Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Weißer Bildschirm nach Anmeldung (https://www.trojaner-board.de/150533-windows-7-weisser-bildschirm-anmeldung.html)

trambel 02.03.2014 23:34
Windows 7: Weißer Bildschirm nach Anmeldung
 
Guten Abend,

ich habe, wie im Titel beschrieben, folgendes Problem:

Starte ich Windows normal, dann erscheint nach der Anmeldung nur ein weißer Bildschirm. Lediglich der Curser ist zu sehen und beweglich. Es ist auch möglich den Task Manager zu starten. Jedoch fehlt mir die fachliche Kompetenz um das Problem eigenständig zu lösen.

Beim Starten im abgesicherten Modus, bzw. mit Netzwerktreibern, funktioniert alles soweit ohne Probleme. Aber ich bekomme dann Sicherheitswarnungen von meinem Antivirenprogramm (McAffee). Dennoch konnte ich einen vollständigen Scan durchführen, der nur leider nichts eingebracht hat.

Ich habe mich lange bei euch eingelesen, deswegen auch schon die FRST.txt mit dabei. Leider habe ich die Addition.txt gelöscht, da ich zuerst nur etwas von der FRST.txt gelesen hatte und erst später bei euch im Forum auf die Notwendigkeit von Addition.txt gestoßen bin.

FRST.txt:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2014 02
Ran by SYSTEM on MININT-MQMPJV6 on 02-03-2014 19:02:08
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [312936 2011-04-21] (NVIDIA Corporation)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10355200 2011-01-24] (Intel Corporation)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-27] (McAfee, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
HKLM-x32\...\Run: [Driver Genius] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-27] (McAfee, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\Markus\...\Run: [Rainlendar2] - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2498048 2012-07-02] ()
HKU\Markus\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-04-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation)

==================== Services (Whitelisted) =================

S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-27] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-08-22] ()
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-08-22] ()
S2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
S2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
S2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
S2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [121960 2010-12-12] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-02 13:42 - 2014-03-02 19:02 - 00000000 ____D () C:\FRST
2014-02-28 14:26 - 2014-02-28 14:26 - 00007608 _____ () C:\Users\Markus\AppData\Local\Resmon.ResmonCfg
2014-02-25 01:58 - 2014-02-25 02:03 - 00000000 ____D () C:\Users\Markus\Desktop\Abschluss
2014-02-25 01:38 - 2014-02-25 05:52 - 00000000 ____D () C:\Users\Markus\Desktop\Bilder für Präsi
2014-02-24 12:57 - 2014-02-24 13:09 - 00000000 ____D () C:\Users\Markus\Desktop\Bernau
2014-02-24 12:57 - 2014-02-24 12:57 - 00000000 ____D () C:\Users\Markus\Desktop\Anlagen
2014-02-20 14:05 - 2014-02-20 14:05 - 00003110 _____ () C:\Windows\System32\Tasks\{1EFC26A5-192F-4207-81B7-10381D8C28CF}
2014-02-20 02:44 - 2014-02-20 02:44 - 06110208 _____ () C:\Users\Markus\Desktop\INSTANDSETZEN EINER EINSTUFIGEN KREISELPUMPE  ppt.ppt
2014-02-19 16:04 - 2014-02-20 00:45 - 05462583 _____ () C:\Users\Markus\Desktop\INSTANDSETZEN EINER EINSTUFIGEN KREISELPUMPE.pptx
2014-02-19 12:11 - 2014-02-19 12:11 - 00003110 _____ () C:\Windows\System32\Tasks\{2D9FA9D8-D886-41AD-B3B1-ED554F943B36}
2014-02-19 10:40 - 2014-02-19 10:40 - 00003110 _____ () C:\Windows\System32\Tasks\{17F16BB1-F731-4C5B-BFE3-92856955D493}
2014-02-19 10:35 - 2014-02-19 10:35 - 00003110 _____ () C:\Windows\System32\Tasks\{2C2EE886-4126-4A02-AEFB-0E0F9A2CF1FF}
2014-02-19 10:30 - 2014-02-19 10:30 - 00003110 _____ () C:\Windows\System32\Tasks\{7496F665-0506-4035-9D04-BEECB567DB3E}
2014-02-18 05:07 - 2014-02-18 05:07 - 00003110 _____ () C:\Windows\System32\Tasks\{28A7BE7E-1938-4848-84A2-F438D6C7E0F8}
2014-02-18 03:59 - 2014-02-18 03:59 - 00003110 _____ () C:\Windows\System32\Tasks\{F2C03BD3-720E-40E6-8B8F-E21BFFB1DC94}
2014-02-18 01:44 - 2014-02-18 01:44 - 00003110 _____ () C:\Windows\System32\Tasks\{6B27F983-CDEE-4C91-A797-5783EF3C9CCD}
2014-02-16 22:27 - 2014-02-19 08:54 - 00000000 ____D () C:\Users\Markus\Desktop\Präsentation betr. Auftrag
2014-02-16 08:24 - 2014-02-16 08:24 - 26092134 _____ () C:\Users\Markus\Desktop\IH- Anweisung Leistung.bmp
2014-02-14 07:54 - 2014-02-14 07:54 - 00003110 _____ () C:\Windows\System32\Tasks\{E2786C45-22DD-4351-9C99-1692B29E585B}
2014-02-14 07:54 - 2014-02-14 07:54 - 00003110 _____ () C:\Windows\System32\Tasks\{D0691F2B-B1F2-4C82-A64F-0BFA8C327C5C}
2014-02-14 04:16 - 2014-02-14 04:16 - 00003110 _____ () C:\Windows\System32\Tasks\{7A585793-29F9-4F8A-BE34-0605D68C8BA7}
2014-02-13 11:52 - 2014-02-13 11:52 - 00003110 _____ () C:\Windows\System32\Tasks\{C50D9C63-C597-4A40-BD25-ABF0C012C4C1}
2014-02-13 11:48 - 2014-02-13 11:48 - 00003110 _____ () C:\Windows\System32\Tasks\{40438BBF-50C2-429F-988E-17A90E5E7B36}
2014-02-13 04:53 - 2014-02-13 04:53 - 00003110 _____ () C:\Windows\System32\Tasks\{0D785C32-82BF-443C-8124-5DF35689C075}
2014-02-13 04:51 - 2014-02-13 04:51 - 00003110 _____ () C:\Windows\System32\Tasks\{3BAED0B4-AA89-4A1A-BDDB-5241BAD9D711}
2014-02-13 04:39 - 2014-02-13 04:39 - 00003110 _____ () C:\Windows\System32\Tasks\{C4129FFA-2570-4508-8250-2B92DD095A80}
2014-02-12 13:07 - 2014-02-19 10:46 - 00001374 _____ () C:\Users\Markus\Desktop\Play Tiberian Sun.lnk
2014-02-12 13:07 - 2014-02-12 13:07 - 00003110 _____ () C:\Windows\System32\Tasks\{07EF42DB-D0CA-4333-9E28-2FA5DF9D31F1}
2014-02-12 11:33 - 2014-02-12 11:33 - 00003110 _____ () C:\Windows\System32\Tasks\{8C9BF3E0-0084-450D-AFE4-04DD96310B1E}
2014-02-12 11:20 - 2014-02-12 11:20 - 00003110 _____ () C:\Windows\System32\Tasks\{03C40F02-D0FD-4AE6-BE10-3EA73FF5ACD1}
2014-02-12 11:17 - 2014-02-12 11:17 - 00003110 _____ () C:\Windows\System32\Tasks\{2897BBE9-EB19-47F3-917E-9832A1C98BF3}
2014-02-12 11:07 - 2014-02-12 11:07 - 00003110 _____ () C:\Windows\System32\Tasks\{7D9E7FAB-39B4-410B-9959-E223D048BC48}
2014-02-12 11:04 - 2014-02-12 11:04 - 00003110 _____ () C:\Windows\System32\Tasks\{6F2EA6DE-630C-4415-AADA-B80B4B235AD4}
2014-02-12 10:59 - 2014-02-12 10:59 - 00003110 _____ () C:\Windows\System32\Tasks\{03B20980-AFB6-46B8-BC21-BFFBE2F0EAB1}
2014-02-12 10:54 - 2010-02-11 03:22 - 00000000 ____D () C:\Program Files\EA Games
2014-02-12 10:10 - 2014-02-12 10:49 - 1334180630 _____ () C:\Users\Markus\Desktop\OfficialCnCTiberianSun.rar
2014-02-11 16:13 - 2014-02-11 16:13 - 00002978 _____ () C:\Windows\System32\Tasks\{B0442E02-37A9-4AF0-8BD9-41B40FA36E5D}
2014-02-11 16:12 - 2014-02-11 16:12 - 00002978 _____ () C:\Windows\System32\Tasks\{6D97E50C-CCFD-4BB3-80BB-CC208BB5019B}
2014-02-11 15:51 - 2014-02-11 15:51 - 00003110 _____ () C:\Windows\System32\Tasks\{EE6C124D-7B0D-426B-B341-C0FC855D9BFE}
2014-02-11 15:50 - 2014-02-11 15:50 - 00003110 _____ () C:\Windows\System32\Tasks\{4E015206-0488-4E4A-87C0-546B63555D30}
2014-02-11 15:43 - 2014-02-11 15:43 - 00003110 _____ () C:\Windows\System32\Tasks\{802FA01F-6052-4659-A580-66524C0AD16B}
2014-02-11 15:41 - 2014-02-11 15:41 - 00003110 _____ () C:\Windows\System32\Tasks\{33DE8CF2-554D-48F0-A6E6-AF9E31FCD6A7}
2014-02-11 15:39 - 2014-02-11 15:39 - 00003110 _____ () C:\Windows\System32\Tasks\{C177C783-F112-48E2-99E7-6A417EF41802}
2014-02-11 15:38 - 2014-02-11 15:38 - 00003110 _____ () C:\Windows\System32\Tasks\{DA9327F3-C5F0-46AF-812A-046254A212C8}
2014-02-10 01:26 - 2014-02-10 01:26 - 00000000 _____ () C:\Users\Markus\Sti_Trace.log
2014-02-07 08:19 - 2014-02-07 08:20 - 00000000 ____D () C:\Users\Markus\Desktop\KrawallBrüder - Schmerzfrei (Deluxe Edition)
2014-02-03 08:04 - 2014-02-03 08:04 - 00000000 ____D () C:\Users\Markus\Desktop\Zum Glück in die Zukunft II
2014-02-03 08:03 - 2014-02-03 08:03 - 00000000 ____D () C:\Users\Markus\Desktop\Chakuza
2014-02-01 13:22 - 2013-09-23 06:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
2014-02-01 00:15 - 2014-02-01 00:15 - 00785688 _____ () C:\Windows\Minidump\020114-44772-01.dmp

==================== One Month Modified Files and Folders =======

2014-03-02 19:02 - 2014-03-02 13:42 - 00000000 ____D () C:\FRST
2014-03-02 13:56 - 2012-12-05 13:51 - 00086308 _____ () C:\Windows\setupact.log
2014-03-02 13:56 - 2011-07-24 11:58 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-02 13:56 - 2011-07-24 04:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-02 13:56 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-02 13:40 - 2011-07-24 04:37 - 01513985 _____ () C:\Windows\WindowsUpdate.log
2014-03-02 13:18 - 2012-08-26 04:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-02 13:04 - 2009-07-13 22:45 - 00021072 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-02 13:04 - 2009-07-13 22:45 - 00021072 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-02 12:57 - 2011-07-24 12:10 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-03-02 12:57 - 2011-07-24 12:10 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-03-02 10:57 - 2010-11-21 00:50 - 00699666 _____ () C:\Windows\System32\perfh007.dat
2014-03-02 10:57 - 2010-11-21 00:50 - 00149774 _____ () C:\Windows\System32\perfc007.dat
2014-03-02 10:57 - 2009-07-13 23:13 - 01620612 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-02 10:45 - 2011-07-24 12:23 - 00000000 ____D () C:\ProgramData\Sonic
2014-02-28 14:26 - 2014-02-28 14:26 - 00007608 _____ () C:\Users\Markus\AppData\Local\Resmon.ResmonCfg
2014-02-28 14:19 - 2012-12-06 06:10 - 00215140 _____ () C:\Windows\PFRO.log
2014-02-28 14:18 - 2013-08-15 13:24 - 00000000 ____D () C:\Windows\System32\MRT
2014-02-28 14:17 - 2012-08-19 14:15 - 88567024 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-02-28 14:14 - 2011-02-11 04:22 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 08:29 - 2013-01-15 06:21 - 00000000 ____D () C:\Users\Markus\.rainlendar2
2014-02-26 06:45 - 2012-08-20 08:57 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\vlc
2014-02-25 05:52 - 2014-02-25 01:38 - 00000000 ____D () C:\Users\Markus\Desktop\Bilder für Präsi
2014-02-25 02:03 - 2014-02-25 01:58 - 00000000 ____D () C:\Users\Markus\Desktop\Abschluss
2014-02-24 13:09 - 2014-02-24 12:57 - 00000000 ____D () C:\Users\Markus\Desktop\Bernau
2014-02-24 13:05 - 2011-07-24 12:18 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-02-24 12:57 - 2014-02-24 12:57 - 00000000 ____D () C:\Users\Markus\Desktop\Anlagen
2014-02-21 03:35 - 2013-01-03 15:07 - 00080727 _____ () C:\Users\Markus\Desktop\Finanzplan.xlsx
2014-02-21 02:33 - 2013-03-14 05:10 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\dvdcss
2014-02-20 15:19 - 2012-08-26 04:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 15:19 - 2012-08-26 04:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 15:19 - 2012-08-26 04:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 14:05 - 2014-02-20 14:05 - 00003110 _____ () C:\Windows\System32\Tasks\{1EFC26A5-192F-4207-81B7-10381D8C28CF}
2014-02-20 02:44 - 2014-02-20 02:44 - 06110208 _____ () C:\Users\Markus\Desktop\INSTANDSETZEN EINER EINSTUFIGEN KREISELPUMPE  ppt.ppt
2014-02-20 00:45 - 2014-02-19 16:04 - 05462583 _____ () C:\Users\Markus\Desktop\INSTANDSETZEN EINER EINSTUFIGEN KREISELPUMPE.pptx
2014-02-19 12:11 - 2014-02-19 12:11 - 00003110 _____ () C:\Windows\System32\Tasks\{2D9FA9D8-D886-41AD-B3B1-ED554F943B36}
2014-02-19 10:46 - 2014-02-12 13:07 - 00001374 _____ () C:\Users\Markus\Desktop\Play Tiberian Sun.lnk
2014-02-19 10:40 - 2014-02-19 10:40 - 00003110 _____ () C:\Windows\System32\Tasks\{17F16BB1-F731-4C5B-BFE3-92856955D493}
2014-02-19 10:35 - 2014-02-19 10:35 - 00003110 _____ () C:\Windows\System32\Tasks\{2C2EE886-4126-4A02-AEFB-0E0F9A2CF1FF}
2014-02-19 10:30 - 2014-02-19 10:30 - 00003110 _____ () C:\Windows\System32\Tasks\{7496F665-0506-4035-9D04-BEECB567DB3E}
2014-02-19 08:54 - 2014-02-16 22:27 - 00000000 ____D () C:\Users\Markus\Desktop\Präsentation betr. Auftrag
2014-02-18 12:50 - 2012-09-13 11:33 - 00000000 ____D () C:\Users\Markus\Desktop\Fachhochschule
2014-02-18 05:07 - 2014-02-18 05:07 - 00003110 _____ () C:\Windows\System32\Tasks\{28A7BE7E-1938-4848-84A2-F438D6C7E0F8}
2014-02-18 03:59 - 2014-02-18 03:59 - 00003110 _____ () C:\Windows\System32\Tasks\{F2C03BD3-720E-40E6-8B8F-E21BFFB1DC94}
2014-02-18 01:44 - 2014-02-18 01:44 - 00003110 _____ () C:\Windows\System32\Tasks\{6B27F983-CDEE-4C91-A797-5783EF3C9CCD}
2014-02-16 09:20 - 2014-01-22 01:44 - 00000000 ____D () C:\Users\Markus\Desktop\Parkway Drive
2014-02-16 08:24 - 2014-02-16 08:24 - 26092134 _____ () C:\Users\Markus\Desktop\IH- Anweisung Leistung.bmp
2014-02-15 09:35 - 2012-10-03 12:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-15 09:17 - 2009-07-13 20:34 - 00000510 _____ () C:\Windows\win.ini
2014-02-14 07:54 - 2014-02-14 07:54 - 00003110 _____ () C:\Windows\System32\Tasks\{E2786C45-22DD-4351-9C99-1692B29E585B}
2014-02-14 07:54 - 2014-02-14 07:54 - 00003110 _____ () C:\Windows\System32\Tasks\{D0691F2B-B1F2-4C82-A64F-0BFA8C327C5C}
2014-02-14 04:16 - 2014-02-14 04:16 - 00003110 _____ () C:\Windows\System32\Tasks\{7A585793-29F9-4F8A-BE34-0605D68C8BA7}
2014-02-14 04:11 - 2012-08-19 20:52 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-13 11:52 - 2014-02-13 11:52 - 00003110 _____ () C:\Windows\System32\Tasks\{C50D9C63-C597-4A40-BD25-ABF0C012C4C1}
2014-02-13 11:48 - 2014-02-13 11:48 - 00003110 _____ () C:\Windows\System32\Tasks\{40438BBF-50C2-429F-988E-17A90E5E7B36}
2014-02-13 04:53 - 2014-02-13 04:53 - 00003110 _____ () C:\Windows\System32\Tasks\{0D785C32-82BF-443C-8124-5DF35689C075}
2014-02-13 04:51 - 2014-02-13 04:51 - 00003110 _____ () C:\Windows\System32\Tasks\{3BAED0B4-AA89-4A1A-BDDB-5241BAD9D711}
2014-02-13 04:39 - 2014-02-13 04:39 - 00003110 _____ () C:\Windows\System32\Tasks\{C4129FFA-2570-4508-8250-2B92DD095A80}
2014-02-12 13:07 - 2014-02-12 13:07 - 00003110 _____ () C:\Windows\System32\Tasks\{07EF42DB-D0CA-4333-9E28-2FA5DF9D31F1}
2014-02-12 11:33 - 2014-02-12 11:33 - 00003110 _____ () C:\Windows\System32\Tasks\{8C9BF3E0-0084-450D-AFE4-04DD96310B1E}
2014-02-12 11:20 - 2014-02-12 11:20 - 00003110 _____ () C:\Windows\System32\Tasks\{03C40F02-D0FD-4AE6-BE10-3EA73FF5ACD1}
2014-02-12 11:17 - 2014-02-12 11:17 - 00003110 _____ () C:\Windows\System32\Tasks\{2897BBE9-EB19-47F3-917E-9832A1C98BF3}
2014-02-12 11:07 - 2014-02-12 11:07 - 00003110 _____ () C:\Windows\System32\Tasks\{7D9E7FAB-39B4-410B-9959-E223D048BC48}
2014-02-12 11:04 - 2014-02-12 11:04 - 00003110 _____ () C:\Windows\System32\Tasks\{6F2EA6DE-630C-4415-AADA-B80B4B235AD4}
2014-02-12 10:59 - 2014-02-12 10:59 - 00003110 _____ () C:\Windows\System32\Tasks\{03B20980-AFB6-46B8-BC21-BFFBE2F0EAB1}
2014-02-12 10:49 - 2014-02-12 10:10 - 1334180630 _____ () C:\Users\Markus\Desktop\OfficialCnCTiberianSun.rar
2014-02-11 16:13 - 2014-02-11 16:13 - 00002978 _____ () C:\Windows\System32\Tasks\{B0442E02-37A9-4AF0-8BD9-41B40FA36E5D}
2014-02-11 16:12 - 2014-02-11 16:12 - 00002978 _____ () C:\Windows\System32\Tasks\{6D97E50C-CCFD-4BB3-80BB-CC208BB5019B}
2014-02-11 15:51 - 2014-02-11 15:51 - 00003110 _____ () C:\Windows\System32\Tasks\{EE6C124D-7B0D-426B-B341-C0FC855D9BFE}
2014-02-11 15:50 - 2014-02-11 15:50 - 00003110 _____ () C:\Windows\System32\Tasks\{4E015206-0488-4E4A-87C0-546B63555D30}
2014-02-11 15:43 - 2014-02-11 15:43 - 00003110 _____ () C:\Windows\System32\Tasks\{802FA01F-6052-4659-A580-66524C0AD16B}
2014-02-11 15:41 - 2014-02-11 15:41 - 00003110 _____ () C:\Windows\System32\Tasks\{33DE8CF2-554D-48F0-A6E6-AF9E31FCD6A7}
2014-02-11 15:39 - 2014-02-11 15:39 - 00003110 _____ () C:\Windows\System32\Tasks\{C177C783-F112-48E2-99E7-6A417EF41802}
2014-02-11 15:38 - 2014-02-11 15:38 - 00003110 _____ () C:\Windows\System32\Tasks\{DA9327F3-C5F0-46AF-812A-046254A212C8}
2014-02-10 04:27 - 2014-01-24 04:26 - 00000000 ____D () C:\Users\Markus\Desktop\E- Technik
2014-02-10 01:26 - 2014-02-10 01:26 - 00000000 _____ () C:\Users\Markus\Sti_Trace.log
2014-02-10 01:26 - 2012-08-19 20:35 - 00000000 ____D () C:\users\Markus
2014-02-07 08:20 - 2014-02-07 08:19 - 00000000 ____D () C:\Users\Markus\Desktop\KrawallBrüder - Schmerzfrei (Deluxe Edition)
2014-02-03 08:04 - 2014-02-03 08:04 - 00000000 ____D () C:\Users\Markus\Desktop\Zum Glück in die Zukunft II
2014-02-03 08:03 - 2014-02-03 08:03 - 00000000 ____D () C:\Users\Markus\Desktop\Chakuza
2014-02-01 00:15 - 2014-02-01 00:15 - 00785688 _____ () C:\Windows\Minidump\020114-44772-01.dmp
2014-02-01 00:15 - 2013-05-13 02:42 - 882763708 _____ () C:\Windows\MEMORY.DMP
2014-02-01 00:15 - 2012-10-25 06:51 - 00000000 ____D () C:\Windows\Minidump

Some content of TEMP:
====================
C:\Users\Markus\AppData\Local\Temp\APNStub.exe
C:\Users\Markus\AppData\Local\Temp\atl100.dll
C:\Users\Markus\AppData\Local\Temp\aulauncher.exe
C:\Users\Markus\AppData\Local\Temp\AutoRun.exe
C:\Users\Markus\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Markus\AppData\Local\Temp\byaeur2h.dll
C:\Users\Markus\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Markus\AppData\Local\Temp\drm_dyndata_7330017.dll
C:\Users\Markus\AppData\Local\Temp\IERunner.dll
C:\Users\Markus\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Markus\AppData\Local\Temp\msvcp100.dll
C:\Users\Markus\AppData\Local\Temp\msvcr100.dll
C:\Users\Markus\AppData\Local\Temp\pprvyuwp.dll
C:\Users\Markus\AppData\Local\Temp\u9bboqyb.dll
C:\Users\Markus\AppData\Local\Temp\xpxfmxxq.dll
C:\Users\Markus\AppData\Local\Temp\_is3237.exe
C:\Users\Markus\AppData\Local\Temp\_is343C.exe
C:\Users\Markus\AppData\Local\Temp\_is3707.exe
C:\Users\Markus\AppData\Local\Temp\_is4412.exe
C:\Users\Markus\AppData\Local\Temp\_is4D64.exe
C:\Users\Markus\AppData\Local\Temp\_is643F.exe
C:\Users\Markus\AppData\Local\Temp\_isBBC1.exe
C:\Users\Markus\AppData\Local\Temp\_isDF0A.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-02-10 13:21:09
Restore point made on: 2014-02-12 04:59:20
Restore point made on: 2014-02-15 09:15:33
Restore point made on: 2014-02-18 12:24:02
Restore point made on: 2014-02-25 10:12:01
Restore point made on: 2014-02-28 14:11:30

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8106.17 MB
Available physical RAM: 7280.48 MB
Total Pagefile: 8104.37 MB
Available Pagefile: 7259.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:576.54 GB) (Free:127.5 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:11.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (BSIX) (Removable) (Total:3.92 GB) (Free:3.92 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=577 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.


LastRegBack: 2014-02-08 01:46

==================== End Of Log ============================

Ich habe es dann auch erst einmal bei diesem Scan belassen. Über weitere Schritte wäre ich sehr dankbar. :)

Der obligatorische und definitiv ernst gemeinte Satz: Ich hoffe, ihr könnt mir weiterhelfen!

Mit freundlichen Grüßen
Markus

schrauber 03.03.2014 07:57
Hi,

FRST bitte aus dem abgesicherten Modus scannen lassen.

trambel 03.03.2014 18:28
Hey,

danke für die schnelle Antwort.

Hier dann die richtige Datei:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2014 02
Ran by Markus (administrator) on MARKUS-PC on 03-03-2014 14:16:00
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\helppane.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [312936 2011-04-22] (NVIDIA Corporation)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10355200 2011-01-24] (Intel Corporation)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-26] (Dell, Inc.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
HKLM-x32\...\Run: [Driver Genius] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2798120034-3558227331-1144246542-1001\...\Run: [Rainlendar2] - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2498048 2012-07-02] ()
HKU\S-1-5-21-2798120034-3558227331-1144246542-1001\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-2798120034-3558227331-1144246542-1001\...\MountPoints2: {15cb2d64-0d5e-11e2-8173-14feb5bdb84c} - E:\AutoRun.exe
HKU\S-1-5-21-2798120034-3558227331-1144246542-1001\...\MountPoints2: {5bb58a4e-10b1-11e2-8adf-88532e26df99} - E:\AutoRun.exe
HKU\S-1-5-21-2798120034-3558227331-1144246542-1001\...\MountPoints2: {b332738d-eace-11e1-b698-88532e26df99} - E:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-2798120034-3558227331-1144246542-1001\...\MountPoints2: {b33273af-eace-11e1-b698-88532e26df99} - E:\AutoRun.exe
HKU\S-1-5-21-2798120034-3558227331-1144246542-1001\...\MountPoints2: {b33273b1-eace-11e1-b698-88532e26df99} - E:\AutoRun.exe
HKU\S-1-5-21-2798120034-3558227331-1144246542-1001\...\MountPoints2: {b33273d8-eace-11e1-b698-88532e26df99} - E:\.\Autorun.exe AUTORUN=1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-04-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2625848
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
URLSearchHook: HKLM-x32 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
URLSearchHook: HKCU - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {6E6DAC5C-921F-412C-B865-703D1CC14E74} URL =
SearchScopes: HKCU - {B5C6BCB2-FFC8-43C7-A0EF-69E559A57AE9} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=43BED706-D331-482C-8594-BA437B189C6E&apn_sauid=91E9FB22-DA58-4427-848F-9BB5953454A8
SearchScopes: HKCU - {CA3403F6-8312-4644-986D-619A77F1C582} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\2m2gr9ul.default
FF DefaultSearchEngine: DVDVideoSoftTB DE Customized Web Search
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN67631004930340929&UM=false&q=
FF NetworkProxy: "backup.ftp", "proxy.tfh-wildau.de"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "proxy.tfh-wildau.de"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "proxy.tfh-wildau.de"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "proxy.tfh-wildau.de"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "proxy.tfh-wildau.de"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy.tfh-wildau.de"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "proxy.tfh-wildau.de"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Users\Markus\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Users\Markus\AppData\Roaming\mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\2m2gr9ul.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\2m2gr9ul.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: DVDVideoSoftTB DE  - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\2m2gr9ul.default\Extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} [2013-12-27]
FF Extension: YouTube Video, Audio and Subtitle Downloader - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\2m2gr9ul.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2013-01-18]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-07-24]

==================== Services (Whitelisted) =================

S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-08-22] ()
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-08-22] ()
S2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
S2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
S2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
S2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [121960 2010-12-12] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-02 20:42 - 2014-03-03 14:16 - 00000000 ____D () C:\FRST
2014-02-28 21:26 - 2014-02-28 21:26 - 00007608 _____ () C:\Users\Markus\AppData\Local\Resmon.ResmonCfg
2014-02-25 08:58 - 2014-02-25 09:03 - 00000000 ____D () C:\Users\Markus\Desktop\Abschluss
2014-02-25 08:38 - 2014-02-25 12:52 - 00000000 ____D () C:\Users\Markus\Desktop\Bilder für Präsi
2014-02-24 19:57 - 2014-02-24 20:09 - 00000000 ____D () C:\Users\Markus\Desktop\Bernau
2014-02-24 19:57 - 2014-02-24 19:57 - 00000000 ____D () C:\Users\Markus\Desktop\Anlagen
2014-02-20 21:05 - 2014-02-20 21:05 - 00003110 _____ () C:\Windows\System32\Tasks\{1EFC26A5-192F-4207-81B7-10381D8C28CF}
2014-02-20 09:44 - 2014-02-20 09:44 - 06110208 _____ () C:\Users\Markus\Desktop\INSTANDSETZEN EINER EINSTUFIGEN KREISELPUMPE  ppt.ppt
2014-02-19 23:04 - 2014-02-20 07:45 - 05462583 _____ () C:\Users\Markus\Desktop\INSTANDSETZEN EINER EINSTUFIGEN KREISELPUMPE.pptx
2014-02-19 19:11 - 2014-02-19 19:11 - 00003110 _____ () C:\Windows\System32\Tasks\{2D9FA9D8-D886-41AD-B3B1-ED554F943B36}
2014-02-19 17:40 - 2014-02-19 17:40 - 00003110 _____ () C:\Windows\System32\Tasks\{17F16BB1-F731-4C5B-BFE3-92856955D493}
2014-02-19 17:35 - 2014-02-19 17:35 - 00003110 _____ () C:\Windows\System32\Tasks\{2C2EE886-4126-4A02-AEFB-0E0F9A2CF1FF}
2014-02-19 17:30 - 2014-02-19 17:30 - 00003110 _____ () C:\Windows\System32\Tasks\{7496F665-0506-4035-9D04-BEECB567DB3E}
2014-02-18 12:07 - 2014-02-18 12:07 - 00003110 _____ () C:\Windows\System32\Tasks\{28A7BE7E-1938-4848-84A2-F438D6C7E0F8}
2014-02-18 10:59 - 2014-02-18 10:59 - 00003110 _____ () C:\Windows\System32\Tasks\{F2C03BD3-720E-40E6-8B8F-E21BFFB1DC94}
2014-02-18 08:44 - 2014-02-18 08:44 - 00003110 _____ () C:\Windows\System32\Tasks\{6B27F983-CDEE-4C91-A797-5783EF3C9CCD}
2014-02-17 05:27 - 2014-02-19 15:54 - 00000000 ____D () C:\Users\Markus\Desktop\Präsentation betr. Auftrag
2014-02-16 15:24 - 2014-02-16 15:24 - 26092134 _____ () C:\Users\Markus\Desktop\IH- Anweisung Leistung.bmp
2014-02-14 14:54 - 2014-02-14 14:54 - 00003110 _____ () C:\Windows\System32\Tasks\{E2786C45-22DD-4351-9C99-1692B29E585B}
2014-02-14 14:54 - 2014-02-14 14:54 - 00003110 _____ () C:\Windows\System32\Tasks\{D0691F2B-B1F2-4C82-A64F-0BFA8C327C5C}
2014-02-14 11:16 - 2014-02-14 11:16 - 00003110 _____ () C:\Windows\System32\Tasks\{7A585793-29F9-4F8A-BE34-0605D68C8BA7}
2014-02-13 18:52 - 2014-02-13 18:52 - 00003110 _____ () C:\Windows\System32\Tasks\{C50D9C63-C597-4A40-BD25-ABF0C012C4C1}
2014-02-13 18:48 - 2014-02-13 18:48 - 00003110 _____ () C:\Windows\System32\Tasks\{40438BBF-50C2-429F-988E-17A90E5E7B36}
2014-02-13 11:53 - 2014-02-13 11:53 - 00003110 _____ () C:\Windows\System32\Tasks\{0D785C32-82BF-443C-8124-5DF35689C075}
2014-02-13 11:51 - 2014-02-13 11:51 - 00003110 _____ () C:\Windows\System32\Tasks\{3BAED0B4-AA89-4A1A-BDDB-5241BAD9D711}
2014-02-13 11:39 - 2014-02-13 11:39 - 00003110 _____ () C:\Windows\System32\Tasks\{C4129FFA-2570-4508-8250-2B92DD095A80}
2014-02-12 20:07 - 2014-02-19 17:46 - 00001374 _____ () C:\Users\Markus\Desktop\Play Tiberian Sun.lnk
2014-02-12 20:07 - 2014-02-12 20:07 - 00003110 _____ () C:\Windows\System32\Tasks\{07EF42DB-D0CA-4333-9E28-2FA5DF9D31F1}
2014-02-12 18:33 - 2014-02-12 18:33 - 00003110 _____ () C:\Windows\System32\Tasks\{8C9BF3E0-0084-450D-AFE4-04DD96310B1E}
2014-02-12 18:20 - 2014-02-12 18:20 - 00003110 _____ () C:\Windows\System32\Tasks\{03C40F02-D0FD-4AE6-BE10-3EA73FF5ACD1}
2014-02-12 18:17 - 2014-02-12 18:17 - 00003110 _____ () C:\Windows\System32\Tasks\{2897BBE9-EB19-47F3-917E-9832A1C98BF3}
2014-02-12 18:07 - 2014-02-12 18:07 - 00003110 _____ () C:\Windows\System32\Tasks\{7D9E7FAB-39B4-410B-9959-E223D048BC48}
2014-02-12 18:04 - 2014-02-12 18:04 - 00003110 _____ () C:\Windows\System32\Tasks\{6F2EA6DE-630C-4415-AADA-B80B4B235AD4}
2014-02-12 17:59 - 2014-02-12 17:59 - 00003110 _____ () C:\Windows\System32\Tasks\{03B20980-AFB6-46B8-BC21-BFFBE2F0EAB1}
2014-02-12 17:54 - 2010-02-11 10:22 - 00000000 ____D () C:\Program Files\EA Games
2014-02-12 17:10 - 2014-02-12 17:49 - 1334180630 _____ () C:\Users\Markus\Desktop\OfficialCnCTiberianSun.rar
2014-02-11 23:13 - 2014-02-11 23:13 - 00002978 _____ () C:\Windows\System32\Tasks\{B0442E02-37A9-4AF0-8BD9-41B40FA36E5D}
2014-02-11 23:12 - 2014-02-11 23:12 - 00002978 _____ () C:\Windows\System32\Tasks\{6D97E50C-CCFD-4BB3-80BB-CC208BB5019B}
2014-02-11 22:51 - 2014-02-11 22:51 - 00003110 _____ () C:\Windows\System32\Tasks\{EE6C124D-7B0D-426B-B341-C0FC855D9BFE}
2014-02-11 22:50 - 2014-02-11 22:50 - 00003110 _____ () C:\Windows\System32\Tasks\{4E015206-0488-4E4A-87C0-546B63555D30}
2014-02-11 22:43 - 2014-02-11 22:43 - 00003110 _____ () C:\Windows\System32\Tasks\{802FA01F-6052-4659-A580-66524C0AD16B}
2014-02-11 22:41 - 2014-02-11 22:41 - 00003110 _____ () C:\Windows\System32\Tasks\{33DE8CF2-554D-48F0-A6E6-AF9E31FCD6A7}
2014-02-11 22:39 - 2014-02-11 22:39 - 00003110 _____ () C:\Windows\System32\Tasks\{C177C783-F112-48E2-99E7-6A417EF41802}
2014-02-11 22:38 - 2014-02-11 22:38 - 00003110 _____ () C:\Windows\System32\Tasks\{DA9327F3-C5F0-46AF-812A-046254A212C8}
2014-02-10 08:26 - 2014-02-10 08:26 - 00000000 _____ () C:\Users\Markus\Sti_Trace.log
2014-02-07 15:19 - 2014-02-07 15:20 - 00000000 ____D () C:\Users\Markus\Desktop\KrawallBrüder - Schmerzfrei (Deluxe Edition)
2014-02-03 15:04 - 2014-02-03 15:04 - 00000000 ____D () C:\Users\Markus\Desktop\Zum Glück in die Zukunft II
2014-02-03 15:03 - 2014-02-03 15:03 - 00000000 ____D () C:\Users\Markus\Desktop\Chakuza
2014-02-01 20:22 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-02-01 07:15 - 2014-02-01 07:15 - 00785688 _____ () C:\Windows\Minidump\020114-44772-01.dmp

==================== One Month Modified Files and Folders =======

2014-03-03 14:16 - 2014-03-02 20:42 - 00000000 ____D () C:\FRST
2014-03-02 20:40 - 2011-07-24 11:37 - 01513985 _____ () C:\Windows\WindowsUpdate.log
2014-03-02 20:18 - 2012-08-26 11:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-02 20:04 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-02 20:04 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-02 19:57 - 2011-07-24 19:10 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-03-02 19:57 - 2011-07-24 19:10 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-03-02 19:25 - 2012-12-05 20:51 - 00086364 _____ () C:\Windows\setupact.log
2014-03-02 19:25 - 2011-07-24 18:58 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-02 19:25 - 2011-07-24 11:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-02 19:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-02 17:57 - 2010-11-21 07:50 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-03-02 17:57 - 2010-11-21 07:50 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-03-02 17:57 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-02 17:45 - 2011-07-24 19:23 - 00000000 ____D () C:\ProgramData\Sonic
2014-02-28 21:26 - 2014-02-28 21:26 - 00007608 _____ () C:\Users\Markus\AppData\Local\Resmon.ResmonCfg
2014-02-28 21:19 - 2012-12-06 13:10 - 00215140 _____ () C:\Windows\PFRO.log
2014-02-28 21:18 - 2013-08-15 20:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-28 21:17 - 2012-08-19 21:15 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-28 21:14 - 2011-02-11 11:22 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 15:29 - 2013-01-15 13:21 - 00000000 ____D () C:\Users\Markus\.rainlendar2
2014-02-26 13:45 - 2012-08-20 15:57 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\vlc
2014-02-25 12:52 - 2014-02-25 08:38 - 00000000 ____D () C:\Users\Markus\Desktop\Bilder für Präsi
2014-02-25 09:03 - 2014-02-25 08:58 - 00000000 ____D () C:\Users\Markus\Desktop\Abschluss
2014-02-24 20:09 - 2014-02-24 19:57 - 00000000 ____D () C:\Users\Markus\Desktop\Bernau
2014-02-24 20:05 - 2011-07-24 19:18 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-02-24 19:57 - 2014-02-24 19:57 - 00000000 ____D () C:\Users\Markus\Desktop\Anlagen
2014-02-21 10:35 - 2013-01-03 22:07 - 00080727 _____ () C:\Users\Markus\Desktop\Finanzplan.xlsx
2014-02-21 09:33 - 2013-03-14 12:10 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\dvdcss
2014-02-20 22:19 - 2012-08-26 11:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 22:19 - 2012-08-26 11:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 22:19 - 2012-08-26 11:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 21:05 - 2014-02-20 21:05 - 00003110 _____ () C:\Windows\System32\Tasks\{1EFC26A5-192F-4207-81B7-10381D8C28CF}
2014-02-20 09:44 - 2014-02-20 09:44 - 06110208 _____ () C:\Users\Markus\Desktop\INSTANDSETZEN EINER EINSTUFIGEN KREISELPUMPE  ppt.ppt
2014-02-20 07:45 - 2014-02-19 23:04 - 05462583 _____ () C:\Users\Markus\Desktop\INSTANDSETZEN EINER EINSTUFIGEN KREISELPUMPE.pptx
2014-02-19 19:11 - 2014-02-19 19:11 - 00003110 _____ () C:\Windows\System32\Tasks\{2D9FA9D8-D886-41AD-B3B1-ED554F943B36}
2014-02-19 17:46 - 2014-02-12 20:07 - 00001374 _____ () C:\Users\Markus\Desktop\Play Tiberian Sun.lnk
2014-02-19 17:40 - 2014-02-19 17:40 - 00003110 _____ () C:\Windows\System32\Tasks\{17F16BB1-F731-4C5B-BFE3-92856955D493}
2014-02-19 17:35 - 2014-02-19 17:35 - 00003110 _____ () C:\Windows\System32\Tasks\{2C2EE886-4126-4A02-AEFB-0E0F9A2CF1FF}
2014-02-19 17:30 - 2014-02-19 17:30 - 00003110 _____ () C:\Windows\System32\Tasks\{7496F665-0506-4035-9D04-BEECB567DB3E}
2014-02-19 15:54 - 2014-02-17 05:27 - 00000000 ____D () C:\Users\Markus\Desktop\Präsentation betr. Auftrag
2014-02-18 19:50 - 2012-09-13 18:33 - 00000000 ____D () C:\Users\Markus\Desktop\Fachhochschule
2014-02-18 12:07 - 2014-02-18 12:07 - 00003110 _____ () C:\Windows\System32\Tasks\{28A7BE7E-1938-4848-84A2-F438D6C7E0F8}
2014-02-18 10:59 - 2014-02-18 10:59 - 00003110 _____ () C:\Windows\System32\Tasks\{F2C03BD3-720E-40E6-8B8F-E21BFFB1DC94}
2014-02-18 08:44 - 2014-02-18 08:44 - 00003110 _____ () C:\Windows\System32\Tasks\{6B27F983-CDEE-4C91-A797-5783EF3C9CCD}
2014-02-16 16:20 - 2014-01-22 08:44 - 00000000 ____D () C:\Users\Markus\Desktop\Parkway Drive
2014-02-16 15:24 - 2014-02-16 15:24 - 26092134 _____ () C:\Users\Markus\Desktop\IH- Anweisung Leistung.bmp
2014-02-15 16:35 - 2012-10-03 19:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-15 16:17 - 2009-07-14 03:34 - 00000510 _____ () C:\Windows\win.ini
2014-02-14 14:54 - 2014-02-14 14:54 - 00003110 _____ () C:\Windows\System32\Tasks\{E2786C45-22DD-4351-9C99-1692B29E585B}
2014-02-14 14:54 - 2014-02-14 14:54 - 00003110 _____ () C:\Windows\System32\Tasks\{D0691F2B-B1F2-4C82-A64F-0BFA8C327C5C}
2014-02-14 11:16 - 2014-02-14 11:16 - 00003110 _____ () C:\Windows\System32\Tasks\{7A585793-29F9-4F8A-BE34-0605D68C8BA7}
2014-02-14 11:11 - 2012-08-20 03:52 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-13 18:52 - 2014-02-13 18:52 - 00003110 _____ () C:\Windows\System32\Tasks\{C50D9C63-C597-4A40-BD25-ABF0C012C4C1}
2014-02-13 18:48 - 2014-02-13 18:48 - 00003110 _____ () C:\Windows\System32\Tasks\{40438BBF-50C2-429F-988E-17A90E5E7B36}
2014-02-13 11:53 - 2014-02-13 11:53 - 00003110 _____ () C:\Windows\System32\Tasks\{0D785C32-82BF-443C-8124-5DF35689C075}
2014-02-13 11:51 - 2014-02-13 11:51 - 00003110 _____ () C:\Windows\System32\Tasks\{3BAED0B4-AA89-4A1A-BDDB-5241BAD9D711}
2014-02-13 11:39 - 2014-02-13 11:39 - 00003110 _____ () C:\Windows\System32\Tasks\{C4129FFA-2570-4508-8250-2B92DD095A80}
2014-02-12 20:07 - 2014-02-12 20:07 - 00003110 _____ () C:\Windows\System32\Tasks\{07EF42DB-D0CA-4333-9E28-2FA5DF9D31F1}
2014-02-12 18:33 - 2014-02-12 18:33 - 00003110 _____ () C:\Windows\System32\Tasks\{8C9BF3E0-0084-450D-AFE4-04DD96310B1E}
2014-02-12 18:20 - 2014-02-12 18:20 - 00003110 _____ () C:\Windows\System32\Tasks\{03C40F02-D0FD-4AE6-BE10-3EA73FF5ACD1}
2014-02-12 18:17 - 2014-02-12 18:17 - 00003110 _____ () C:\Windows\System32\Tasks\{2897BBE9-EB19-47F3-917E-9832A1C98BF3}
2014-02-12 18:07 - 2014-02-12 18:07 - 00003110 _____ () C:\Windows\System32\Tasks\{7D9E7FAB-39B4-410B-9959-E223D048BC48}
2014-02-12 18:04 - 2014-02-12 18:04 - 00003110 _____ () C:\Windows\System32\Tasks\{6F2EA6DE-630C-4415-AADA-B80B4B235AD4}
2014-02-12 17:59 - 2014-02-12 17:59 - 00003110 _____ () C:\Windows\System32\Tasks\{03B20980-AFB6-46B8-BC21-BFFBE2F0EAB1}
2014-02-12 17:49 - 2014-02-12 17:10 - 1334180630 _____ () C:\Users\Markus\Desktop\OfficialCnCTiberianSun.rar
2014-02-11 23:13 - 2014-02-11 23:13 - 00002978 _____ () C:\Windows\System32\Tasks\{B0442E02-37A9-4AF0-8BD9-41B40FA36E5D}
2014-02-11 23:12 - 2014-02-11 23:12 - 00002978 _____ () C:\Windows\System32\Tasks\{6D97E50C-CCFD-4BB3-80BB-CC208BB5019B}
2014-02-11 22:51 - 2014-02-11 22:51 - 00003110 _____ () C:\Windows\System32\Tasks\{EE6C124D-7B0D-426B-B341-C0FC855D9BFE}
2014-02-11 22:50 - 2014-02-11 22:50 - 00003110 _____ () C:\Windows\System32\Tasks\{4E015206-0488-4E4A-87C0-546B63555D30}
2014-02-11 22:43 - 2014-02-11 22:43 - 00003110 _____ () C:\Windows\System32\Tasks\{802FA01F-6052-4659-A580-66524C0AD16B}
2014-02-11 22:41 - 2014-02-11 22:41 - 00003110 _____ () C:\Windows\System32\Tasks\{33DE8CF2-554D-48F0-A6E6-AF9E31FCD6A7}
2014-02-11 22:39 - 2014-02-11 22:39 - 00003110 _____ () C:\Windows\System32\Tasks\{C177C783-F112-48E2-99E7-6A417EF41802}
2014-02-11 22:38 - 2014-02-11 22:38 - 00003110 _____ () C:\Windows\System32\Tasks\{DA9327F3-C5F0-46AF-812A-046254A212C8}
2014-02-10 11:30 - 2012-08-22 16:16 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-10 11:27 - 2014-01-24 11:26 - 00000000 ____D () C:\Users\Markus\Desktop\E- Technik
2014-02-10 08:26 - 2014-02-10 08:26 - 00000000 _____ () C:\Users\Markus\Sti_Trace.log
2014-02-10 08:26 - 2012-08-20 03:35 - 00000000 ____D () C:\Users\Markus
2014-02-07 15:20 - 2014-02-07 15:19 - 00000000 ____D () C:\Users\Markus\Desktop\KrawallBrüder - Schmerzfrei (Deluxe Edition)
2014-02-03 15:04 - 2014-02-03 15:04 - 00000000 ____D () C:\Users\Markus\Desktop\Zum Glück in die Zukunft II
2014-02-03 15:03 - 2014-02-03 15:03 - 00000000 ____D () C:\Users\Markus\Desktop\Chakuza
2014-02-01 07:15 - 2014-02-01 07:15 - 00785688 _____ () C:\Windows\Minidump\020114-44772-01.dmp
2014-02-01 07:15 - 2013-05-13 09:42 - 882763708 _____ () C:\Windows\MEMORY.DMP
2014-02-01 07:15 - 2012-10-25 13:51 - 00000000 ____D () C:\Windows\Minidump

Some content of TEMP:
====================
C:\Users\Markus\AppData\Local\Temp\APNStub.exe
C:\Users\Markus\AppData\Local\Temp\atl100.dll
C:\Users\Markus\AppData\Local\Temp\aulauncher.exe
C:\Users\Markus\AppData\Local\Temp\AutoRun.exe
C:\Users\Markus\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Markus\AppData\Local\Temp\byaeur2h.dll
C:\Users\Markus\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Markus\AppData\Local\Temp\drm_dyndata_7330017.dll
C:\Users\Markus\AppData\Local\Temp\IERunner.dll
C:\Users\Markus\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Markus\AppData\Local\Temp\msvcp100.dll
C:\Users\Markus\AppData\Local\Temp\msvcr100.dll
C:\Users\Markus\AppData\Local\Temp\pprvyuwp.dll
C:\Users\Markus\AppData\Local\Temp\u9bboqyb.dll
C:\Users\Markus\AppData\Local\Temp\xpxfmxxq.dll
C:\Users\Markus\AppData\Local\Temp\_is3237.exe
C:\Users\Markus\AppData\Local\Temp\_is343C.exe
C:\Users\Markus\AppData\Local\Temp\_is3707.exe
C:\Users\Markus\AppData\Local\Temp\_is4412.exe
C:\Users\Markus\AppData\Local\Temp\_is4D64.exe
C:\Users\Markus\AppData\Local\Temp\_is643F.exe
C:\Users\Markus\AppData\Local\Temp\_isBBC1.exe
C:\Users\Markus\AppData\Local\Temp\_isDF0A.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 08:46

==================== End Of Log ============================
--- --- ---

--- --- ---



Mit freundlichen Grüßen

Markus

schrauber 04.03.2014 14:44
Jo, wie wir sehen sehen wir nichts. Bitte im Safe Mode ein neues Benutzerkonto mit Adminrechten anlegen, im normalen Modus in dieses booten. Geht das?

trambel 04.03.2014 18:40
Hey,

bin leider erst wieder ab 18 Uhr zu Hause, versuche es dann sofort.

Mit freundlichen Grüßen

Markus

Es funktioniert tatsächlich.
Woran kann es liegen?

Mit freundlichen Grüßen

Markus

schrauber 05.03.2014 14:48
Das andre Benutzerkonto ist kaputt. Bitte im neuen einloggen, Daten sichern aus dem anderen Konto, dann das kaputte Konto löschen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:46 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131