipswitch) C:\Program Files\WS_FTP Pro\WsftpCOMHelper.exe
(Microsoft Corporation) C:\Windows\System32\regini.exe
(Microsoft Corporation) C:\Windows\System32\gpresult.exe
(Microsoft Corporation) C:\Windows\System32\sethc.exe
(Microsoft Corporation) C:\Windows\System32\xcopy.exe
(Microsoft Corporation) C:\Windows\System32\dvdupgrd.exe
(Microsoft Corporation) C:\Windows\System32\sfc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Company 'gora-sah') C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330458\antispyware_software\branch_code.exe
(Company 'gora-sah') C:\ProgramData\GARMIN\Maps\City Navigator Europe NT 2010.30.gmap\Product1\00330464\connection_manager\kit_item.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [141608 2010-02-15] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [514832 2014-10-06] (McAfee, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [110348472 2015-01-14] (Microsoft Corporation)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [MaxUp Video Downloader] => C:\Program Files\MaxUp Video Downloader\maxup.exe [30720 2010-02-11] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [GameXN GO] => C:\ProgramData\GameXN\GameXNGO.exe [347008 2012-02-25] (EasyBits Software AS)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ohpjimak] => C:\Users\*****\AppData\Roaming\Cmqyzsh\ypedimak.exe [117248 2015-01-14] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [emergency_room] => C:\ProgramData\GameXN\Chat\windows_calendar\shuffle_all.exe [239616 2012-05-01] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [validation] => C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\live_mesh.exe [239616 2014-11-25] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\MountPoints2: {e9c492e8-c7fe-11e1-b6ec-002421af38dd} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000 -> {3A28514C-0D87-4C90-A786-E1FE060B9784} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140325&p={SearchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {142DC14B-63E4-453E-8B4B-AE36A52BF049} hxxp://appdown.naver.com/naver/sports/Cabs/NLiveCastX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\5hgb4j72.default
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Homepage: hxxp://www.******.de
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE0D20140325&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @talk.google.com/O1DPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2950267747-3488905677-2633809525-1000: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-12-10]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-03-25]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-25]
FF HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-12-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\Mcafee\ActWiz\McAWFwk.exe [287728 2013-04-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [40448 2009-08-28] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 14:59 - 2015-01-15 14:59 - 00019721 _____ () C:\Users\*****\Desktop\FRST.txt
2015-01-15 14:57 - 2015-01-15 14:57 - 01116672 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2015-01-15 10:50 - 2015-01-15 10:50 - 00000000 ___HD () C:\Users\*****\AppData\Local\Mountainproposed
2015-01-15 10:28 - 2015-01-15 10:32 - 00000944 _____ () C:\Users\*****\Desktop\Neues Textdokument.txt
2015-01-14 23:44 - 2015-01-15 14:54 - 00000000 ____D () C:\Users\*****\Desktop\alte ERgebnisse
2015-01-14 23:20 - 2015-01-14 23:40 - 00000705 _____ () C:\Users\*****\Desktop\JRT.txt
2015-01-14 23:18 - 2015-01-14 23:18 - 00000000 ____D () C:\Windows\ERUNT
2015-01-14 23:17 - 2015-01-14 23:17 - 01707939 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2015-01-14 23:04 - 2015-01-14 23:04 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Cmqyzsh
2015-01-14 23:00 - 2015-01-14 23:07 - 00000000 ____D () C:\AdwCleaner
2015-01-14 22:59 - 2015-01-14 22:59 - 02191360 _____ () C:\Users\*****\Desktop\AdwCleaner_4.107.exe
2015-01-14 17:04 - 2015-01-14 22:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-14 17:04 - 2015-01-14 20:47 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 17:04 - 2015-01-14 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 17:01 - 2015-01-14 20:46 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 17:00 - 2015-01-14 21:01 - 00000000 ____D () C:\Users\*****\Desktop\mbar
2015-01-14 16:58 - 2015-01-14 16:59 - 16448208 _____ (Malwarebytes Corp.) C:\Users\*****\Desktop\mbar-1.08.2.1001.exe
2015-01-14 12:04 - 2015-01-14 16:47 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2015-01-14 12:03 - 2015-01-14 12:03 - 00000000 ____D () C:\3172b0be09dd49095d85
2015-01-14 09:27 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:27 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:27 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 09:27 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:27 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:27 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:26 - 2015-01-13 16:49 - 00000236 _____ () C:\Users\*****\Desktop\defogger_disable.txt
2015-01-13 15:56 - 2015-01-13 15:56 - 00152400 _____ () C:\Windows\Minidump\011315-24242-01.dmp
2015-01-13 15:38 - 2015-01-13 15:38 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2015-01-13 15:32 - 2015-01-15 14:59 - 00000000 ____D () C:\FRST
2015-01-13 15:20 - 2015-01-13 16:49 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log
2015-01-13 15:20 - 2015-01-13 15:20 - 00000000 _____ () C:\Users\*****\defogger_reenable
2015-01-13 15:18 - 2015-01-13 15:18 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2015-01-10 16:14 - 2015-01-10 16:14 - 00000000 ___HD () C:\Users\*****\AppData\Local\Price-deposit
2015-01-10 15:55 - 2015-01-10 15:55 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage_imagine
2015-01-09 09:15 - 2015-01-09 09:15 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-command
2015-01-09 09:06 - 2015-01-09 09:06 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-joke
2015-01-08 09:23 - 2015-01-08 09:28 - 00785408 _____ () C:\Users\*****\Desktop\Formular Inventur Düsseldorf 2014.xls
2015-01-08 09:12 - 2015-01-10 16:16 - 00000000 ___HD () C:\Users\*****\AppData\Local\Cpecwmjid
2015-01-08 08:40 - 2015-01-08 08:40 - 00000000 ___HD () C:\Users\*****\AppData\Local\Pin-phase
2015-01-06 10:37 - 2015-01-08 17:17 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Farmer-cook
2015-01-05 18:40 - 2015-01-05 18:40 - 00005816 _____ () C:\Users\*****\AppData\Roaming\out.bin
2015-01-05 15:18 - 2015-01-05 15:18 - 00182784 _____ () C:\Users\*****\AppData\Roaming\salmagundis.c
2015-01-02 08:17 - 2015-01-14 17:29 - 00000000 ___HD () C:\Users\*****\AppData\Local\Farmer-golf
2014-12-26 08:26 - 2015-01-05 10:00 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Ppqbxpput
2014-12-19 21:10 - 2014-12-23 20:56 - 00000000 ____D () C:\Users\*****\Desktop\Presentazione Düsseldorf -
2014-12-19 09:26 - 2015-01-14 17:29 - 00000000 ___HD () C:\Users\*****\AppData\Local\Doctor-shoulder
2014-12-18 11:08 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:47 - 2014-12-18 11:23 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Fbkkan
2014-12-18 10:45 - 2014-12-18 10:47 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Wiyuws
2014-12-18 10:35 - 2014-12-18 10:45 - 00000000 ___HD () C:\Users\*****\AppData\Local\Nfnbbvqez

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 14:56 - 2009-12-11 11:40 - 01698272 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 14:55 - 2009-12-11 14:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2015-01-15 14:51 - 2012-02-25 19:45 - 00000000 ____D () C:\ProgramData\GameXN
2015-01-15 14:50 - 2012-02-25 19:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\go
2015-01-15 14:49 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 14:49 - 2009-07-14 05:39 - 00252046 _____ () C:\Windows\setupact.log
2015-01-15 14:48 - 2009-12-11 12:10 - 00881544 _____ () C:\Windows\PFRO.log
2015-01-15 14:34 - 2010-12-12 13:09 - 00001168 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA.job
2015-01-15 09:10 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 09:10 - 2009-07-14 05:34 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 20:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-14 20:29 - 2010-12-12 13:09 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core.job
2015-01-14 17:32 - 2014-11-24 21:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Avira32
2015-01-14 17:32 - 2014-11-24 16:42 - 00000000 ___HD () C:\Users\*****\AppData\Local\Firefox64
2015-01-14 17:32 - 2014-11-22 19:41 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Loader
2015-01-14 17:32 - 2014-11-22 19:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Run
2015-01-14 17:32 - 2014-10-16 12:24 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Script
2015-01-14 17:32 - 2014-10-11 10:21 - 00000000 ___HD () C:\Users\*****\AppData\Local\Gorebxesay
2015-01-14 17:32 - 2014-10-10 10:12 - 00000000 ___HD () C:\Users\*****\AppData\Local\Lpsgds
2015-01-14 17:29 - 2014-12-13 05:22 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Farmer_picture
2015-01-14 17:29 - 2014-11-24 16:13 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Office7reg
2015-01-14 17:29 - 2014-11-22 20:22 - 00000000 ___HD () C:\Users\*****\AppData\Local\Rnepwrqbck
2015-01-14 17:29 - 2014-10-17 09:43 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Update
2015-01-14 12:03 - 2013-08-15 09:14 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 12:03 - 2009-12-11 12:06 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 15:56 - 2014-08-07 10:26 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 15:56 - 2014-08-07 10:25 - 380116606 _____ () C:\Windows\MEMORY.DMP
2015-01-13 15:20 - 2009-12-11 11:59 - 00000000 ____D () C:\Users\*****
2015-01-13 15:10 - 2009-12-11 12:35 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-13 14:03 - 2014-10-16 15:39 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Win
2015-01-12 17:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-10 16:35 - 2009-12-11 14:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Apple Computer
2015-01-06 15:46 - 2009-12-11 11:54 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 18:34 - 2014-10-10 14:47 - 00000000 ____D () C:\ProgramData\kjsdym
2014-12-24 10:46 - 2014-12-15 09:55 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Mortgage-explain
2014-12-22 14:50 - 2013-06-23 09:48 - 00000000 ____D () C:\Users\*****\Documents\Agnes
2014-12-20 16:55 - 2012-10-27 09:57 - 00000000 ____D () C:\Users\*****\Documents\Gabriela
2014-12-19 10:33 - 2013-02-27 13:02 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-12-19 10:33 - 2011-12-04 21:26 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-18 10:35 - 2014-12-15 10:05 - 00000000 ___HD () C:\Users\*****\AppData\Roaming\Ktaqfpqp

Files to move or delete:
====================
C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe
C:\Users\*****\install_reader11_de_ltr5x32d_awc_aih.exe


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\contentDATs.exe
C:\Users\*****\AppData\Local\Temp\FileSystemView.dll
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate08.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate09.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate10.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate11.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate12.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate13.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate14.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate15.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate16.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate17.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate18.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate19.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate20.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate21.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate22.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate23.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate24.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate25.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate26.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate27.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate28.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate29.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate30.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate31.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate32.exe
C:\Users\*****\AppData\Local\Temp\GUR5F06.exe
C:\Users\*****\AppData\Local\Temp\GUR98D5.exe
C:\Users\*****\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.dll
C:\Users\*****\AppData\Local\Temp\_is11FB.exe
C:\Users\*****\AppData\Local\Temp\_is37A.exe
C:\Users\*****\AppData\Local\Temp\_is453B.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 12:19

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015
Ran by ***** at 2015-01-15 15:00:05
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
d71kibj5usy (HKLM\...\{2028b740-5aa6-4f26-b77c-db4d43d458a2}.sdb) (Version:  - )
Epson Easy Photo Print 2 (HKLM\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Stylus Office BX300F_TX300F Handbuch (HKLM\...\EPSON Stylus Office BX300F_TX300F Benutzerhandbuch) (Version:  - )
GameXN GO (HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Game Organizer) (Version:  - GameXN AS)
Garmin City Navigator Europe NT 2010.31 Update (HKLM\...\{D22F5242-773E-4270-AB1F-492021BCABBE}) (Version: 13.31.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{15F4085A-BC98-4590-AFFD-03BBBE49524E}) (Version: 2.9.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Ipswitch WS_FTP 12 (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.4 - Ipswitch)
Ipswitch WS_FTP Pro Uninstall (HKLM\...\WS_FTPPro) (Version:  - )
iTunes (HKLM\...\{81063354-9060-42B2-A000-1EBE96778AA9}) (Version: 9.0.3.15 - Apple Inc.)
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
MaxUp Video Downloader 1.0 (HKLM\...\MaxUp Video Downloader_is1) (Version:  - )
McAfee Internet Security (HKLM\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero 7 Essentials (HKLM\...\{F17F7703-1E72-40C1-A0DD-E5B365661031}) (Version: 7.02.0794 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
oryvs1aqn (HKLM\...\{9d31bfce-bd21-4218-bb95-90d535e179ad}.sdb) (Version:  - )
Pacchetto di compatibilità per Office System 2007 (HKLM\...\{90120000-0020-0410-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
pkauey3tjte (HKLM\...\{668f6d88-11ad-439a-8277-66a1790133df}.sdb) (Version:  - )
QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.19045 - TeamViewer)
Voipwise (HKLM\...\Voipwise_is1) (Version: 4.04 build 550 - Finarea S.A. Switzerland)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2950267747-3488905677-2633809525-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

14-08-2014 15:45:31 Windows Update
15-08-2014 02:00:59 Windows Update
15-08-2014 06:39:58 Windows Update
15-08-2014 08:56:54 Windows Update
15-08-2014 15:46:44 Windows Update
15-08-2014 18:52:37 Windows Update
16-08-2014 15:21:32 Windows Update
16-08-2014 17:29:54 Windows Update
24-08-2014 14:29:40 Windows Update
24-08-2014 16:58:16 Windows Update
25-08-2014 19:56:20 Windows Update
26-08-2014 04:55:22 Windows Update
26-08-2014 20:07:12 Windows Update
27-08-2014 03:41:53 Windows Update
27-08-2014 11:03:58 Windows Update
27-08-2014 11:19:31 Windows Update
27-08-2014 17:48:37 Windows Update
28-08-2014 11:03:42 Windows Update
28-08-2014 12:06:41 Windows Update
28-08-2014 15:41:36 Windows Update
28-08-2014 19:15:34 Windows Update
28-08-2014 20:18:58 Windows Update
29-08-2014 08:11:48 Windows Update
29-08-2014 18:57:49 Windows Update
30-08-2014 09:36:02 Windows Update
30-08-2014 17:54:55 Windows Update
31-08-2014 09:25:08 Windows Update
31-08-2014 17:07:02 Windows Update
01-09-2014 10:50:30 Windows Update
01-09-2014 18:26:52 Windows Update
02-09-2014 18:45:20 Windows Update
03-09-2014 17:21:59 Windows Update
04-09-2014 10:50:38 Windows Update
04-09-2014 19:08:12 Windows Update
05-09-2014 10:58:22 Windows Update
05-09-2014 16:46:13 Windows Update
05-09-2014 17:28:20 Windows Update
06-09-2014 18:48:51 Windows Update
07-09-2014 05:58:34 Windows Update
07-09-2014 11:08:41 Windows Update
07-09-2014 18:05:49 Windows Update
08-09-2014 06:57:55 Windows Update
08-09-2014 07:46:53 Windows Update
08-09-2014 19:23:15 Windows Update
10-09-2014 02:00:40 Windows Update
11-09-2014 09:48:30 Windows Update
19-09-2014 18:28:52 Geplanter Prüfpunkt
24-09-2014 13:25:20 Windows Update
01-10-2014 17:52:13 Windows Update
09-10-2014 17:36:19 Geplanter Prüfpunkt
17-10-2014 10:53:55 Windows Update
28-10-2014 11:30:44 Geplanter Prüfpunkt
10-11-2014 09:42:48 Geplanter Prüfpunkt
23-11-2014 16:49:01 Windows Update
09-12-2014 12:41:10 Geplanter Prüfpunkt
11-12-2014 17:16:41 Windows Update
12-12-2014 11:19:46 Windows Update
18-12-2014 11:56:46 Windows Update
12-01-2015 17:15:48 Geplanter Prüfpunkt
13-01-2015 14:55:35 Pacchetto di compatibilità per Office System 2007 rimosso
14-01-2015 12:02:19 Windows Update
14-01-2015 17:28:35 Malwarebytes Anti-Rootkit Restore Point
14-01-2015 20:14:21 Malwarebytes Anti-Rootkit Restore Point
14-01-2015 20:37:53 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {206CE3E2-8524-4F1C-B7FF-CDE721B58C9E} - System32\Tasks\{B442546E-03F9-4483-BC3C-58AA2C567E8A} => C:\Program Files\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {43404FC0-9F2A-45FE-AD73-62205FC36867} - System32\Tasks\{7146788D-B689-4C90-9E0F-54F548C2E2C3} => pcalua.exe -a "C:\Users\*****\Desktop\garmin_rmu_cneunt2010_30c.exe" -d "C:\Users\*****\Desktop"
Task: {6D19F507-D68A-44A8-8607-57C33CAA7633} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {99AE1380-A9DE-4929-ABEC-236142A35B77} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9DFC69C3-8097-41C6-B432-ED2B1334BB5C} - System32\Tasks\{EBF9F240-B55D-44CE-B449-5BF99E3F757B} => pcalua.exe -a "E:\WS_FTP Pro 6.0 GER\wsftpsup.exe" -d "E:\WS_FTP Pro 6.0 GER"
Task: {F21621DF-23FF-4F93-B32B-9B421CF7A1FE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {F5C0661C-94A5-4F91-92D3-2EA7CFEE4519} - System32\Tasks\{579295C0-AD4F-418C-A9F7-C0C85BCB4C22} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {F7BF453F-D5E8-4E5E-8ECB-C7A3E9BFC313} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950267747-3488905677-2633809525-1000UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
1999-07-23 08:08 - 1999-07-23 08:08 - 00045568 _____ () C:\Program Files\WS_FTP Pro\nsftpch.dll
2014-04-22 18:06 - 2012-10-12 15:39 - 06622288 _____ () C:\Program Files\WS_FTP Pro\res0407.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-07-16 15:34 - 2009-07-16 15:34 - 02140944 _____ () C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 07704336 _____ () C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00968976 _____ () C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00475408 _____ () C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00363792 _____ () C:\Program Files\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00199952 _____ () C:\Program Files\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00027408 _____ () C:\Program Files\Logitech\Logitech Vid\SDL.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 11311888 _____ () C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00291600 _____ () C:\Program Files\Logitech\Logitech Vid\phonon4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00028944 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00035088 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00138000 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2010-04-11 12:45 - 2010-02-11 22:26 - 00030720 _____ () C:\Program Files\MaxUp Video Downloader\maxup.exe
2010-04-11 12:45 - 2009-11-03 13:03 - 00043008 _____ () C:\Program Files\MaxUp Video Downloader\_socket.pyd
2010-04-11 12:45 - 2009-11-03 13:03 - 00805376 _____ () C:\Program Files\MaxUp Video Downloader\_ssl.pyd
2010-04-11 12:45 - 2009-11-20 17:23 - 01169920 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtCore.pyd
2010-04-11 12:45 - 2009-10-22 19:52 - 01951744 _____ () C:\Program Files\MaxUp Video Downloader\QtCore4.dll
2010-04-11 12:45 - 2009-11-20 17:10 - 00059904 _____ () C:\Program Files\MaxUp Video Downloader\sip.pyd
2010-04-11 12:45 - 2009-11-20 17:28 - 04477952 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtGui.pyd
2010-04-11 12:45 - 2009-10-22 20:00 - 07236608 _____ () C:\Program Files\MaxUp Video Downloader\QtGui4.dll
2010-04-11 12:45 - 2009-11-20 17:29 - 00151040 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtWebKit.pyd
2010-04-11 12:45 - 2009-10-22 20:38 - 08476672 _____ () C:\Program Files\MaxUp Video Downloader\QtWebKit4.dll
2010-04-11 12:45 - 2009-10-22 20:04 - 00241664 _____ () C:\Program Files\MaxUp Video Downloader\phonon4.dll
2010-04-11 12:45 - 2009-10-22 19:53 - 00875520 _____ () C:\Program Files\MaxUp Video Downloader\QtNetwork4.dll
2010-04-11 12:45 - 2009-11-20 17:28 - 00343040 _____ () C:\Program Files\MaxUp Video Downloader\PyQt4.QtNetwork.pyd
2010-04-11 12:45 - 2009-11-03 12:35 - 00092160 _____ () C:\Program Files\MaxUp Video Downloader\win32api.pyd
2010-04-11 12:45 - 2009-11-03 13:04 - 00107520 _____ () C:\Program Files\MaxUp Video Downloader\pywintypes26.dll
2010-04-11 12:45 - 2009-11-03 13:04 - 00353792 _____ () C:\Program Files\MaxUp Video Downloader\pythoncom26.dll
2010-04-11 12:45 - 2009-11-03 12:43 - 00244736 _____ () C:\Program Files\MaxUp Video Downloader\win32com.shell.shell.pyd
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-12-10 10:18 - 2014-12-10 10:18 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2950267747-3488905677-2633809525-500 - Administrator - Disabled)
Gast (S-1-5-21-2950267747-3488905677-2633809525-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2950267747-3488905677-2633809525-1005 - Limited - Enabled)
***** (S-1-5-21-2950267747-3488905677-2633809525-1000 - Administrator - Enabled) => C:\Users\*****

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2015 02:55:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:55:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:46:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:46:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 02:35:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST.exe, Version 14.1.2015.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2744

Startzeit: 01d030a14a85ebf6

Endzeit: 6

Anwendungspfad: C:\Users\*****\Desktop\FRST.exe

Berichts-ID:

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3026

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3026

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/15/2015 00:12:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028

Error: (01/15/2015 00:12:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028


System errors:
=============
Error: (01/15/2015 02:53:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/15/2015 02:53:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.

Error: (01/15/2015 02:50:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (01/15/2015 02:50:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "iPod-Dienst" wurde mit folgendem Fehler beendet: 
%%-2147417831

Error: (01/15/2015 09:04:43 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (01/15/2015 09:04:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee CSP Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/15/2015 09:04:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee CSP Service erreicht.


Microsoft Office Sessions:
=========================
Error: (01/15/2015 02:55:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:55:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:46:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:46:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Epson Software\Easy Photo Print\Microsoft.VC80.MFC\MFC80.DLL

Error: (01/15/2015 02:35:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe14.1.2015.1274401d030a14a85ebf66C:\Users\*****\Desktop\FRST.exe

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3026

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3026

Error: (01/15/2015 00:12:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/15/2015 00:12:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028

Error: (01/15/2015 00:12:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 56%
Total physical RAM: 3070.18 MB
Available physical RAM: 1349.69 MB
Total Pagefile: 6138.65 MB
Available Pagefile: 4049.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.11 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:583.49 GB) (Free:468.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.67 GB) (Free:1.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=583.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 15.01.2015, 15:55

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ohpjimak] => C:\Users\*****\AppData\Roaming\Cmqyzsh\ypedimak.exe [117248 2015-01-14] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [emergency_room] => C:\ProgramData\GameXN\Chat\windows_calendar\shuffle_all.exe [239616 2012-05-01] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [validation] => C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\live_mesh.exe [239616 2014-11-25] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
C:\Users\*****\AppData\Roaming\Avira32
C:\Users\*****\AppData\Local\Firefox64
C:\Users\*****\AppData\Roaming\Win
C:\Users\*****\AppData\Roaming\Farmer_picture
C:\Users\*****\AppData\Roaming\Office7reg
C:\Users\*****\AppData\Roaming\Loader
C:\Users\*****\AppData\Roaming\Run
C:\Users\*****\AppData\Roaming\Script
C:\Users\*****\AppData\Roaming\Cmqyzsh
C:\Users\*****\AppData\Local\Cpecwmjid
C:\Users\*****\AppData\Roaming\Fbkkan
C:\Users\*****\AppData\Roaming\Wiyuws
C:\Users\*****\AppData\Local\Nfnbbvqez
C:\Users\*****\AppData\Roaming\Ppqbxpput
C:\Users\*****\AppData\Local\Gorebxesay
C:\Users\*****\AppData\Local\Lpsgds
C:\Users\*****\AppData\Local\Rnepwrqbck
C:\ProgramData\kjsdym
C:\Users\*****\AppData\Roaming\Ktaqfpqp
C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe
C:\Users\*****\install_reader11_de_ltr5x32d_awc_aih.exe
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\contentDATs.exe
C:\Users\*****\AppData\Local\Temp\FileSystemView.dll
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate08.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate09.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate10.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate11.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate12.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate13.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate14.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate15.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate16.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate17.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate18.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate19.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate20.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate21.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate22.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate23.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate24.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate25.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate26.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate27.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate28.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate29.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate30.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate31.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate32.exe
C:\Users\*****\AppData\Local\Temp\GUR5F06.exe
C:\Users\*****\AppData\Local\Temp\GUR98D5.exe
C:\Users\*****\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.dll
C:\Users\*****\AppData\Local\Temp\_is11FB.exe
C:\Users\*****\AppData\Local\Temp\_is37A.exe
C:\Users\*****\AppData\Local\Temp\_is453B.exe
EmptyTemp:
Hosts:

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Riela15 · 15.01.2015, 16:24

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2015
Ran by ***** at 2015-01-15 16:07:16 Run:1
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** (Available profiles: *****)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ohpjimak] => C:\Users\*****\AppData\Roaming\Cmqyzsh\ypedimak.exe [117248 2015-01-14] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [emergency_room] => C:\ProgramData\GameXN\Chat\windows_calendar\shuffle_all.exe [239616 2012-05-01] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\Run: [validation] => C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\asn_1\table\live_mesh.exe [239616 2014-11-25] (Moritz Bunkus)
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [farmer-raise] => C:\Users\*****\AppData\Local\Farmer-joke\farmer-manage.exe [67584 2015-01-09] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [ear-according] => C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe [67584 2015-01-12] () <===== ATTENTION
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [price-calendar] => C:\Users\*****\AppData\Local\Price-deposit\price-closet.exe [67584 2015-01-10] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [mountain-choose] => C:\Users\*****\AppData\Local\Mountainproposed\mountain-record.exe [146432 2015-01-15] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [pin-arrive] => C:\Users\*****\AppData\Local\Pin-phase\pin-slight.exe [142336 2015-01-08] ()
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\...\RunOnce: [doctor-cable] => C:\Users\*****\AppData\Local\Doctor-command\doctorshow.exe [135168 2015-01-09] ()
C:\Users\*****\AppData\Roaming\Avira32
C:\Users\*****\AppData\Local\Firefox64
C:\Users\*****\AppData\Roaming\Win
C:\Users\*****\AppData\Roaming\Farmer_picture
C:\Users\*****\AppData\Roaming\Office7reg
C:\Users\*****\AppData\Roaming\Loader
C:\Users\*****\AppData\Roaming\Run
C:\Users\*****\AppData\Roaming\Script
C:\Users\*****\AppData\Roaming\Cmqyzsh
C:\Users\*****\AppData\Local\Cpecwmjid
C:\Users\*****\AppData\Roaming\Fbkkan
C:\Users\*****\AppData\Roaming\Wiyuws
C:\Users\*****\AppData\Local\Nfnbbvqez
C:\Users\*****\AppData\Roaming\Ppqbxpput
C:\Users\*****\AppData\Local\Gorebxesay
C:\Users\*****\AppData\Local\Lpsgds
C:\Users\*****\AppData\Local\Rnepwrqbck
C:\ProgramData\kjsdym
C:\Users\*****\AppData\Roaming\Ktaqfpqp
C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe
C:\Users\*****\install_reader11_de_ltr5x32d_awc_aih.exe
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\contentDATs.exe
C:\Users\*****\AppData\Local\Temp\FileSystemView.dll
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate08.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate09.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate10.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate11.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate12.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate13.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate14.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate15.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate16.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate17.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate18.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate19.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate20.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate21.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate22.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate23.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate24.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate25.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate26.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate27.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate28.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate29.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate30.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate31.exe
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate32.exe
C:\Users\*****\AppData\Local\Temp\GUR5F06.exe
C:\Users\*****\AppData\Local\Temp\GUR98D5.exe
C:\Users\*****\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.dll
C:\Users\*****\AppData\Local\Temp\_is11FB.exe
C:\Users\*****\AppData\Local\Temp\_is37A.exe
C:\Users\*****\AppData\Local\Temp\_is453B.exe
EmptyTemp:
Hosts:
*****************

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ohpjimak => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\pin-arrive => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ear-according => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\doctor-cable => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\price-calendar => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\mountain-choose => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\farmer-raise => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\emergency_room => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\Run\\validation => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\farmer-raise => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ear-according => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\price-calendar => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mountain-choose => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\pin-arrive => value deleted successfully.
HKU\S-1-5-21-2950267747-3488905677-2633809525-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\doctor-cable => value deleted successfully.
C:\Users\*****\AppData\Roaming\Avira32 => Moved successfully.
C:\Users\*****\AppData\Local\Firefox64 => Moved successfully.
C:\Users\*****\AppData\Roaming\Win => Moved successfully.
C:\Users\*****\AppData\Roaming\Farmer_picture => Moved successfully.
C:\Users\*****\AppData\Roaming\Office7reg => Moved successfully.
C:\Users\*****\AppData\Roaming\Loader => Moved successfully.
C:\Users\*****\AppData\Roaming\Run => Moved successfully.
C:\Users\*****\AppData\Roaming\Script => Moved successfully.
C:\Users\*****\AppData\Roaming\Cmqyzsh => Moved successfully.
C:\Users\*****\AppData\Local\Cpecwmjid => Moved successfully.
C:\Users\*****\AppData\Roaming\Fbkkan => Moved successfully.
C:\Users\*****\AppData\Roaming\Wiyuws => Moved successfully.
C:\Users\*****\AppData\Local\Nfnbbvqez => Moved successfully.
C:\Users\*****\AppData\Roaming\Ppqbxpput => Moved successfully.
C:\Users\*****\AppData\Local\Gorebxesay => Moved successfully.
C:\Users\*****\AppData\Local\Lpsgds => Moved successfully.
C:\Users\*****\AppData\Local\Rnepwrqbck => Moved successfully.
C:\ProgramData\kjsdym => Moved successfully.
C:\Users\*****\AppData\Roaming\Ktaqfpqp => Moved successfully.
Could not move "C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe" => Scheduled to move on reboot.
C:\Users\*****\install_reader11_de_ltr5x32d_awc_aih.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\*****\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FileSystemView.dll => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate01.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate02.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate03.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate04.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate05.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate06.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate07.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate08.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate09.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate10.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate11.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate12.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate13.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate14.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate15.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate16.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate17.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate18.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate19.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate20.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate21.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate22.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate23.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate24.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate25.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate26.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate27.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate28.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate29.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate30.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate31.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\FlashPlayerUpdate32.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\GUR5F06.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\GUR98D5.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\*****\AppData\Local\Temp\_is11FB.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\_is37A.exe => Moved successfully.
C:\Users\*****\AppData\Local\Temp\_is453B.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 2.6 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-15 16:21:08)<=

C:\Users\*****\AppData\Local\Temp\Earabuse\earprovide.exe => Is moved successfully.

==== End of Fixlog 16:21:08 ====

cosinus · 15.01.2015, 16:29

System bitte rebooten. Dann frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

15.01.2015, 00:16	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7: wie entferne ich Profiler.gen.ac und Win32/Matsnu.L? Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken. __________________ Logfiles bitte immer in CODE-Tags posten

15.01.2015, 12:30	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7: wie entferne ich Profiler.gen.ac und Win32/Matsnu.L? Hm...auch bei dir ist das Log unvollständig... FRST löschen, neu runterladen auf den Desktop und erneut ausführen __________________ Logfiles bitte immer in CODE-Tags posten

15.01.2015, 16:29	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7: wie entferne ich Profiler.gen.ac und Win32/Matsnu.L? System bitte rebooten. Dann frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken __________________ Logfiles bitte immer in CODE-Tags posten

Windows 7: wie entferne ich Profiler.gen.ac und Win32/Matsnu.L?

Plagegeister aller Art und deren Bekämpfung: Windows 7: wie entferne ich Profiler.gen.ac und Win32/Matsnu.L?