Trojaner-Board - Windows 7: Phisher aus Vodafone Mail will VR Bank abgreifen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows 7: Phisher aus Vodafone Mail will VR Bank abgreifen (https://www.trojaner-board.de/155194-windows-7-phisher-vodafone-mail-will-vr-bank-abgreifen.html)

Windows 7: Phisher aus Vodafone Mail will VR Bank abgreifen

Hallo zusammen,

eine Freundin hat vor einigen Tagen eine Mail von "Vodafone" bekommen mit einer angeblichen 300€ Rechnung. Leider hat sie als Vodafone Kundin getippt und nun haben wir den Salat, berichtet auch schon die VZ drüber... hxxp://www.vz-nrw.de/phishing

Direkt zu Anfang:
Der PC wird gewerblich genutzt, ich mache aber hier privaten Support ohne gewerblichen Hintergrund (außer vielleicht den Zehner den der arme Student am ende bekommt:pfeiff:).

Also darf ich es ausbaden und gib euch mal was ich habe:

Befallene Datei war zu 99% folgender Link (ACHTUNG da ist halt was böses drin:schrei:)
firstvoicemail[dot]com/wp-includes/pomo[slash]pdf-vodafone2014_06-de/2014_06rechnung_pdf_vodafone[dot]zip
So sollte es keiner aus Versehen anklicken...
Virustotal findet dazu auch nicht viel genau wie das installierte MacAffee:
https://www.virustotal.com/de/url/75d4c4453bf3bf1d279aa3ef50bcd316c2cfb7ff30fedc3164a1ed0871e5b126/analysis/

Aber:
Sobald man sich ins OnlineBanking der VR Bank einloggt kommt folgende Meldung:

Zitat:

Unser System überprüft Ihren Computer nach Veränderungen. Überprüfung Ihrer Sicherheitseinstellungen kann mehrere Sekunden dauern. Während dieser Zeit aktualisieren Sie bitte nicht diese Seite und verwenden Sie nicht die Browsernavigation (Zurück / Vorwärts).

Konten sind natürlich schon gesichert.

Aber da eine Neuinstallation extrem viel Arbeit bedeutet, würden wir den Rechner gerne manuell reinigen.

Hier also mal ein paar Logs für euch:

defogger_disable

Zitat:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:38 on 13/06/2014 (Buro)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...

-=E.O.F=-

FRST

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 02

Ran by Buro (administrator) on BUERO-PC on 13-06-2014 16:44:30

Running from D:\Eigene Dateien\Downloads

Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe

(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe

(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe

(DATEV eG) C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe

(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [333416 2012-09-05] (McAfee, Inc.)

HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)

HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [ApnTBMon] => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\Run: [updateMgr] => C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)

HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\Run: [LiveSupport] => "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log

HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\Run: [uumconfig.exe] => C:\Users\Buro\AppData\Roaming\Microsoft\uumconfig.exe [196608 2009-07-14] (Qdumga)

HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-15] (Adobe Systems Incorporated)

HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1

HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\MountPoints2: {35856a6b-a7f8-11e2-9698-00237d21318e} - K:\Setup.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk

ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk

ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> C:\DATEV\PROGRAMM\BSoffice\service\OfficeDiag.exe (DATEV eG)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CleanupPrintJobs.lnk

ShortcutTarget: CleanupPrintJobs.lnk -> C:\DATEV\PROGRAMM\B0001401\CleanupPrintJobs.exe (DATEV eG)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk

ShortcutTarget: SkyUserDevmode-Update.lnk -> C:\DATEV\PROGRAMM\B0001401\UpdateDevmode.exe (DATEV eG)

Startup: C:\Users\Buro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Users\Buro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk

ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF6B508DFDF19CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013

SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013

SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013

SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013

SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013

BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130302162403.dll (McAfee, Inc.)

BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File

Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Buro\AppData\Roaming\Mozilla\Firefox\Profiles\n4u04gzo.default

FF SearchEngineOrder.1: Ask Search

FF Homepage: https://www.google.de

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF user.js: detected! => C:\Users\Buro\AppData\Roaming\Mozilla\Firefox\Profiles\n4u04gzo.default\user.js

FF SearchPlugin: C:\Users\Buro\AppData\Roaming\Mozilla\Firefox\Profiles\n4u04gzo.default\searchplugins\Web Search.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: DAEMON Tools Toolbar - C:\Users\Buro\AppData\Roaming\Mozilla\Firefox\Profiles\n4u04gzo.default\Extensions\DTToolbar@toolbarnet.com [2013-04-19]

FF Extension: IDS_SS_NAME - C:\Program Files\Common Files\McAfee\SystemCore [2013-03-02]

FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore

FF Extension: IDS_SS_NAME - C:\Program Files\Common Files\McAfee\SystemCore [2013-03-02]

FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-04-09]
 

========================== Services (Whitelisted) =================
 

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-11] (Adobe Systems) [File not signed]

R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-16] (APN LLC.)

R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [1705280 2009-08-19] (WIBU-SYSTEMS AG)

S3 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [161320 2013-08-02] (DATEV eG)

S3 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)

R2 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)

R3 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)

S3 Datev.Irw.ServiceProvider.HostXcut.Server; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)

R2 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [185856 2013-09-02] (DATEV eG) [File not signed]

S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-04-18] (Macrovision Europe Ltd.) [File not signed]

R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [132712 2012-09-05] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)

R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [167344 2013-03-02] (McAfee, Inc.)

R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [159640 2013-03-02] (McAfee, Inc.)

R2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation)

R3 MSSQLFDLauncher$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe [37832 2012-06-29] (Microsoft Corporation)

S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation)

S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [X]

S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn [X]
 

==================== Drivers (Whitelisted) ====================
 

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218176 2013-04-18] (DT Soft Ltd)

R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2013-05-23] (Logitech, Inc.)

R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2013-05-23] (Logitech, Inc.)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2013-03-02] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [215024 2013-03-02] (McAfee, Inc.)

S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59616 2013-03-02] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [477584 2013-03-02] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87816 2013-03-02] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [180720 2013-03-02] (McAfee, Inc.)

S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [249288 2012-06-29] (Microsoft Corporation)

U0 dmboot; 

U3 mfeavfk01; No ImagePath
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-06-13 16:41 - 2014-06-13 16:44 - 00000000 ____D () C:\FRST

2014-06-13 16:38 - 2014-06-13 16:38 - 00000156 _____ () C:\Users\Buro\defogger_reenable

2014-06-13 11:28 - 2014-06-13 11:28 - 00000000 ____D () C:\ProgramData\Logitech

2014-06-12 08:18 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-06-12 08:18 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2014-05-19 08:38 - 2014-05-19 08:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-05-16 12:17 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-16 12:17 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-16 12:17 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-16 12:15 - 2014-05-16 12:15 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-05-16 09:08 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-05-16 09:08 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-05-16 09:07 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-05-16 09:07 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2014-05-16 09:07 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2014-05-16 09:07 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2014-05-16 09:07 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2014-05-16 09:07 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-05-16 09:07 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2014-05-16 09:07 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-16 09:07 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2014-05-16 09:07 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-05-16 09:07 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-05-16 09:07 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
 

==================== One Month Modified Files and Folders =======
 

2014-06-13 16:44 - 2014-06-13 16:41 - 00000000 ____D () C:\FRST

2014-06-13 16:44 - 2013-03-02 16:05 - 00000000 ____D () C:\Users\Buro\AppData\Local\Temp

2014-06-13 16:43 - 2009-07-14 06:34 - 00017504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-13 16:43 - 2009-07-14 06:34 - 00017504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-13 16:38 - 2014-06-13 16:38 - 00000156 _____ () C:\Users\Buro\defogger_reenable

2014-06-13 16:38 - 2013-03-07 15:46 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-13 16:38 - 2013-03-02 16:05 - 00000000 ____D () C:\Users\Buro

2014-06-13 16:14 - 2013-03-06 23:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-13 11:36 - 2013-06-15 16:51 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-06-13 11:36 - 2013-03-07 15:46 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-13 11:36 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-13 11:36 - 2009-07-14 06:39 - 00054281 _____ () C:\Windows\setupact.log

2014-06-13 11:34 - 2013-03-02 15:52 - 01742757 _____ () C:\Windows\WindowsUpdate.log

2014-06-13 11:28 - 2014-06-13 11:28 - 00000000 ____D () C:\ProgramData\Logitech

2014-06-13 11:28 - 2014-04-09 16:19 - 00000888 _____ () C:\Windows\LkmdfCoInst.log

2014-06-13 11:27 - 2014-04-09 16:19 - 00016400 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys

2014-06-13 11:17 - 2013-03-02 16:09 - 01807850 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-12 12:04 - 2013-08-05 11:36 - 00000000 ____D () C:\Windows\system32\MRT

2014-06-12 12:04 - 2013-03-02 17:48 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-06-12 12:02 - 2013-03-02 16:55 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-06-12 11:50 - 2013-03-02 18:39 - 00000000 ____D () C:\Users\Buro\Graphisoft

2014-05-20 08:08 - 2013-03-02 17:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-05-19 08:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-05-19 08:38 - 2014-05-19 08:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-05-19 08:30 - 2014-05-06 12:22 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-05-19 08:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE

2014-05-16 12:15 - 2014-05-16 12:15 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-05-16 09:08 - 2013-03-02 17:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-05-15 12:14 - 2013-03-06 23:38 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-05-15 12:14 - 2013-03-06 23:38 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
 

Some content of TEMP:

====================

C:\Users\Buro\AppData\Local\Temp\a2zLyrics_1060-8102_v122.exe

C:\Users\Buro\AppData\Local\Temp\APNSetup.exe

C:\Users\Buro\AppData\Local\Temp\appshat-distribution.exe

C:\Users\Buro\AppData\Local\Temp\bi_cleaner.exe

C:\Users\Buro\AppData\Local\Temp\DiVapton_sm.exe

C:\Users\Buro\AppData\Local\Temp\Installer.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\LiveSupport_setup.exe

C:\Users\Buro\AppData\Local\Temp\LMkRstPt.exe

C:\Users\Buro\AppData\Local\Temp\OptimizerPro.exe

C:\Users\Buro\AppData\Local\Temp\ose00000.exe

C:\Users\Buro\AppData\Local\Temp\UpdateCheckerSetup.exe

C:\Users\Buro\AppData\Local\Temp\wajam_download.exe

C:\Users\Buro\AppData\Local\Temp\xmlUpdater.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-05-12 09:32
 

==================== End Of Log ============================

+ Addition:

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-06-2014 02

Ran by Buro at 2014-06-13 16:44:46

Running from D:\Eigene Dateien\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: McAfee VirusScan Enterprise (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}

AS: McAfee VirusScan Enterprise Antispyware Module (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.1.0 - Adobe Systems) Hidden

Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch (HKLM\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.1.0 - Adobe Systems)

Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden

Adobe Bridge 1.0 (Version: 001.000.001 - Adobe Systems) Hidden

Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden

Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden

Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Common File Installer (Version: 1.00.001 - Adobe System Incorporated) Hidden

Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Dreamweaver CS3 (HKLM\...\Adobe_25db75244653b42cb93dc27939d1c0e) (Version: 9.0 - Adobe Systems Incorporated)

Adobe Dreamweaver CS3 (Version: 9 - Adobe Systems Incorporated) Hidden

Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden

Adobe Extension Manager CS3 (Version: 1.8 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Help Center 1.0 (Version: 1.0.1 - Adobe Systems) Hidden

Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden

Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden

Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)

Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden

Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Stock Photos 1.0 (Version: 1.0.1 - Adobe Systems) Hidden

Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden

Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden

Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ArchiCAD SE 2010 GER (HKLM\...\036FFF1FFF13FF00FF0215F00F02F000-R1) (Version:  - Graphisoft)

Ashampoo Burning Studio 2013 v.11.0.5 (HKLM\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.5 - Ashampoo GmbH & Co. KG)

Ashampoo Photo Commander 9 v.9.4.3 (HKLM\...\Ashampoo Photo Commander 9_is1) (Version: 9.4.3 - Ashampoo GmbH & Co. KG)

Ask Toolbar (HKLM\...\{4F524A2D-5637-006A-76A7-A758B70C0600}) (Version: 12.6.0.12 - APN, LLC) <==== ATTENTION

B1315AppGuid (Version: 1.0.0 - DATEV eG) Hidden

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Brother MFL-Pro Suite MFC-6490CW (HKLM\...\{20E970DF-A7B2-4345-9DEB-72213A29645E}) (Version: 1.0.1.0 - Brother Industries, Ltd.)

CodeMeter Runtime Kit v4.10a (HKLM\...\{B22CE542-B0A1-42AD-955D-7455B7C9ED74}) (Version: 4.10.205. - WIBU-SYSTEMS AG)

Crystal Reports Runtime XI (Version: 1.0.9 - DATEV eG) Hidden

DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.40.1.0127 - DT Soft Ltd)

DAEMON Tools Toolbar (HKLM\...\DAEMON Tools Toolbar) (Version: 1.1.3.0244 - DT Soft Ltd) <==== ATTENTION

DATEV Infragistics Runtime V.3.2 (Version: 3.2.0 - Infragistics, Inc.) Hidden

DATEV Installation V.3.2 (HKLM\...\DATEVB00000482.0) (Version:  - )

DFL2010 ConfigDB (HKLM\...\{46B1F595-EFB2-4463-B302-312A2C7B70A6}) (Version: 4.35.4339.0 - DATEV eG)

DFL2010 Microkernel (HKLM\...\{063DF19F-5FE9-43D3-A961-944ABD050A4C}) (Version: 4.35.4339.0 - DATEV eG)

eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden

FileZilla Client 3.8.0 (HKCU\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)

Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden

iCloud (HKLM\...\{925F1DB6-E86E-4378-9091-D1F68B0583C9}) (Version: 2.1.2.8 - Apple Inc.)

Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)

McAfee Agent (HKLM\...\{D107EA80-023A-443C-AA79-1C4B0CB2E227}) (Version: 4.6.0.2988 - McAfee, Inc.)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)

McAfee VirusScan Enterprise (HKLM\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.02004 - McAfee, Inc.)

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2008 R2 (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)

Microsoft SQL Server 2008 R2 (Version:  - Microsoft Corporation) Hidden

Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{EEB0EFE8-61EB-4C42-929A-CE25D3FBC0C6}) (Version: 10.52.4000.0 - Microsoft Corporation)

Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{7419AE1A-D1A5-4B24-BD78-C7ABCC26016F}) (Version: 10.52.4000.0 - Microsoft Corporation)

Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)

Microsoft SQL Server Browser (HKLM\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)

Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}) (Version: 10.52.4000.0 - Microsoft Corporation)

Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)

Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden

Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

Notepad++ (HKLM\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)

NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)

NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden

NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)

NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden

NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden

PDF24 Creator 5.3.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)

Phase 5 HTML-Editor (HKLM\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)

QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

Service Pack 2 für SQL Server 2008 R2 (KB2630458) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)

SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

SQL Server 2008 R2 SP2 Full text search (Version: 10.52.4000.0 - Microsoft Corporation) Hidden

Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden

SQLXML4 (HKLM\...\{6C79A48D-F9CE-4B4E-968C-5BCFC27630CF}) (Version: 9.00.5000.00 - Microsoft Corporation)

SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
 

==================== Restore Points  =========================
 

07-04-2014 08:52:16 Geplanter Prüfpunkt

09-04-2014 14:23:42 Windows Modules Installer

09-04-2014 14:25:04 Windows Modules Installer

10-04-2014 10:20:36 Windows Update

02-05-2014 10:53:18 Windows Update

06-05-2014 10:22:01 Windows Update

16-05-2014 10:13:35 Windows Update

12-06-2014 10:01:26 Windows Update
 

==================== Hosts content: ==========================
 

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {18E58942-5A1F-4C04-A536-36CDC03ABE68} - System32\Tasks\DATEV eG\DATEV Update-Monitor => C:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe [2013-08-02] (DATEV eG)

Task: {7838592A-A2CA-4F61-A641-231B8BC5F9D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-07] (Google Inc.)

Task: {AEEED748-B7B9-4A94-8CAF-6EBB1D059D26} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {AFBF5FA2-C9EC-485C-8D14-D5A479621AF8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {B18505E1-6864-4582-B13D-F6333A276613} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-07] (Google Inc.)

Task: {B97ECBCB-CAB4-4AAB-A4AA-1FDB98DD0CE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-06-15 16:51 - 2013-01-18 16:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll

2013-04-15 11:00 - 2006-01-12 21:20 - 01265664 _____ () C:\Program Files\Adobe\Acrobat 7.0\Distillr\adistres.DEU

2014-03-28 11:35 - 2014-03-28 11:35 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll

2013-03-02 18:25 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll

2013-04-15 11:00 - 2006-01-12 21:20 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.deu

2013-04-15 11:00 - 2006-01-12 21:13 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.FRA

2012-10-11 22:56 - 2012-10-11 22:56 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2012-10-11 22:56 - 2012-10-11 22:56 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2007-04-18 21:30 - 2007-04-18 21:30 - 00393216 _____ () C:\Program Files\McAfee\Common Framework\cryptocme2.dll

2007-04-18 21:30 - 2007-04-18 21:30 - 00471040 _____ () C:\Program Files\McAfee\Common Framework\ccme_base.dll

2012-08-14 21:08 - 2012-08-14 21:08 - 00150328 _____ () C:\Program Files\McAfee\VirusScan Enterprise\WscAv.dll

2013-03-02 18:25 - 2002-11-26 14:43 - 00106496 ____N () C:\Windows\system32\BrMuSNMP.dll

2014-05-19 08:38 - 2014-05-19 08:38 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

2014-05-15 12:14 - 2014-05-15 12:14 - 16361136 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 

==================== EXE Association (whitelisted) =============
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
 

==================== Faulty Device Manager Devices =============
 

Name: PS/2-kompatible Maus

Description: PS/2-kompatible Maus

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 

Name: Standardtastatur (PS/2)

Description: Standardtastatur (PS/2)

Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standardtastaturen)

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (06/13/2014 04:44:26 PM) (Source: Brother BrLog) (EventID: 1001) (User: )

Description: STI BrtSTI: [2014/06/13 16:44:26.957]: [00002420]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.33.250]
 

Error: (06/13/2014 04:44:17 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm FRST.exe, Version 12.6.2014.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 170
 

Startzeit: 01cf871567b1fd5a
 

Endzeit: 0
 

Anwendungspfad: D:\Eigene Dateien\Downloads\FRST.exe
 

Berichts-ID:
 

Error: (06/13/2014 04:43:17 PM) (Source: Brother BrLog) (EventID: 1001) (User: )

Description: STI BrtSTI: [2014/06/13 16:43:17.939]: [00002420]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.33.250]
 

Error: (06/13/2014 04:42:08 PM) (Source: Brother BrLog) (EventID: 1001) (User: )

Description: STI BrtSTI: [2014/06/13 16:42:08.915]: [00002420]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.33.250]
 

Error: (06/13/2014 04:40:59 PM) (Source: Brother BrLog) (EventID: 1001) (User: )

Description: STI BrtSTI: [2014/06/13 16:40:59.874]: [00002420]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.33.250]
 

Error: (06/13/2014 04:39:50 PM) (Source: Brother BrLog) (EventID: 1001) (User: )

Description: STI BrtSTI: [2014/06/13 16:39:50.870]: [00002420]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.33.250]
 

Error: (06/13/2014 04:38:41 PM) (Source: Brother BrLog) (EventID: 1001) (User: )

Description: STI BrtSTI: [2014/06/13 16:38:41.863]: [00002420]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.33.250]
 

Error: (06/13/2014 04:37:32 PM) (Source: Brother BrLog) (EventID: 1001) (User: )

Description: STI BrtSTI: [2014/06/13 16:37:32.857]: [00002420]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.33.250]
 

Error: (06/13/2014 04:36:23 PM) (Source: Brother BrLog) (EventID: 1001) (User: )

Description: STI BrtSTI: [2014/06/13 16:36:23.853]: [00002420]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.33.250]
 

Error: (06/13/2014 04:35:14 PM) (Source: Brother BrLog) (EventID: 1001) (User: )

Description: STI BrtSTI: [2014/06/13 16:35:14.846]: [00002420]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.33.250]
 
 

System errors:

=============

Error: (06/13/2014 11:37:06 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 

Error: (06/13/2014 10:14:06 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 

Error: (06/12/2014 00:04:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2957503)
 

Error: (06/12/2014 00:04:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2939576)
 

Error: (06/12/2014 00:04:24 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Update für Windows 7 (KB2800095)
 

Error: (06/12/2014 00:04:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer 10 unter Windows 7 Service Pack 1 (KB2957689)
 

Error: (06/12/2014 00:04:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2957189)
 

Error: (06/12/2014 00:02:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Update für Windows 7 (KB2952664)
 

Error: (06/12/2014 00:02:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2957509)
 

Error: (06/12/2014 08:12:58 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 
 

Microsoft Office Sessions:

=========================

Error: (09/17/2013 09:15:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 10 seconds with 0 seconds of active time.  This session ended with a crash.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 34%

Total physical RAM: 3567.37 MB

Available physical RAM: 2328.64 MB

Total Pagefile: 7133.03 MB

Available Pagefile: 5515.45 MB

Total Virtual: 2047.88 MB

Available Virtual: 1929.88 MB
 

==================== Drives ================================
 

Drive c: (System) (Fixed) (Total:195.31 GB) (Free:145.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (Daten) (Fixed) (Total:585.94 GB) (Free:509.44 GB) NTFS

Drive l: (CODEMETER) (Fixed) (Total:0.04 GB) (Free:0 GB) FAT32

Drive s: (SERVICE) (Fixed) (Total:150.14 GB) (Free:144.84 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E1039650)

Partition 1: (Active) - (Size=195 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=736 GB) - (Type=OF Extended)
 

==================== End Of Log ============================

sowie GMER:

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2014-06-13 17:03:31

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EADS-00L5B1 rev.01.01A01 931,51GB

Running: jqbiwd6u.exe; Driver: C:\Users\Buro\AppData\Local\Temp\uwtoqpob.sys
 
 

---- Kernel code sections - GMER 2.1 ----
 

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                           83041A15 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                             8307B212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
 

---- User code sections - GMER 2.1 ----
 

.text           C:\Program Files\McAfee\Common Framework\UdaterUI.exe[1460] ntdll.dll!NtResumeThread                               77CC64E8 5 Bytes  JMP 0150EDF0 

.text           C:\Program Files\McAfee\Common Framework\UdaterUI.exe[1460] ntdll.dll!LdrLoadDll                                   77CE22AE 5 Bytes  JMP 01671AE0 

.text           C:\Program Files\McAfee\Common Framework\UdaterUI.exe[1460] WS2_32.dll!closesocket                                 76513918 5 Bytes  JMP 0167BF80 

.text           C:\Program Files\McAfee\Common Framework\UdaterUI.exe[1460] WS2_32.dll!WSASend                                     76514406 5 Bytes  JMP 0167BEA0 

.text           C:\Program Files\McAfee\Common Framework\UdaterUI.exe[1460] WS2_32.dll!connect                                     76516BDD 5 Bytes  JMP 0167BE50 

.text           C:\Program Files\McAfee\Common Framework\UdaterUI.exe[1460] WS2_32.dll!send                                        76516F01 5 Bytes  JMP 0167BF20 

.text           C:\Windows\system32\taskhost.exe[1632] ntdll.dll!NtResumeThread                                                    77CC64E8 5 Bytes  JMP 0202EDF0 

.text           C:\Windows\system32\taskhost.exe[1632] ntdll.dll!LdrLoadDll                                                        77CE22AE 5 Bytes  JMP 02071AE0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[1688] ntdll.dll!NtResumeThread                 77CC64E8 5 Bytes  JMP 004DEDF0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[1688] ntdll.dll!LdrLoadDll                     77CE22AE 5 Bytes  JMP 01501AE0 

.text           C:\Windows\system32\Dwm.exe[1724] ntdll.dll!NtResumeThread                                                         77CC64E8 5 Bytes  JMP 00D3EDF0 

.text           C:\Windows\system32\Dwm.exe[1724] ntdll.dll!LdrLoadDll                                                             77CE22AE 5 Bytes  JMP 03071AE0 

.text           C:\Windows\Explorer.EXE[1756] ntdll.dll!NtResumeThread                                                             77CC64E8 5 Bytes  JMP 02EBEDF0 

.text           C:\Windows\Explorer.EXE[1756] ntdll.dll!LdrLoadDll                                                                 77CE22AE 5 Bytes  JMP 02ED1AE0 

.text           C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[1916] ntdll.dll!NtResumeThread                             77CC64E8 5 Bytes  JMP 0158EDF0 

.text           C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[1916] ntdll.dll!LdrLoadDll                                 77CE22AE 5 Bytes  JMP 01701AE0 

.text           C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[1916] WS2_32.dll!closesocket                               76513918 5 Bytes  JMP 0170BF80 

.text           C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[1916] WS2_32.dll!WSASend                                   76514406 5 Bytes  JMP 0170BEA0 

.text           C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[1916] WS2_32.dll!connect                                   76516BDD 5 Bytes  JMP 0170BE50 

.text           C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[1916] WS2_32.dll!send                                      76516F01 5 Bytes  JMP 0170BF20 

.text           C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1984] ntdll.dll!NtResumeThread                                      77CC64E8 5 Bytes  JMP 015CEDF0 

.text           C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1984] ntdll.dll!LdrLoadDll                                          77CE22AE 5 Bytes  JMP 01601AE0 

.text           C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[2000] ntdll.dll!NtResumeThread                            77CC64E8 5 Bytes  JMP 012AEDF0 

.text           C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[2000] ntdll.dll!LdrLoadDll                                77CE22AE 5 Bytes  JMP 01691AE0 

.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2056] ntdll.dll!NtResumeThread                          77CC64E8 5 Bytes  JMP 0147EDF0 

.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2056] ntdll.dll!LdrLoadDll                              77CE22AE 5 Bytes  JMP 014B1AE0 

.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2056] WS2_32.dll!closesocket                            76513918 5 Bytes  JMP 014BBF80 

.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2056] WS2_32.dll!WSASend                                76514406 5 Bytes  JMP 014BBEA0 

.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2056] WS2_32.dll!connect                                76516BDD 5 Bytes  JMP 014BBE50 

.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2056] WS2_32.dll!send                                   76516F01 5 Bytes  JMP 014BBF20 

.text           C:\Program Files\Logitech\SetPointP\SetPoint.exe[2100] ntdll.dll!NtResumeThread                                    77CC64E8 5 Bytes  JMP 019FEDF0 

.text           C:\Program Files\Logitech\SetPointP\SetPoint.exe[2100] ntdll.dll!LdrLoadDll                                        77CE22AE 5 Bytes  JMP 01A31AE0 

.text           C:\Program Files\Logitech\SetPointP\SetPoint.exe[2100] WS2_32.dll!closesocket                                      76513918 5 Bytes  JMP 01A3BF80 

.text           C:\Program Files\Logitech\SetPointP\SetPoint.exe[2100] WS2_32.dll!WSASend                                          76514406 5 Bytes  JMP 01A3BEA0 

.text           C:\Program Files\Logitech\SetPointP\SetPoint.exe[2100] WS2_32.dll!connect                                          76516BDD 5 Bytes  JMP 01A3BE50 

.text           C:\Program Files\Logitech\SetPointP\SetPoint.exe[2100] WS2_32.dll!send                                             76516F01 5 Bytes  JMP 01A3BF20 

.text           C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2168] ntdll.dll!NtResumeThread                                      77CC64E8 5 Bytes  JMP 0144EDF0 

.text           C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2168] ntdll.dll!LdrLoadDll                                          77CE22AE 3 Bytes  JMP 015A1AE0 

.text           C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2168] ntdll.dll!LdrLoadDll + 4                                      77CE22B2 1 Byte  [89]

.text           C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2168] WS2_32.dll!closesocket                                        76513918 5 Bytes  JMP 015ABF80 

.text           C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2168] WS2_32.dll!WSASend                                            76514406 5 Bytes  JMP 015ABEA0 

.text           C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2168] WS2_32.dll!connect                                            76516BDD 5 Bytes  JMP 015ABE50 

.text           C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2168] WS2_32.dll!send                                               76516F01 5 Bytes  JMP 015ABF20 

.text           C:\Program Files\DAEMON Tools Lite\DTLite.exe[2192] ntdll.dll!NtResumeThread                                       77CC64E8 5 Bytes  JMP 015FEDF0 

.text           C:\Program Files\DAEMON Tools Lite\DTLite.exe[2192] ntdll.dll!LdrLoadDll                                           77CE22AE 5 Bytes  JMP 01631AE0 

.text           C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2224] ntdll.dll!NtResumeThread                           77CC64E8 5 Bytes  JMP 020DEDF0 

.text           C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2224] ntdll.dll!LdrLoadDll                               77CE22AE 5 Bytes  JMP 02111AE0 

.text           C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe[2332] ntdll.dll!NtResumeThread                       77CC64E8 5 Bytes  JMP 002BEDF0 

.text           C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe[2332] ntdll.dll!LdrLoadDll                           77CE22AE 5 Bytes  JMP 006E1AE0 

.text           C:\Program Files\McAfee\Common Framework\McTray.exe[2356] ntdll.dll!NtResumeThread                                 77CC64E8 5 Bytes  JMP 0135EDF0 

.text           C:\Program Files\McAfee\Common Framework\McTray.exe[2356] ntdll.dll!LdrLoadDll                                     77CE22AE 5 Bytes  JMP 01391AE0 

.text           C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!NtResumeThread                                        77CC64E8 5 Bytes  JMP 0072EDF0 

.text           C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!LdrLoadDll                                            77CE22AE 5 Bytes  JMP 66C41EB1 C:\Program Files\Mozilla Firefox\mozglue.dll

.text           C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D                   77AB94E6 7 Bytes  JMP 595184D6 C:\Program Files\Mozilla Firefox\xul.dll

.text           C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!QueryPerformanceCounter + 13                       77ABC4E5 7 Bytes  JMP 595184F9 C:\Program Files\Mozilla Firefox\xul.dll

.text           C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!LoadAppInitDlls + 355                              77ABF5A6 7 Bytes  JMP 58B93A32 C:\Program Files\Mozilla Firefox\xul.dll

.text           C:\Program Files\Mozilla Firefox\firefox.exe[2508] GDI32.dll!GetViewportOrgEx + 26C                                7602884B 7 Bytes  JMP 59518457 C:\Program Files\Mozilla Firefox\xul.dll

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtCreateFile + 6               77CC560E 4 Bytes  [28, 30, 07, 00]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtCreateFile + B               77CC5613 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtCreateKey + 6                77CC564E 4 Bytes  [68, 31, 07, 00]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtCreateKey + B                77CC5653 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtCreateMutant + 6             77CC568E 4 Bytes  [68, 32, 07, 00]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtCreateMutant + B             77CC5693 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtCreateSection + 6            77CC572E 4 Bytes  [A8, 32, 07, 00]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtCreateSection + B            77CC5733 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtMapViewOfSection + B         77CC5C73 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenFile + 6                 77CC5D1E 4 Bytes  [68, 30, 07, 00]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenFile + B                 77CC5D23 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenKey + 6                  77CC5D4E 4 Bytes  [A8, 31, 07, 00]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenKey + B                  77CC5D53 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenKeyEx + B                77CC5D63 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenMutant + 6               77CC5D9E 4 Bytes  [28, 32, 07, 00]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenMutant + B               77CC5DA3 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenProcess + 6              77CC5DCE 4 Bytes  [68, 33, 07, 00]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenProcess + B              77CC5DD3 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenProcessToken + 6         77CC5DDE 4 Bytes  [A8, 33, 07, 00]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenProcessToken + B         77CC5DE3 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenProcessTokenEx + 6       77CC5DEE 4 Bytes  [68, 34, 07, 00]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenProcessTokenEx + B       77CC5DF3 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenSection + B              77CC5E13 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenThread + 6               77CC5E4E 4 Bytes  [28, 33, 07, 00]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenThread + B               77CC5E53 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenThreadToken + 6          77CC5E5E 4 Bytes  [28, 34, 07, 00]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenThreadToken + B          77CC5E63 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenThreadTokenEx + 6        77CC5E6E 4 Bytes  [A8, 34, 07, 00]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenThreadTokenEx + B        77CC5E73 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtQueryAttributesFile + 6      77CC5F7E 4 Bytes  [A8, 30, 07, 00]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtQueryAttributesFile + B      77CC5F83 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtQueryFullAttributesFile + B  77CC6033 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtResumeThread                 77CC64E8 5 Bytes  JMP 009BEDF0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtSetInformationFile + 6       77CC667E 4 Bytes  [28, 31, 07, 00]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtSetInformationFile + B       77CC6683 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtSetInformationThread + B     77CC66E3 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtUnmapViewOfSection + 6       77CC69FE 4 Bytes  [28, 35, 07, 00]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtUnmapViewOfSection + B       77CC6A03 1 Byte  [E2]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] kernel32.dll!CreateProcessW              77A7204D 5 Bytes  JMP 000A0030 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] kernel32.dll!CreateProcessA              77A72082 5 Bytes  JMP 000A0070 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!ActivateKeyboardLayout        77BB8203 5 Bytes  JMP 001504F0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!ScreenToClient                77BBA506 7 Bytes  JMP 00150670 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!RegisterClipboardFormatA      77BBC091 5 Bytes  JMP 001502F0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!RegisterClipboardFormatW      77BBDF8D 5 Bytes  JMP 001502B0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!SetCursor                     77BC3075 5 Bytes  JMP 00150530 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!MonitorFromWindow             77BC3622 7 Bytes  JMP 00150630 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!PostMessageW                  77BC447B 5 Bytes  JMP 001505F0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!IsWindowVisible               77BC4D69 7 Bytes  JMP 001506B0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetClientRect                 77BC54DD 7 Bytes  JMP 001505B0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!MapWindowPoints               77BC5CAA 5 Bytes  JMP 00150570 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetParent                     77BC6029 7 Bytes  JMP 001506F0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!EmptyClipboard                77BD290C 5 Bytes  JMP 00150130 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!SetClipboardData              77BD2962 5 Bytes  JMP 00150170 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetClipboardData              77BD2BA7 5 Bytes  JMP 00150030 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetClipboardFormatNameW       77BD5FD2 5 Bytes  JMP 00150230 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!SetClipboardViewer            77BD6FF6 5 Bytes  JMP 001504B0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetClipboardFormatNameA       77BD700A 5 Bytes  JMP 00150270 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!ChangeClipboardChain          77BE147C 5 Bytes  JMP 00150430 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetTopWindow                  77BE24D9 7 Bytes  JMP 00150730 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!CloseClipboard                77BE446C 5 Bytes  JMP 001500B0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!OpenClipboard                 77BE447E 5 Bytes  JMP 00150070 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!IsClipboardFormatAvailable    77BE44FF 5 Bytes  JMP 001500F0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetClipboardSequenceNumber    77BE4513 5 Bytes  JMP 00150330 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetClipboardOwner             77BE4525 5 Bytes  JMP 00150370 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!CountClipboardFormats         77BE470A 5 Bytes  JMP 001501F0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!EnumClipboardFormats          77BE47EC 5 Bytes  JMP 001501B0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetOpenClipboardWindow        77BE480B 5 Bytes  JMP 001503F0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!SetCursorPos                  77BFC1B0 5 Bytes  JMP 00150770 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetClipboardViewer            77C14AF7 5 Bytes  JMP 00150470 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetPriorityClipboardFormat    77C14BF9 5 Bytes  JMP 001503B0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!DeleteObject                   76025F14 5 Bytes  JMP 001601B0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SelectObject                   76026640 5 Bytes  JMP 001605F0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SetTextColor                   76026906 5 Bytes  JMP 00160A30 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SetBkMode                      760269B1 5 Bytes  JMP 001608F0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!DeleteDC                       76026EAA 5 Bytes  JMP 00160170 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetDeviceCaps                  76026F7F 5 Bytes  JMP 001603B0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!ExtSelectClipRgn               76027114 5 Bytes  JMP 001602F0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SelectClipRgn                  76027242 5 Bytes  JMP 001605B0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SetStretchBltMode              76027705 5 Bytes  JMP 001606B0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetCurrentObject               76027917 5 Bytes  JMP 00160370 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetTextMetricsW                76027B8F 5 Bytes  JMP 00160E30 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetTextAlign                   76027DAF 5 Bytes  JMP 00160D70 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!IntersectClipRect              76027DFE 5 Bytes  JMP 001603F0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!ExtTextOutW                    76028192 5 Bytes  JMP 00160970 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SetTextAlign                   7602828E 5 Bytes  JMP 001609F0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetClipBox                     76028525 5 Bytes  JMP 00160330 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!MoveToEx                       76028C21 5 Bytes  JMP 00160470 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!StretchDIBits                  7602A53E 5 Bytes  JMP 00160770 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!RestoreDC                      7602A67B 5 Bytes  JMP 00160530 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SaveDC                         7602A74B 5 Bytes  JMP 00160570 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetTextExtentPoint32W          7602B4B5 5 Bytes  JMP 00160670 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetTextFaceW                   7602B73A 2 Bytes  JMP 00160D30 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetTextFaceW + 3               7602B73D 2 Bytes  [13, 8A]

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetFontData                    7602BCC4 5 Bytes  JMP 00160C70 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SetWorldTransform              7602C90A 5 Bytes  JMP 001606F0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!CreateDCA                      7602CCA9 5 Bytes  JMP 001600B0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!CreateDCW                      7602CF79 5 Bytes  JMP 001600F0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!CreateICW                      7602CFD0 5 Bytes  JMP 00160130 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetTextMetricsA                7602D0F2 5 Bytes  JMP 00160DF0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!Rectangle                      7602F1FF 5 Bytes  JMP 001609B0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!LineTo                         7602F59B 5 Bytes  JMP 00160430 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SetICMMode                     7602FAA4 5 Bytes  JMP 00160DB0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!ExtTextOutA                    76030D20 5 Bytes  JMP 00160930 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetTextExtentPoint32A          7603117F 5 Bytes  JMP 00160630 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!ExtEscape                      76032D49 5 Bytes  JMP 001602B0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!Escape                         76033400 5 Bytes  JMP 00160270 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!ResetDCW                       76033A9B 5 Bytes  JMP 00160AB0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!EndPage                        760340DA 5 Bytes  JMP 00160230 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SetPolyFillMode                760367E1 5 Bytes  JMP 00160B30 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SetMiterLimit                  7603699D 5 Bytes  JMP 00160B70 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetTextFaceA                   76040D22 5 Bytes  JMP 00160CF0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetGlyphOutlineW               7604C2DA 5 Bytes  JMP 00160CB0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!CreateScalableFontResourceW    7604E937 5 Bytes  JMP 00160BB0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!AddFontResourceW               7604ED33 5 Bytes  JMP 00160BF0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!RemoveFontResourceW            7604F229 5 Bytes  JMP 00160C30 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!AbortDoc                       76054E29 5 Bytes  JMP 00160030 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!EndDoc                         76055270 5 Bytes  JMP 001601F0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!StartPage                      7605535B 5 Bytes  JMP 00160730 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!StartDocW                      76055D76 5 Bytes  JMP 001607F0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!BeginPath                      7605651D 5 Bytes  JMP 00160830 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SelectClipPath                 76056574 5 Bytes  JMP 00160AF0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!CloseFigure                    760565CF 5 Bytes  JMP 00160070 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!EndPath                        76056626 5 Bytes  JMP 00160A70 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!StrokePath                     76056859 5 Bytes  JMP 001607B0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!FillPath                       760568E6 5 Bytes  JMP 00160870 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!PolylineTo                     76056D54 5 Bytes  JMP 001604F0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!PolyBezierTo                   76056DE5 5 Bytes  JMP 001604B0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!PolyDraw                       76056E97 5 Bytes  JMP 001608B0 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ole32.dll!OleSetClipboard                7677009D 5 Bytes  JMP 00280030 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ole32.dll!OleIsCurrentClipboard          7677370E 5 Bytes  JMP 00280070 

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ole32.dll!OleGetClipboard                7679FE25 5 Bytes  JMP 002800B0 

.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5828] ntdll.dll!NtResumeThread                               77CC64E8 5 Bytes  JMP 0124EDF0 

.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5828] ntdll.dll!LdrLoadDll                                   77CE22AE 5 Bytes  JMP 01B01AE0 

.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5828] USER32.dll!GetWindowInfo                               77BC4B5E 5 Bytes  JMP 58DCD777 C:\Program Files\Mozilla Firefox\xul.dll

.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5828] USER32.dll!ToUnicodeEx + 71                            77BD2223 7 Bytes  JMP 58DC70E4 C:\Program Files\Mozilla Firefox\xul.dll

.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5828] WS2_32.dll!closesocket                                 76513918 5 Bytes  JMP 01B0BF80 

.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5828] WS2_32.dll!WSASend                                     76514406 5 Bytes  JMP 01B0BEA0 

.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5828] WS2_32.dll!connect                                     76516BDD 5 Bytes  JMP 01B0BE50 

.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5828] WS2_32.dll!send                                        76516F01 5 Bytes  JMP 01B0BF20 

.text           C:\Windows\system32\wuauclt.exe[5896] ntdll.dll!NtResumeThread                                                     77CC64E8 5 Bytes  JMP 00A3EDF0 

.text           C:\Windows\system32\wuauclt.exe[5896] ntdll.dll!LdrLoadDll                                                         77CE22AE 5 Bytes  JMP 00A71AE0 
 

---- Devices - GMER 2.1 ----
 

AttachedDevice  \FileSystem\fastfat \Fat                                                                                           fltmgr.sys
 

---- EOF - GMER 2.1 ----

McAfee Logs spar ich mir hier da ohne Aussage: Updates der Datenbank täglich, zT 2x pro Tag, keine Funde oder sonstiges.

So, das war alles was ich habe und ich hoffe man kann mir helfen :) Gruß und vielen Dank für jede Hilfe im Vorraus,

Olli

hi,

klär mich mal kurz auf wie Malware bei Phishing auf das System kommen soll? Da ist jede Menge Adware drauf, aber mehr auch nicht.

Adware & Co. deinstallieren

Lade Dir bitte von hier http://deeprybka.trojaner-board.de/b...ninstaller.pngRevo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:
http://deeprybka.trojaner-board.de/b.../revo/add1.png
diesen Zusatz haben:
http://deeprybka.trojaner-board.de/b...e/revo/att.PNG
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
http://deeprybka.trojaner-board.de/b.../uninstall.PNG http://deeprybka.trojaner-board.de/b...o/moderat2.PNG
Reste löschen:
Klicke auf http://deeprybka.trojaner-board.de/b.../selectall.PNG dann auf http://deeprybka.trojaner-board.de/b...evo/delete.PNG und dann auf http://deeprybka.trojaner-board.de/b...evo/weiter.PNG.

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Werde ich morgen machen, danke schonmal.

Auf Phishing komme ich da es eine Vorschaltseite NACH dem Login gibt, welche es sonst nicht gibt. Hab es jetzt an 2 PCs getestet und die Herren vom Resort OnlineBanking der Bank gefragt, keine Vorschaltseite mit dem Text.
Darum hab ich da "Angst"...

Zitat:

Hab es jetzt an 2 PCs getestet

Und auf beiden hast Du diese Seite die "Original" nicht da sein soll?

Nein, nur auf dem "Infizierten" von oben.

So, alles gemacht, Problem bleibt bestehen: Komischer Vorschaltbildschirm beim Banking :/

Hier mal die Logs:
Revo konnte ASK und DaemontoolsToolBar deinstallieren.
MBAN:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 14.06.2014

Suchlauf-Zeit: 18:37:32

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.2.1012

Malware Datenbank: v2014.06.14.04

Rootkit Datenbank: v2014.06.02.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Self-protection: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x86

Dateisystem: NTFS

Benutzer: Buro
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 257888

Verstrichene Zeit: 7 Min, 42 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristics: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(No malicious items detected)
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 3

PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [293386f22754aa8c201c581e0df58878], 

PUP.Optional.Wajam.A, HKU\S-1-5-21-1046610458-722662356-3371820042-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantäne, [df7d0771017a2313d7f295ade51da15f], 

PUP.Optional.CrossRider.A, HKU\S-1-5-21-1046610458-722662356-3371820042-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [f26ac9af1863a4922cdd8368ca39f808], 
 

Registrierungswerte: 2

Heuristics.Shuriken, HKU\S-1-5-21-1046610458-722662356-3371820042-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uumconfig.exe, C:\Users\Buro\AppData\Roaming\Microsoft\uumconfig.exe, Keine Aktion durch Benutzer, [ffffffffffffffffffffffffffffffff]

PUP.Optional.LiveSupport, HKU\S-1-5-21-1046610458-722662356-3371820042-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|LiveSupport, "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log, In Quarantäne, [d884d0a87704e65082b1b6fd08fa9e62]
 

Registrierungsdaten: 6

PUP.Optional.SnapDo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013),Ersetzt,[94c8d8a01c5f38fe456c026ae2220cf4]

PUP.Optional.Snapdo, HKU\S-1-5-21-1046610458-722662356-3371820042-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013),Ersetzt,[cb912256a6d5f541bb5cacca92726997]

PUP.Optional.Snapdo, HKU\S-1-5-21-1046610458-722662356-3371820042-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013),Ersetzt,[afad98e06a11ed497b9b1d591de74cb4]

PUP.Optional.Snapdo, HKU\S-1-5-21-1046610458-722662356-3371820042-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013),Ersetzt,[47156216e29987afe039eb8b7b8904fc]

PUP.Optional.Snapdo, HKU\S-1-5-21-1046610458-722662356-3371820042-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013),Ersetzt,[4517a7d1cfaca88ec357136324e03cc4]

PUP.Optional.SnapDo.A, HKU\S-1-5-21-1046610458-722662356-3371820042-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013),Ersetzt,[1349e098b0cb290d41714c206c986e92]
 

Ordner: 0

(No malicious items detected)
 

Dateien: 15

Heuristics.Shuriken, C:\Users\Buro\AppData\Roaming\Microsoft\uumconfig.exe, Keine Aktion durch Benutzer, [ffffffffffffffffffffffffffffffff], 

Trojan.Downloader, c:\Users\Buro\AppData\Local\Temp\27cc.tmp, In Quarantäne, [5ffd23558cef79bd712caddcfa07d828], 

PUP.Optional.Somoto.A, C:\Users\Buro\AppData\Local\Temp\appshat-distribution.exe, In Quarantäne, [025a8bedfc7f3501290675adef11db25], 

PUP.Optional.DiVapton.A, C:\Users\Buro\AppData\Local\Temp\DiVapton_sm.exe, In Quarantäne, [441822560e6d49ed634bb5414eb52ad6], 

PUP.Optional.Somoto, C:\Users\Buro\AppData\Local\Temp\tZ2pjHxh.exe.part, In Quarantäne, [13495424e497082e9564f4a5f410629e], 

PUP.Optional.Somoto, C:\Users\Buro\AppData\Local\Temp\UpdateCheckerSetup.exe, In Quarantäne, [99c3b6c29fdc6ec852ae151249b7e51b], 

PUP.Optional.Somoto, C:\Users\Buro\AppData\Local\Temp\vf3O7xgZ.exe.part, In Quarantäne, [5a02e3952e4da6907d7c2d6c60a44bb5], 

PUP.Optional.Wajam.A, C:\Users\Buro\AppData\Local\Temp\wajam_download.exe, In Quarantäne, [66f6374187f40333ba0b76d08080c33d], 

PUP.Optional.Linkury.A, C:\Users\Buro\AppData\Local\Temp\Installer.exe, In Quarantäne, [68f4d3a55a215dd9de8a54eb28dc44bc], 

Backdoor.Bot, C:\Users\Buro\AppData\Local\Temp\8E4E.tmp, In Quarantäne, [223aceaabdbe6fc7eba64107f10f0df3], 

Backdoor.Bot, C:\Users\Buro\AppData\Local\Temp\9A2D.tmp, In Quarantäne, [b3a9195f1863c86e31c6d1b80bf6a35d], 

PUP.Optional.ScramblePacker.A, C:\Users\Buro\AppData\Local\Temp\a2zLyrics_1060-8102_v122.exe, In Quarantäne, [2e2efe7a7dfe1026568381fd46bbcf31], 

PUP.Optional.Somoto, C:\Users\Buro\AppData\Local\Temp\Br1xKRHi.exe.part, In Quarantäne, [fd5f3a3ea5d62f0704f58f0a3bc9db25], 

PUP.Optional.WebSearch.A, C:\Users\Buro\AppData\Roaming\Mozilla\Firefox\Profiles\n4u04gzo.default\searchplugins\Web Search.xml, In Quarantäne, [f468aace88f32115ddb8278f738f3cc4], 

PUP.Optional.CrossRider.A, C:\Users\Buro\AppData\Roaming\Mozilla\Firefox\Profiles\n4u04gzo.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "141e1f96e412fa44240f7cafc6932a7f");), Ersetzt,[3725ceaabcbf42f44ad140645aaad62a]
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

ADW Cleaner:

Code:

# AdwCleaner v3.212 - Bericht erstellt am 14/06/2014 um 19:31:35

# Aktualisiert 05/06/2014 von Xplode

# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)

# Benutzername : Buro - BUERO-PC

# Gestartet von : D:\Eigene Dateien\Downloads\adwcleaner_3.212.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\apn

Ordner Gelöscht : C:\Program Files\Optimizer Pro

Ordner Gelöscht : C:\Users\Buro\AppData\Local\Temp\apn

Ordner Gelöscht : D:\Eigene Dateien\Documents\Optimizer Pro

Ordner Gelöscht : D:\Eigene Dateien\Documents\Updater

Datei Gelöscht : C:\Users\Buro\AppData\Roaming\LiveSupport.exe_log.txt

Datei Gelöscht : C:\Users\Buro\AppData\Roaming\regsvr32.exe_log.txt

Datei Gelöscht : C:\Users\Buro\AppData\Roaming\Mozilla\Firefox\Profiles\n4u04gzo.default\user.js
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Schlüssel Gelöscht : HKCU\Software\BI

Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms

Schlüssel Gelöscht : HKCU\Software\SmartBar

Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Schlüssel Gelöscht : HKLM\Software\Description

Schlüssel Gelöscht : HKLM\Software\InstalledThirdPartyPrograms

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
 

***** [ Browser ] *****
 

-\\ Internet Explorer v10.0.9200.16921
 
 

-\\ Mozilla Firefox v29.0.1 (de)
 

[ Datei : C:\Users\Buro\AppData\Roaming\Mozilla\Firefox\Profiles\n4u04gzo.default\prefs.js ]
 

Zeile gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]

Zeile gelöscht : user_pref("extensions.crossrider.bic", "141e1f96e412fa44240f7cafc6932a7f");

Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);

Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);

Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

Zeile gelöscht : user_pref("extensions.helperbar.Visibility", true);

Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");

Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "somoto");

Zeile gelöscht : user_pref("extensions.helperbar.installationid", "e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca");

Zeile gelöscht : user_pref("extensions.helperbar.installdate", "22/10/2013");

Zeile gelöscht : user_pref("extensions.helperbar.publisher", "somoto");
 

*************************
 

AdwCleaner[R0].txt - [4239 octets] - [14/06/2014 19:30:00]

AdwCleaner[S0].txt - [4164 octets] - [14/06/2014 19:31:35]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4224 octets] ##########

JRT:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Professional x86

Ran by Buro on 14.06.2014 at 19:35:53,80

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Successfully deleted the following from C:\Users\Buro\AppData\Roaming\mozilla\firefox\profiles\n4u04gzo.default\prefs.js
 

user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-

Emptied folder: C:\Users\Buro\AppData\Roaming\mozilla\firefox\profiles\n4u04gzo.default\minidumps [65 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 14.06.2014 at 19:37:55,72

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

neuer FRST:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 02

Ran by Buro (administrator) on BUERO-PC on 14-06-2014 19:43:31

Running from D:\Eigene Dateien\Downloads

Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe

(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe

(DATEV eG) C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe

(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe

(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [333416 2012-09-05] (McAfee, Inc.)

HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)

HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\Run: [updateMgr] => C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)

HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\Run: [uumconfig.exe] => C:\Users\Buro\AppData\Roaming\Microsoft\uumconfig.exe [212992 2009-07-14] (Qiyn)

HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1

HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\MountPoints2: {35856a6b-a7f8-11e2-9698-00237d21318e} - K:\Setup.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk

ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk

ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> C:\DATEV\PROGRAMM\BSoffice\service\OfficeDiag.exe (DATEV eG)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CleanupPrintJobs.lnk

ShortcutTarget: CleanupPrintJobs.lnk -> C:\DATEV\PROGRAMM\B0001401\CleanupPrintJobs.exe (DATEV eG)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk

ShortcutTarget: SkyUserDevmode-Update.lnk -> C:\DATEV\PROGRAMM\B0001401\UpdateDevmode.exe (DATEV eG)

Startup: C:\Users\Buro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Users\Buro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk

ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF6B508DFDF19CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM - DefaultScope value is missing.

BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130302162403.dll (McAfee, Inc.)

BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 62.220.18.8 89.246.64.8
 

FireFox:

========

FF ProfilePath: C:\Users\Buro\AppData\Roaming\Mozilla\Firefox\Profiles\n4u04gzo.default

FF SearchEngineOrder.1: Ask Search

FF Homepage: https://www.google.de

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: IDS_SS_NAME - C:\Program Files\Common Files\McAfee\SystemCore [2013-03-02]

FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore

FF Extension: IDS_SS_NAME - C:\Program Files\Common Files\McAfee\SystemCore [2013-03-02]

FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-04-09]
 

========================== Services (Whitelisted) =================
 

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-11] (Adobe Systems) [File not signed]

R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [1705280 2009-08-19] (WIBU-SYSTEMS AG)

S3 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [161320 2013-08-02] (DATEV eG)

S3 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)

R2 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)

R3 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)

S3 Datev.Irw.ServiceProvider.HostXcut.Server; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)

R2 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [185856 2013-09-02] (DATEV eG) [File not signed]

S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-04-18] (Macrovision Europe Ltd.) [File not signed]

R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [132712 2012-09-05] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)

R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [167344 2013-03-02] (McAfee, Inc.)

R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [159640 2013-03-02] (McAfee, Inc.)

R2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation)

R3 MSSQLFDLauncher$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe [37832 2012-06-29] (Microsoft Corporation)

S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation)

S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [X]

S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn [X]
 

==================== Drivers (Whitelisted) ====================
 

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218176 2013-04-18] (DT Soft Ltd)

S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2013-05-23] (Logitech, Inc.)

S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2013-05-23] (Logitech, Inc.)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2013-03-02] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [215024 2013-03-02] (McAfee, Inc.)

S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59616 2013-03-02] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [477584 2013-03-02] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87816 2013-03-02] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [180720 2013-03-02] (McAfee, Inc.)

S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [249288 2012-06-29] (Microsoft Corporation)

U0 dmboot; 

U3 mfeavfk01; No ImagePath
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-06-14 19:35 - 2014-06-14 19:35 - 00000000 ____D () C:\Windows\ERUNT

2014-06-14 19:29 - 2014-06-14 19:31 - 00000000 ____D () C:\AdwCleaner

2014-06-14 18:37 - 2014-06-14 19:29 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-14 18:37 - 2014-06-14 18:37 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-14 18:37 - 2014-06-14 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-14 18:36 - 2014-06-14 18:36 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-14 18:36 - 2014-06-14 18:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-06-14 18:36 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-06-14 18:36 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-06-14 18:36 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-06-14 18:27 - 2014-06-14 18:27 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-06-13 16:41 - 2014-06-14 19:43 - 00000000 ____D () C:\FRST

2014-06-13 16:38 - 2014-06-13 16:38 - 00000156 _____ () C:\Users\Buro\defogger_reenable

2014-06-13 11:28 - 2014-06-13 11:28 - 00000000 ____D () C:\ProgramData\Logitech

2014-06-13 10:19 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-06-13 10:19 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-06-13 10:19 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-06-13 10:19 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-06-13 10:19 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-06-13 10:19 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-06-13 10:19 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-06-13 10:19 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-06-13 10:19 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2014-06-13 10:19 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-06-13 10:19 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2014-06-13 10:19 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-06-13 10:18 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-06-13 10:18 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-06-13 10:18 - 2014-05-24 03:27 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-06-13 10:18 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-06-13 10:18 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-06-13 10:18 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-06-13 10:18 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-06-13 10:18 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-06-13 10:18 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-06-13 10:18 - 2014-05-24 03:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-06-13 10:18 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-06-13 10:18 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-06-13 10:18 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-06-13 10:18 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-06-13 10:18 - 2014-05-24 02:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-06-13 10:18 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-06-13 10:18 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2014-06-13 10:17 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2014-06-12 08:18 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-06-12 08:18 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2014-05-19 08:38 - 2014-05-19 08:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-05-16 12:15 - 2014-05-16 12:15 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-05-16 09:07 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-05-16 09:07 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2014-05-16 09:07 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2014-05-16 09:07 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2014-05-16 09:07 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2014-05-16 09:07 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-05-16 09:07 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2014-05-16 09:07 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-16 09:07 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2014-05-16 09:07 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-05-16 09:07 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-05-16 09:07 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
 

==================== One Month Modified Files and Folders =======
 

2014-06-14 19:44 - 2013-03-02 16:05 - 00000000 ____D () C:\Users\Buro\AppData\Local\Temp

2014-06-14 19:43 - 2014-06-13 16:41 - 00000000 ____D () C:\FRST

2014-06-14 19:40 - 2009-07-14 06:34 - 00017504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-14 19:40 - 2009-07-14 06:34 - 00017504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-14 19:38 - 2013-03-07 15:46 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-14 19:35 - 2014-06-14 19:35 - 00000000 ____D () C:\Windows\ERUNT

2014-06-14 19:32 - 2013-06-15 16:51 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-06-14 19:32 - 2013-03-07 15:46 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-14 19:32 - 2013-03-02 18:34 - 00513856 _____ () C:\Windows\PFRO.log

2014-06-14 19:32 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-14 19:32 - 2009-07-14 06:39 - 00054595 _____ () C:\Windows\setupact.log

2014-06-14 19:31 - 2014-06-14 19:29 - 00000000 ____D () C:\AdwCleaner

2014-06-14 19:31 - 2013-03-02 15:52 - 01817135 _____ () C:\Windows\WindowsUpdate.log

2014-06-14 19:29 - 2014-06-14 18:37 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-14 19:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache

2014-06-14 19:14 - 2013-03-06 23:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-14 18:41 - 2014-01-26 14:09 - 00000000 ____D () C:\QUARANTINE

2014-06-14 18:37 - 2014-06-14 18:37 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-14 18:37 - 2014-06-14 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-14 18:36 - 2014-06-14 18:36 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-14 18:36 - 2014-06-14 18:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-06-14 18:27 - 2014-06-14 18:27 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-06-14 03:17 - 2014-05-06 12:22 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-06-13 16:38 - 2014-06-13 16:38 - 00000156 _____ () C:\Users\Buro\defogger_reenable

2014-06-13 16:38 - 2013-03-02 16:05 - 00000000 ____D () C:\Users\Buro

2014-06-13 11:28 - 2014-06-13 11:28 - 00000000 ____D () C:\ProgramData\Logitech

2014-06-13 11:28 - 2014-04-09 16:19 - 00000888 _____ () C:\Windows\LkmdfCoInst.log

2014-06-13 11:27 - 2014-04-09 16:19 - 00016400 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys

2014-06-13 11:17 - 2013-03-02 16:09 - 01807850 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-12 12:04 - 2013-08-05 11:36 - 00000000 ____D () C:\Windows\system32\MRT

2014-06-12 12:04 - 2013-03-02 17:48 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-06-12 12:02 - 2013-03-02 16:55 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-06-12 11:50 - 2013-03-02 18:39 - 00000000 ____D () C:\Users\Buro\Graphisoft

2014-06-08 10:48 - 2014-06-13 10:18 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-06-08 10:43 - 2014-06-13 10:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-05-24 03:27 - 2014-06-13 10:18 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-05-24 03:26 - 2014-06-13 10:19 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-05-24 03:26 - 2014-06-13 10:19 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-05-24 03:26 - 2014-06-13 10:19 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-05-24 03:26 - 2014-06-13 10:18 - 14365696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-24 03:26 - 2014-06-13 10:18 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-05-24 03:26 - 2014-06-13 10:18 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-24 03:25 - 2014-06-13 10:19 - 13731328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-05-24 03:25 - 2014-06-13 10:19 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-05-24 03:25 - 2014-06-13 10:19 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-05-24 03:25 - 2014-06-13 10:19 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-05-24 03:25 - 2014-06-13 10:18 - 02862080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-05-24 03:25 - 2014-06-13 10:18 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-05-24 03:25 - 2014-06-13 10:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-05-24 03:25 - 2014-06-13 10:18 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-05-24 03:25 - 2014-06-13 10:18 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-05-24 03:25 - 2014-06-13 10:18 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-05-24 03:25 - 2014-06-13 10:18 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-05-24 03:25 - 2014-06-13 10:18 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-05-24 03:03 - 2014-06-13 10:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-24 02:06 - 2014-06-13 10:18 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-05-20 08:08 - 2013-03-02 17:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-05-19 08:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-05-19 08:38 - 2014-05-19 08:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-05-19 08:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE

2014-05-16 12:15 - 2014-05-16 12:15 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-05-16 09:08 - 2013-03-02 17:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-05-15 12:14 - 2013-03-06 23:38 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-05-15 12:14 - 2013-03-06 23:38 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
 

Some content of TEMP:

====================

C:\Users\Buro\AppData\Local\Temp\APNSetup.exe

C:\Users\Buro\AppData\Local\Temp\bi_cleaner.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\LiveSupport_setup.exe

C:\Users\Buro\AppData\Local\Temp\LMkRstPt.exe

C:\Users\Buro\AppData\Local\Temp\OptimizerPro.exe

C:\Users\Buro\AppData\Local\Temp\ose00000.exe

C:\Users\Buro\AppData\Local\Temp\Quarantine.exe

C:\Users\Buro\AppData\Local\Temp\xmlUpdater.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-06-14 19:11
 

==================== End Of Log ============================

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

So, also Schritt1:
ESET Online Scan Log:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7587

# api_version=3.0.2

# EOSSerial=10999305a2430b4984180080e88b33ce

# engine=18723

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-06-15 10:14:28

# local_time=2014-06-15 12:14:28 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='McAfee VirusScan Enterprise'

# compatibility_mode=5128 16777213 100 100 40593102 57855988 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 29360497 154458459 0 0

# scanned=227587

# found=44

# cleaned=0

# scan_time=7681

sh=E531E2197FC767CFACEA72A75E1CE492D08F92DA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\223R17IF\ads_only_5_m[1].js"

sh=C7C186E54D042C9DCAACD170347F10C188AEC85D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\223R17IF\arcadi2_m[1].js"

sh=D67303051C4C06CDA7B352169D649F4AEFF862B6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\223R17IF\arcadi3_m[1].js"

sh=5F4085D36D3743A164582B9628469218ECD72EBA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\223R17IF\getdeal_m[1].js"

sh=3DA0E458C1D4F5CECA7F012A2B0DA4CC1C7B63A1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\223R17IF\icm1_5_m[1].js"

sh=45C8F4ACCF63B1B71B34895FC44B07AFB2EE92BC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\223R17IF\icm_m[1].js"

sh=7A8863E5095C870FD812E92F74507EED957A94B8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\223R17IF\intext_5_m[1].js"

sh=EF02C9278F4E7BDC1EC5895CAE01C16A68FF4FAB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BJ9J1SS\50onred_ads_only_no_fb_m[1].js"

sh=BAA03B328F746B8C2F0459C92BB3D9B03A8E5067 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BJ9J1SS\coolmirage_m[1].js"

sh=414BA1B7AEF9A844B50F88BC0548E60F296EF5F5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BJ9J1SS\corticas_ru_m[1].js"

sh=EE0C01CA81EBB2B46504012816E1B3EC0FE5F29C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BJ9J1SS\cortica_m[1].js"

sh=C3D3CCADC78D71D7482BB5DBA16FBB0534200D12 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BJ9J1SS\coupons_intext_ads_5_m[1].js"

sh=395539C0B321855B61FE072E07E6366889108EB2 ft=1 fh=857848e7da48f667 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BJ9J1SS\Setup[1].exe"

sh=1F2641FFCA5C1DACAAA217BE7C9989F7AC05C1A1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BJ9J1SS\similar_web_m[1].js"

sh=A2299995376BE0EA603E01F8D387B27ABFFEDE35 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BJ9J1SS\superfish_no_coupons_m[1].js"

sh=176D4038122B1FF7370825F721F36F73103C5873 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BJ9J1SS\superfish_pricora_m[1].js"

sh=288FB4BEC59EEF7E0827216B4286A69802EDC05F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80MY113F\cortica_rollover_m[1].js"

sh=DED4D5AC65600899CE571E960D7B9D20DBEFD9BB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80MY113F\coupish_m[1].js"

sh=83CDCE21D2E22142F1D24D0C225529B9D8485EAB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80MY113F\dealply_m[1].js"

sh=64E1E6B4EF399CFE19D4D144505F344FF97E8CCB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80MY113F\intext_fa_m[1].js"

sh=63362C65C083ABF77E174E7351F333927EB9A5C9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80MY113F\luck_m[1].js"

sh=CF138C16214F3451EE8CF965CB30532461AA0614 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80MY113F\superfish_no_search_no_coupons_m[1].js"

sh=F8380BEFB64FA64DCE4CE3FF00521087547A8B0B ft=1 fh=5504f6dacb056584 vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80MY113F\wajam_install[1].exe"

sh=5BD7B82662A263F1138F5E2A90138A8BFA5C4853 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80MY113F\widdit_m[1].js"

sh=EDAF8A2B6318DD482F0BBDC2A96C109697D86E5A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMC2C8JS\arcadi2_sourceID_m[1].js"

sh=2184DFBF93B03726607BF2C44682CF058FB2987B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMC2C8JS\arcadi_serp_dynamic_id_m[1].js"

sh=140BE41E58E7CB6E9B38B4ED892886CED78C2E58 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMC2C8JS\corticas_m[1].js"

sh=DB51332A37F65FD4863EE1B8A5BA62A02DA885F8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMC2C8JS\ibario_pops_m[1].js"

sh=24AA0A999D9AA9ED69DBD3AD37D4C0C1A4D8DC89 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMC2C8JS\intext_adv_m[1].js"

sh=E008307C95AD4C1D040B009D307E13C03146B1BF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMC2C8JS\jollywallet_m[1].js"

sh=0440A978E0F4AEA6B0BF8A0373FAC3D66DEC61F2 ft=1 fh=7a2c99a940b074ff vn="Win32/Somoto.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMC2C8JS\minibar-core[1].exe"

sh=52E4B498947D3D88D7C6042611258238D71CA0C4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMC2C8JS\monetizationLoader[1].js"

sh=F139543D5C107C30764FA7A0473152F192FA43D2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMC2C8JS\revizer_p_m[1].js"

sh=46256E3D1583A586B8F130BA0CCB1671D2B666C1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMC2C8JS\revizer_ws_m[1].js"

sh=69C3AF55C20BCCC3E20E0FD53946E475A79FC691 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMC2C8JS\superfish_m[1].js"

sh=C5E4AEE937571AFF41E366B16B858C0264AEFC27 ft=1 fh=96f48e86cb0aabad vn="Variante von Win32/AdWare.SpeedingUpMyPC.E Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Temp\OptimizerPro.exe"

sh=6917AD391D828D1267BEEB0B60D712DDF2D09D4E ft=1 fh=b16f72b9b601dddb vn="Variante von Win32/SProtector.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Temp\is-AMOGQ.tmp\OptProCrash.dll"

sh=6917AD391D828D1267BEEB0B60D712DDF2D09D4E ft=1 fh=b16f72b9b601dddb vn="Variante von Win32/SProtector.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Buro\AppData\Local\Temp\is-E4HRN.tmp\OptProCrash.dll"

sh=0BA58969E357AC1CE66F4AC3D4C931A5A921A527 ft=1 fh=bf7ddb61bbbce758 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Buro\AppData\Local\Temp\{A3BBEF2D-2567-43C6-A762-CC74903F2297}\setup.exe"

sh=0BA58969E357AC1CE66F4AC3D4C931A5A921A527 ft=1 fh=bf7ddb61bbbce758 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Buro\AppData\Local\Temp\{C7B99485-E863-44E1-B9C8-E0AFA2E9A9ED}\setup.exe"

sh=B3D4CFCED956AF1706DB54835FCD10C36713492D ft=1 fh=edc305e9655a6a13 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="D:\Eigene Dateien\Downloads\Angelina_downloader_by_SchriftartenFontsde.exe"

sh=BBA9DA6138FEC96437C1B3B29E75F8C63CF450BE ft=1 fh=6cf90c2aa15c0dcd vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="D:\Eigene Dateien\Downloads\CelebratetheDay_downloader_by_SchriftartenFontsde.exe"

sh=A1BFE3AB8BF7A3C2CE5C69559DEC3C1ACC70C2CC ft=1 fh=54ae3829f84aee9f vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="D:\Eigene Dateien\Downloads\Doctor_downloader_by_SchriftartenFontsde.exe"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/Emotet.AA Trojaner" ac=I fn="${Memory}"

Log von SecurityCheck:

Code:

 Results of screen317's Security Check version 0.99.83  

 Windows 7 Service Pack 1 x86 (UAC is enabled)  

 Internet Explorer 10 Out of date! 
 ``````````````Antivirus/Firewall Check:`````````````` 

McAfee VirusScan Enterprise   

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 51  

 Java version out of Date! 

 Adobe Flash Player         13.0.0.214  

 Adobe Reader XI  

 Mozilla Firefox (29.0.1) 
 ````````Process Check: objlist.exe by Laurent````````  

 McAfee VirusScan Enterprise VsTskMgr.exe  

 McAfee VirusScan Enterprise mfeann.exe  

 McAfee VirusScan Enterprise SHSTAT.EXE  
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

Neuer FSET Scan:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 02

Ran by Buro (administrator) on BUERO-PC on 15-06-2014 12:18:57

Running from D:\Eigene Dateien\Downloads

Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe

(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe

(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe

(DATEV eG) C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe

(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe

(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [333416 2012-09-05] (McAfee, Inc.)

HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)

HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\Run: [updateMgr] => C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)

HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\Run: [uumconfig.exe] => C:\Users\Buro\AppData\Roaming\Microsoft\uumconfig.exe [180224 2009-07-14] (Meno)

HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1

HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\MountPoints2: {35856a6b-a7f8-11e2-9698-00237d21318e} - K:\Setup.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk

ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk

ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> C:\DATEV\PROGRAMM\BSoffice\service\OfficeDiag.exe (DATEV eG)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CleanupPrintJobs.lnk

ShortcutTarget: CleanupPrintJobs.lnk -> C:\DATEV\PROGRAMM\B0001401\CleanupPrintJobs.exe (DATEV eG)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk

ShortcutTarget: SkyUserDevmode-Update.lnk -> C:\DATEV\PROGRAMM\B0001401\UpdateDevmode.exe (DATEV eG)

Startup: C:\Users\Buro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Users\Buro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk

ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF6B508DFDF19CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM - DefaultScope value is missing.

BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130302162403.dll (McAfee, Inc.)

BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 62.220.18.8 89.246.64.8
 

FireFox:

========

FF ProfilePath: C:\Users\Buro\AppData\Roaming\Mozilla\Firefox\Profiles\n4u04gzo.default

FF SearchEngineOrder.1: Ask Search

FF Homepage: https://www.google.de

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: IDS_SS_NAME - C:\Program Files\Common Files\McAfee\SystemCore [2013-03-02]

FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore

FF Extension: IDS_SS_NAME - C:\Program Files\Common Files\McAfee\SystemCore [2013-03-02]

FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-04-09]

FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 

========================== Services (Whitelisted) =================
 

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-11] (Adobe Systems) [File not signed]

R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [1705280 2009-08-19] (WIBU-SYSTEMS AG)

S3 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [161320 2013-08-02] (DATEV eG)

S3 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)

R2 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)

R3 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)

S3 Datev.Irw.ServiceProvider.HostXcut.Server; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)

R2 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [185856 2013-09-02] (DATEV eG) [File not signed]

S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-04-18] (Macrovision Europe Ltd.) [File not signed]

R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [132712 2012-09-05] (McAfee, Inc.)

R3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)

R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [167344 2013-03-02] (McAfee, Inc.)

R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [159640 2013-03-02] (McAfee, Inc.)

R2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation)

R3 MSSQLFDLauncher$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe [37832 2012-06-29] (Microsoft Corporation)

S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation)

S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [X]

S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn [X]
 

==================== Drivers (Whitelisted) ====================
 

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218176 2013-04-18] (DT Soft Ltd)

S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2013-05-23] (Logitech, Inc.)

S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2013-05-23] (Logitech, Inc.)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2013-03-02] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [215024 2013-03-02] (McAfee, Inc.)

S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59616 2013-03-02] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [477584 2013-03-02] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87816 2013-03-02] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [180720 2013-03-02] (McAfee, Inc.)

S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [249288 2012-06-29] (Microsoft Corporation)

U0 dmboot; 

U3 mfeavfk01; No ImagePath
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-06-15 10:03 - 2014-06-15 10:03 - 00000000 ____D () C:\Program Files\ESET

2014-06-14 19:46 - 2014-06-14 19:46 - 00002018 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2014-06-14 19:46 - 2014-06-14 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

2014-06-14 19:45 - 2014-06-14 19:46 - 00000000 ____D () C:\Program Files\McAfee Security Scan

2014-06-14 19:35 - 2014-06-14 19:35 - 00000000 ____D () C:\Windows\ERUNT

2014-06-14 19:29 - 2014-06-14 19:31 - 00000000 ____D () C:\AdwCleaner

2014-06-14 18:37 - 2014-06-14 19:29 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-14 18:37 - 2014-06-14 18:37 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-14 18:37 - 2014-06-14 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-14 18:36 - 2014-06-14 18:36 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-14 18:36 - 2014-06-14 18:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-06-14 18:36 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-06-14 18:36 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-06-14 18:36 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-06-14 18:27 - 2014-06-14 18:27 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-06-13 16:41 - 2014-06-15 12:19 - 00000000 ____D () C:\FRST

2014-06-13 16:38 - 2014-06-13 16:38 - 00000156 _____ () C:\Users\Buro\defogger_reenable

2014-06-13 11:28 - 2014-06-13 11:28 - 00000000 ____D () C:\ProgramData\Logitech

2014-06-13 10:19 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-06-13 10:19 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-06-13 10:19 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-06-13 10:19 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-06-13 10:19 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-06-13 10:19 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-06-13 10:19 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-06-13 10:19 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-06-13 10:19 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2014-06-13 10:19 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-06-13 10:19 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2014-06-13 10:19 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-06-13 10:18 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-06-13 10:18 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-06-13 10:18 - 2014-05-24 03:27 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-06-13 10:18 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-06-13 10:18 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-06-13 10:18 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-06-13 10:18 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-06-13 10:18 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-06-13 10:18 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-06-13 10:18 - 2014-05-24 03:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-06-13 10:18 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-06-13 10:18 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-06-13 10:18 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-06-13 10:18 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-06-13 10:18 - 2014-05-24 02:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-06-13 10:18 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-06-13 10:18 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2014-06-13 10:17 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2014-06-12 08:18 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-06-12 08:18 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2014-05-19 08:38 - 2014-05-19 08:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-05-16 12:15 - 2014-05-16 12:15 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-05-16 09:07 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-05-16 09:07 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2014-05-16 09:07 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2014-05-16 09:07 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2014-05-16 09:07 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2014-05-16 09:07 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-05-16 09:07 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2014-05-16 09:07 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-16 09:07 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2014-05-16 09:07 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-05-16 09:07 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-05-16 09:07 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll

2014-05-16 09:07 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
 

==================== One Month Modified Files and Folders =======
 

2014-06-15 12:19 - 2014-06-13 16:41 - 00000000 ____D () C:\FRST

2014-06-15 12:19 - 2013-03-02 16:05 - 00000000 ____D () C:\Users\Buro\AppData\Local\Temp

2014-06-15 12:14 - 2013-03-06 23:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-15 11:43 - 2013-03-07 15:46 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-15 11:43 - 2013-03-02 15:52 - 01821692 _____ () C:\Windows\WindowsUpdate.log

2014-06-15 10:07 - 2009-07-14 06:34 - 00017504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-15 10:07 - 2009-07-14 06:34 - 00017504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-15 10:03 - 2014-06-15 10:03 - 00000000 ____D () C:\Program Files\ESET

2014-06-15 10:00 - 2013-06-15 16:51 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-06-15 10:00 - 2013-03-07 15:46 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-15 10:00 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-15 10:00 - 2009-07-14 06:39 - 00054651 _____ () C:\Windows\setupact.log

2014-06-14 19:46 - 2014-06-14 19:46 - 00002018 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2014-06-14 19:46 - 2014-06-14 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

2014-06-14 19:46 - 2014-06-14 19:45 - 00000000 ____D () C:\Program Files\McAfee Security Scan

2014-06-14 19:46 - 2013-03-06 23:38 - 00000000 ____D () C:\ProgramData\McAfee Security Scan

2014-06-14 19:35 - 2014-06-14 19:35 - 00000000 ____D () C:\Windows\ERUNT

2014-06-14 19:32 - 2013-03-02 18:34 - 00513856 _____ () C:\Windows\PFRO.log

2014-06-14 19:31 - 2014-06-14 19:29 - 00000000 ____D () C:\AdwCleaner

2014-06-14 19:29 - 2014-06-14 18:37 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-14 19:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache

2014-06-14 18:41 - 2014-01-26 14:09 - 00000000 ____D () C:\QUARANTINE

2014-06-14 18:37 - 2014-06-14 18:37 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-14 18:37 - 2014-06-14 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-14 18:36 - 2014-06-14 18:36 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-14 18:36 - 2014-06-14 18:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-06-14 18:27 - 2014-06-14 18:27 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-06-14 03:17 - 2014-05-06 12:22 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-06-13 16:38 - 2014-06-13 16:38 - 00000156 _____ () C:\Users\Buro\defogger_reenable

2014-06-13 16:38 - 2013-03-02 16:05 - 00000000 ____D () C:\Users\Buro

2014-06-13 11:28 - 2014-06-13 11:28 - 00000000 ____D () C:\ProgramData\Logitech

2014-06-13 11:28 - 2014-04-09 16:19 - 00000888 _____ () C:\Windows\LkmdfCoInst.log

2014-06-13 11:27 - 2014-04-09 16:19 - 00016400 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys

2014-06-13 11:17 - 2013-03-02 16:09 - 01807850 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-12 12:04 - 2013-08-05 11:36 - 00000000 ____D () C:\Windows\system32\MRT

2014-06-12 12:04 - 2013-03-02 17:48 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-06-12 12:02 - 2013-03-02 16:55 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-06-12 11:50 - 2013-03-02 18:39 - 00000000 ____D () C:\Users\Buro\Graphisoft

2014-06-08 10:48 - 2014-06-13 10:18 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-06-08 10:43 - 2014-06-13 10:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-05-24 03:27 - 2014-06-13 10:18 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-05-24 03:26 - 2014-06-13 10:19 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-05-24 03:26 - 2014-06-13 10:19 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-05-24 03:26 - 2014-06-13 10:19 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-05-24 03:26 - 2014-06-13 10:18 - 14365696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-24 03:26 - 2014-06-13 10:18 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-05-24 03:26 - 2014-06-13 10:18 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-24 03:25 - 2014-06-13 10:19 - 13731328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-05-24 03:25 - 2014-06-13 10:19 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-05-24 03:25 - 2014-06-13 10:19 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-05-24 03:25 - 2014-06-13 10:19 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-05-24 03:25 - 2014-06-13 10:18 - 02862080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-05-24 03:25 - 2014-06-13 10:18 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-05-24 03:25 - 2014-06-13 10:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-05-24 03:25 - 2014-06-13 10:18 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-05-24 03:25 - 2014-06-13 10:18 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-05-24 03:25 - 2014-06-13 10:18 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-05-24 03:25 - 2014-06-13 10:18 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-05-24 03:25 - 2014-06-13 10:18 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-05-24 03:03 - 2014-06-13 10:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-24 02:06 - 2014-06-13 10:18 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-05-20 08:08 - 2013-03-02 17:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-05-19 08:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-05-19 08:38 - 2014-05-19 08:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-05-19 08:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE

2014-05-16 12:15 - 2014-05-16 12:15 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-05-16 09:08 - 2013-03-02 17:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
 

Some content of TEMP:

====================

C:\Users\Buro\AppData\Local\Temp\APNSetup.exe

C:\Users\Buro\AppData\Local\Temp\bi_cleaner.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe

C:\Users\Buro\AppData\Local\Temp\LiveSupport_setup.exe

C:\Users\Buro\AppData\Local\Temp\LMkRstPt.exe

C:\Users\Buro\AppData\Local\Temp\OptimizerPro.exe

C:\Users\Buro\AppData\Local\Temp\ose00000.exe

C:\Users\Buro\AppData\Local\Temp\Quarantine.exe

C:\Users\Buro\AppData\Local\Temp\xmlUpdater.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-06-14 19:11
 

==================== End Of Log ============================

--- --- ---

Zitat:

HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\Run: [uumconfig.exe] => C:\Users\Buro\AppData\Roaming\Microsoft\uumconfig.exe [180224 2009-07-14] (Meno)

Kennst Du das?

Leider nein, sollte ich?

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\Run: [uumconfig.exe] => C:\Users\Buro\AppData\Roaming\Microsoft\uumconfig.exe [180224 2009-07-14] (Meno)

C:\Users\Buro\AppData\Roaming\Microsoft\uumconfig.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Bin leider nicht täglich am PC, daher die Pause:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:16-06-2014

Ran by Buro at 2014-06-18 09:09:53 Run:1

Running from D:\Eigene Dateien\Downloads

Boot Mode: Normal
 

==============================================
 

Content of fixlist:

*****************

HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\Run: [uumconfig.exe] => C:\Users\Buro\AppData\Roaming\Microsoft\uumconfig.exe [180224 2009-07-14] (Meno)

C:\Users\Buro\AppData\Roaming\Microsoft\uumconfig.exe

*****************
 

HKU\S-1-5-21-1046610458-722662356-3371820042-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uumconfig.exe => value deleted successfully.

C:\Users\Buro\AppData\Roaming\Microsoft\uumconfig.exe => Moved successfully.
 

==== End of Fixlog ====

Da ich nicht mehr bearbeiten kann:
Scheint sauber zu sein, vorschaltBildschirm ist verschwunden!

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.