Trojaner-Board - ZeroAccess rootkit

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - ZeroAccess rootkit - mistviech (https://www.trojaner-board.de/139796-zeroaccess-rootkit-mistviech.html)

ZeroAccess rootkit - mistviech

Hallo ich habe glaube den ZeroAccess ...
Habe hiermal durch gestöbert und habe direkt mal den FRST64 laufen lassen

Bitte um Unterstützung...

Dateien anbei.

Danke!

Hallo maddune und :hallo:

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eins vorneweg: Ich kann dir keine Garantien geben, dass ich alles finden werde. Bei schwerwiegenden Infektionen ist ein Formatieren und Neuinstallieren meist der schnellere und immer der sicherere Weg.
Wenn du dich für eine Bereinigung entscheidest, dann sollten wir gründlich vorgehen. Bleib also dran, bis ich dir eindeutig mitteile, dass wir fertig sind.
Auch wenn die auffälligen Symptome schon früh verschwinden, bedeutet das nicht, dass dein Rechner dann schon sauber und sicher ist.

Hinweise zum Ablauf

Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
- Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
- Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles erst zum Schluss gesammelt in einer Antwort.
- Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
- Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.

Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert:
- Lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
- Installiere oder deinstalliere während der Bereinigung keine Software.

Los geht's:

Zitat:

Hallo ich habe glaube den ZeroAccess ...

So ist es, ja...

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hier das Log

Code:

ComboFix 13-08-13.02 - Marcus 13.08.2013  20:41:22.1.8 - x64 NETWORK

Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.8081.6745 [GMT 2:00]

ausgeführt von:: c:\users\Marcus\Desktop\ComboFix.exe

AV: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee  Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Marcus\AppData\Roaming\pdfsound.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-07-13 bis 2013-08-13  ))))))))))))))))))))))))))))))

.

.

2013-08-13 18:49 . 2013-08-13 18:49        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2013-08-13 17:56 . 2013-08-13 17:56        --------        d-----w-        C:\FRST

2013-08-13 12:44 . 2013-08-13 12:44        27256        ----a-w-        c:\windows\system32\drivers\FixZeroAccess.sys

2013-08-13 11:34 . 2013-08-13 11:34        --------        d-----w-        C:\Quarantine

2013-08-13 10:23 . 2010-01-01 22:00        787456        ----a-w-        c:\windows\SysWow64\EditCtlsU.ocx

2013-08-13 10:23 . 2007-08-08 11:40        244416        ----a-w-        c:\windows\SysWow64\msflxgrd.ocx

2013-08-13 10:23 . 2007-08-08 11:39        209608        ----a-w-        c:\windows\SysWow64\tabctl32.ocx

2013-08-13 10:23 . 2007-08-08 11:39        1066176        ----a-w-        c:\windows\SysWow64\Mscomctl.ocx

2013-08-13 10:23 . 2007-08-08 11:39        415176        ----a-w-        c:\windows\SysWow64\Comct332.ocx

2013-08-13 10:23 . 2007-08-08 11:39        152848        ----a-w-        c:\windows\SysWow64\Comdlg32.ocx

2013-08-13 10:23 . 2004-02-22 21:00        119808        ----a-w-        c:\windows\SysWow64\msstdfmt.dll

2013-08-13 10:23 . 2013-08-13 10:23        --------        d-----w-        c:\program files (x86)\AppGini

2013-08-09 18:50 . 2013-08-09 18:56        --------        d-----w-        c:\users\Marcus\AppData\Roaming\MySQL

2013-08-04 19:10 . 2013-08-04 19:10        --------        d-----w-        c:\program files (x86)\Common Files\Java

2013-08-04 19:10 . 2013-08-04 19:10        867240        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll

2013-08-04 19:10 . 2013-08-04 19:10        789416        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2013-08-04 19:10 . 2013-08-04 19:10        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-08-04 19:10 . 2013-08-04 19:10        --------        d-----w-        c:\program files (x86)\Java

2013-08-04 10:08 . 2013-08-04 10:09        --------        d-----w-        c:\users\Marcus\AppData\Local\Buhl

2013-08-04 10:07 . 2013-08-04 10:07        --------        d-----w-        c:\program files (x86)\Buhl finance

2013-08-04 10:06 . 2013-08-04 10:09        --------        d-----w-        c:\programdata\Buhl Data Service GmbH

2013-07-22 18:58 . 2013-07-22 19:00        --------        d-----w-        c:\windows\system32\MRT

2013-07-17 04:34 . 2013-06-01 03:08        37632        ----a-w-        c:\windows\system32\drivers\BthAvrcpTg.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-12 11:36 . 2013-01-28 16:45        564432        ----a-w-        c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

2013-06-27 22:04 . 2012-07-26 08:14        78200        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-27 22:04 . 2012-07-26 08:14        693112        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-06-23 22:57 . 2013-01-28 19:07        78277128        ----a-w-        c:\windows\system32\MRT.exe

2013-06-18 20:43 . 2013-06-18 20:44        542208        ----a-w-        c:\windows\system32\drivers\stwrt64.sys

2013-06-18 20:43 . 2013-06-18 20:44        499200        ----a-w-        c:\windows\system32\stcplx64.dll

2013-06-18 20:43 . 2013-06-18 20:44        671744        ------w-        c:\windows\system32\stapi64.dll

2013-06-18 20:43 . 2013-06-18 20:44        255488        ----a-w-        c:\windows\system32\st646425.dll

2013-06-18 20:43 . 2013-06-18 20:44        2188800        ----a-w-        c:\windows\system32\stapo64.dll

2013-06-18 20:43 . 2012-11-04 00:17        7712768        ----a-w-        c:\windows\system32\IDTNHP.dll

2013-06-18 20:43 . 2012-11-04 00:17        464384        ----a-w-        c:\windows\system32\slapoi64.dll

2013-06-18 20:43 . 2012-11-04 00:17        253952        ----a-w-        c:\windows\system32\IDTNJ.exe

2013-06-18 20:43 . 2012-11-04 00:17        2213376        ----a-w-        c:\windows\system32\IDTNX.dll

2013-06-18 20:43 . 2012-11-04 00:17        7986176        ----a-w-        c:\windows\system32\IDTNGUI.exe

2013-06-18 20:43 . 2012-11-04 00:17        6085632        ----a-w-        c:\windows\system32\stlang64.dll

2013-06-18 20:43 . 2012-11-04 00:17        1821184        ----a-w-        c:\windows\system32\IDTNC64.cpl

2013-06-18 20:43 . 2012-11-04 00:17        1664000        ----a-w-        c:\windows\sttray64.exe

2013-06-18 20:43 . 2012-11-04 00:17        224256        ----a-w-        c:\windows\system32\HPToneCtrls64.dll

2013-06-11 23:43 . 2013-07-12 11:28        1767936        ----a-w-        c:\windows\SysWow64\wininet.dll

2013-06-11 23:43 . 2013-07-12 11:28        2877440        ----a-w-        c:\windows\SysWow64\jscript9.dll

2013-06-11 23:26 . 2013-07-12 11:28        51712        ----a-w-        c:\windows\system32\ie4uinit.exe

2013-06-11 23:26 . 2013-07-12 11:28        2241024        ----a-w-        c:\windows\system32\wininet.dll

2013-06-11 23:26 . 2013-07-12 11:28        1365504        ----a-w-        c:\windows\system32\urlmon.dll

2013-06-11 23:25 . 2013-07-12 11:28        19238912        ----a-w-        c:\windows\system32\mshtml.dll

2013-06-11 23:25 . 2013-07-12 11:28        603136        ----a-w-        c:\windows\system32\msfeeds.dll

2013-06-11 23:25 . 2013-07-12 11:28        3958784        ----a-w-        c:\windows\system32\jscript9.dll

2013-06-11 23:25 . 2013-07-12 11:28        855552        ----a-w-        c:\windows\system32\jscript.dll

2013-06-11 23:25 . 2013-07-12 11:28        15404032        ----a-w-        c:\windows\system32\ieframe.dll

2013-06-11 23:25 . 2013-07-12 11:28        2648576        ----a-w-        c:\windows\system32\iertutil.dll

2013-06-01 09:25 . 2013-07-12 11:28        496640        ----a-w-        c:\windows\SysWow64\qedit.dll

2013-06-01 09:21 . 2013-07-12 11:28        595968        ----a-w-        c:\windows\system32\qedit.dll

2013-05-30 23:24 . 2013-06-15 14:18        1257472        ----a-w-        c:\windows\system32\kernel32.dll

2013-05-30 23:14 . 2013-07-12 11:28        4036096        ----a-w-        c:\windows\system32\win32k.sys

2013-05-23 23:01 . 2013-06-15 13:47        1300992        ----a-w-        c:\windows\system32\gdi32.dll

2013-05-23 22:27 . 2013-06-15 13:47        1022464        ----a-w-        c:\windows\SysWow64\gdi32.dll

2013-05-15 22:37 . 2013-06-12 12:39        44032        ----a-w-        c:\windows\SysWow64\UXInit.dll

2013-05-15 22:35 . 2013-06-12 12:39        53760        ----a-w-        c:\windows\system32\UXInit.dll

2013-05-15 22:35 . 2013-06-12 20:45        144384        ----a-w-        c:\windows\system32\tssdisai.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-07-01 19:26        222832        ----a-w-        c:\users\Marcus\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-07-01 19:26        222832        ----a-w-        c:\users\Marcus\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-07-01 19:26        222832        ----a-w-        c:\users\Marcus\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-07-12 11:40        1724616        ----a-w-        c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-07-12 11:40        1724616        ----a-w-        c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-07-12 11:40        1724616        ----a-w-        c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12        130736        ----a-w-        c:\users\Marcus\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12        130736        ----a-w-        c:\users\Marcus\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12        130736        ----a-w-        c:\users\Marcus\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Power2GoExpress8"="NA" [X]

"SkyDrive"="c:\users\Marcus\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-07-01 257136]

"AVMUSBFernanschluss"="c:\users\Marcus\AppData\Local\Apps\2.0\8QC1D64Z.G8Y\JBDBVKJY.DJD\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe" [2013-02-23 139264]

"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-07-03 109784]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]

"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]

"KCodes UDS Control Center"="c:\program files (x86)\Assmann\USB Device Server\Control Center.exe" [2012-12-11 5699072]

"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]

"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-09-19 371976]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-09-07 581024]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Marcus\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-8-3 28057256]

Mediencenter.lnk - c:\users\Marcus\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe [2013-7-29 557376]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\

ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2013-2-23 1097728]

t@x aktuell.lnk - c:\program files (x86)\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe [2013-8-4 542800]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableCursorSuppression"= 1 (0x1)

"ConsentPromptBehaviorUser"= 3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]

R1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]

R2 ?etadpug;Google Update Service (gupdate);c:\program files (x86)\Google\Desktop\Install\{14469580-af34-d9b4-b9db-ff816580cb5d}\   \...\???\{14469580-af34-d9b4-b9db-ff816580cb5d}\GoogleUpdate.exe <;c:\program files (x86)\Google\Desktop\Install\{14469580-af34-d9b4-b9db-ff816580cb5d}\   \...\???\{14469580-af34-d9b4-b9db-ff816580cb5d}\GoogleUpdate.exe < [x]

R2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [x]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]

R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]

R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]

R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

R2 OfficeSvc;Microsoft Office-Dienst;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]

R2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]

R2 valWBFPolicyService;Validity WBF Policy Service;c:\windows\system32\valWBFPolicyService.exe;c:\windows\SYSNATIVE\valWBFPolicyService.exe [x]

R3 AssmannUDSTcpBus;AssmannUDSTcpBus;SysWOW64\Drivers\AssmannUDSTcpBus.sys;SysWOW64\Drivers\AssmannUDSTcpBus.sys [x]

R3 avmaura;AVM USB-Fernanschluss;c:\windows\System32\drivers\avmaura.sys;c:\windows\SYSNATIVE\drivers\avmaura.sys [x]

R3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]

R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]

R3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]

R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]

R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]

R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]

R3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x]

R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]

S3 AssmannUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;SysWOW64\Drivers\AssmannUDSMBus.sys;SysWOW64\Drivers\AssmannUDSMBus.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]

S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]

S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

apphost        REG_MULTI_SZ           apphostsvc

iissvcs        REG_MULTI_SZ           w3svc was

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]

2012-12-18 19:08        215264        ----a-w-        c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll

.

Inhalt des "geplante Tasks" Ordners

.

2013-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-28 18:07]

.

2013-08-13 c:\windows\Tasks\HPCeeScheduleForMarcus.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-07-01 19:26        261744        ----a-w-        c:\users\Marcus\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-07-01 19:26        261744        ----a-w-        c:\users\Marcus\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-07-01 19:26        261744        ----a-w-        c:\users\Marcus\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-07-12 11:40        2328264        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-07-12 11:40        2328264        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-07-12 11:40        2328264        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Mediencenter_InSync]

@="{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}"

"ReferenceCount"=dword:00000001

[HKEY_CLASSES_ROOT\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}]

2012-12-13 16:30        558592        ----a-w-        c:\users\Marcus\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Mediencenter_ToSync]

@="{528EE335-5034-4EFC-834E-63E5F02D2BC2}"

"ReferenceCount"=dword:00000001

[HKEY_CLASSES_ROOT\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}]

2012-12-13 16:30        558592        ----a-w-        c:\users\Marcus\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Mediencenter_Failed]

@="{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}"

"ReferenceCount"=dword:00000001

[HKEY_CLASSES_ROOT\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}]

2012-12-13 16:30        558592        ----a-w-        c:\users\Marcus\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12        164016        ----a-w-        c:\users\Marcus\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12        164016        ----a-w-        c:\users\Marcus\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12        164016        ----a-w-        c:\users\Marcus\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12        164016        ----a-w-        c:\users\Marcus\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-07-28 170304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-07-28 398656]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-07-28 440640]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]

"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1238528]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-06-18 1664000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: RF - Formular ausfüllen - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RF - Formular speichern - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: RF - Menü anpassen - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: RF - RoboForm-Leiste ein/aus - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\71px9esy.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - ExtSQL: 2013-06-25 22:01; {ab91efd4-6975-4081-8552-1b3922ed79e2}; c:\users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\71px9esy.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

.

.

Binary file temp00 matches

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

@SACL=(02 0000)

.

Zeit der Fertigstellung: 2013-08-13  20:52:28

ComboFix-quarantined-files.txt  2013-08-13 18:52

.

Vor Suchlauf: 21 Verzeichnis(se), 486.434.856.960 Bytes frei

Nach Suchlauf: 26 Verzeichnis(se), 487.110.041.600 Bytes frei

.

- - End Of File - - AC45976C5715240A7B60E20268CA8826

D41D8CD98F00B204E9800998ECF8427E

Ok.

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

*irritiert*
Scan finished: No malware found!
No cleanup required!

... und nun?

Code:

Malwarebytes Anti-Rootkit BETA 1.06.1.1005

www.malwarebytes.org
 

Database version: v2013.08.13.06
 

Windows 8 x64 NTFS (Safe Mode/Networking)

Internet Explorer 10.0.9200.16635
 

13.08.2013 21:00:06

mbar-log-2013-08-13 (21-00-06).txt
 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: PUP

Objects scanned: 277672

Time elapsed: 36 minute(s), 36 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 0

(No malicious items detected)
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 0

(No malicious items detected)
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 0

(No malicious items detected)
 

Physical Sectors Detected: 0

(No malicious items detected)
 

(end)

Bitte ein neues FRST-Log:

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013 01

Ran by Marcus (administrator) on 13-08-2013 21:50:41

Running from C:\Users\Marcus\Desktop

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(McAfee, Inc.) C:\Windows\system32\mfevtps.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) c:\PROGRA~1\mcafee.com\agent\mcagent.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe

(Malwarebytes Corporation) C:\Users\Marcus\Desktop\mbar-1.06.1.1005\mbar\mbar.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-25] (Synaptics Incorporated)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)

HKLM\...\Run: [PrnStatusMX] - C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1238528 2007-08-29] (Marvell Semiconductor, Inc.)

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-18] (IDT, Inc.)

HKCU\...\Run: [SkyDrive] - C:\Users\Marcus\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-07-01] (Microsoft Corporation)

HKCU\...\Run: [AVMUSBFernanschluss] - C:\Users\Marcus\AppData\Local\Apps\2.0\8QC1D64Z.G8Y\JBDBVKJY.DJD\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2013-02-23] (AVM Berlin)

HKCU\...\Run: [Power2GoExpress8] - NA [x]

HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2013-07-03] (Siber Systems)

HKLM-x32\...\Run: [] -  [x]

HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)

HKLM-x32\...\Run: [KCodes UDS Control Center] - C:\Program Files (x86)\Assmann\USB Device Server\Control Center.exe [5699072 2012-12-11] ()

HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)

HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)

HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk

ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk

ShortcutTarget: t@x aktuell.lnk -> C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe ()

Startup: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Marcus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk

ShortcutTarget: Mediencenter.lnk -> C:\Users\Marcus\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKLM - {7DB12146-D087-42B0-8F6C-F759DCCEC646} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKLM-x32 - {7DB12146-D087-42B0-8F6C-F759DCCEC646} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKCU - {08C1882F-C0C5-4248-AFDD-295D9A5A69AC} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}

SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKCU - {7DB12146-D087-42B0-8F6C-F759DCCEC646} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)

BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\71px9esy.default

FF Homepage: hxxp://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)

FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)

FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF Extension: HP Detect - C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\71px9esy.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}

FF Extension: firebug - C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\71px9esy.default\Extensions\firebug@software.joehewitt.com.xpi

FF Extension: No Name - C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\71px9esy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor

FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
 

==================== Services (Whitelisted) =================
 

S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)

S3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)

S2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)

S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)

S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)

S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [332080 2012-01-26] (McAfee, Inc.)

S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [384048 2013-02-26] (McAfee, Inc.)

S4 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)

S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation)

S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)

S2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()

U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{14469580-af34-d9b4-b9db-ff816580cb5d}\   \...\???\{14469580-af34-d9b4-b9db-ff816580cb5d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
 

==================== Drivers (Whitelisted) ====================
 

R3 AssmannUDSMBus; C:\Windows\SysWow64\Drivers\AssmannUDSMBus.sys [102688 2012-09-21] (Windows (R) Codename Longhorn DDK provider)

S3 AssmannUDSTcpBus; C:\Windows\SysWow64\Drivers\AssmannUDSTcpBus.sys [181024 2012-09-21] (Windows (R) Codename Longhorn DDK provider)

S3 avmaura; C:\Windows\System32\drivers\avmaura.sys [116480 2013-02-23] (AVM Berlin)

S3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)

U4 BthAvrcpTg; 

U4 BthHFEnum; 

U4 bthhfhid; 

S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)

S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)

R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-08-13] ()

R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-08-13] ()

R3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [162008 2013-08-13] (Malwarebytes Corporation)

R3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [162008 2013-08-13] (Malwarebytes Corporation)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)

S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69168 2013-02-19] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)

S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-14] (Realtek Semiconductor Corp.)

S3 rtbth; C:\Windows\System32\drivers\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-02-08] (Hewlett-Packard Development Company, L.P.)

U3 catchme; \??\C:\ComboFix\catchme.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-13 21:44 - 2013-08-13 21:44 - 00162008 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys

2013-08-13 21:44 - 2013-08-13 21:44 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys

2013-08-13 21:26 - 2013-08-13 21:26 - 00000050 _____ C:\Program Files (x86)\.directory

2013-08-13 21:00 - 2013-08-13 21:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-08-13 20:59 - 2013-08-13 20:59 - 00000000 ____D C:\Users\Marcus\Desktop\mbar-1.06.1.1005

2013-08-13 20:59 - 2013-08-13 20:59 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-13 20:58 - 2013-08-13 20:59 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Marcus\Desktop\mbar-1.06.1.1005.exe

2013-08-13 20:52 - 2013-08-13 20:52 - 00029995 _____ C:\ComboFix.txt

2013-08-13 20:39 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe

2013-08-13 20:39 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe

2013-08-13 20:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-08-13 20:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-08-13 20:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-08-13 20:39 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe

2013-08-13 20:39 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe

2013-08-13 20:39 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe

2013-08-13 20:39 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe

2013-08-13 20:37 - 2013-08-13 20:52 - 00000000 ____D C:\Qoobox

2013-08-13 20:37 - 2013-08-13 20:50 - 00000000 ____D C:\Windows\erdnt

2013-08-13 20:36 - 2013-08-13 20:36 - 05103833 ____R (Swearware) C:\Users\Marcus\Desktop\ComboFix.exe

2013-08-13 20:16 - 2013-08-13 20:16 - 00000063 _____ C:\Users\Marcus\Desktop\Fixlist.txt

2013-08-13 20:12 - 2013-08-13 20:12 - 00000103 _____ C:\Users\Marcus\Desktop\regdel.bat

2013-08-13 20:08 - 2013-08-13 20:08 - 00001034 _____ C:\Users\Marcus\Desktop\test.reg

2013-08-13 19:57 - 2013-08-13 19:57 - 00027790 _____ C:\Users\Marcus\Desktop\Addition.txt

2013-08-13 19:56 - 2013-08-13 19:56 - 00000000 ____D C:\FRST

2013-08-13 19:55 - 2013-08-13 19:55 - 01575274 _____ (Farbar) C:\Users\Marcus\Desktop\FRST64.exe

2013-08-13 19:10 - 2013-08-13 19:12 - 00000274 _____ C:\Users\Marcus\Desktop\RootkitRemover20130813191037.txt

2013-08-13 14:44 - 2013-08-13 14:44 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys

2013-08-13 14:39 - 2013-08-13 14:38 - 00551408 _____ (McAfee, Inc.) C:\Users\Marcus\Desktop\rootkitremover.exe

2013-08-13 13:34 - 2013-08-13 13:34 - 00000000 ____D C:\Quarantine

2013-08-13 13:33 - 2013-08-13 13:34 - 11615264 _____ (McAfee Inc) C:\Users\Marcus\Desktop\stinger32.exe

2013-08-13 13:33 - 2013-08-13 13:33 - 00001151 _____ C:\Users\Marcus\Desktop\Mediencenter.lnk

2013-08-13 12:23 - 2013-08-13 13:05 - 00000000 ____D C:\Users\Marcus\Downloads\appgini_freeware

2013-08-13 12:23 - 2013-08-13 12:23 - 00000991 _____ C:\Users\Marcus\Desktop\AppGini.lnk

2013-08-13 12:23 - 2013-08-13 12:23 - 00000000 ____D C:\Program Files (x86)\AppGini

2013-08-13 12:23 - 2013-08-13 12:22 - 06919420 ____R C:\Users\Marcus\Downloads\appgini_freeware.zip

2013-08-13 12:23 - 2010-01-02 00:00 - 00787456 _____ C:\Windows\SysWOW64\EditCtlsU.ocx

2013-08-13 12:23 - 2007-08-08 13:40 - 00244416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msflxgrd.ocx

2013-08-13 12:23 - 2007-08-08 13:39 - 01066176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mscomctl.ocx

2013-08-13 12:23 - 2007-08-08 13:39 - 00415176 _____ (Microsoft Corporation ) C:\Windows\SysWOW64\Comct332.ocx

2013-08-13 12:23 - 2007-08-08 13:39 - 00209608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tabctl32.ocx

2013-08-13 12:23 - 2007-08-08 13:39 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx

2013-08-13 12:23 - 2004-02-22 23:00 - 00119808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msstdfmt.dll

2013-08-09 20:50 - 2013-08-09 20:56 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\MySQL

2013-08-09 20:48 - 2013-08-09 20:49 - 30949323 _____ C:\Users\Marcus\Downloads\mysql-workbench-gpl-5.2.47-win32-noinstall.zip

2013-08-09 19:03 - 2013-08-09 19:07 - 00002728 _____ C:\Users\Marcus\SuperPutty.settings

2013-08-09 19:01 - 2013-08-09 19:07 - 00000000 ____D C:\Users\Marcus\Documents\SuperPuTTY

2013-08-09 19:00 - 2013-08-09 19:00 - 00728780 _____ C:\Users\Marcus\Downloads\SuperPutty-1.4.0.4.zip

2013-08-09 19:00 - 2013-08-09 19:00 - 00000000 ____D C:\Users\Marcus\Downloads\SuperPutty-1.4.0.4

2013-08-07 17:47 - 2013-08-07 17:47 - 02090358 _____ C:\Users\Marcus\Desktop\fotosJutta.zip

2013-08-07 17:47 - 2013-08-07 17:47 - 00000000 ____D C:\Users\Marcus\Desktop\fotosJutta

2013-08-06 22:04 - 2013-08-06 22:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-04 21:10 - 2013-08-04 21:10 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-08-04 21:10 - 2013-08-04 21:10 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-08-04 21:10 - 2013-08-04 21:10 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-08-04 21:10 - 2013-08-04 21:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-08-04 21:10 - 2013-08-04 21:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-08-04 21:10 - 2013-08-04 21:10 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-08-04 21:10 - 2013-08-04 21:10 - 00000000 ____D C:\ProgramData\Sun

2013-08-04 21:10 - 2013-08-04 21:10 - 00000000 ____D C:\Program Files (x86)\Java

2013-08-04 21:08 - 2013-08-04 21:08 - 00903080 _____ (Oracle Corporation) C:\Users\Marcus\Downloads\jxpiinstall.exe

2013-08-04 12:21 - 2013-08-04 12:21 - 00000000 ____D C:\Users\Marcus\Documents\tax

2013-08-04 12:08 - 2013-08-04 12:09 - 00000000 ____D C:\Users\Marcus\AppData\Local\Buhl

2013-08-04 12:08 - 2013-08-04 12:08 - 00002214 _____ C:\Users\Public\Desktop\t@x 2013.lnk

2013-08-04 12:08 - 2013-08-04 12:08 - 00000063 _____ C:\Windows\wiso.ini

2013-08-04 12:07 - 2013-08-04 12:07 - 00000000 ____D C:\Program Files (x86)\Buhl finance

2013-08-04 12:06 - 2013-08-04 12:09 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH

2013-08-04 11:50 - 2013-08-04 12:05 - 502621696 _____ C:\Users\Marcus\Downloads\TaxSteuersoftware2013.exe

2013-08-04 10:58 - 2013-08-04 10:59 - 36864847 _____ (Indigo Rose Corporation) C:\Users\Marcus\Downloads\schrankplaner_setup.exe

2013-07-22 20:58 - 2013-07-22 21:00 - 00000000 ____D C:\Windows\system32\MRT

2013-07-22 20:48 - 2013-07-22 21:08 - 233871960 _____ (NVIDIA Corporation) C:\Users\Marcus\Downloads\320.49-notebook-win8-win7-64bit-international-whql.exe

2013-07-20 22:27 - 2013-08-13 13:09 - 04993816 _____ C:\Windows\system32\FNTCACHE.DAT

2013-07-18 21:03 - 2013-07-18 21:03 - 00156539 _____ C:\Users\Marcus\Downloads\pkg_xmap-2.3.2.zip

2013-07-17 06:35 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys

2013-07-17 06:35 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys

2013-07-17 06:35 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys

2013-07-17 06:35 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe

2013-07-17 06:35 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-07-17 06:35 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS

2013-07-17 06:35 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS

2013-07-17 06:35 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-07-17 06:35 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys

2013-07-17 06:35 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

2013-07-17 06:35 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-07-17 06:35 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll

2013-07-17 06:35 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll

2013-07-17 06:35 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll

2013-07-17 06:35 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll

2013-07-17 06:35 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll

2013-07-17 06:35 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe

2013-07-17 06:35 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll

2013-07-17 06:35 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2013-07-17 06:35 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll

2013-07-17 06:35 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe

2013-07-17 06:35 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll

2013-07-17 06:35 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll

2013-07-17 06:35 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll

2013-07-17 06:35 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll

2013-07-17 06:35 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll

2013-07-17 06:35 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll

2013-07-17 06:35 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2013-07-17 06:35 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll

2013-07-17 06:35 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2013-07-17 06:35 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2013-07-17 06:35 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2013-07-17 06:35 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2013-07-17 06:35 - 2013-05-20 02:08 - 00386642 _____ C:\Windows\system32\ApnDatabase.xml

2013-07-17 06:34 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys

2013-07-14 11:17 - 2013-07-14 11:19 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\YCanPDF

2013-07-14 11:17 - 2013-07-14 11:18 - 00000000 ____D C:\output

2013-07-14 11:17 - 2013-07-14 11:17 - 00000000 ____D C:\tmp

2013-07-14 11:15 - 2013-07-14 11:18 - 00000030 _____ C:\Users\Marcus\AppData\Roaming\setup.ini

2013-07-14 11:15 - 2013-07-14 11:17 - 00000003 _____ C:\Users\Marcus\AppData\Roaming\options.ini

2013-07-14 11:15 - 2013-07-14 11:15 - 00000943 _____ C:\Users\Public\Desktop\PDFZilla.lnk

2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Program Files (x86)\PDFZilla

2013-07-14 11:15 - 2013-06-09 10:34 - 00000043 _____ C:\Users\Marcus\AppData\Roaming\setup_pdfrotator.ini

2013-07-14 11:15 - 2013-06-09 09:38 - 00000053 _____ C:\Users\Marcus\AppData\Roaming\setting.ini

2013-07-14 11:15 - 2013-06-09 09:30 - 00000043 _____ C:\Users\Marcus\AppData\Roaming\setup_pdfcombine.ini

2013-07-14 11:15 - 2013-02-23 12:15 - 00000003 _____ C:\Users\Marcus\AppData\Roaming\options_pdfrotator.ini

2013-07-14 11:15 - 2012-07-07 13:04 - 00000003 _____ C:\Users\Marcus\AppData\Roaming\options_pdfcombine.ini

2013-07-14 11:13 - 2013-07-14 11:13 - 00000000 ____D C:\Users\Marcus\Downloads\PDFZillaV3

2013-07-14 11:12 - 2013-07-14 11:13 - 18016895 _____ C:\Users\Marcus\Downloads\PDFZillaV3.zip
 

==================== One Month Modified Files and Folders =======
 

2013-08-13 21:48 - 2013-08-13 21:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-08-13 21:45 - 2013-08-13 21:45 - 00000050 _____ C:\Program Files\.directory

2013-08-13 21:45 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender

2013-08-13 21:44 - 2013-08-13 21:44 - 00162008 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys

2013-08-13 21:44 - 2013-08-13 21:44 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys

2013-08-13 21:26 - 2013-08-13 21:26 - 00000050 _____ C:\Program Files (x86)\.directory

2013-08-13 20:59 - 2013-08-13 20:59 - 00000000 ____D C:\Users\Marcus\Desktop\mbar-1.06.1.1005

2013-08-13 20:59 - 2013-08-13 20:59 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-13 20:59 - 2013-08-13 20:58 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Marcus\Desktop\mbar-1.06.1.1005.exe

2013-08-13 20:52 - 2013-08-13 20:52 - 00029995 _____ C:\ComboFix.txt

2013-08-13 20:52 - 2013-08-13 20:37 - 00000000 ____D C:\Qoobox

2013-08-13 20:52 - 2012-07-26 07:37 - 00000000 __RHD C:\Users\Default

2013-08-13 20:50 - 2013-08-13 20:37 - 00000000 ____D C:\Windows\erdnt

2013-08-13 20:49 - 2012-07-26 07:26 - 00000215 _____ C:\Windows\system.ini

2013-08-13 20:36 - 2013-08-13 20:36 - 05103833 ____R (Swearware) C:\Users\Marcus\Desktop\ComboFix.exe

2013-08-13 20:16 - 2013-08-13 20:16 - 00000063 _____ C:\Users\Marcus\Desktop\Fixlist.txt

2013-08-13 20:12 - 2013-08-13 20:12 - 00000103 _____ C:\Users\Marcus\Desktop\regdel.bat

2013-08-13 20:08 - 2013-08-13 20:08 - 00001034 _____ C:\Users\Marcus\Desktop\test.reg

2013-08-13 19:57 - 2013-08-13 19:57 - 00027790 _____ C:\Users\Marcus\Desktop\Addition.txt

2013-08-13 19:57 - 2012-10-25 00:16 - 00828878 _____ C:\Windows\system32\perfh007.dat

2013-08-13 19:57 - 2012-10-25 00:16 - 00188018 _____ C:\Windows\system32\perfc007.dat

2013-08-13 19:57 - 2012-07-26 09:28 - 01949368 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-13 19:56 - 2013-08-13 19:56 - 00000000 ____D C:\FRST

2013-08-13 19:55 - 2013-08-13 19:55 - 01575274 _____ (Farbar) C:\Users\Marcus\Desktop\FRST64.exe

2013-08-13 19:16 - 2013-01-28 20:34 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Dropbox

2013-08-13 19:15 - 2013-03-27 13:49 - 00000000 ____D C:\Windows\pss

2013-08-13 19:12 - 2013-08-13 19:10 - 00000274 _____ C:\Users\Marcus\Desktop\RootkitRemover20130813191037.txt

2013-08-13 19:12 - 2013-01-28 18:04 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-418063148-2677929952-3949280998-1002

2013-08-13 19:09 - 2013-02-02 22:15 - 00000000 ___RD C:\Users\Marcus\Mediencenter

2013-08-13 19:09 - 2013-01-28 20:38 - 00000000 ___RD C:\Users\Marcus\Dropbox

2013-08-13 19:08 - 2013-02-23 11:39 - 00008380 _____ C:\Windows\avmacc.log

2013-08-13 19:07 - 2013-01-28 19:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-13 19:06 - 2012-09-26 09:53 - 00000950 _____ C:\Windows\SysWOW64\bscs.ini

2013-08-13 19:06 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-13 19:04 - 2013-02-19 07:39 - 00000000 ____D C:\Program Files (x86)\stinger

2013-08-13 14:56 - 2013-01-28 17:53 - 01386972 _____ C:\Windows\WindowsUpdate.log

2013-08-13 14:44 - 2013-08-13 14:44 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys

2013-08-13 14:38 - 2013-08-13 14:39 - 00551408 _____ (McAfee, Inc.) C:\Users\Marcus\Desktop\rootkitremover.exe

2013-08-13 14:26 - 2013-01-28 17:53 - 00000000 ____D C:\Users\Marcus

2013-08-13 13:59 - 2013-06-25 21:10 - 00003620 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI

2013-08-13 13:59 - 2013-06-25 21:10 - 00000043 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI

2013-08-13 13:59 - 2013-02-23 11:52 - 00005168 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for NOTEBOOK-MARCUS-Marcus Notebook-Marcus

2013-08-13 13:58 - 2013-02-02 22:02 - 00000000 ___RD C:\Users\Marcus\SkyDrive

2013-08-13 13:36 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru

2013-08-13 13:34 - 2013-08-13 13:34 - 00000000 ____D C:\Quarantine

2013-08-13 13:34 - 2013-08-13 13:33 - 11615264 _____ (McAfee Inc) C:\Users\Marcus\Desktop\stinger32.exe

2013-08-13 13:33 - 2013-08-13 13:33 - 00001151 _____ C:\Users\Marcus\Desktop\Mediencenter.lnk

2013-08-13 13:33 - 2013-02-02 22:13 - 00001137 _____ C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mediencenter.lnk

2013-08-13 13:29 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI

2013-08-13 13:14 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM

2013-08-13 13:09 - 2013-07-20 22:27 - 04993816 _____ C:\Windows\system32\FNTCACHE.DAT

2013-08-13 13:09 - 2013-01-31 16:43 - 00000368 _____ C:\Windows\Tasks\HPCeeScheduleForMarcus.job

2013-08-13 13:08 - 2013-01-28 18:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-13 13:08 - 2012-08-04 00:23 - 00475140 _____ C:\Windows\PFRO.log

2013-08-13 13:05 - 2013-08-13 12:23 - 00000000 ____D C:\Users\Marcus\Downloads\appgini_freeware

2013-08-13 12:23 - 2013-08-13 12:23 - 00000991 _____ C:\Users\Marcus\Desktop\AppGini.lnk

2013-08-13 12:23 - 2013-08-13 12:23 - 00000000 ____D C:\Program Files (x86)\AppGini

2013-08-13 12:22 - 2013-08-13 12:23 - 06919420 ____R C:\Users\Marcus\Downloads\appgini_freeware.zip

2013-08-13 11:59 - 2013-01-31 16:43 - 00003184 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMarcus

2013-08-13 11:59 - 2013-01-29 15:45 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log

2013-08-13 11:58 - 2012-11-04 02:25 - 00000000 ____D C:\Windows\Hewlett-Packard

2013-08-13 11:58 - 2012-08-04 02:02 - 00000000 ____D C:\SWSetup

2013-08-13 11:55 - 2013-01-29 15:45 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2013-08-13 11:55 - 2012-10-24 14:53 - 00000000 ____D C:\ProgramData\Hewlett-Packard

2013-08-13 08:36 - 2013-01-28 22:01 - 00000000 ____D C:\Users\Marcus\AppData\Local\Adobe

2013-08-09 21:17 - 2013-02-02 00:46 - 00000600 _____ C:\Users\Marcus\AppData\Local\PUTTY.RND

2013-08-09 21:17 - 2013-01-28 23:05 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\FileZilla

2013-08-09 20:56 - 2013-08-09 20:50 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\MySQL

2013-08-09 20:49 - 2013-08-09 20:48 - 30949323 _____ C:\Users\Marcus\Downloads\mysql-workbench-gpl-5.2.47-win32-noinstall.zip

2013-08-09 19:07 - 2013-08-09 19:03 - 00002728 _____ C:\Users\Marcus\SuperPutty.settings

2013-08-09 19:07 - 2013-08-09 19:01 - 00000000 ____D C:\Users\Marcus\Documents\SuperPuTTY

2013-08-09 19:00 - 2013-08-09 19:00 - 00728780 _____ C:\Users\Marcus\Downloads\SuperPutty-1.4.0.4.zip

2013-08-09 19:00 - 2013-08-09 19:00 - 00000000 ____D C:\Users\Marcus\Downloads\SuperPutty-1.4.0.4

2013-08-09 16:14 - 2013-01-28 17:53 - 00000000 ____D C:\Users\Marcus\AppData\Local\Packages

2013-08-09 16:14 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent

2013-08-08 22:21 - 2013-03-25 14:43 - 00069120 ___SH C:\Users\Marcus\Desktop\Thumbs.db

2013-08-07 21:31 - 2013-01-30 17:43 - 00001090 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk

2013-08-07 17:47 - 2013-08-07 17:47 - 02090358 _____ C:\Users\Marcus\Desktop\fotosJutta.zip

2013-08-07 17:47 - 2013-08-07 17:47 - 00000000 ____D C:\Users\Marcus\Desktop\fotosJutta

2013-08-06 22:04 - 2013-08-06 22:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-04 21:10 - 2013-08-04 21:10 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-08-04 21:10 - 2013-08-04 21:10 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-08-04 21:10 - 2013-08-04 21:10 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-08-04 21:10 - 2013-08-04 21:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-08-04 21:10 - 2013-08-04 21:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-08-04 21:10 - 2013-08-04 21:10 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-08-04 21:10 - 2013-08-04 21:10 - 00000000 ____D C:\ProgramData\Sun

2013-08-04 21:10 - 2013-08-04 21:10 - 00000000 ____D C:\Program Files (x86)\Java

2013-08-04 21:08 - 2013-08-04 21:08 - 00903080 _____ (Oracle Corporation) C:\Users\Marcus\Downloads\jxpiinstall.exe

2013-08-04 12:28 - 2013-01-28 20:38 - 00001027 _____ C:\Users\Marcus\Desktop\Dropbox.lnk

2013-08-04 12:28 - 2013-01-28 20:36 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2013-08-04 12:28 - 2013-01-28 17:56 - 00000000 ___RD C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-08-04 12:21 - 2013-08-04 12:21 - 00000000 ____D C:\Users\Marcus\Documents\tax

2013-08-04 12:09 - 2013-08-04 12:08 - 00000000 ____D C:\Users\Marcus\AppData\Local\Buhl

2013-08-04 12:09 - 2013-08-04 12:06 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH

2013-08-04 12:08 - 2013-08-04 12:08 - 00002214 _____ C:\Users\Public\Desktop\t@x 2013.lnk

2013-08-04 12:08 - 2013-08-04 12:08 - 00000063 _____ C:\Windows\wiso.ini

2013-08-04 12:07 - 2013-08-04 12:07 - 00000000 ____D C:\Program Files (x86)\Buhl finance

2013-08-04 12:07 - 2012-10-24 14:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-08-04 12:05 - 2013-08-04 11:50 - 502621696 _____ C:\Users\Marcus\Downloads\TaxSteuersoftware2013.exe

2013-08-04 10:59 - 2013-08-04 10:58 - 36864847 _____ (Indigo Rose Corporation) C:\Users\Marcus\Downloads\schrankplaner_setup.exe

2013-07-30 20:06 - 2013-02-03 21:32 - 00001456 _____ C:\Users\Marcus\AppData\Local\Adobe Für Web speichern 12.0 Prefs

2013-07-29 21:35 - 2013-01-28 19:47 - 00000000 ___RD C:\Users\Marcus\Kunden

2013-07-25 21:07 - 2012-10-24 14:41 - 00000000 ____D C:\Program Files (x86)\CyberLink

2013-07-25 20:35 - 2013-03-22 18:51 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Mp3tag

2013-07-25 20:34 - 2013-01-28 19:20 - 00000000 ____D C:\mp3

2013-07-22 21:08 - 2013-07-22 20:48 - 233871960 _____ (NVIDIA Corporation) C:\Users\Marcus\Downloads\320.49-notebook-win8-win7-64bit-international-whql.exe

2013-07-22 21:03 - 2012-11-04 02:31 - 00000000 ____D C:\Windows\SysWOW64\NV

2013-07-22 21:03 - 2012-11-04 02:31 - 00000000 ____D C:\Windows\system32\NV

2013-07-22 21:03 - 2012-11-04 02:17 - 00000000 ____D C:\ProgramData\NVIDIA

2013-07-22 21:00 - 2013-07-22 20:58 - 00000000 ____D C:\Windows\system32\MRT

2013-07-20 22:27 - 2013-02-20 20:42 - 00000000 ____D C:\Program Files (x86)\McAfee

2013-07-18 21:03 - 2013-07-18 21:03 - 00156539 _____ C:\Users\Marcus\Downloads\pkg_xmap-2.3.2.zip

2013-07-15 21:05 - 2013-05-03 16:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-07-15 21:05 - 2013-05-03 16:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-07-15 21:02 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal

2013-07-15 21:02 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe

2013-07-14 23:21 - 2013-06-04 20:11 - 00000132 _____ C:\Users\Marcus\AppData\Roaming\Adobe PNG Format CS5 Prefs

2013-07-14 11:19 - 2013-07-14 11:17 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\YCanPDF

2013-07-14 11:18 - 2013-07-14 11:17 - 00000000 ____D C:\output

2013-07-14 11:18 - 2013-07-14 11:15 - 00000030 _____ C:\Users\Marcus\AppData\Roaming\setup.ini

2013-07-14 11:17 - 2013-07-14 11:17 - 00000000 ____D C:\tmp

2013-07-14 11:17 - 2013-07-14 11:15 - 00000003 _____ C:\Users\Marcus\AppData\Roaming\options.ini

2013-07-14 11:15 - 2013-07-14 11:15 - 00000943 _____ C:\Users\Public\Desktop\PDFZilla.lnk

2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Program Files (x86)\PDFZilla

2013-07-14 11:13 - 2013-07-14 11:13 - 00000000 ____D C:\Users\Marcus\Downloads\PDFZillaV3

2013-07-14 11:13 - 2013-07-14 11:12 - 18016895 _____ C:\Users\Marcus\Downloads\PDFZillaV3.zip

2013-07-14 11:05 - 2013-01-28 18:31 - 00000000 ____D C:\Program Files\Microsoft Office 15
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!
 
 

LastRegBack: 2013-07-21 11:05
 

==================== End Of Log ============================

--- --- ---

Addition

Code:



==================== Event log errors: =========================
 

Application errors:

==================

Error: (08/13/2013 09:51:11 PM) (Source: VSS) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.

.
 
 

Vorgang:

   VSS-Server wird instanziiert
 

Error: (08/13/2013 09:51:11 PM) (Source: VSS) (User: )

Description: Fehler bei Volumenschattenkopie-Dienst: Der COM-Server mit CLSID "{e579ab5f-1cc4-44b4-bed9-de0991ff0623}" und dem Namen "IVssCoordinatorEx2" kann nicht bei der Ausführung im abgesicherten Modus gestartet werden.

Der Volumenschattenkopie-Dienst kann nicht gestartet werden, während der abgesicherte Modus ausgeführt wird. [0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.

]
 
 

Vorgang:

   VSS-Server wird instanziiert
 

Error: (08/13/2013 08:39:57 PM) (Source: System Restore) (User: )

Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x80042302).
 

Error: (08/13/2013 08:39:57 PM) (Source: VSS) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.

.
 
 

Vorgang:

   VSS-Server wird instanziiert
 

Error: (08/13/2013 08:39:57 PM) (Source: VSS) (User: )

Description: Fehler bei Volumenschattenkopie-Dienst: Der COM-Server mit CLSID "{e579ab5f-1cc4-44b4-bed9-de0991ff0623}" und dem Namen "IVssCoordinatorEx2" kann nicht bei der Ausführung im abgesicherten Modus gestartet werden.

Der Volumenschattenkopie-Dienst kann nicht gestartet werden, während der abgesicherte Modus ausgeführt wird. [0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.

]
 
 

Vorgang:

   VSS-Server wird instanziiert
 

Error: (08/13/2013 08:39:57 PM) (Source: VSS) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.

.
 
 

Vorgang:

   VSS-Server wird instanziiert
 

Error: (08/13/2013 08:39:57 PM) (Source: VSS) (User: )

Description: Fehler bei Volumenschattenkopie-Dienst: Der COM-Server mit CLSID "{e579ab5f-1cc4-44b4-bed9-de0991ff0623}" und dem Namen "IVssCoordinatorEx2" kann nicht bei der Ausführung im abgesicherten Modus gestartet werden.

Der Volumenschattenkopie-Dienst kann nicht gestartet werden, während der abgesicherte Modus ausgeführt wird. [0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.

]
 
 

Vorgang:

   VSS-Server wird instanziiert
 

Error: (08/13/2013 02:32:53 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: mcshield.exe, Version: 15.1.0.520, Zeitstempel: 0x50f59f8d

Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0000000000000000

ID des fehlerhaften Prozesses: 0x8d8

Startzeit der fehlerhaften Anwendung: 0xmcshield.exe0

Pfad der fehlerhaften Anwendung: mcshield.exe1

Pfad des fehlerhaften Moduls: mcshield.exe2

Berichtskennung: mcshield.exe3

Vollständiger Name des fehlerhaften Pakets: mcshield.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mcshield.exe5
 

Error: (08/13/2013 02:32:51 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)

Description: Exception in McShield.Exe!
 

Exception details follow :
 

VSCORE.15.1.0.520

Exception Code       : 0X00000000C0000005

Exception Address    : 0000000000000000

Exception Parameters : 2

 Param 1 = 0X0000000000000008

 Param 2 = 0000000000000000
 

More information :
 

Error: (08/13/2013 01:50:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: NOTEBOOK-MARCUS)

Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
 

System errors:

=============

Error: (08/13/2013 09:51:26 PM) (Source: DCOM) (User: NOTEBOOK-MARCUS)

Description: 1084WSearchNicht verfügbar{9E175B6D-F52A-11D8-B9A5-505054503030}
 

Error: (08/13/2013 09:51:26 PM) (Source: DCOM) (User: NOTEBOOK-MARCUS)

Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
 

Error: (08/13/2013 09:51:11 PM) (Source: DCOM) (User: NOTEBOOK-MARCUS)

Description: 1084VSSNicht verfügbar{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 

Error: (08/13/2013 09:51:11 PM) (Source: DCOM) (User: NOTEBOOK-MARCUS)

Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
 

Error: (08/13/2013 09:50:42 PM) (Source: DCOM) (User: NOTEBOOK-MARCUS)

Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
 

Error: (08/13/2013 09:50:28 PM) (Source: DCOM) (User: NOTEBOOK-MARCUS)

Description: 1084BlueSoleilCS-Service{DC22CE61-F0A5-415C-986E-4DF78C2D1029}
 

Error: (08/13/2013 09:50:28 PM) (Source: DCOM) (User: NOTEBOOK-MARCUS)

Description: 1084BsHelpCS-Service{1CE3EB56-16B9-40A0-8110-284EF53ACF04}
 

Error: (08/13/2013 09:50:28 PM) (Source: DCOM) (User: NOTEBOOK-MARCUS)

Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
 

Error: (08/13/2013 09:48:46 PM) (Source: DCOM) (User: NOTEBOOK-MARCUS)

Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
 

Error: (08/13/2013 09:44:07 PM) (Source: DCOM) (User: NOTEBOOK-MARCUS)

Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
 
 

Microsoft Office Sessions:

=========================

Error: (08/13/2013 09:51:11 PM) (Source: VSS)(User: )

Description: CoCreateInstance0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
 
 

Vorgang:

   VSS-Server wird instanziiert
 

Error: (08/13/2013 09:51:11 PM) (Source: VSS)(User: )

Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
 
 

Vorgang:

   VSS-Server wird instanziiert
 

Error: (08/13/2013 08:39:57 PM) (Source: System Restore)(User: )

Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x80042302
 

Error: (08/13/2013 08:39:57 PM) (Source: VSS)(User: )

Description: CoCreateInstance0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
 
 

Vorgang:

   VSS-Server wird instanziiert
 

Error: (08/13/2013 08:39:57 PM) (Source: VSS)(User: )

Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
 
 

Vorgang:

   VSS-Server wird instanziiert
 

Error: (08/13/2013 08:39:57 PM) (Source: VSS)(User: )

Description: CoCreateInstance0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
 
 

Vorgang:

   VSS-Server wird instanziiert
 

Error: (08/13/2013 08:39:57 PM) (Source: VSS)(User: )

Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
 
 

Vorgang:

   VSS-Server wird instanziiert
 

Error: (08/13/2013 02:32:53 PM) (Source: Application Error)(User: )

Description: mcshield.exe15.1.0.52050f59f8dunknown0.0.0.000000000c000000500000000000000008d801ce98206a58109aC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeunknown7928ebef-0414-11e3-be99-689423b7754a
 

Error: (08/13/2013 02:32:51 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)

Description: VSCORE.15.1.0.520

Exception Code       : 0X00000000C0000005

Exception Address    : 0000000000000000

Exception Parameters : 2

 Param 1 = 0X0000000000000008

 Param 2 = 0000000000000000
 

More information :
 

Error: (08/13/2013 01:50:53 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: NOTEBOOK-MARCUS)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141
 
 

CodeIntegrity Errors:

===================================

  Date: 2013-08-13 20:49:24.539

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 17%

Total physical RAM: 8081.27 MB

Available physical RAM: 6628.19 MB

Total Pagefile: 9297.27 MB

Available Pagefile: 7953.22 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:576.9 GB) (Free:453.75 GB) NTFS (Disk=0 Partition=4) ==>[System with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:18.49 GB) (Free:1.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 596 GB) (Disk ID: A50E1C7D)
 

Partition: GPT Partition Type

==================== End Of Log ============================

Ok.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{14469580-af34-d9b4-b9db-ff816580cb5d}\   \...\???\{14469580-af34-d9b4-b9db-ff816580cb5d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

C:\Program Files (x86)\Google\Desktop\Install\{14469580-af34-d9b4-b9db-ff816580cb5d}

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

hier das aktuelle fix log

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2013 01

Ran by Marcus at 2013-08-13 22:12:31 Run:1

Running from C:\Users\Marcus\Desktop

Boot Mode: Normal

==============================================
 

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
 

==== End of Fixlog ====

Äähm, was hast du denn für ein Fixskript genommen..? :confused:

Die du oben gepostet hast

Code:

U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{14469580-af34-d9b4-b9db-ff816580cb5d}\   \...\???\{14469580-af34-d9b4-b9db-ff816580cb5d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

C:\Program Files (x86)\Google\Desktop\Install\{14469580-af34-d9b4-b9db-ff816580cb5d}

ich habs nochmal gemacht... *komisch*
jetzt sieht es anders aus>

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2013 01

Ran by Marcus at 2013-08-13 22:23:28 Run:2

Running from C:\Users\Marcus\Desktop

Boot Mode: Normal

==============================================
 

*etadpug => Service deleted successfully.

"C:\Program Files (x86)\Google\Desktop\Install\{14469580-af34-d9b4-b9db-ff816580cb5d}" => File/Directory not found.
 

==== End of Fixlog ====

Ja das ist wirklich komisch... :D

Schritt 1

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Bitte poste in deiner nächsten Antwort:

Log von AdwCleaner
Log von FRST

er hat nur einmal gebootet :)

ADWCLEANER

Code:

# AdwCleaner v2.306 - Datei am 13/08/2013 um 22:54:20 erstellt

# Aktualisiert am 19/07/2013 von Xplode

# Betriebssystem : Windows 8  (64 bits)

# Benutzer : Marcus - NOTEBOOK-MARCUS

# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung

# Ausgeführt unter : C:\Users\Marcus\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gelöscht : C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk

Ordner Gelöscht : C:\Users\Marcus\AppData\LocalLow\boost_interprocess
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v10.0.9200.16537
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v23.0 (de)
 

Datei : C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\71px9esy.default\prefs.js
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[S1].txt - [1685 octets] - [13/08/2013 22:54:20]
 

########## EOF - C:\AdwCleaner[S1].txt - [1745 octets] ##########

FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013 01

Ran by Marcus (administrator) on 13-08-2013 22:57:38

Running from C:\Users\Marcus\Desktop

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Safe Mode (with Networking)
 

==================== Processes (Whitelisted) =================
 

(McAfee, Inc.) C:\Windows\system32\mfevtps.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-25] (Synaptics Incorporated)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)

HKLM\...\Run: [PrnStatusMX] - C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1238528 2007-08-29] (Marvell Semiconductor, Inc.)

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-18] (IDT, Inc.)

HKCU\...\Run: [SkyDrive] - C:\Users\Marcus\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-07-01] (Microsoft Corporation)

HKCU\...\Run: [AVMUSBFernanschluss] - C:\Users\Marcus\AppData\Local\Apps\2.0\8QC1D64Z.G8Y\JBDBVKJY.DJD\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2013-02-23] (AVM Berlin)

HKCU\...\Run: [Power2GoExpress8] - NA [x]

HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2013-07-03] (Siber Systems)

HKCU\...\RunOnce: [Report] - C:\AdwCleaner[S1].txt [1806 2013-08-13] ()

HKLM-x32\...\Run: [] -  [x]

HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)

HKLM-x32\...\Run: [KCodes UDS Control Center] - C:\Program Files (x86)\Assmann\USB Device Server\Control Center.exe [5699072 2012-12-11] ()

HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)

HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)

HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk

ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk

ShortcutTarget: t@x aktuell.lnk -> C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe ()

Startup: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Marcus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk

ShortcutTarget: Mediencenter.lnk -> C:\Users\Marcus\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM - {7DB12146-D087-42B0-8F6C-F759DCCEC646} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM-x32 - {7DB12146-D087-42B0-8F6C-F759DCCEC646} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKCU - {08C1882F-C0C5-4248-AFDD-295D9A5A69AC} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}

SearchScopes: HKCU - {7DB12146-D087-42B0-8F6C-F759DCCEC646} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)

BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
 

FireFox:

========

FF ProfilePath: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\71px9esy.default

FF Homepage: hxxp://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)

FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)

FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF Extension: HP Detect - C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\71px9esy.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}

FF Extension: firebug - C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\71px9esy.default\Extensions\firebug@software.joehewitt.com.xpi

FF Extension: No Name - C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\71px9esy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor

FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
 

==================== Services (Whitelisted) =================
 

S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)

S3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)

S2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)

S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)

S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)

S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [332080 2012-01-26] (McAfee, Inc.)

S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [384048 2013-02-26] (McAfee, Inc.)

S4 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)

S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation)

S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)

S2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R3 AssmannUDSMBus; C:\Windows\SysWow64\Drivers\AssmannUDSMBus.sys [102688 2012-09-21] (Windows (R) Codename Longhorn DDK provider)

S3 AssmannUDSTcpBus; C:\Windows\SysWow64\Drivers\AssmannUDSTcpBus.sys [181024 2012-09-21] (Windows (R) Codename Longhorn DDK provider)

S3 avmaura; C:\Windows\System32\drivers\avmaura.sys [116480 2013-02-23] (AVM Berlin)

S3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)

U4 BthAvrcpTg; 

U4 BthHFEnum; 

U4 bthhfhid; 

S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)

S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)

S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69168 2013-02-19] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)

S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-14] (Realtek Semiconductor Corp.)

S3 rtbth; C:\Windows\System32\drivers\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-02-08] (Hewlett-Packard Development Company, L.P.)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-13 22:54 - 2013-08-13 22:54 - 00001806 _____ C:\AdwCleaner[S1].txt

2013-08-13 21:45 - 2013-08-13 21:45 - 00000050 _____ C:\Program Files\.directory

2013-08-13 21:26 - 2013-08-13 21:26 - 00000050 _____ C:\Program Files (x86)\.directory

2013-08-13 21:00 - 2013-08-13 22:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-08-13 20:59 - 2013-08-13 20:59 - 00000000 ____D C:\Users\Marcus\Desktop\mbar-1.06.1.1005

2013-08-13 20:59 - 2013-08-13 20:59 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-13 20:58 - 2013-08-13 20:59 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Marcus\Desktop\mbar-1.06.1.1005.exe

2013-08-13 20:52 - 2013-08-13 20:52 - 00029995 _____ C:\ComboFix.txt

2013-08-13 20:39 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe

2013-08-13 20:39 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe

2013-08-13 20:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-08-13 20:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-08-13 20:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-08-13 20:39 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe

2013-08-13 20:39 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe

2013-08-13 20:39 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe

2013-08-13 20:39 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe

2013-08-13 20:37 - 2013-08-13 20:52 - 00000000 ____D C:\Qoobox

2013-08-13 20:37 - 2013-08-13 20:50 - 00000000 ____D C:\Windows\erdnt

2013-08-13 20:36 - 2013-08-13 20:36 - 05103833 ____R (Swearware) C:\Users\Marcus\Desktop\ComboFix.exe

2013-08-13 20:08 - 2013-08-13 20:08 - 00001034 _____ C:\Users\Marcus\Desktop\test.reg

2013-08-13 19:57 - 2013-08-13 21:51 - 00020912 _____ C:\Users\Marcus\Desktop\Addition1.txt

2013-08-13 19:57 - 2013-08-13 21:51 - 00009545 _____ C:\Users\Marcus\Desktop\Addition.txt

2013-08-13 19:56 - 2013-08-13 19:56 - 00000000 ____D C:\FRST

2013-08-13 19:55 - 2013-08-13 19:55 - 01575274 _____ (Farbar) C:\Users\Marcus\Desktop\FRST64.exe

2013-08-13 14:44 - 2013-08-13 14:44 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys

2013-08-13 13:34 - 2013-08-13 13:34 - 00000000 ____D C:\Quarantine

2013-08-13 13:33 - 2013-08-13 13:33 - 00001151 _____ C:\Users\Marcus\Desktop\Mediencenter.lnk

2013-08-13 12:23 - 2013-08-13 13:05 - 00000000 ____D C:\Users\Marcus\Downloads\appgini_freeware

2013-08-13 12:23 - 2013-08-13 12:23 - 00000991 _____ C:\Users\Marcus\Desktop\AppGini.lnk

2013-08-13 12:23 - 2013-08-13 12:23 - 00000000 ____D C:\Program Files (x86)\AppGini

2013-08-13 12:23 - 2013-08-13 12:22 - 06919420 ____R C:\Users\Marcus\Downloads\appgini_freeware.zip

2013-08-13 12:23 - 2010-01-02 00:00 - 00787456 _____ C:\Windows\SysWOW64\EditCtlsU.ocx

2013-08-13 12:23 - 2007-08-08 13:40 - 00244416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msflxgrd.ocx

2013-08-13 12:23 - 2007-08-08 13:39 - 01066176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mscomctl.ocx

2013-08-13 12:23 - 2007-08-08 13:39 - 00415176 _____ (Microsoft Corporation ) C:\Windows\SysWOW64\Comct332.ocx

2013-08-13 12:23 - 2007-08-08 13:39 - 00209608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tabctl32.ocx

2013-08-13 12:23 - 2007-08-08 13:39 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx

2013-08-13 12:23 - 2004-02-22 23:00 - 00119808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msstdfmt.dll

2013-08-09 20:50 - 2013-08-09 20:56 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\MySQL

2013-08-09 20:48 - 2013-08-09 20:49 - 30949323 _____ C:\Users\Marcus\Downloads\mysql-workbench-gpl-5.2.47-win32-noinstall.zip

2013-08-09 19:03 - 2013-08-09 19:07 - 00002728 _____ C:\Users\Marcus\SuperPutty.settings

2013-08-09 19:01 - 2013-08-09 19:07 - 00000000 ____D C:\Users\Marcus\Documents\SuperPuTTY

2013-08-09 19:00 - 2013-08-09 19:00 - 00728780 _____ C:\Users\Marcus\Downloads\SuperPutty-1.4.0.4.zip

2013-08-09 19:00 - 2013-08-09 19:00 - 00000000 ____D C:\Users\Marcus\Downloads\SuperPutty-1.4.0.4

2013-08-07 17:47 - 2013-08-07 17:47 - 02090358 _____ C:\Users\Marcus\Desktop\fotosJutta.zip

2013-08-07 17:47 - 2013-08-07 17:47 - 00000000 ____D C:\Users\Marcus\Desktop\fotosJutta

2013-08-06 22:04 - 2013-08-06 22:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-04 21:10 - 2013-08-04 21:10 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-08-04 21:10 - 2013-08-04 21:10 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-08-04 21:10 - 2013-08-04 21:10 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-08-04 21:10 - 2013-08-04 21:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-08-04 21:10 - 2013-08-04 21:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-08-04 21:10 - 2013-08-04 21:10 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-08-04 21:10 - 2013-08-04 21:10 - 00000000 ____D C:\ProgramData\Sun

2013-08-04 21:10 - 2013-08-04 21:10 - 00000000 ____D C:\Program Files (x86)\Java

2013-08-04 21:08 - 2013-08-04 21:08 - 00903080 _____ (Oracle Corporation) C:\Users\Marcus\Downloads\jxpiinstall.exe

2013-08-04 12:21 - 2013-08-04 12:21 - 00000000 ____D C:\Users\Marcus\Documents\tax

2013-08-04 12:08 - 2013-08-04 12:09 - 00000000 ____D C:\Users\Marcus\AppData\Local\Buhl

2013-08-04 12:08 - 2013-08-04 12:08 - 00002214 _____ C:\Users\Public\Desktop\t@x 2013.lnk

2013-08-04 12:08 - 2013-08-04 12:08 - 00000063 _____ C:\Windows\wiso.ini

2013-08-04 12:07 - 2013-08-04 12:07 - 00000000 ____D C:\Program Files (x86)\Buhl finance

2013-08-04 12:06 - 2013-08-04 12:09 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH

2013-08-04 11:50 - 2013-08-04 12:05 - 502621696 _____ C:\Users\Marcus\Downloads\TaxSteuersoftware2013.exe

2013-08-04 10:58 - 2013-08-04 10:59 - 36864847 _____ (Indigo Rose Corporation) C:\Users\Marcus\Downloads\schrankplaner_setup.exe

2013-07-22 20:58 - 2013-07-22 21:00 - 00000000 ____D C:\Windows\system32\MRT

2013-07-22 20:48 - 2013-07-22 21:08 - 233871960 _____ (NVIDIA Corporation) C:\Users\Marcus\Downloads\320.49-notebook-win8-win7-64bit-international-whql.exe

2013-07-20 22:27 - 2013-08-13 13:09 - 04993816 _____ C:\Windows\system32\FNTCACHE.DAT

2013-07-18 21:03 - 2013-07-18 21:03 - 00156539 _____ C:\Users\Marcus\Downloads\pkg_xmap-2.3.2.zip

2013-07-17 06:35 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys

2013-07-17 06:35 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys

2013-07-17 06:35 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys

2013-07-17 06:35 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe

2013-07-17 06:35 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-07-17 06:35 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS

2013-07-17 06:35 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS

2013-07-17 06:35 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-07-17 06:35 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys

2013-07-17 06:35 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

2013-07-17 06:35 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-07-17 06:35 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll

2013-07-17 06:35 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll

2013-07-17 06:35 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll

2013-07-17 06:35 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll

2013-07-17 06:35 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll

2013-07-17 06:35 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe

2013-07-17 06:35 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll

2013-07-17 06:35 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2013-07-17 06:35 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll

2013-07-17 06:35 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe

2013-07-17 06:35 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll

2013-07-17 06:35 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll

2013-07-17 06:35 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll

2013-07-17 06:35 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll

2013-07-17 06:35 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll

2013-07-17 06:35 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll

2013-07-17 06:35 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2013-07-17 06:35 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll

2013-07-17 06:35 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2013-07-17 06:35 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2013-07-17 06:35 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2013-07-17 06:35 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2013-07-17 06:35 - 2013-05-20 02:08 - 00386642 _____ C:\Windows\system32\ApnDatabase.xml

2013-07-17 06:34 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys

2013-07-14 11:17 - 2013-07-14 11:19 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\YCanPDF

2013-07-14 11:17 - 2013-07-14 11:18 - 00000000 ____D C:\output

2013-07-14 11:17 - 2013-07-14 11:17 - 00000000 ____D C:\tmp

2013-07-14 11:15 - 2013-07-14 11:18 - 00000030 _____ C:\Users\Marcus\AppData\Roaming\setup.ini

2013-07-14 11:15 - 2013-07-14 11:17 - 00000003 _____ C:\Users\Marcus\AppData\Roaming\options.ini

2013-07-14 11:15 - 2013-07-14 11:15 - 00000943 _____ C:\Users\Public\Desktop\PDFZilla.lnk

2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Program Files (x86)\PDFZilla

2013-07-14 11:15 - 2013-06-09 10:34 - 00000043 _____ C:\Users\Marcus\AppData\Roaming\setup_pdfrotator.ini

2013-07-14 11:15 - 2013-06-09 09:38 - 00000053 _____ C:\Users\Marcus\AppData\Roaming\setting.ini

2013-07-14 11:15 - 2013-06-09 09:30 - 00000043 _____ C:\Users\Marcus\AppData\Roaming\setup_pdfcombine.ini

2013-07-14 11:15 - 2013-02-23 12:15 - 00000003 _____ C:\Users\Marcus\AppData\Roaming\options_pdfrotator.ini

2013-07-14 11:15 - 2012-07-07 13:04 - 00000003 _____ C:\Users\Marcus\AppData\Roaming\options_pdfcombine.ini

2013-07-14 11:13 - 2013-07-14 11:13 - 00000000 ____D C:\Users\Marcus\Downloads\PDFZillaV3

2013-07-14 11:12 - 2013-07-14 11:13 - 18016895 _____ C:\Users\Marcus\Downloads\PDFZillaV3.zip
 

==================== One Month Modified Files and Folders =======
 

2013-08-13 22:54 - 2013-08-13 22:54 - 00666633 _____ C:\Users\Marcus\Desktop\adwcleaner.exe

2013-08-13 22:54 - 2013-08-13 22:54 - 00001806 _____ C:\AdwCleaner[S1].txt

2013-08-13 22:54 - 2012-10-25 00:16 - 00828878 _____ C:\Windows\system32\perfh007.dat

2013-08-13 22:54 - 2012-10-25 00:16 - 00188018 _____ C:\Windows\system32\perfc007.dat

2013-08-13 22:54 - 2012-07-26 09:28 - 01949368 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-13 22:49 - 2012-08-04 00:23 - 00475692 _____ C:\Windows\PFRO.log

2013-08-13 22:29 - 2013-08-13 21:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-08-13 21:51 - 2013-08-13 19:57 - 00020912 _____ C:\Users\Marcus\Desktop\Addition1.txt

2013-08-13 21:51 - 2013-08-13 19:57 - 00009545 _____ C:\Users\Marcus\Desktop\Addition.txt

2013-08-13 21:45 - 2013-08-13 21:45 - 00000050 _____ C:\Program Files\.directory

2013-08-13 21:45 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender

2013-08-13 21:26 - 2013-08-13 21:26 - 00000050 _____ C:\Program Files (x86)\.directory

2013-08-13 20:59 - 2013-08-13 20:59 - 00000000 ____D C:\Users\Marcus\Desktop\mbar-1.06.1.1005

2013-08-13 20:59 - 2013-08-13 20:59 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-13 20:59 - 2013-08-13 20:58 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Marcus\Desktop\mbar-1.06.1.1005.exe

2013-08-13 20:52 - 2013-08-13 20:52 - 00029995 _____ C:\ComboFix.txt

2013-08-13 20:52 - 2013-08-13 20:37 - 00000000 ____D C:\Qoobox

2013-08-13 20:52 - 2012-07-26 07:37 - 00000000 __RHD C:\Users\Default

2013-08-13 20:50 - 2013-08-13 20:37 - 00000000 ____D C:\Windows\erdnt

2013-08-13 20:49 - 2012-07-26 07:26 - 00000215 _____ C:\Windows\system.ini

2013-08-13 20:36 - 2013-08-13 20:36 - 05103833 ____R (Swearware) C:\Users\Marcus\Desktop\ComboFix.exe

2013-08-13 20:08 - 2013-08-13 20:08 - 00001034 _____ C:\Users\Marcus\Desktop\test.reg

2013-08-13 19:56 - 2013-08-13 19:56 - 00000000 ____D C:\FRST

2013-08-13 19:55 - 2013-08-13 19:55 - 01575274 _____ (Farbar) C:\Users\Marcus\Desktop\FRST64.exe

2013-08-13 19:16 - 2013-01-28 20:34 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Dropbox

2013-08-13 19:15 - 2013-03-27 13:49 - 00000000 ____D C:\Windows\pss

2013-08-13 19:12 - 2013-01-28 18:04 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-418063148-2677929952-3949280998-1002

2013-08-13 19:09 - 2013-02-02 22:15 - 00000000 ___RD C:\Users\Marcus\Mediencenter

2013-08-13 19:09 - 2013-01-28 20:38 - 00000000 ___RD C:\Users\Marcus\Dropbox

2013-08-13 19:08 - 2013-02-23 11:39 - 00008380 _____ C:\Windows\avmacc.log

2013-08-13 19:07 - 2013-01-28 19:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-13 19:06 - 2012-09-26 09:53 - 00000950 _____ C:\Windows\SysWOW64\bscs.ini

2013-08-13 19:06 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-13 19:04 - 2013-02-19 07:39 - 00000000 ____D C:\Program Files (x86)\stinger

2013-08-13 14:56 - 2013-01-28 17:53 - 01386972 _____ C:\Windows\WindowsUpdate.log

2013-08-13 14:44 - 2013-08-13 14:44 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys

2013-08-13 14:26 - 2013-01-28 17:53 - 00000000 ____D C:\Users\Marcus

2013-08-13 13:59 - 2013-06-25 21:10 - 00003620 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI

2013-08-13 13:59 - 2013-06-25 21:10 - 00000043 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI

2013-08-13 13:59 - 2013-02-23 11:52 - 00005168 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for NOTEBOOK-MARCUS-Marcus Notebook-Marcus

2013-08-13 13:58 - 2013-02-02 22:02 - 00000000 ___RD C:\Users\Marcus\SkyDrive

2013-08-13 13:36 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru

2013-08-13 13:34 - 2013-08-13 13:34 - 00000000 ____D C:\Quarantine

2013-08-13 13:33 - 2013-08-13 13:33 - 00001151 _____ C:\Users\Marcus\Desktop\Mediencenter.lnk

2013-08-13 13:33 - 2013-02-02 22:13 - 00001137 _____ C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mediencenter.lnk

2013-08-13 13:29 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI

2013-08-13 13:14 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM

2013-08-13 13:09 - 2013-07-20 22:27 - 04993816 _____ C:\Windows\system32\FNTCACHE.DAT

2013-08-13 13:09 - 2013-01-31 16:43 - 00000368 _____ C:\Windows\Tasks\HPCeeScheduleForMarcus.job

2013-08-13 13:08 - 2013-01-28 18:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-13 13:05 - 2013-08-13 12:23 - 00000000 ____D C:\Users\Marcus\Downloads\appgini_freeware

2013-08-13 12:23 - 2013-08-13 12:23 - 00000991 _____ C:\Users\Marcus\Desktop\AppGini.lnk

2013-08-13 12:23 - 2013-08-13 12:23 - 00000000 ____D C:\Program Files (x86)\AppGini

2013-08-13 12:22 - 2013-08-13 12:23 - 06919420 ____R C:\Users\Marcus\Downloads\appgini_freeware.zip

2013-08-13 11:59 - 2013-01-31 16:43 - 00003184 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMarcus

2013-08-13 11:59 - 2013-01-29 15:45 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log

2013-08-13 11:58 - 2012-11-04 02:25 - 00000000 ____D C:\Windows\Hewlett-Packard

2013-08-13 11:58 - 2012-08-04 02:02 - 00000000 ____D C:\SWSetup

2013-08-13 11:55 - 2013-01-29 15:45 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2013-08-13 11:55 - 2012-10-24 14:53 - 00000000 ____D C:\ProgramData\Hewlett-Packard

2013-08-13 08:36 - 2013-01-28 22:01 - 00000000 ____D C:\Users\Marcus\AppData\Local\Adobe

2013-08-09 21:17 - 2013-02-02 00:46 - 00000600 _____ C:\Users\Marcus\AppData\Local\PUTTY.RND

2013-08-09 21:17 - 2013-01-28 23:05 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\FileZilla

2013-08-09 20:56 - 2013-08-09 20:50 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\MySQL

2013-08-09 20:49 - 2013-08-09 20:48 - 30949323 _____ C:\Users\Marcus\Downloads\mysql-workbench-gpl-5.2.47-win32-noinstall.zip

2013-08-09 19:07 - 2013-08-09 19:03 - 00002728 _____ C:\Users\Marcus\SuperPutty.settings

2013-08-09 19:07 - 2013-08-09 19:01 - 00000000 ____D C:\Users\Marcus\Documents\SuperPuTTY

2013-08-09 19:00 - 2013-08-09 19:00 - 00728780 _____ C:\Users\Marcus\Downloads\SuperPutty-1.4.0.4.zip

2013-08-09 19:00 - 2013-08-09 19:00 - 00000000 ____D C:\Users\Marcus\Downloads\SuperPutty-1.4.0.4

2013-08-09 16:14 - 2013-01-28 17:53 - 00000000 ____D C:\Users\Marcus\AppData\Local\Packages

2013-08-09 16:14 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent

2013-08-08 22:21 - 2013-03-25 14:43 - 00069120 ___SH C:\Users\Marcus\Desktop\Thumbs.db

2013-08-07 21:31 - 2013-01-30 17:43 - 00001090 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk

2013-08-07 17:47 - 2013-08-07 17:47 - 02090358 _____ C:\Users\Marcus\Desktop\fotosJutta.zip

2013-08-07 17:47 - 2013-08-07 17:47 - 00000000 ____D C:\Users\Marcus\Desktop\fotosJutta

2013-08-06 22:04 - 2013-08-06 22:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-04 21:10 - 2013-08-04 21:10 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-08-04 21:10 - 2013-08-04 21:10 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-08-04 21:10 - 2013-08-04 21:10 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-08-04 21:10 - 2013-08-04 21:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-08-04 21:10 - 2013-08-04 21:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-08-04 21:10 - 2013-08-04 21:10 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-08-04 21:10 - 2013-08-04 21:10 - 00000000 ____D C:\ProgramData\Sun

2013-08-04 21:10 - 2013-08-04 21:10 - 00000000 ____D C:\Program Files (x86)\Java

2013-08-04 21:08 - 2013-08-04 21:08 - 00903080 _____ (Oracle Corporation) C:\Users\Marcus\Downloads\jxpiinstall.exe

2013-08-04 12:28 - 2013-01-28 20:38 - 00001027 _____ C:\Users\Marcus\Desktop\Dropbox.lnk

2013-08-04 12:28 - 2013-01-28 20:36 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2013-08-04 12:28 - 2013-01-28 17:56 - 00000000 ___RD C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-08-04 12:21 - 2013-08-04 12:21 - 00000000 ____D C:\Users\Marcus\Documents\tax

2013-08-04 12:09 - 2013-08-04 12:08 - 00000000 ____D C:\Users\Marcus\AppData\Local\Buhl

2013-08-04 12:09 - 2013-08-04 12:06 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH

2013-08-04 12:08 - 2013-08-04 12:08 - 00002214 _____ C:\Users\Public\Desktop\t@x 2013.lnk

2013-08-04 12:08 - 2013-08-04 12:08 - 00000063 _____ C:\Windows\wiso.ini

2013-08-04 12:07 - 2013-08-04 12:07 - 00000000 ____D C:\Program Files (x86)\Buhl finance

2013-08-04 12:07 - 2012-10-24 14:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-08-04 12:05 - 2013-08-04 11:50 - 502621696 _____ C:\Users\Marcus\Downloads\TaxSteuersoftware2013.exe

2013-08-04 10:59 - 2013-08-04 10:58 - 36864847 _____ (Indigo Rose Corporation) C:\Users\Marcus\Downloads\schrankplaner_setup.exe

2013-07-30 20:06 - 2013-02-03 21:32 - 00001456 _____ C:\Users\Marcus\AppData\Local\Adobe Für Web speichern 12.0 Prefs

2013-07-29 21:35 - 2013-01-28 19:47 - 00000000 ___RD C:\Users\Marcus\Kunden

2013-07-25 21:07 - 2012-10-24 14:41 - 00000000 ____D C:\Program Files (x86)\CyberLink

2013-07-25 20:35 - 2013-03-22 18:51 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Mp3tag

2013-07-25 20:34 - 2013-01-28 19:20 - 00000000 ____D C:\mp3

2013-07-22 21:08 - 2013-07-22 20:48 - 233871960 _____ (NVIDIA Corporation) C:\Users\Marcus\Downloads\320.49-notebook-win8-win7-64bit-international-whql.exe

2013-07-22 21:03 - 2012-11-04 02:31 - 00000000 ____D C:\Windows\SysWOW64\NV

2013-07-22 21:03 - 2012-11-04 02:31 - 00000000 ____D C:\Windows\system32\NV

2013-07-22 21:03 - 2012-11-04 02:17 - 00000000 ____D C:\ProgramData\NVIDIA

2013-07-22 21:00 - 2013-07-22 20:58 - 00000000 ____D C:\Windows\system32\MRT

2013-07-20 22:27 - 2013-02-20 20:42 - 00000000 ____D C:\Program Files (x86)\McAfee

2013-07-18 21:03 - 2013-07-18 21:03 - 00156539 _____ C:\Users\Marcus\Downloads\pkg_xmap-2.3.2.zip

2013-07-15 21:05 - 2013-05-03 16:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-07-15 21:05 - 2013-05-03 16:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-07-15 21:02 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal

2013-07-15 21:02 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe

2013-07-14 23:21 - 2013-06-04 20:11 - 00000132 _____ C:\Users\Marcus\AppData\Roaming\Adobe PNG Format CS5 Prefs

2013-07-14 11:19 - 2013-07-14 11:17 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\YCanPDF

2013-07-14 11:18 - 2013-07-14 11:17 - 00000000 ____D C:\output

2013-07-14 11:18 - 2013-07-14 11:15 - 00000030 _____ C:\Users\Marcus\AppData\Roaming\setup.ini

2013-07-14 11:17 - 2013-07-14 11:17 - 00000000 ____D C:\tmp

2013-07-14 11:17 - 2013-07-14 11:15 - 00000003 _____ C:\Users\Marcus\AppData\Roaming\options.ini

2013-07-14 11:15 - 2013-07-14 11:15 - 00000943 _____ C:\Users\Public\Desktop\PDFZilla.lnk

2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Program Files (x86)\PDFZilla

2013-07-14 11:13 - 2013-07-14 11:13 - 00000000 ____D C:\Users\Marcus\Downloads\PDFZillaV3

2013-07-14 11:13 - 2013-07-14 11:12 - 18016895 _____ C:\Users\Marcus\Downloads\PDFZillaV3.zip

2013-07-14 11:05 - 2013-01-28 18:31 - 00000000 ____D C:\Program Files\Microsoft Office 15
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!
 
 

LastRegBack: 2013-07-21 11:05
 

==================== End Of Log ============================

--- --- ---

Kannst du den Rechner in den normalen Modus starten?

ja, geht
mcafee scheint sauber zu laufen ...
schnellscan sagt : alles ok
kann ich das noch weiter verifizieren ?