Windows 7 : Wie entferne ich Do-Search?

Manira · 21.11.2013, 20:40

Hallo, ich habe folgendes Problem:

Ich bekomme es einfach nicht hin Google wieder als Standardbrowser einzurichten. Immer wieder wird die Startseite durch Do-Search ersetzt.
Zudem ist jede der Webseiten die ich öffne zugespamt mit Werbung.

Ich habe bereits alle mir unnötig erscheinenden Programme gelöscht und Avira, Malware Bytes und Eset Online Scanner durchlaufen lassen,
jedoch ohne Erfolg. (Habe die Log-files von Malwarebytes, GMER und FRST bereits angehängt.)

Da ich ein ziemlicher Laie bin was Computer angeht, hoffe ich, dass mich jemand anleiten kann das Problem zu beheben.

Vielen Dank schon mal im Voraus, beste Grüße!

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.21.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Nina :: NINA-HP [Administrator]

Schutz: Aktiviert

21.11.2013 19:41:25
MBAM-log-2013-11-21 (20-22-06).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211411
Laufzeit: 8 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 35
HKCR\CLSID\{11111111-1111-1111-1111-110311121157} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{44444444-4444-4444-4444-440344124457} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
HKCR\Interface\{55555555-5555-5555-5555-550355125557} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0031257.BHO.1 (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121157} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311121157} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311121157} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{11111111-1111-1111-1111-110311851132} (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{44444444-4444-4444-4444-440344854432} (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
HKCR\Interface\{55555555-5555-5555-5555-550355855532} (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0038532.BHO.1 (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311851132} (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311851132} (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311851132} (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
HKCR\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044} (PUP.Optional.MiniBar.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044} (PUP.Optional.MiniBar.A) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0031257.BHO (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0031257.Sandbox (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0031257.Sandbox.1 (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0038532.BHO (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0038532.Sandbox (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0038532.Sandbox.1 (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKCU\Software\InstalledBrowserExtensions\Feven (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
HKCU\Software\InstalledBrowserExtensions\Plus HD (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Feven 1.5 (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Plus-HD-1.3 (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-1.3 (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Feven 1.5 (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0A1O1GtGtAtH1F1M1StGtCtH1B -> Keine Aktion durchgeführt.
HKCU\Software\InstalledBrowserExtensions\215 Apps|2258 (PUP.CrossFire.SA) -> Daten: I Want This -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.DoSearch.A) -> Bösartig: (hxxp://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKCU\Software\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.DoSearch.A) -> Bösartig: (hxxp://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (PUP.Optional.DoSearch.A) -> Bösartig: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://do-search.com/?type=sc&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX) Gut: (firefox.exe) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.DoSearch.A) -> Bösartig: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://do-search.com/?type=sc&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX) Gut: (iexplore.exe) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.DoSearch.A) -> Bösartig: (hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.DoSearch.A) -> Bösartig: (hxxp://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bösartig: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Keine Aktion durchgeführt.
HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.DoSearch.A) -> Bösartig: (hxxp://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 5
C:\Users\Nina\Documents\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Plus-HD-1.3 (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5 (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 76
C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho.dll (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho64.dll (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5\Feven 1.5-bho.dll (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5\Feven 1.5-bho64.dll (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-21-3930853845-1546403764-1166621345-1000\$RJ7X8FG.exe (PUP.Optional.JumpyApps) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Local\Temp\+BoqtafW.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Local\Temp\appshat-distribution.exe (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Local\Temp\i_eG4Cn8.exe.part (PUP.Optional.Bandoo) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Local\Temp\qQqSBN1h.exe.part (PUP.Optional.Solimba) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Local\Temp\WpPYYg_a.exe.part (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Local\Temp\YO1znX5i.exe.part (PUP.Optional.DomaIQ) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Local\Temp\DM\parent.txt (PUP.Optional.DomalIQ.A) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Local\Temp\DM\setup.exe (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Local\Temp\DM\SPIdentifier.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Local\Temp\DM\software\Dealply.exe (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Local\Temp\DM\software\feven-1-5.exe (PUP.Optional.AdLyrics) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Local\Temp\DM\software\plus-hd-1-3.exe (PUP.Optional.AdLyrics) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Local\Temp\DM\software\tugs_do-search_new.exe (PUP.Optional.DoSearch.A) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Local\Temp\DM\software\wajam_download.exe (PUP.Optional.Wajam) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Local\Temp\fullpackage_temp1384895503\tmp\eGdpSvc.exe (PUP.Optional.Wsys.A) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Local\Temp\OCS\ocs_v71.exe (PUP.Optional.DownloadSponsor.A) -> Keine Aktion durchgeführt.
C:\Users\Nina\Downloads\Java7(1).exe (PUP.Optional.Domalq) -> Keine Aktion durchgeführt.
C:\Users\Nina\Downloads\Java7.exe (PUP.Optional.Domalq) -> Keine Aktion durchgeführt.
C:\Users\Nina\Downloads\setup.exe (PUP.Optional.DomalIQ.A) -> Keine Aktion durchgeführt.
C:\Users\Nina\Downloads\TheOCS03E24HDTVXviD-LOLavi.exe (PUP.Optional.OneClickDownloader.A) -> Keine Aktion durchgeführt.
C:\Users\Nina\Downloads\ZipExtractorSetup.exe (PUP.Optional.JumpyApps) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\Plus-HD-1.3-enabler.job (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\Plus-HD-1.3-updater.job (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Users\Nina\Documents\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\do-search.xml (PUP.Optional.DoSearch.A) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\Feven 1.5-chromeinstaller.job (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\Feven 1.5-codedownloader.job (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\Feven 1.5-enabler.job (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\Feven 1.5-updater.job (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Roaming\DealPly\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Plus-HD-1.3\31257.crx (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Plus-HD-1.3\31257.xpi (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Plus-HD-1.3\background.html (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Plus-HD-1.3\Installer.log (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bg.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-buttonutil.dll (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-buttonutil.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-buttonutil64.dll (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-buttonutil64.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-helper.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3.ico (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Plus-HD-1.3\Uninstall.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Plus-HD-1.3\utils.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5\38532.crx (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5\38532.xpi (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5\background.html (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5\Feven 1.5-bg.exe (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5\Feven 1.5-buttonutil.dll (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5\Feven 1.5-buttonutil.exe (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5\Feven 1.5-buttonutil64.dll (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5\Feven 1.5-buttonutil64.exe (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5\Feven 1.5-chromeinstaller.exe (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5\Feven 1.5-codedownloader.exe (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5\Feven 1.5-enabler.exe (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5\Feven 1.5-firefoxinstaller.exe (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5\Feven 1.5-helper.exe (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5\Feven 1.5-updater.exe (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5\Feven 1.5.ico (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5\Installer.log (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5\Uninstall.exe (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Feven 1.5\utils.exe (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.

(Ende)

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-21 01:53:28
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB
Running: pk91pmbk.exe; Driver: C:\Users\Nina\AppData\Local\Temp\kwldqpow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                           fffff800031b8000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                           fffff800031b802f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{17494644-3D40-49F1-B077-13A9B57AD130}\Connection@Name  isatap.{438B93A7-3E07-4A70-99F5-A2C4E7CD2FE9}
Reg       HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind     \Device\{B5325FFA-2A6E-4685-BA7A-B422549F1A80}?\Device\{FED8E63C-DCA6-49BE-899D-C21C4883E106}?\Device\{17494644-3D40-49F1-B077-13A9B57AD130}?\Device\{9423DC50-3EA6-44D6-920E-9A48A594AF7F}?
Reg       HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route    "{B5325FFA-2A6E-4685-BA7A-B422549F1A80}"?"{FED8E63C-DCA6-49BE-899D-C21C4883E106}"?"{17494644-3D40-49F1-B077-13A9B57AD130}"?"{9423DC50-3EA6-44D6-920E-9A48A594AF7F}"?
Reg       HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export   \Device\TCPIP6TUNNEL_{B5325FFA-2A6E-4685-BA7A-B422549F1A80}?\Device\TCPIP6TUNNEL_{FED8E63C-DCA6-49BE-899D-C21C4883E106}?\Device\TCPIP6TUNNEL_{17494644-3D40-49F1-B077-13A9B57AD130}?\Device\TCPIP6TUNNEL_{9423DC50-3EA6-44D6-920E-9A48A594AF7F}?
Reg       HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{17494644-3D40-49F1-B077-13A9B57AD130}@InterfaceName                       isatap.{438B93A7-3E07-4A70-99F5-A2C4E7CD2FE9}
Reg       HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{17494644-3D40-49F1-B077-13A9B57AD130}@ReusableType                        0

---- EOF - GMER 2.1 ----

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Nina (administrator) on NINA-HP on 21-11-2013 00:58:58
Running from C:\Users\Nina\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHAE.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-12-13] (IDT, Inc.)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-19] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [EPSON SX430 Series] - C:\Users\Nina\AppData\Local\Temp\E_S58CA.tmp [126 2012-12-18] ()
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [Facebook Update] - C:\Users\Nina\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-04-19] (Facebook Inc.)
HKCU\...\Run: [Apps Hat] - C:\Users\Nina\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
MountPoints2: {85d0d3e5-fb6b-11e2-9063-984be1b0aebb} - G:\setup.exe AUTORUN=1
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
Startup: C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
URLSearchHook: HKCU - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://do-search.com/?type=sc&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
SearchScopes: HKLM-x32 - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=060612_5_&babsrc=SP_ss&mntrId=00dc6eb800000000000090004e435399
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
SearchScopes: HKCU - {468A2BD5-31A5-49AB-9BA5-630C9B1E30A2} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=AGS&apn_dtid=YYYYYYYYDE&apn_uid=66d8f6d1-4208-4ab0-b554-4a0a901c13cd&apn_sauid=43A98406-308E-4D65-85BE-3E533D971069
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Plus-HD-1.3 - {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho64.dll (Plus HD)
BHO: Feven 1.5 - {11111111-1111-1111-1111-110311851132} - C:\Program Files (x86)\Feven 1.5\Feven 1.5-bho64.dll (Feven)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Plus-HD-1.3 - {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho.dll (Plus HD)
BHO-x32: Feven 1.5 - {11111111-1111-1111-1111-110311851132} - C:\Program Files (x86)\Feven 1.5\Feven 1.5-bho.dll (Feven)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\k2krtde8.default-1375103848156
FF NewTab: hxxp://do-search.com/newtab/?type=nt&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
FF DefaultSearchEngine: do-search
FF SelectedSearchEngine: do-search
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Nina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\do-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Feven 1.5 - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\k2krtde8.default-1375103848156\Extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com
FF Extension: Plus-HD-1.3 - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\k2krtde8.default-1375103848156\Extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://do-search.com/?type=sc&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX

Chrome: 
=======
CHR Extension: (Feven 1.5) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg\1.25.48_0
CHR Extension: (Babylon Toolbar) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0
CHR Extension: (Plus-HD-1.3) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.94_0
CHR Extension: (avast! WebRep) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0
CHR Extension: (I Want This) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.20.80_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 Dnscache; %SystemRoot%\System32\poua5bj0s.dll [x]
R2 Update-Service; %SystemRoot%\System32\UpdSvc.dll [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG)
S3 clwvd; system32\DRIVERS\clwvd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-21 00:58 - 2013-11-21 01:00 - 00021870 _____ C:\Users\Nina\Downloads\FRST.txt
2013-11-21 00:58 - 2013-11-21 00:58 - 00000000 ____D C:\FRST
2013-11-21 00:57 - 2013-11-21 00:57 - 01957964 _____ (Farbar) C:\Users\Nina\Downloads\FRST64.exe
2013-11-21 00:49 - 2013-11-21 00:49 - 105457292 _____ C:\Windows\SysWOW64\墤샳ƒ
2013-11-21 00:32 - 2013-11-21 00:32 - 00000000 ____D C:\Users\Nina\AppData\Local\{B0D27C3A-C162-43BE-9EEA-ABCC8A6640AB}
2013-11-21 00:25 - 2013-11-21 00:26 - 92120848 _____ (Microsoft Corporation) C:\Users\Nina\Downloads\msert.exe
2013-11-19 23:57 - 2013-03-04 14:15 - 00021096 _____ (ShieldApps) C:\Windows\system32\roboot64.exe
2013-11-19 23:56 - 2013-11-19 23:57 - 05077672 _____ (ShieldApps                                                  ) C:\Users\Nina\Downloads\PCRegistryShieldWWSetup.exe
2013-11-19 22:12 - 2013-11-21 00:40 - 00000000 ____D C:\ProgramData\eSafe
2013-11-19 22:12 - 2013-11-19 22:12 - 00003498 _____ C:\Windows\System32\Tasks\DealPly
2013-11-19 22:12 - 2013-11-19 22:12 - 00000000 ____D C:\Users\Nina\AppData\Roaming\DealPly
2013-11-19 22:10 - 2013-11-19 22:10 - 00457280 _____ C:\Users\Nina\Downloads\setup.exe
2013-11-18 07:40 - 2013-11-18 07:40 - 104837737 _____ C:\Windows\SysWOW64\䔣놛©
2013-11-17 18:56 - 2013-11-17 18:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 18:41 - 2013-11-17 18:45 - 104695876 _____ C:\Windows\SysWOW64\럆ໟQ
2013-11-14 00:43 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 00:43 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 00:43 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 00:43 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 00:43 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 00:43 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 00:43 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 00:43 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 00:43 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 00:43 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 00:42 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 00:42 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 09:52 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 09:52 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 09:52 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 09:52 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 09:52 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 09:52 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 09:52 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 09:52 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 09:52 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 09:52 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 09:52 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 09:52 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 09:52 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 09:52 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 09:52 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 09:52 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 09:52 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 09:52 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 09:52 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 09:52 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 09:52 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 09:52 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 09:52 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 09:52 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 09:52 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 09:52 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 09:52 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 09:52 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 09:52 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 09:52 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-11 23:13 - 2013-11-20 23:13 - 00001294 _____ C:\Windows\Tasks\Plus-HD-1.3-updater.job
2013-11-11 23:13 - 2013-11-20 23:13 - 00001282 _____ C:\Windows\Tasks\Feven 1.5-updater.job
2013-11-11 23:13 - 2013-11-20 23:13 - 00001096 _____ C:\Windows\Tasks\Plus-HD-1.3-enabler.job
2013-11-11 23:13 - 2013-11-20 23:13 - 00001084 _____ C:\Windows\Tasks\Feven 1.5-enabler.job
2013-11-11 23:13 - 2013-11-11 23:13 - 00004324 _____ C:\Windows\System32\Tasks\Plus-HD-1.3-updater
2013-11-11 23:13 - 2013-11-11 23:13 - 00004312 _____ C:\Windows\System32\Tasks\Feven 1.5-updater
2013-11-11 23:13 - 2013-11-11 23:13 - 00004126 _____ C:\Windows\System32\Tasks\Plus-HD-1.3-enabler
2013-11-11 23:13 - 2013-11-11 23:13 - 00004114 _____ C:\Windows\System32\Tasks\Feven 1.5-enabler
2013-11-11 23:12 - 2013-11-20 23:17 - 00001812 _____ C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job
2013-11-11 23:12 - 2013-11-20 23:13 - 00001184 _____ C:\Windows\Tasks\Feven 1.5-codedownloader.job
2013-11-11 23:12 - 2013-11-20 23:12 - 00001904 _____ C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job
2013-11-11 23:12 - 2013-11-20 23:12 - 00001888 _____ C:\Windows\Tasks\Feven 1.5-chromeinstaller.job
2013-11-11 23:12 - 2013-11-20 23:12 - 00001828 _____ C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job
2013-11-11 23:12 - 2013-11-20 23:12 - 00001196 _____ C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job
2013-11-11 23:12 - 2013-11-14 08:24 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-11 23:12 - 2013-11-11 23:13 - 00004226 _____ C:\Windows\System32\Tasks\Plus-HD-1.3-codedownloader
2013-11-11 23:12 - 2013-11-11 23:13 - 00004214 _____ C:\Windows\System32\Tasks\Feven 1.5-codedownloader
2013-11-11 23:12 - 2013-11-11 23:13 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.3
2013-11-11 23:12 - 2013-11-11 23:13 - 00000000 ____D C:\Program Files (x86)\JFileManager
2013-11-11 23:12 - 2013-11-11 23:13 - 00000000 ____D C:\Program Files (x86)\Feven 1.5
2013-11-11 23:12 - 2013-11-11 23:12 - 00001165 _____ C:\Users\Public\Desktop\JFileManager.lnk
2013-11-11 23:11 - 2013-11-11 23:11 - 00000000 ____D C:\Users\Nina\AppData\Local\SearchProtect
2013-11-11 23:11 - 2013-11-11 23:11 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-11-11 23:00 - 2013-11-11 23:00 - 00554576 _____ C:\Users\Nina\Downloads\Java7(1).exe
2013-11-11 22:10 - 2013-11-11 22:10 - 00554576 _____ C:\Users\Nina\Downloads\Java7.exe
2013-11-11 21:26 - 2013-11-11 21:26 - 00262144 _____ C:\Windows\Minidump\111113-23805-01.dmp
2013-11-09 13:49 - 2013-11-09 13:50 - 00000000 ____D C:\Users\Nina\AppData\Local\{A52D555D-DEBF-41DF-9673-340CF5741A09}
2013-11-07 18:33 - 2013-11-11 19:08 - 103716811 _____ C:\Windows\SysWOW64\⋛깛@
2013-10-26 20:55 - 2013-10-26 20:55 - 00262144 _____ C:\Windows\Minidump\102613-33462-01.dmp
2013-10-25 12:52 - 2013-10-25 12:52 - 00000000 ____D C:\Users\Nina\AppData\Local\{EBB3B56E-A38F-4BB2-9A2A-AF2C5C20D76A}
2013-10-25 10:39 - 2013-10-26 18:38 - 103214166 _____ C:\Windows\SysWOW64\뛭ެŠ

==================== One Month Modified Files and Folders =======

2013-11-21 01:00 - 2013-11-21 00:58 - 00021870 _____ C:\Users\Nina\Downloads\FRST.txt
2013-11-21 01:00 - 2009-07-14 05:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-21 01:00 - 2009-07-14 05:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-21 00:58 - 2013-11-21 00:58 - 00000000 ____D C:\FRST
2013-11-21 00:57 - 2013-11-21 00:57 - 01957964 _____ (Farbar) C:\Users\Nina\Downloads\FRST64.exe
2013-11-21 00:52 - 2011-04-22 09:42 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Skype
2013-11-21 00:49 - 2013-11-21 00:49 - 105457292 _____ C:\Windows\SysWOW64\墤샳ƒ
2013-11-21 00:40 - 2013-11-19 22:12 - 00000000 ____D C:\ProgramData\eSafe
2013-11-21 00:32 - 2013-11-21 00:32 - 00000000 ____D C:\Users\Nina\AppData\Local\{B0D27C3A-C162-43BE-9EEA-ABCC8A6640AB}
2013-11-21 00:29 - 2011-02-20 01:37 - 01603281 _____ C:\Windows\WindowsUpdate.log
2013-11-21 00:26 - 2013-11-21 00:25 - 92120848 _____ (Microsoft Corporation) C:\Users\Nina\Downloads\msert.exe
2013-11-21 00:06 - 2013-07-15 06:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-20 23:42 - 2011-01-10 01:49 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-11-20 23:42 - 2011-01-10 01:49 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-11-20 23:42 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-20 23:17 - 2013-11-11 23:12 - 00001812 _____ C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job
2013-11-20 23:13 - 2013-11-11 23:13 - 00001294 _____ C:\Windows\Tasks\Plus-HD-1.3-updater.job
2013-11-20 23:13 - 2013-11-11 23:13 - 00001282 _____ C:\Windows\Tasks\Feven 1.5-updater.job
2013-11-20 23:13 - 2013-11-11 23:13 - 00001096 _____ C:\Windows\Tasks\Plus-HD-1.3-enabler.job
2013-11-20 23:13 - 2013-11-11 23:13 - 00001084 _____ C:\Windows\Tasks\Feven 1.5-enabler.job
2013-11-20 23:13 - 2013-11-11 23:12 - 00001184 _____ C:\Windows\Tasks\Feven 1.5-codedownloader.job
2013-11-20 23:12 - 2013-11-11 23:12 - 00001904 _____ C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job
2013-11-20 23:12 - 2013-11-11 23:12 - 00001888 _____ C:\Windows\Tasks\Feven 1.5-chromeinstaller.job
2013-11-20 23:12 - 2013-11-11 23:12 - 00001828 _____ C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job
2013-11-20 23:12 - 2013-11-11 23:12 - 00001196 _____ C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job
2013-11-20 22:38 - 2013-04-19 18:33 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3930853845-1546403764-1166621345-1000UA.job
2013-11-20 21:48 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-20 20:06 - 2012-07-26 10:32 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-20 20:06 - 2011-04-20 22:10 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-11-20 19:38 - 2013-04-19 18:33 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3930853845-1546403764-1166621345-1000Core.job
2013-11-20 12:04 - 2013-09-08 09:30 - 00003518 _____ C:\Windows\System32\Tasks\FileAdvisorCheck
2013-11-20 12:04 - 2013-09-08 09:30 - 00000000 ____D C:\Program Files (x86)\File Type Advisor
2013-11-20 11:46 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-20 11:46 - 2009-07-14 05:51 - 00159387 _____ C:\Windows\setupact.log
2013-11-19 23:57 - 2013-11-19 23:56 - 05077672 _____ (ShieldApps                                                  ) C:\Users\Nina\Downloads\PCRegistryShieldWWSetup.exe
2013-11-19 22:37 - 2011-04-19 16:23 - 00000000 ___RD C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-19 22:33 - 2011-02-20 01:40 - 00527360 _____ C:\Windows\PFRO.log
2013-11-19 22:26 - 2012-08-28 11:47 - 00000000 ____D C:\Users\Nina\AppData\Roaming\elsterformular
2013-11-19 22:26 - 2012-08-28 11:47 - 00000000 ____D C:\ProgramData\elsterformular
2013-11-19 22:14 - 2013-09-08 09:31 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-11-19 22:12 - 2013-11-19 22:12 - 00003498 _____ C:\Windows\System32\Tasks\DealPly
2013-11-19 22:12 - 2013-11-19 22:12 - 00000000 ____D C:\Users\Nina\AppData\Roaming\DealPly
2013-11-19 22:12 - 2013-03-23 07:23 - 00001645 _____ C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-19 22:10 - 2013-11-19 22:10 - 00457280 _____ C:\Users\Nina\Downloads\setup.exe
2013-11-18 17:33 - 2013-03-27 16:32 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNina
2013-11-18 17:33 - 2013-03-27 16:32 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForNina.job
2013-11-18 12:53 - 2012-09-27 21:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-18 07:40 - 2013-11-18 07:40 - 104837737 _____ C:\Windows\SysWOW64\䔣놛©
2013-11-17 18:56 - 2013-11-17 18:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 18:47 - 2013-10-10 16:39 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-17 18:47 - 2012-10-18 15:56 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-17 18:45 - 2013-11-17 18:41 - 104695876 _____ C:\Windows\SysWOW64\럆ໟQ
2013-11-14 08:24 - 2013-11-11 23:12 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-14 00:42 - 2013-05-23 09:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 00:41 - 2013-07-22 12:30 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 00:38 - 2012-07-14 01:52 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 23:13 - 2013-11-11 23:13 - 00004324 _____ C:\Windows\System32\Tasks\Plus-HD-1.3-updater
2013-11-11 23:13 - 2013-11-11 23:13 - 00004312 _____ C:\Windows\System32\Tasks\Feven 1.5-updater
2013-11-11 23:13 - 2013-11-11 23:13 - 00004126 _____ C:\Windows\System32\Tasks\Plus-HD-1.3-enabler
2013-11-11 23:13 - 2013-11-11 23:13 - 00004114 _____ C:\Windows\System32\Tasks\Feven 1.5-enabler
2013-11-11 23:13 - 2013-11-11 23:12 - 00004226 _____ C:\Windows\System32\Tasks\Plus-HD-1.3-codedownloader
2013-11-11 23:13 - 2013-11-11 23:12 - 00004214 _____ C:\Windows\System32\Tasks\Feven 1.5-codedownloader
2013-11-11 23:13 - 2013-11-11 23:12 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.3
2013-11-11 23:13 - 2013-11-11 23:12 - 00000000 ____D C:\Program Files (x86)\JFileManager
2013-11-11 23:13 - 2013-11-11 23:12 - 00000000 ____D C:\Program Files (x86)\Feven 1.5
2013-11-11 23:12 - 2013-11-11 23:12 - 00001165 _____ C:\Users\Public\Desktop\JFileManager.lnk
2013-11-11 23:11 - 2013-11-11 23:11 - 00000000 ____D C:\Users\Nina\AppData\Local\SearchProtect
2013-11-11 23:11 - 2013-11-11 23:11 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-11-11 23:00 - 2013-11-11 23:00 - 00554576 _____ C:\Users\Nina\Downloads\Java7(1).exe
2013-11-11 22:10 - 2013-11-11 22:10 - 00554576 _____ C:\Users\Nina\Downloads\Java7.exe
2013-11-11 21:26 - 2013-11-11 21:26 - 00262144 _____ C:\Windows\Minidump\111113-23805-01.dmp
2013-11-11 21:26 - 2011-09-07 20:46 - 477985246 _____ C:\Windows\MEMORY.DMP
2013-11-11 21:26 - 2011-09-07 20:46 - 00000000 ____D C:\Windows\Minidump
2013-11-11 19:08 - 2013-11-07 18:33 - 103716811 _____ C:\Windows\SysWOW64\⋛깛@
2013-11-10 14:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-09 13:50 - 2013-11-09 13:49 - 00000000 ____D C:\Users\Nina\AppData\Local\{A52D555D-DEBF-41DF-9673-340CF5741A09}
2013-11-08 22:16 - 2013-09-10 09:30 - 00000000 ____D C:\Users\Nina\AppData\Roaming\FileAdvisor
2013-11-07 15:37 - 2011-06-12 13:02 - 00000000 ____D C:\Users\Nina\Documents\DVDVideoSoft
2013-11-06 13:58 - 2013-08-15 20:48 - 00000444 _____ C:\Users\Nina\Desktop\Neues Textdokument.txt
2013-11-05 00:43 - 2011-04-19 19:46 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNINA-HP$
2013-11-05 00:43 - 2011-04-19 19:46 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForNINA-HP$.job
2013-11-03 12:26 - 2013-02-03 20:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-03 12:26 - 2011-04-22 09:41 - 00000000 ____D C:\ProgramData\Skype
2013-10-31 10:50 - 2011-04-23 20:07 - 00000000 ____D C:\Users\Nina\AppData\Local\CrashDumps
2013-10-26 20:55 - 2013-10-26 20:55 - 00262144 _____ C:\Windows\Minidump\102613-33462-01.dmp
2013-10-26 18:38 - 2013-10-25 10:39 - 103214166 _____ C:\Windows\SysWOW64\뛭ެŠ
2013-10-25 12:52 - 2013-10-25 12:52 - 00000000 ____D C:\Users\Nina\AppData\Local\{EBB3B56E-A38F-4BB2-9A2A-AF2C5C20D76A}
2013-10-25 10:50 - 2013-10-11 16:00 - 00000000 ____D C:\Users\Nina\Documents\Uni Hamburg

Files to move or delete:
====================
C:\ProgramData\dsgsdgdsgdsgw.pad


Some content of TEMP:
====================
C:\Users\Nina\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Nina\AppData\Local\Temp\AskSLib.dll
C:\Users\Nina\AppData\Local\Temp\BackupSetup.exe
C:\Users\Nina\AppData\Local\Temp\EAD8DBD.exe
C:\Users\Nina\AppData\Local\Temp\Extract.exe
C:\Users\Nina\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Nina\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Nina\AppData\Local\Temp\mpegc.dll
C:\Users\Nina\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Nina\AppData\Local\Temp\ose00000.exe
C:\Users\Nina\AppData\Local\Temp\Resource.exe
C:\Users\Nina\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nina\AppData\Local\Temp\SP55031.exe
C:\Users\Nina\AppData\Local\Temp\SP55152.exe
C:\Users\Nina\AppData\Local\Temp\SP56929.exe
C:\Users\Nina\AppData\Local\Temp\SP57538.exe
C:\Users\Nina\AppData\Local\Temp\sp58915.exe
C:\Users\Nina\AppData\Local\Temp\SP59202.exe
C:\Users\Nina\AppData\Local\Temp\tbDVDV.dll
C:\Users\Nina\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Nina\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Nina\AppData\Local\Temp\vzhsg6lg.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-11 10:14

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

cosinus · 22.11.2013, 01:33

Hallo und

Bitte ein Log mit CF machen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Manira · 22.11.2013, 20:50

Hi,
vielen Dank für die schnelle Antwort!

Code:

ATTFilter

ComboFix 13-11-22.01 - Nina 22.11.2013  20:29:12.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3894.2097 [GMT 1:00]
ausgeführt von:: c:\users\Nina\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Nina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0.localstorage-journal
c:\users\Nina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0.localstorage
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-10-22 bis 2013-11-22  ))))))))))))))))))))))))))))))
.
.
2013-11-22 19:40 . 2013-11-22 19:40	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-11-21 18:20 . 2013-11-21 18:20	--------	d-----w-	c:\program files (x86)\ESET
2013-11-21 18:12 . 2013-11-21 18:12	--------	d-----w-	c:\users\Nina\AppData\Roaming\Malwarebytes
2013-11-21 18:12 . 2013-11-21 18:12	--------	d-----w-	c:\programdata\Malwarebytes
2013-11-20 23:58 . 2013-11-20 23:58	--------	d-----w-	C:\FRST
2013-11-19 22:57 . 2013-11-20 23:18	--------	d-----w-	c:\users\Nina\AppData\Roaming\ShieldApps
2013-11-19 22:57 . 2013-03-04 13:15	21096	----a-w-	c:\windows\system32\roboot64.exe
2013-11-19 21:12 . 2013-11-20 23:40	--------	d-----w-	c:\programdata\eSafe
2013-11-19 21:12 . 2013-11-19 21:12	--------	d-----w-	c:\users\Nina\AppData\Roaming\DealPly
2013-11-13 23:42 . 2013-10-12 08:43	19269632	----a-w-	c:\windows\system32\mshtml.dll
2013-11-11 22:20 . 2013-11-11 22:20	--------	d-----w-	c:\program files\Uninstaller
2013-11-11 22:12 . 2013-11-11 22:13	--------	d-----w-	c:\program files (x86)\JFileManager
2013-11-11 22:12 . 2013-11-14 07:24	--------	d-----w-	c:\program files (x86)\MyPC Backup
2013-11-11 22:12 . 2013-11-11 22:13	--------	d-----w-	c:\program files (x86)\Feven 1.5
2013-11-11 22:12 . 2013-11-11 22:13	--------	d-----w-	c:\program files (x86)\Plus-HD-1.3
2013-11-11 22:11 . 2013-11-11 22:11	--------	d-----w-	c:\program files (x86)\SearchProtect
2013-11-11 22:11 . 2013-11-11 22:11	--------	d-----w-	c:\users\Nina\AppData\Local\SearchProtect
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 23:38 . 2012-07-14 00:52	82896128	----a-w-	c:\windows\system32\MRT.exe
2013-10-10 15:35 . 2012-04-11 19:47	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-25 14:25 . 2013-09-25 14:26	74272	----a-w-	c:\windows\system32\RtNicProp64.dll
2013-09-25 14:25 . 2013-09-25 14:26	565352	----a-w-	c:\windows\system32\drivers\Rt64win7.sys
2013-09-25 14:25 . 2011-02-20 00:38	107552	----a-w-	c:\windows\system32\RTNUninst64.dll
2013-09-08 02:30 . 2013-10-11 13:52	1903552	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-11 13:52	327168	----a-w-	c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-11 13:52	231424	----a-w-	c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-14 21:07	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-14 21:07	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-14 21:07	99840	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-14 21:07	52736	----a-w-	c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-14 21:07	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-14 21:07	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-14 21:07	7808	----a-w-	c:\windows\system32\drivers\usbd.sys
2013-08-29 02:17 . 2013-10-11 13:52	5549504	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-11 13:51	1732032	----a-w-	c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-11 13:51	243712	----a-w-	c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-11 13:52	859648	----a-w-	c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-11 13:52	878080	----a-w-	c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-11 13:52	3969472	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-11 13:52	3914176	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-11 13:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-11 13:51	1292192	----a-w-	c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-11 13:51	619520	----a-w-	c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-11 13:51	640512	----a-w-	c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-11 13:51	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-11 13:51	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-11 13:51	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-11 13:51	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-11 13:51	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-11 13:52	3155968	----a-w-	c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-11 13:51	461312	----a-w-	c:\windows\system32\scavengeui.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311121157}]
2013-11-11 22:12	641384	----a-w-	c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311851132}]
2013-11-11 22:13	641384	----a-w-	c:\program files (x86)\Feven 1.5\Feven 1.5-bho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992]
"Facebook Update"="c:\users\Nina\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-04-19 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-17 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-07-23 111640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
.
c:\users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"LocalAccountTokenFilterPolicy"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Update-Service;Update-Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - kwldqpow
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 15:35]
.
2013-11-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3930853845-1546403764-1166621345-1000Core.job
- c:\users\Nina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-19 17:33]
.
2013-11-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3930853845-1546403764-1166621345-1000UA.job
- c:\users\Nina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-19 17:33]
.
2013-11-22 c:\windows\Tasks\Feven 1.5-chromeinstaller.job
- c:\program files (x86)\Feven 1.5\Feven 1.5-chromeinstaller.exe [2013-11-11 22:12]
.
2013-11-22 c:\windows\Tasks\Feven 1.5-codedownloader.job
- c:\program files (x86)\Feven 1.5\Feven 1.5-codedownloader.exe [2013-11-11 22:12]
.
2013-11-22 c:\windows\Tasks\Feven 1.5-enabler.job
- c:\program files (x86)\Feven 1.5\Feven 1.5-enabler.exe [2013-11-11 22:13]
.
2013-11-22 c:\windows\Tasks\Feven 1.5-firefoxinstaller.job
- c:\program files (x86)\Feven 1.5\Feven 1.5-firefoxinstaller.exe [2013-11-11 22:12]
.
2013-11-22 c:\windows\Tasks\Feven 1.5-updater.job
- c:\program files (x86)\Feven 1.5\Feven 1.5-updater.exe [2013-11-11 22:13]
.
2013-11-04 c:\windows\Tasks\HPCeeScheduleForNINA-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2013-11-18 c:\windows\Tasks\HPCeeScheduleForNina.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2013-11-22 c:\windows\Tasks\Plus-HD-1.3-chromeinstaller.job
- c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe [2013-11-11 22:12]
.
2013-11-22 c:\windows\Tasks\Plus-HD-1.3-codedownloader.job
- c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe [2013-11-11 22:12]
.
2013-11-22 c:\windows\Tasks\Plus-HD-1.3-enabler.job
- c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe [2013-11-11 22:13]
.
2013-11-22 c:\windows\Tasks\Plus-HD-1.3-firefoxinstaller.job
- c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe [2013-11-11 22:12]
.
2013-11-22 c:\windows\Tasks\Plus-HD-1.3-updater.job
- c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe [2013-11-11 22:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-11-09 22:16	2238976	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-11-09 22:16	2238976	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-11-09 22:16	2238976	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-11-09 22:16	2238976	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-11-09 22:16	2238976	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 417304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-13 524800]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2013-11-19 21720]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
mDefault_Page_URL = hxxp://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
mStart Page = hxxp://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Nina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Nina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\k2krtde8.default-1375103848156\
FF - prefs.js: browser.search.selectedEngine - do-search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Wow6432Node-HKCU-Run-LightScribe Control Panel - c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-Apps Hat - c:\users\Nina\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-11-22  20:46:55
ComboFix-quarantined-files.txt  2013-11-22 19:46
.
Vor Suchlauf: 9 Verzeichnis(se), 381.758.435.328 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 385.341.526.016 Bytes frei
.
- - End Of File - - 4613A7D416501C7813E562761637920C

cosinus · 23.11.2013, 15:16

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Manira · 23.11.2013, 21:28

Code:

ATTFilter

# AdwCleaner v3.012 - Bericht erstellt am 23/11/2013 um 20:48:39
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Nina - NINA-HP
# Gestartet von : C:\Users\Nina\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : BackupStack

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\eSafe
[!] Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\optimizer pro
Ordner Gelöscht : C:\Program Files (x86)\Searchprotect
Ordner Gelöscht : C:\Program Files (x86)\Feven 1.5
Ordner Gelöscht : C:\Program Files (x86)\Plus-HD-1.3
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Plasmoo
Ordner Gelöscht : C:\Users\Nina\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Ordner Gelöscht : C:\Users\Nina\AppData\Local\Searchprotect
Ordner Gelöscht : C:\Users\Nina\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Nina\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Nina\AppData\LocalLow\Minibar
Ordner Gelöscht : C:\Users\Nina\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Nina\AppData\LocalLow\Feven 1.5
Ordner Gelöscht : C:\Users\Nina\AppData\LocalLow\Plus-HD-1.3
Ordner Gelöscht : C:\Users\Nina\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\Nina\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Nina\Documents\optimizer pro
Ordner Gelöscht : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\k2krtde8.default-1375103848156\Extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com
Ordner Gelöscht : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\k2krtde8.default-1375103848156\Extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com
Ordner Gelöscht : C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Ordner Gelöscht : C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Ordner Gelöscht : C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg
Ordner Gelöscht : C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\k2krtde8.default-1375103848156\searchplugins\ask-search.xml
Datei Gelöscht : C:\Windows\System32\Tasks\Dealply
Datei Gelöscht : C:\Windows\Tasks\Feven 1.5-chromeinstaller.job
Datei Gelöscht : C:\Windows\System32\Tasks\Feven 1.5-chromeinstaller
Datei Gelöscht : C:\Windows\Tasks\Feven 1.5-codedownloader.job
Datei Gelöscht : C:\Windows\System32\Tasks\Feven 1.5-codedownloader
Datei Gelöscht : C:\Windows\Tasks\Feven 1.5-enabler.job
Datei Gelöscht : C:\Windows\System32\Tasks\Feven 1.5-enabler
Datei Gelöscht : C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job
Datei Gelöscht : C:\Windows\System32\Tasks\Feven 1.5-firefoxinstaller
Datei Gelöscht : C:\Windows\Tasks\Feven 1.5-updater.job
Datei Gelöscht : C:\Windows\System32\Tasks\Feven 1.5-updater
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job
Datei Gelöscht : C:\Windows\System32\Tasks\Plus-HD-1.3-chromeinstaller
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job
Datei Gelöscht : C:\Windows\System32\Tasks\Plus-HD-1.3-codedownloader
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-1.3-enabler.job
Datei Gelöscht : C:\Windows\System32\Tasks\Plus-HD-1.3-enabler
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job
Datei Gelöscht : C:\Windows\System32\Tasks\Plus-HD-1.3-firefoxinstaller
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-1.3-updater.job
Datei Gelöscht : C:\Windows\System32\Tasks\Plus-HD-1.3-updater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0031257.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0031257.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0031257.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0038532.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0038532.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0038532.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311121157}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311851132}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322122257}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322852232}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355125557}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355855532}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126657}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366856632}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121157}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311851132}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311121157}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311851132}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{440ecee3-187c-4d2c-b394-f11ba44cc47f}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5bde3de1-fd12-4a16-9704-d95da11546d8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b84b598a-16a7-4f06-9bbb-ed8ac96c4deb}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ee347705-fa43-4899-9566-03009a106596}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbfbde7e-c983-4984-acd2-eae776f6a2fb}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d99cfd-f774-4f59-9dc9-5c1e58f939b4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20e1c918-965f-4c3a-9e2f-5d922bcfe72d}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27b2af36-de8a-4388-b527-3fc92794eafc}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3cedb9d7-918e-4261-88b3-e4972527f906}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58f835bc-1144-423d-912c-c908926137be}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322122257}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322852232}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355125557}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355855532}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126657}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366856632}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{440ecee3-187c-4d2c-b394-f11ba44cc47f}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5bde3de1-fd12-4a16-9704-d95da11546d8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b84b598a-16a7-4f06-9bbb-ed8ac96c4deb}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ee347705-fa43-4899-9566-03009a106596}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbfbde7e-c983-4984-acd2-eae776f6a2fb}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d99cfd-f774-4f59-9dc9-5c1e58f939b4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20e1c918-965f-4c3a-9e2f-5d922bcfe72d}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27b2af36-de8a-4388-b527-3fc92794eafc}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3cedb9d7-918e-4261-88b3-e4972527f906}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58f835bc-1144-423d-912c-c908926137be}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Webplayer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\I Want This
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Feven 1.5
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Plus-HD-1.3
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Feven 1.5
Schlüssel Gelöscht : HKLM\Software\Plus-HD-1.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Feven 1.5
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-1.3

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\k2krtde8.default-1375103848156\prefs.js ]

Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.InstallationThankYouPage", false);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.InstallationTime", 1384208018);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.active", true);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.addressbar", "NA");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.addressbarenhanced", "");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.asyncdb_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.asyncdb_dbWasSet_FF25_FIX", true);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.asyncinternaldb_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.asyncinternaldb_dbWasSet_FF25_FIX", true);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.backgroundver", 1);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.certdomaininstaller", "");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.changeprevious", false);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.cookie.InstallationTime.value", "1384208018");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.cookie._GPL_aoi.value", "%221384208053%22");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.cookie._GPL_parent_zoneid.value", "%22345637%22");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.cookie._GPL_zoneid.value", "%22417651%22");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.cookie.geo.expiration", "Tue Nov 26 2013 09:56:49 GMT+0100");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.cookie.geo.value", "%22DE%22");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.cookie.jw_token.value", "%225b2894ac-8d16-ce3e-735b-0551f905342a%22");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.description", "Feven Shopping Companion");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.domain", "");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.enablesearch", false);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.homepage", "");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.iframe", false);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22C3F9F3A227C24BD693453389D6943[...]
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000272%22%2C%22sub_id%22%3A%220%2[...]
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22C3F9F3A227C24BD69345[...]
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.Resources_appVer.value", "57");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.Resources_lastVersion.value", "1");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.Resources_meta.value", "%7B%7D");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.Resources_nextCheck.expiration", "Sun Nov 24 2013 02:35:49 GMT+0100");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.Resources_nextCheck.value", "true");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.Resources_queue.value", "%7B%7D");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb._country_code_.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb._country_code_.value", "%22DE%22");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22C3F9F3A2[...]
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.monetization_plugin_last_executable_request.expiration", "Sun Nov 24 2013 02:12:06 GMT+[...]
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//m.xp1.ru4.com/activity[...]
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.lastDailyReport", "1385214356201");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.lastUpdate", "1385235349603");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.manifesturl", "");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.name", "Feven 1.5");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.newtab", "");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.opensearch", "");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/38532/plugins/093/ff/plugins.json");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.pluginsversion", 54);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.publisher", "Feven");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.searchstatus", 0);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.setnewtab", false);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.thankyou", "");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.updateinterval", 360);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.38532.ver", 57);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.apps", "38532");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.bic", "142493a289fcd86967383c8b3195af62");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.cid", 38532);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.firstrun", false);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.hadappinstalled", true);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.installationdate", 1384208018);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.modetype", "production");
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.reportInstall", true);
Zeile gelöscht : user_pref("extensions.a249911bcd1bd4d668c17df533609e6d8c76f3de9939e4922b73c5d7a3139375dcom38532.statsDailyCounter", 24);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.InstallationThankYouPage", true);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.InstallationTime", 1384244927);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.active", true);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.addressbar", "NA");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.addressbarenhanced", "");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.asyncdb_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.asyncdb_dbWasSet_FF25_FIX", true);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.asyncinternaldb_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.asyncinternaldb_dbWasSet_FF25_FIX", true);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.backgroundver", 2);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.certdomaininstaller", "");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.changeprevious", false);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.cookie.InstallationTime.value", "1384244927");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.cookie.jw_token.value", "%225876f281-e7de-6251-16d8-540e62925823%22");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.description", "Turn YouTube videos to High Definition by default");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.domain", "");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.enablesearch", false);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.homepage", "");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.iframe", false);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22C3F9F3A227C24BD693453389D6943[...]
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000669%22%2C%22sub_id%22%3A%220%2[...]
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22C3F9F3A227C24BD69345[...]
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_appVer.value", "103");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_lastVersion.value", "1");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_meta.value", "%7B%7D");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_nextCheck.expiration", "Sun Nov 24 2013 02:35:49 GMT+0100");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_nextCheck.value", "true");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_queue.value", "%7B%7D");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb._country_code_.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb._country_code_.value", "%22DE%22");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22C3F9F3A2[...]
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.monetization_plugin_last_executable_request.expiration", "Sun Nov 24 2013 02:12:06 GMT+[...]
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//m.xp1.ru4.com/activity[...]
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.lastDailyReport", "1385214356202");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.lastUpdate", "1385235349606");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.manifesturl", "");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.name", "Plus-HD-1.3");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.newtab", "");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.opensearch", "");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/31257/plugins/093/ff/plugins.json");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.pluginsversion", 97);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.publisher", "Plus HD");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.searchstatus", 0);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.setnewtab", false);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.thankyou", "");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.updateinterval", 360);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.ver", 103);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.apps", "31257");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.bic", "142493a289fcd86967383c8b3195af62");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.cid", 31257);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.firstrun", false);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.hadappinstalled", true);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.installationdate", 1384244920);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.modetype", "production");
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.reportInstall", true);
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.statsDailyCounter", 23);
Zeile gelöscht : user_pref("extensions.crossrider.bic", "142493a289fcd86967383c8b3195af62");

-\\ Google Chrome v

[ Datei : C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [45986 octets] - [23/11/2013 20:46:59]
AdwCleaner[S0].txt - [39382 octets] - [23/11/2013 20:48:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [39443 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Nina on 23.11.2013 at 21:12:10,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3930853845-1546403764-1166621345-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{468A2BD5-31A5-49AB-9BA5-630C9B1E30A2}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Nina\appdata\local\apn"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{028A4B8B-8C62-4B08-B8DD-E005423851CD}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{02B27785-A454-48DD-AFDC-8A4B1063F706}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{0567DEDF-8155-43B2-9AF4-5464A762568E}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{0A98D4D5-52A5-465B-AFAE-C971D93B41C6}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{0B31D416-3119-4C12-A91C-AC3ACE89453C}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{13760725-6CD3-4DFC-8A90-DA94D846C78F}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{13D4464A-05D2-42F0-8CC3-F0F2C255BBD7}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{13F7884D-CC0E-4C7F-AB09-4121D78DEEBF}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{143FB668-EBF3-4377-AA9E-F1F5193E2096}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{181BC309-8947-43C1-8D4C-1CA0D24C0E03}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{1FAE2F2B-2206-4B34-8B09-5F2652B9C1FF}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{24D736E3-C22A-4BB0-AC64-B03D46E88109}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{2635F635-10B8-48AC-A4A4-1D2A39A14D37}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{27832E17-BF04-4030-8CF4-9EFB5C904C06}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{285B57D1-CFEA-4C81-A98A-11E5D3436E36}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{2B24BA22-82D3-4C21-8322-57C308F7EA96}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{2F71247A-1F84-4A84-B4BA-64F5131FC5C9}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{3A544731-CFFF-48C5-A485-39FE9230A6AD}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{3E33796C-63BA-4891-B94A-53042183BD79}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{3EC175CD-7F0F-4BB9-B046-94E6F305FA0A}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{40E2F362-4651-4DBD-A632-183F6B1091D5}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{41D9727D-E2CA-4E4F-A808-AF179F52A37D}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{4425B16B-9217-4422-8DB7-0280078E9CF6}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{45041CEB-276C-4360-A9D9-AB8787539978}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{49E381DD-6518-42E1-A47B-344EC77A1BD0}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{4CA5B860-F3A6-4446-92EC-A3B240C8E46A}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{4EC9E8CC-4855-4D1B-BE43-24619B5F154A}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{4F11CC14-EFC1-48F8-8936-30AA92F181D8}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{52A82998-404E-4D7B-9A9D-F2D2AEEF478F}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{56761A03-C616-46C1-9BEB-6BD2E58CB466}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{57041557-25DB-491B-8DB7-A5BE0EBA5781}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{5E90F6DC-C645-4280-8716-3756CF612DE4}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{5EF8A566-0D42-4C50-BA75-54334F992602}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{61D491DD-EC68-44FF-9DED-BC54C59D7D80}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{63A418D4-A9AE-436E-A8CD-DA8A2AF5D6D6}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{64C4F63D-923C-4AF7-8A49-CA22B42A5244}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{6DD08A40-045C-498D-A2BE-C7EA2676B6A6}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{706D44BC-A889-4917-8BB2-A931785C7830}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{7159F830-5FFF-41F1-9490-65B4CC3E3B8D}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{74C142A1-1FDD-409F-99F7-05F804A5525E}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{82E16DE6-6E3E-4A05-A6B4-21946860889C}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{85C4E107-A45E-4B5F-BA27-139E8652C28F}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{87EE047A-7BAE-43FA-91D2-936EC022B74A}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{8BB6347A-376B-4C4B-804A-DD0C3FF378F7}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{8C6D6471-4A0A-49AE-861B-02BD6D57FEE0}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{900CA1BC-922B-4D20-BA62-A93BDA750F86}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{908A8C32-EE3D-4C91-B380-0443FC7C399E}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{9226A46B-640F-4C4B-B922-CDFA09E3FDA6}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{9382EC41-800F-4C6F-ADE4-AF433C54C50B}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{99AB49BB-08FC-4E66-9BF6-0AB12EA65965}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{9ABFE5B2-319F-4356-B44B-ED1C1D4D674D}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{9C0AD1CE-A1EE-464B-99BA-889DA35EE05C}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{A488AC2A-D8AC-4D58-B695-EC9E7C257491}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{A52D555D-DEBF-41DF-9673-340CF5741A09}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{A8BB9E55-4DAD-4CD8-A4AB-CC22F32BF282}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{AB98F558-D2AD-4A8E-878A-8EF975AE717D}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{AC7CA532-90E0-4CDE-A420-0ADADD4F0105}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{AD43CF59-6453-4CA6-83BF-A1172B53EDB1}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{B05414D3-2AD3-489E-A096-27EE08E275B5}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{B0D27C3A-C162-43BE-9EEA-ABCC8A6640AB}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{B5C882C8-8669-4115-AB9B-60F9CEF668B1}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{B92CDF01-0B83-42FD-8DB3-D68BE9A9C007}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{BA027F21-B9B8-4A38-8703-15F9EE79B855}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{BCC566B4-94F9-49D8-93EC-5A05523C48C6}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{BD665D7B-C236-4B19-8DDC-62B789C858D1}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{C2EBAB4B-F6D5-4A3A-978A-7F5B5506550A}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{C54EF21A-8A47-4AFC-A457-CE29B9B7E4A3}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{CB7E4D89-8E85-49FB-B9D5-6B6E6C5B38CA}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{CC51A4E5-E489-44B2-913F-70A6A025F39C}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{DCD80B5F-2589-4713-9169-30D36692A008}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{DE4F781B-637E-4BF2-9E7D-C2A26374B1EB}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{DF589AA3-E075-44CB-BC1C-0D4228B8B69A}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{E41CC8DE-0D74-4DDA-B5C7-E4176DE79BA4}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{E421A95A-3484-4088-8957-A3E3BA6E038C}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{E6A8CA5D-1DA7-4908-807D-80DF9EE517A8}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{EBB3B56E-A38F-4BB2-9A2A-AF2C5C20D76A}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{FD71DA78-09F6-4DE9-8404-48D107129AFB}
Successfully deleted: [Empty Folder] C:\Users\Nina\appdata\local\{FD8DB305-F58E-4AEC-9FEF-6F3399EB1791}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\Nina\AppData\Roaming\mozilla\firefox\profiles\k2krtde8.default-1375103848156\prefs.js

user_pref("browser.newtab.url", "hxxp://do-search.com/newtab/?type=nt&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX");
Emptied folder: C:\Users\Nina\AppData\Roaming\mozilla\firefox\profiles\k2krtde8.default-1375103848156\minidumps [55 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.11.2013 at 21:19:47,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2013 03
Ran by Nina (administrator) on NINA-HP on 23-11-2013 21:22:40
Running from C:\Users\Nina\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Farbar) C:\Users\Nina\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-12-13] (IDT, Inc.)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-19] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [Facebook Update] - C:\Users\Nina\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-04-19] (Facebook Inc.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
Startup: C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\k2krtde8.default-1375103848156
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Ask Search
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Nina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\do-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://do-search.com/?type=sc&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX

Chrome: 
=======
CHR Extension: (avast! WebRep) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0

==================== Services (Whitelisted) =================

S4 Dnscache; %SystemRoot%\System32\poua5bj0s.dll [x]
R2 Update-Service; %SystemRoot%\System32\UpdSvc.dll [x]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 clwvd; system32\DRIVERS\clwvd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-23 21:22 - 2013-11-23 21:22 - 01958396 _____ (Farbar) C:\Users\Nina\Downloads\FRST64(1).exe
2013-11-23 21:19 - 2013-11-23 21:19 - 00010597 _____ C:\Users\Nina\Desktop\JRT.txt
2013-11-23 21:12 - 2013-11-23 21:12 - 00000000 ____D C:\Windows\ERUNT
2013-11-23 21:11 - 2013-11-23 21:11 - 01034531 _____ (Thisisu) C:\Users\Nina\Downloads\JRT.exe
2013-11-23 20:53 - 2013-11-23 20:53 - 00039604 _____ C:\Users\Nina\Desktop\AdwCleaner[S0].txt
2013-11-23 20:44 - 2013-11-23 20:49 - 00000000 ____D C:\AdwCleaner
2013-11-23 20:44 - 2013-11-23 20:44 - 01085542 _____ C:\Users\Nina\Downloads\adwcleaner.exe
2013-11-23 20:43 - 2013-11-23 20:43 - 00681176 _____ C:\Users\Nina\Downloads\ImageEditorSetup.exe
2013-11-23 13:25 - 2013-11-23 13:30 - 126764512 _____ C:\Users\Nina\Downloads\avira_free1401_antivirus_de(2).exe
2013-11-22 20:47 - 2013-11-22 20:47 - 00024533 _____ C:\Users\Nina\Desktop\combofix.txt.txt
2013-11-22 20:46 - 2013-11-22 20:46 - 00024533 _____ C:\ComboFix.txt
2013-11-22 20:26 - 2013-11-22 20:46 - 00000000 ____D C:\Qoobox
2013-11-22 20:26 - 2013-11-22 20:43 - 00000000 ____D C:\Windows\erdnt
2013-11-22 20:26 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-22 20:26 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-22 20:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-22 20:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-22 20:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-22 20:26 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-22 20:26 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-22 20:26 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-22 20:25 - 2013-11-22 20:26 - 05147802 ____R (Swearware) C:\Users\Nina\Downloads\ComboFix.exe
2013-11-22 20:20 - 2013-11-22 20:20 - 00000242 _____ C:\Users\Nina\Desktop\defogger_enable.log
2013-11-21 23:38 - 2013-11-22 16:00 - 00000000 ____D C:\Users\Nina\Desktop\BIO 10.Kl
2013-11-21 23:03 - 2013-11-21 23:03 - 00002318 _____ C:\Users\Nina\Desktop\ESET.txt
2013-11-21 20:58 - 2013-11-21 20:58 - 00003584 _____ C:\Users\Nina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-21 19:20 - 2013-11-21 19:20 - 02347384 _____ (ESET) C:\Users\Nina\Downloads\esetsmartinstaller_deu.exe
2013-11-21 19:15 - 2013-11-21 19:19 - 201413432 _____ (Emsisoft GmbH                                               ) C:\Users\Nina\Downloads\EmsisoftAntiMalwareSetup_8.1.0.19.exe
2013-11-21 19:12 - 2013-11-21 19:12 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Malwarebytes
2013-11-21 19:12 - 2013-11-21 19:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-21 19:11 - 2013-11-21 19:11 - 00618912 _____ C:\Users\Nina\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2013-11-21 19:08 - 2013-11-21 19:08 - 00024574 _____ C:\Users\Nina\Desktop\Avira Free Antivirus.txt
2013-11-21 19:06 - 2013-11-21 19:08 - 126764512 _____ C:\Users\Nina\Downloads\avira_free1401_antivirus_de(1).exe
2013-11-21 18:53 - 2013-11-21 18:55 - 126764512 _____ C:\Users\Nina\Downloads\avira_free1401_antivirus_de.exe
2013-11-21 01:53 - 2013-11-21 01:53 - 00002407 _____ C:\Users\Nina\Desktop\GMER.tx.log
2013-11-21 01:26 - 2013-11-21 01:26 - 00000470 _____ C:\Users\Nina\Desktop\defogger_disable.log
2013-11-21 01:16 - 2013-11-21 01:16 - 00050477 _____ C:\Users\Nina\Desktop\Defogger.exe
2013-11-21 01:14 - 2013-11-21 01:14 - 00680560 _____ C:\Users\Nina\Downloads\ZipExtractorSetup.exe
2013-11-21 01:11 - 2013-11-21 01:12 - 00377856 _____ C:\Users\Nina\Desktop\pk91pmbk.exe
2013-11-21 01:02 - 2013-11-21 01:06 - 00030909 _____ C:\Users\Nina\Downloads\Addition.txt
2013-11-21 00:58 - 2013-11-23 21:22 - 00012589 _____ C:\Users\Nina\Downloads\FRST.txt
2013-11-21 00:58 - 2013-11-21 00:58 - 00000000 ____D C:\FRST
2013-11-21 00:57 - 2013-11-21 00:57 - 01957964 _____ (Farbar) C:\Users\Nina\Downloads\FRST64.exe
2013-11-21 00:25 - 2013-11-21 00:26 - 92120848 _____ (Microsoft Corporation) C:\Users\Nina\Downloads\msert.exe
2013-11-19 23:56 - 2013-11-19 23:57 - 05077672 _____ (ShieldApps                                                  ) C:\Users\Nina\Downloads\PCRegistryShieldWWSetup.exe
2013-11-19 22:10 - 2013-11-19 22:10 - 00457280 _____ C:\Users\Nina\Downloads\setup.exe
2013-11-18 07:40 - 2013-11-18 07:40 - 104837737 _____ C:\Windows\SysWOW64\䔣놛©
2013-11-17 18:56 - 2013-11-17 18:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 18:41 - 2013-11-17 18:45 - 104695876 _____ C:\Windows\SysWOW64\럆ໟQ
2013-11-14 00:43 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 00:43 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 00:43 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 00:43 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 00:43 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 00:43 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 00:43 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 00:43 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 00:43 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 00:43 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 00:42 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 00:42 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 09:52 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 09:52 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 09:52 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 09:52 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 09:52 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 09:52 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 09:52 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 09:52 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 09:52 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 09:52 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 09:52 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 09:52 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 09:52 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 09:52 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 09:52 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 09:52 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 09:52 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 09:52 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 09:52 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 09:52 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 09:52 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 09:52 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 09:52 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 09:52 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 09:52 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 09:52 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 09:52 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 09:52 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 09:52 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 09:52 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-11 23:12 - 2013-11-11 23:13 - 00000000 ____D C:\Program Files (x86)\JFileManager
2013-11-11 23:00 - 2013-11-11 23:00 - 00554576 _____ C:\Users\Nina\Downloads\Java7(1).exe
2013-11-11 22:10 - 2013-11-11 22:10 - 00554576 _____ C:\Users\Nina\Downloads\Java7.exe
2013-11-11 21:26 - 2013-11-11 21:26 - 00262144 _____ C:\Windows\Minidump\111113-23805-01.dmp
2013-11-07 18:33 - 2013-11-11 19:08 - 103716811 _____ C:\Windows\SysWOW64\⋛깛@
2013-10-26 20:55 - 2013-10-26 20:55 - 00262144 _____ C:\Windows\Minidump\102613-33462-01.dmp
2013-10-25 10:39 - 2013-10-26 18:38 - 103214166 _____ C:\Windows\SysWOW64\뛭ެŠ

==================== One Month Modified Files and Folders =======

2013-11-23 21:23 - 2013-11-21 00:58 - 00012589 _____ C:\Users\Nina\Downloads\FRST.txt
2013-11-23 21:22 - 2013-11-23 21:22 - 01958396 _____ (Farbar) C:\Users\Nina\Downloads\FRST64(1).exe
2013-11-23 21:19 - 2013-11-23 21:19 - 00010597 _____ C:\Users\Nina\Desktop\JRT.txt
2013-11-23 21:19 - 2009-07-14 05:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-23 21:19 - 2009-07-14 05:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-23 21:12 - 2013-11-23 21:12 - 00000000 ____D C:\Windows\ERUNT
2013-11-23 21:11 - 2013-11-23 21:11 - 01034531 _____ (Thisisu) C:\Users\Nina\Downloads\JRT.exe
2013-11-23 21:06 - 2013-07-15 06:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-23 21:06 - 2011-04-22 09:42 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Skype
2013-11-23 21:04 - 2011-02-20 01:40 - 00630048 _____ C:\Windows\PFRO.log
2013-11-23 21:04 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-23 21:04 - 2009-07-14 05:51 - 00159779 _____ C:\Windows\setupact.log
2013-11-23 21:03 - 2012-09-27 22:12 - 00000000 ____D C:\ProgramData\Avira
2013-11-23 21:03 - 2011-02-20 01:37 - 01919915 _____ C:\Windows\WindowsUpdate.log
2013-11-23 20:53 - 2013-11-23 20:53 - 00039604 _____ C:\Users\Nina\Desktop\AdwCleaner[S0].txt
2013-11-23 20:49 - 2013-11-23 20:44 - 00000000 ____D C:\AdwCleaner
2013-11-23 20:44 - 2013-11-23 20:44 - 01085542 _____ C:\Users\Nina\Downloads\adwcleaner.exe
2013-11-23 20:43 - 2013-11-23 20:43 - 00681176 _____ C:\Users\Nina\Downloads\ImageEditorSetup.exe
2013-11-23 20:37 - 2011-01-10 01:49 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-11-23 20:37 - 2011-01-10 01:49 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-11-23 20:37 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-23 20:35 - 2013-09-08 09:30 - 00003518 _____ C:\Windows\System32\Tasks\FileAdvisorCheck
2013-11-23 20:35 - 2013-09-08 09:30 - 00000000 ____D C:\Program Files (x86)\File Type Advisor
2013-11-23 20:34 - 2013-04-19 18:33 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3930853845-1546403764-1166621345-1000UA.job
2013-11-23 20:34 - 2013-04-19 18:33 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3930853845-1546403764-1166621345-1000Core.job
2013-11-23 13:30 - 2013-11-23 13:25 - 126764512 _____ C:\Users\Nina\Downloads\avira_free1401_antivirus_de(2).exe
2013-11-23 02:45 - 2013-03-27 16:32 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNina
2013-11-23 02:45 - 2013-03-27 16:32 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForNina.job
2013-11-22 20:47 - 2013-11-22 20:47 - 00024533 _____ C:\Users\Nina\Desktop\combofix.txt.txt
2013-11-22 20:46 - 2013-11-22 20:46 - 00024533 _____ C:\ComboFix.txt
2013-11-22 20:46 - 2013-11-22 20:26 - 00000000 ____D C:\Qoobox
2013-11-22 20:46 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-11-22 20:43 - 2013-11-22 20:26 - 00000000 ____D C:\Windows\erdnt
2013-11-22 20:42 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-22 20:26 - 2013-11-22 20:25 - 05147802 ____R (Swearware) C:\Users\Nina\Downloads\ComboFix.exe
2013-11-22 20:20 - 2013-11-22 20:20 - 00000242 _____ C:\Users\Nina\Desktop\defogger_enable.log
2013-11-22 20:20 - 2011-04-19 16:18 - 00000000 ____D C:\Users\Nina
2013-11-22 16:00 - 2013-11-21 23:38 - 00000000 ____D C:\Users\Nina\Desktop\BIO 10.Kl
2013-11-22 11:05 - 2013-08-15 20:48 - 00000484 _____ C:\Users\Nina\Desktop\Neues Textdokument.txt
2013-11-22 01:00 - 2011-04-23 20:07 - 00000000 ____D C:\Users\Nina\AppData\Local\CrashDumps
2013-11-21 23:03 - 2013-11-21 23:03 - 00002318 _____ C:\Users\Nina\Desktop\ESET.txt
2013-11-21 22:00 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-21 20:58 - 2013-11-21 20:58 - 00003584 _____ C:\Users\Nina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-21 19:20 - 2013-11-21 19:20 - 02347384 _____ (ESET) C:\Users\Nina\Downloads\esetsmartinstaller_deu.exe
2013-11-21 19:19 - 2013-11-21 19:15 - 201413432 _____ (Emsisoft GmbH                                               ) C:\Users\Nina\Downloads\EmsisoftAntiMalwareSetup_8.1.0.19.exe
2013-11-21 19:12 - 2013-11-21 19:12 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Malwarebytes
2013-11-21 19:12 - 2013-11-21 19:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-21 19:11 - 2013-11-21 19:11 - 00618912 _____ C:\Users\Nina\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2013-11-21 19:08 - 2013-11-21 19:08 - 00024574 _____ C:\Users\Nina\Desktop\Avira Free Antivirus.txt
2013-11-21 19:08 - 2013-11-21 19:06 - 126764512 _____ C:\Users\Nina\Downloads\avira_free1401_antivirus_de(1).exe
2013-11-21 18:55 - 2013-11-21 18:53 - 126764512 _____ C:\Users\Nina\Downloads\avira_free1401_antivirus_de.exe
2013-11-21 01:53 - 2013-11-21 01:53 - 00002407 _____ C:\Users\Nina\Desktop\GMER.tx.log
2013-11-21 01:26 - 2013-11-21 01:26 - 00000470 _____ C:\Users\Nina\Desktop\defogger_disable.log
2013-11-21 01:16 - 2013-11-21 01:16 - 00050477 _____ C:\Users\Nina\Desktop\Defogger.exe
2013-11-21 01:14 - 2013-11-21 01:14 - 00680560 _____ C:\Users\Nina\Downloads\ZipExtractorSetup.exe
2013-11-21 01:12 - 2013-11-21 01:11 - 00377856 _____ C:\Users\Nina\Desktop\pk91pmbk.exe
2013-11-21 01:06 - 2013-11-21 01:02 - 00030909 _____ C:\Users\Nina\Downloads\Addition.txt
2013-11-21 00:58 - 2013-11-21 00:58 - 00000000 ____D C:\FRST
2013-11-21 00:57 - 2013-11-21 00:57 - 01957964 _____ (Farbar) C:\Users\Nina\Downloads\FRST64.exe
2013-11-21 00:26 - 2013-11-21 00:25 - 92120848 _____ (Microsoft Corporation) C:\Users\Nina\Downloads\msert.exe
2013-11-20 20:06 - 2012-07-26 10:32 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-20 20:06 - 2011-04-20 22:10 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-11-19 23:57 - 2013-11-19 23:56 - 05077672 _____ (ShieldApps                                                  ) C:\Users\Nina\Downloads\PCRegistryShieldWWSetup.exe
2013-11-19 22:37 - 2011-04-19 16:23 - 00000000 ___RD C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-19 22:26 - 2012-08-28 11:47 - 00000000 ____D C:\Users\Nina\AppData\Roaming\elsterformular
2013-11-19 22:26 - 2012-08-28 11:47 - 00000000 ____D C:\ProgramData\elsterformular
2013-11-19 22:12 - 2013-03-23 07:23 - 00001645 _____ C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-19 22:10 - 2013-11-19 22:10 - 00457280 _____ C:\Users\Nina\Downloads\setup.exe
2013-11-18 12:53 - 2012-09-27 21:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-18 07:40 - 2013-11-18 07:40 - 104837737 _____ C:\Windows\SysWOW64\䔣놛©
2013-11-17 18:56 - 2013-11-17 18:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 18:45 - 2013-11-17 18:41 - 104695876 _____ C:\Windows\SysWOW64\럆ໟQ
2013-11-14 00:42 - 2013-05-23 09:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 00:41 - 2013-07-22 12:30 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 00:38 - 2012-07-14 01:52 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 23:13 - 2013-11-11 23:12 - 00000000 ____D C:\Program Files (x86)\JFileManager
2013-11-11 23:00 - 2013-11-11 23:00 - 00554576 _____ C:\Users\Nina\Downloads\Java7(1).exe
2013-11-11 22:10 - 2013-11-11 22:10 - 00554576 _____ C:\Users\Nina\Downloads\Java7.exe
2013-11-11 21:26 - 2013-11-11 21:26 - 00262144 _____ C:\Windows\Minidump\111113-23805-01.dmp
2013-11-11 21:26 - 2011-09-07 20:46 - 477985246 _____ C:\Windows\MEMORY.DMP
2013-11-11 21:26 - 2011-09-07 20:46 - 00000000 ____D C:\Windows\Minidump
2013-11-11 19:08 - 2013-11-07 18:33 - 103716811 _____ C:\Windows\SysWOW64\⋛깛@
2013-11-10 14:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-08 22:16 - 2013-09-10 09:30 - 00000000 ____D C:\Users\Nina\AppData\Roaming\FileAdvisor
2013-11-07 15:37 - 2011-06-12 13:02 - 00000000 ____D C:\Users\Nina\Documents\DVDVideoSoft
2013-11-05 00:43 - 2011-04-19 19:46 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNINA-HP$
2013-11-05 00:43 - 2011-04-19 19:46 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForNINA-HP$.job
2013-11-03 12:26 - 2013-02-03 20:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-03 12:26 - 2011-04-22 09:41 - 00000000 ____D C:\ProgramData\Skype
2013-10-26 20:55 - 2013-10-26 20:55 - 00262144 _____ C:\Windows\Minidump\102613-33462-01.dmp
2013-10-26 18:38 - 2013-10-25 10:39 - 103214166 _____ C:\Windows\SysWOW64\뛭ެŠ
2013-10-25 10:50 - 2013-10-11 16:00 - 00000000 ____D C:\Users\Nina\Documents\Uni Hamburg

Some content of TEMP:
====================
C:\Users\Nina\AppData\Local\Temp\avgnt.exe
C:\Users\Nina\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-11 10:14

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2013
Ran by Nina at 2013-11-21 01:02:08
Running from C:\Users\Nina\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.8.612)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
ATI Catalyst Install Manager (Version: 3.0.804.0)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Bounce Symphony (x32 Version: 2.2.0.95)
Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95)
Bundled software uninstaller (x32)
Cake Mania (x32 Version: 2.2.0.95)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.1217.1530.27758)
Catalyst Control Center InstallProxy (x32 Version: 2010.1217.1530.27758)
Catalyst Control Center Localization All (x32 Version: 2010.1217.1530.27758)
Catalyst Control Center Profiles Mobile (x32 Version: 2010.1217.1530.27758)
CCC Help Chinese Standard (x32 Version: 2010.1217.1529.27758)
CCC Help Chinese Traditional (x32 Version: 2010.1217.1529.27758)
CCC Help Czech (x32 Version: 2010.1217.1529.27758)
CCC Help Danish (x32 Version: 2010.1217.1529.27758)
CCC Help Dutch (x32 Version: 2010.1217.1529.27758)
CCC Help English (x32 Version: 2010.1217.1529.27758)
CCC Help Finnish (x32 Version: 2010.1217.1529.27758)
CCC Help French (x32 Version: 2010.1217.1529.27758)
CCC Help German (x32 Version: 2010.1217.1529.27758)
CCC Help Greek (x32 Version: 2010.1217.1529.27758)
CCC Help Hungarian (x32 Version: 2010.1217.1529.27758)
CCC Help Italian (x32 Version: 2010.1217.1529.27758)
CCC Help Japanese (x32 Version: 2010.1217.1529.27758)
CCC Help Korean (x32 Version: 2010.1217.1529.27758)
CCC Help Norwegian (x32 Version: 2010.1217.1529.27758)
CCC Help Polish (x32 Version: 2010.1217.1529.27758)
CCC Help Portuguese (x32 Version: 2010.1217.1529.27758)
CCC Help Russian (x32 Version: 2010.1217.1529.27758)
CCC Help Spanish (x32 Version: 2010.1217.1529.27758)
CCC Help Swedish (x32 Version: 2010.1217.1529.27758)
CCC Help Thai (x32 Version: 2010.1217.1529.27758)
ccc-core-static (x32 Version: 2010.1217.1530.27758)
ccc-utility64 (Version: 2010.1217.1530.27758)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Citavi (x32 Version: 3.3.0.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
DMUninstaller (x32)
Energy Star Digital Logo (x32 Version: 1.0.1)
EPSON SX430 Series Printer Uninstall
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.95)
Feven 1.5 (x32 Version: 1.30.153.0)
File Type Advisor 1.0 (x32)
Free M4a to MP3 Converter 8.0 (x32)
Free Studio version 5.2.1 (x32)
Free YouTube to MP3 Converter version 3.11.33.1005 (x32 Version: 3.11.33.1005)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP CloudDrive (x32)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.1.0.0)
HP Game Console (x32)
HP Games (x32 Version: 1.0.1.5)
HP On Screen Display (x32 Version: 1.3.5)
HP Power Manager (x32 Version: 1.1.2)
HP Quick Launch (x32 Version: 2.7.2)
HP Setup (x32 Version: 8.4.4487.3576)
HP Setup Manager (x32 Version: 1.0.12845.3522)
HP Software Framework (x32 Version: 4.6.10.1)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Wireless Assistant (Version: 4.0.10.0)
IDT Audio (x32 Version: 1.0.6315.0)
Insaniquarium Deluxe (x32 Version: 2.2.0.95)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3074)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.02.00.1002)
Java Auto Updater (x32 Version: 2.0.2.4)
Java(TM) 6 Update 22 (64-bit) (Version: 6.0.220)
Java(TM) 6 Update 22 (x32 Version: 6.0.220)
Jewel Quest II (x32 Version: 2.2.0.95)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
JFileManager (x32 Version: v1.10)
John Deere Drive Green (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
McAfee Security Scan Plus (Version: 3.8.130.10)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Penguins! (x32 Version: 2.2.0.95)
Pixum Fotobuch (x32)
Plants vs. Zombies (x32 Version: 2.2.0.95)
Plus-HD-1.3 (x32 Version: 1.30.153.0)
Polar Bowler (x32 Version: 2.2.0.95)
PX Profile Update (x32 Version: 1.00.1.)
Ralink RT5390 802.11b/g/n WiFi Adapter (x32 Version: 3.2.13.0)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.69)
Recovery Manager (x32 Version: 1.0.22)
Skype™ 6.9 (x32 Version: 6.9.106)
Slingo Deluxe (x32 Version: 2.2.0.95)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Synaptics Pointing Device Driver (Version: 15.2.4.4)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95)
Wedding Dash (x32 Version: 2.2.0.95)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.01 (32-Bit) (x32 Version: 4.01.0)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points  =========================

27-10-2013 18:06:34 Windows-Sicherung
03-11-2013 18:00:09 Windows-Sicherung
10-11-2013 21:08:44 Windows-Sicherung
11-11-2013 22:12:12 Uniblue SpeedUpMyPC installation
13-11-2013 23:36:10 Windows Update
17-11-2013 18:00:09 Windows-Sicherung
19-11-2013 21:12:30 Uniblue DriverScanner installation
19-11-2013 21:18:41 Removed GlobeTrotter Connect
19-11-2013 21:24:48 Removed PictureMover.
19-11-2013 23:03:19 PC Registry Shield Mi, Nov 20, 13  00:03

==================== Hosts content: ==========================

2009-07-14 03:34 - 2012-09-27 21:52 - 00444411 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	www.123fporn.info
127.0.0.1	123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0F0C83AE-240A-402C-9E32-104D11F1C0B7} - System32\Tasks\Feven 1.5-enabler => C:\Program Files (x86)\Feven 1.5\Feven 1.5-enabler.exe [2013-11-11] (Feven)
Task: {215139F9-B001-4F2D-82AA-A168DF805275} - System32\Tasks\DealPly => C:\Users\Nina\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE
Task: {2407C1A5-0BE0-4FB9-B946-FCB165F26153} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-11-17] ()
Task: {418078C8-683A-4557-A14C-C7DC9FF8A1E1} - System32\Tasks\HPCeeScheduleForNINA-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {44986713-F1D4-4AFC-BC0D-422ECA539149} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-07-12] (filetypeadvisor.com                                         )
Task: {562C1879-EBFC-4230-AF45-802BEC59E2BE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {62D4ACA3-DD2C-4914-AED6-6EFD17F722AB} - System32\Tasks\Feven 1.5-firefoxinstaller => C:\Program Files (x86)\Feven 1.5\Feven 1.5-firefoxinstaller.exe [2013-11-11] (Feven)
Task: {68D44781-418F-4425-BB08-F5473F5E19DC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6BF666FC-38F5-4C96-8F24-A5E22F2F655F} - System32\Tasks\Plus-HD-1.3-enabler => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe [2013-11-11] (Plus HD)
Task: {6EBE4560-B0B4-4326-8849-5F8CBCF6785F} - System32\Tasks\Plus-HD-1.3-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe [2013-11-11] (Plus HD)
Task: {75DD6721-79E6-440D-A650-CF80BAC6E06E} - System32\Tasks\Feven 1.5-updater => C:\Program Files (x86)\Feven 1.5\Feven 1.5-updater.exe [2013-11-11] (Feven)
Task: {7C642886-9853-4E62-BDC5-376A3C3BB1BB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {8173BDB1-3F66-44F7-BD4F-635E72356941} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {874C0486-385E-4B54-8AAC-0F90BF28263E} - System32\Tasks\HPCeeScheduleForNina => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {8D1BB6AD-0EEB-4CE3-8910-ED11DBAAF38E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3930853845-1546403764-1166621345-1000UA => C:\Users\Nina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-19] (Facebook Inc.)
Task: {8F8FA523-F79E-43B2-9468-33043A514603} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {9DD70B12-1DCF-412A-AB6A-248852E5BF03} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3930853845-1546403764-1166621345-1000Core => C:\Users\Nina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-19] (Facebook Inc.)
Task: {AE5A6614-8386-4382-939D-41FFFD34D865} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-11-17] ()
Task: {BBFED22E-4546-4A9F-8295-819015F12D65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-11-19] (Microsoft)
Task: {C14A589E-0F39-4CF9-B372-5A1E0EBD9C38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {C59F3E7A-1B95-44B1-B954-BBF611014F5F} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-07-12] (File Type Advisor)
Task: {CD97BB2B-2B18-4DB7-BF9B-0B2B03AEF9C8} - System32\Tasks\Feven 1.5-codedownloader => C:\Program Files (x86)\Feven 1.5\Feven 1.5-codedownloader.exe [2013-11-11] (Feven)
Task: {E26D2507-4D2B-42D5-A7A5-411DCC0937B9} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {EBB72869-9E03-4A86-9766-1BFA29E2D703} - System32\Tasks\Feven 1.5-chromeinstaller => C:\Program Files (x86)\Feven 1.5\Feven 1.5-chromeinstaller.exe [2013-11-11] (Feven)
Task: {F2EA0062-2118-4EC2-9801-436D06882B07} - System32\Tasks\Plus-HD-1.3-codedownloader => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe [2013-11-11] (Plus HD)
Task: {F43E0872-0375-434C-944B-6E94139161F5} - System32\Tasks\Plus-HD-1.3-updater => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe [2013-11-11] (Plus HD)
Task: {FA53E203-B996-4FB7-84DD-73B8F5FB8249} - System32\Tasks\Plus-HD-1.3-firefoxinstaller => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe [2013-11-11] (Plus HD)
Task: {FCBBA331-8C26-4B30-B3FC-84DE8086A11C} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-09-26] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3930853845-1546403764-1166621345-1000Core.job => C:\Users\Nina\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3930853845-1546403764-1166621345-1000UA.job => C:\Users\Nina\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\Feven 1.5-chromeinstaller.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-chromeinstaller.exe
Task: C:\Windows\Tasks\Feven 1.5-codedownloader.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-codedownloader.exe
Task: C:\Windows\Tasks\Feven 1.5-enabler.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-enabler.exe
Task: C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-firefoxinstaller.exe
Task: C:\Windows\Tasks\Feven 1.5-updater.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-updater.exe
Task: C:\Windows\Tasks\HPCeeScheduleForNINA-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForNina.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-enabler.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-updater.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe

==================== Loaded Modules (whitelisted) =============

2010-11-29 05:34 - 2010-11-29 05:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-12-02 10:09 - 2010-12-02 10:09 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-12-17 15:29 - 2010-12-17 15:29 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-07-21 14:33 - 2010-07-21 14:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-07-21 14:33 - 2010-07-21 14:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-07-21 14:33 - 2010-07-21 14:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2012-09-27 22:12 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-08-14 19:03 - 2013-08-14 19:03 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9ab0e818cb3d1b6930eba54179f89300\IsdiInterop.ni.dll
2011-02-20 01:36 - 2011-01-12 16:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-01-17 15:19 - 2011-05-18 19:16 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-11-17 18:56 - 2013-11-17 18:56 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-10 16:35 - 2013-10-10 16:35 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/19/2013 10:15:18 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 25.0.1.5064 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1448

Startzeit: 01cee56c44d9fbd8

Endzeit: 54

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: a765d571-515f-11e3-8aa7-984be1b0aebb

Error: (11/10/2013 04:38:06 PM) (Source: Google Update) (User: Nina-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (11/10/2013 01:46:13 PM) (Source: Google Update) (User: Nina-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (10/31/2013 10:49:25 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xcb8
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (10/29/2013 06:44:14 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xfdc
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (10/24/2013 05:13:00 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (10/23/2013 05:41:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xd68
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (10/10/2013 10:12:33 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU PnP start/stop failed

Error: (10/06/2013 00:56:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x424
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (10/04/2013 01:26:49 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC


System errors:
=============
Error: (11/21/2013 00:40:14 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Wsys Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/20/2013 11:46:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/20/2013 11:46:58 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (11/19/2013 10:34:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/19/2013 10:34:29 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (11/19/2013 10:22:54 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/19/2013 09:36:19 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Software Framework Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/19/2013 09:36:19 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HP Software Framework Service erreicht.

Error: (11/19/2013 09:36:19 AM) (Source: DCOM) (User: )
Description: 1053hpqwmiex{F5539356-2F02-40D4-999E-FA61F45FE12E}

Error: (11/19/2013 09:35:40 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 87%
Total physical RAM: 3893.86 MB
Available physical RAM: 480.25 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 3035.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.93 GB) (Free:356.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.53 GB) (Free:1.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: FBCCF9BA)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

cosinus · 24.11.2013, 15:25

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Ask Search
S4 Dnscache; %SystemRoot%\System32\poua5bj0s.dll [x]
R2 Update-Service; %SystemRoot%\System32\UpdSvc.dll [x]
S3 clwvd; system32\DRIVERS\clwvd.sys [x]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\do-search.xml
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://do-search.com/?type=sc&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
Task: {6BF666FC-38F5-4C96-8F24-A5E22F2F655F} - System32\Tasks\Plus-HD-1.3-enabler => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe [2013-11-11] (Plus HD)
Task: {6EBE4560-B0B4-4326-8849-5F8CBCF6785F} - System32\Tasks\Plus-HD-1.3-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe [2013-11-11] (Plus HD)
Task: {215139F9-B001-4F2D-82AA-A168DF805275} - System32\Tasks\DealPly => C:\Users\Nina\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE
Task: {F2EA0062-2118-4EC2-9801-436D06882B07} - System32\Tasks\Plus-HD-1.3-codedownloader => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe [2013-11-11] (Plus HD)
Task: {F43E0872-0375-434C-944B-6E94139161F5} - System32\Tasks\Plus-HD-1.3-updater => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe [2013-11-11] (Plus HD)
Task: {FA53E203-B996-4FB7-84DD-73B8F5FB8249} - System32\Tasks\Plus-HD-1.3-firefoxinstaller => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe [2013-11-11] (Plus HD)
Task: {0F0C83AE-240A-402C-9E32-104D11F1C0B7} - System32\Tasks\Feven 1.5-enabler => C:\Program Files (x86)\Feven 1.5\Feven 1.5-enabler.exe [2013-11-11] (Feven)
Task: {62D4ACA3-DD2C-4914-AED6-6EFD17F722AB} - System32\Tasks\Feven 1.5-firefoxinstaller => C:\Program Files (x86)\Feven 1.5\Feven 1.5-firefoxinstaller.exe [2013-11-11] (Feven)
Task: {75DD6721-79E6-440D-A650-CF80BAC6E06E} - System32\Tasks\Feven 1.5-updater => C:\Program Files (x86)\Feven 1.5\Feven 1.5-updater.exe [2013-11-11] (Feven)
Task: C:\Windows\Tasks\Feven 1.5-chromeinstaller.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-chromeinstaller.exe
Task: C:\Windows\Tasks\Feven 1.5-codedownloader.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-codedownloader.exe
Task: C:\Windows\Tasks\Feven 1.5-enabler.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-enabler.exe
Task: C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-firefoxinstaller.exe
Task: C:\Windows\Tasks\Feven 1.5-updater.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-updater.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-enabler.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-updater.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe
C:\Program Files (x86)\Plus-HD-1.3
C:\Users\Nina\Downloads\ZipExtractorSetup.exe
C:\Windows\system32\poua5bj0s.dll
C:\Windows\system32\UpdSvc.dll
C:\Windows\system32\DRIVERS\clwvd.sys
C:\Users\Nina\AppData\Local\Temp\Quarantine.exe
C:\Users\Nina\AppData\Local\Temp\avgnt.exe
C:\Program Files (x86)\Feven 1.5

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Manira · 25.11.2013, 20:39

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-11-2013
Ran by Nina at 2013-11-25 19:31:57 Run:1
Running from C:\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Ask Search
S4 Dnscache; %SystemRoot%\System32\poua5bj0s.dll [x]
R2 Update-Service; %SystemRoot%\System32\UpdSvc.dll [x]
S3 clwvd; system32\DRIVERS\clwvd.sys [x]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\do-search.xml
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://do-search.com/?type=sc&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
Task: {6BF666FC-38F5-4C96-8F24-A5E22F2F655F} - System32\Tasks\Plus-HD-1.3-enabler => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe [2013-11-11] (Plus HD)
Task: {6EBE4560-B0B4-4326-8849-5F8CBCF6785F} - System32\Tasks\Plus-HD-1.3-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe [2013-11-11] (Plus HD)
Task: {215139F9-B001-4F2D-82AA-A168DF805275} - System32\Tasks\DealPly => C:\Users\Nina\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE
Task: {F2EA0062-2118-4EC2-9801-436D06882B07} - System32\Tasks\Plus-HD-1.3-codedownloader => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe [2013-11-11] (Plus HD)
Task: {F43E0872-0375-434C-944B-6E94139161F5} - System32\Tasks\Plus-HD-1.3-updater => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe [2013-11-11] (Plus HD)
Task: {FA53E203-B996-4FB7-84DD-73B8F5FB8249} - System32\Tasks\Plus-HD-1.3-firefoxinstaller => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe [2013-11-11] (Plus HD)
Task: {0F0C83AE-240A-402C-9E32-104D11F1C0B7} - System32\Tasks\Feven 1.5-enabler => C:\Program Files (x86)\Feven 1.5\Feven 1.5-enabler.exe [2013-11-11] (Feven)
Task: {62D4ACA3-DD2C-4914-AED6-6EFD17F722AB} - System32\Tasks\Feven 1.5-firefoxinstaller => C:\Program Files (x86)\Feven 1.5\Feven 1.5-firefoxinstaller.exe [2013-11-11] (Feven)
Task: {75DD6721-79E6-440D-A650-CF80BAC6E06E} - System32\Tasks\Feven 1.5-updater => C:\Program Files (x86)\Feven 1.5\Feven 1.5-updater.exe [2013-11-11] (Feven)
Task: C:\Windows\Tasks\Feven 1.5-chromeinstaller.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-chromeinstaller.exe
Task: C:\Windows\Tasks\Feven 1.5-codedownloader.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-codedownloader.exe
Task: C:\Windows\Tasks\Feven 1.5-enabler.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-enabler.exe
Task: C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-firefoxinstaller.exe
Task: C:\Windows\Tasks\Feven 1.5-updater.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-updater.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-enabler.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-updater.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe
C:\Program Files (x86)\Plus-HD-1.3
C:\Users\Nina\Downloads\ZipExtractorSetup.exe
C:\Windows\system32\poua5bj0s.dll
C:\Windows\system32\UpdSvc.dll
C:\Windows\system32\DRIVERS\clwvd.sys
C:\Users\Nina\AppData\Local\Temp\Quarantine.exe
C:\Users\Nina\AppData\Local\Temp\avgnt.exe
C:\Program Files (x86)\Feven 1.5

cosinus · 25.11.2013, 20:46

Da fehlt aber was, das zeigt nur den Inhalt der Fixliste, aber nicht ob der Fix tatsächlich durchgeführt wurde

Manira · 25.11.2013, 21:53

Hmmm....also wenn ich das erste mal auf den Fix Button klicke kommt: Fixlist.txt not found. Wenn ich das ignoriere und nochmal drauf klicke kommt logischerweise das was ich gerade gepostet habe. Wenn ich mich nicht irre habe ich die Fixlist.txt wahrscheinlich falsch abgespeichert? Aber mehr als die in den FRST Ordner kopieren kann ich doch nicht machen oder?

cosinus · 25.11.2013, 22:33

Zitat:

Running from C:\Users\Nina\Downloads

So wird das auch nix.
FRST.exe bitte auf den Desktop verschieben und die fixlist bitte auch auf den Desktop. Sonst klappt der Fix nicht.

Manira · 26.11.2013, 12:55

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-11-2013 01
Ran by Nina at 2013-11-26 12:52:42 Run:2
Running from C:\Users\Nina\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Ask Search
S4 Dnscache; %SystemRoot%\System32\poua5bj0s.dll [x]
R2 Update-Service; %SystemRoot%\System32\UpdSvc.dll [x]
S3 clwvd; system32\DRIVERS\clwvd.sys [x]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\do-search.xml
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://do-search.com/?type=sc&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
Task: {6BF666FC-38F5-4C96-8F24-A5E22F2F655F} - System32\Tasks\Plus-HD-1.3-enabler => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe [2013-11-11] (Plus HD)
Task: {6EBE4560-B0B4-4326-8849-5F8CBCF6785F} - System32\Tasks\Plus-HD-1.3-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe [2013-11-11] (Plus HD)
Task: {215139F9-B001-4F2D-82AA-A168DF805275} - System32\Tasks\DealPly => C:\Users\Nina\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE
Task: {F2EA0062-2118-4EC2-9801-436D06882B07} - System32\Tasks\Plus-HD-1.3-codedownloader => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe [2013-11-11] (Plus HD)
Task: {F43E0872-0375-434C-944B-6E94139161F5} - System32\Tasks\Plus-HD-1.3-updater => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe [2013-11-11] (Plus HD)
Task: {FA53E203-B996-4FB7-84DD-73B8F5FB8249} - System32\Tasks\Plus-HD-1.3-firefoxinstaller => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe [2013-11-11] (Plus HD)
Task: {0F0C83AE-240A-402C-9E32-104D11F1C0B7} - System32\Tasks\Feven 1.5-enabler => C:\Program Files (x86)\Feven 1.5\Feven 1.5-enabler.exe [2013-11-11] (Feven)
Task: {62D4ACA3-DD2C-4914-AED6-6EFD17F722AB} - System32\Tasks\Feven 1.5-firefoxinstaller => C:\Program Files (x86)\Feven 1.5\Feven 1.5-firefoxinstaller.exe [2013-11-11] (Feven)
Task: {75DD6721-79E6-440D-A650-CF80BAC6E06E} - System32\Tasks\Feven 1.5-updater => C:\Program Files (x86)\Feven 1.5\Feven 1.5-updater.exe [2013-11-11] (Feven)
Task: C:\Windows\Tasks\Feven 1.5-chromeinstaller.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-chromeinstaller.exe
Task: C:\Windows\Tasks\Feven 1.5-codedownloader.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-codedownloader.exe
Task: C:\Windows\Tasks\Feven 1.5-enabler.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-enabler.exe
Task: C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-firefoxinstaller.exe
Task: C:\Windows\Tasks\Feven 1.5-updater.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-updater.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-enabler.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-updater.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe
C:\Program Files (x86)\Plus-HD-1.3
C:\Users\Nina\Downloads\ZipExtractorSetup.exe
C:\Windows\system32\poua5bj0s.dll
C:\Windows\system32\UpdSvc.dll
C:\Windows\system32\DRIVERS\clwvd.sys
C:\Users\Nina\AppData\Local\Temp\Quarantine.exe
C:\Users\Nina\AppData\Local\Temp\avgnt.exe
C:\Program Files (x86)\Feven 1.5
         
*****************

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Dnscache => Service deleted successfully.
Update-Service => Service deleted successfully.
clwvd => Service deleted successfully.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\do-search.xml" => not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BF666FC-38F5-4C96-8F24-A5E22F2F655F} => Key not found.
C:\Windows\System32\Tasks\Plus-HD-1.3-enabler not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.3-enabler => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EBE4560-B0B4-4326-8849-5F8CBCF6785F} => Key not found.
C:\Windows\System32\Tasks\Plus-HD-1.3-chromeinstaller not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.3-chromeinstaller => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{215139F9-B001-4F2D-82AA-A168DF805275} => Key not found.
C:\Windows\System32\Tasks\DealPly not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2EA0062-2118-4EC2-9801-436D06882B07} => Key not found.
C:\Windows\System32\Tasks\Plus-HD-1.3-codedownloader not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.3-codedownloader => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F43E0872-0375-434C-944B-6E94139161F5} => Key not found.
C:\Windows\System32\Tasks\Plus-HD-1.3-updater not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.3-updater => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA53E203-B996-4FB7-84DD-73B8F5FB8249} => Key not found.
C:\Windows\System32\Tasks\Plus-HD-1.3-firefoxinstaller not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.3-firefoxinstaller => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F0C83AE-240A-402C-9E32-104D11F1C0B7} => Key not found.
C:\Windows\System32\Tasks\Feven 1.5-enabler not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feven 1.5-enabler => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62D4ACA3-DD2C-4914-AED6-6EFD17F722AB} => Key not found.
C:\Windows\System32\Tasks\Feven 1.5-firefoxinstaller not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feven 1.5-firefoxinstaller => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75DD6721-79E6-440D-A650-CF80BAC6E06E} => Key not found.
C:\Windows\System32\Tasks\Feven 1.5-updater not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feven 1.5-updater => Key not found.
C:\Windows\Tasks\Feven 1.5-chromeinstaller.job not found.
C:\Windows\Tasks\Feven 1.5-codedownloader.job not found.
C:\Windows\Tasks\Feven 1.5-enabler.job not found.
C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job not found.
C:\Windows\Tasks\Feven 1.5-updater.job not found.
C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job not found.
C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job not found.
C:\Windows\Tasks\Plus-HD-1.3-enabler.job not found.
C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job not found.
C:\Windows\Tasks\Plus-HD-1.3-updater.job not found.
"C:\Program Files (x86)\Plus-HD-1.3" => File/Directory not found.
"C:\Users\Nina\Downloads\ZipExtractorSetup.exe" => File/Directory not found.
"C:\Windows\system32\poua5bj0s.dll" => File/Directory not found.
"C:\Windows\system32\UpdSvc.dll" => File/Directory not found.
"C:\Windows\system32\DRIVERS\clwvd.sys" => File/Directory not found.
"C:\Users\Nina\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Nina\AppData\Local\Temp\avgnt.exe" => File/Directory not found.
"C:\Program Files (x86)\Feven 1.5" => File/Directory not found.

==== End of Fixlog ====

cosinus · 26.11.2013, 13:00

Frisches FRST Log bitte. Vor dem Scan bitte Haken bei additions.txt setzen

Manira · 26.11.2013, 13:09

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-11-2013 01
Ran by Nina at 2013-11-26 12:52:42 Run:2
Running from C:\Users\Nina\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX&q={searchTerms}
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Ask Search
S4 Dnscache; %SystemRoot%\System32\poua5bj0s.dll [x]
R2 Update-Service; %SystemRoot%\System32\UpdSvc.dll [x]
S3 clwvd; system32\DRIVERS\clwvd.sys [x]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\do-search.xml
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://do-search.com/?type=sc&ts=1384895511&from=tugs&uid=HitachiXHTS545050B9A300_110129PBN475M7EXNE1EX
Task: {6BF666FC-38F5-4C96-8F24-A5E22F2F655F} - System32\Tasks\Plus-HD-1.3-enabler => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe [2013-11-11] (Plus HD)
Task: {6EBE4560-B0B4-4326-8849-5F8CBCF6785F} - System32\Tasks\Plus-HD-1.3-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe [2013-11-11] (Plus HD)
Task: {215139F9-B001-4F2D-82AA-A168DF805275} - System32\Tasks\DealPly => C:\Users\Nina\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE
Task: {F2EA0062-2118-4EC2-9801-436D06882B07} - System32\Tasks\Plus-HD-1.3-codedownloader => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe [2013-11-11] (Plus HD)
Task: {F43E0872-0375-434C-944B-6E94139161F5} - System32\Tasks\Plus-HD-1.3-updater => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe [2013-11-11] (Plus HD)
Task: {FA53E203-B996-4FB7-84DD-73B8F5FB8249} - System32\Tasks\Plus-HD-1.3-firefoxinstaller => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe [2013-11-11] (Plus HD)
Task: {0F0C83AE-240A-402C-9E32-104D11F1C0B7} - System32\Tasks\Feven 1.5-enabler => C:\Program Files (x86)\Feven 1.5\Feven 1.5-enabler.exe [2013-11-11] (Feven)
Task: {62D4ACA3-DD2C-4914-AED6-6EFD17F722AB} - System32\Tasks\Feven 1.5-firefoxinstaller => C:\Program Files (x86)\Feven 1.5\Feven 1.5-firefoxinstaller.exe [2013-11-11] (Feven)
Task: {75DD6721-79E6-440D-A650-CF80BAC6E06E} - System32\Tasks\Feven 1.5-updater => C:\Program Files (x86)\Feven 1.5\Feven 1.5-updater.exe [2013-11-11] (Feven)
Task: C:\Windows\Tasks\Feven 1.5-chromeinstaller.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-chromeinstaller.exe
Task: C:\Windows\Tasks\Feven 1.5-codedownloader.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-codedownloader.exe
Task: C:\Windows\Tasks\Feven 1.5-enabler.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-enabler.exe
Task: C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-firefoxinstaller.exe
Task: C:\Windows\Tasks\Feven 1.5-updater.job => C:\Program Files (x86)\Feven 1.5\Feven 1.5-updater.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-enabler.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-updater.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe
C:\Program Files (x86)\Plus-HD-1.3
C:\Users\Nina\Downloads\ZipExtractorSetup.exe
C:\Windows\system32\poua5bj0s.dll
C:\Windows\system32\UpdSvc.dll
C:\Windows\system32\DRIVERS\clwvd.sys
C:\Users\Nina\AppData\Local\Temp\Quarantine.exe
C:\Users\Nina\AppData\Local\Temp\avgnt.exe
C:\Program Files (x86)\Feven 1.5
         
*****************

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Dnscache => Service deleted successfully.
Update-Service => Service deleted successfully.
clwvd => Service deleted successfully.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\do-search.xml" => not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BF666FC-38F5-4C96-8F24-A5E22F2F655F} => Key not found.
C:\Windows\System32\Tasks\Plus-HD-1.3-enabler not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.3-enabler => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EBE4560-B0B4-4326-8849-5F8CBCF6785F} => Key not found.
C:\Windows\System32\Tasks\Plus-HD-1.3-chromeinstaller not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.3-chromeinstaller => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{215139F9-B001-4F2D-82AA-A168DF805275} => Key not found.
C:\Windows\System32\Tasks\DealPly not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2EA0062-2118-4EC2-9801-436D06882B07} => Key not found.
C:\Windows\System32\Tasks\Plus-HD-1.3-codedownloader not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.3-codedownloader => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F43E0872-0375-434C-944B-6E94139161F5} => Key not found.
C:\Windows\System32\Tasks\Plus-HD-1.3-updater not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.3-updater => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA53E203-B996-4FB7-84DD-73B8F5FB8249} => Key not found.
C:\Windows\System32\Tasks\Plus-HD-1.3-firefoxinstaller not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.3-firefoxinstaller => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F0C83AE-240A-402C-9E32-104D11F1C0B7} => Key not found.
C:\Windows\System32\Tasks\Feven 1.5-enabler not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feven 1.5-enabler => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62D4ACA3-DD2C-4914-AED6-6EFD17F722AB} => Key not found.
C:\Windows\System32\Tasks\Feven 1.5-firefoxinstaller not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feven 1.5-firefoxinstaller => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75DD6721-79E6-440D-A650-CF80BAC6E06E} => Key not found.
C:\Windows\System32\Tasks\Feven 1.5-updater not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feven 1.5-updater => Key not found.
C:\Windows\Tasks\Feven 1.5-chromeinstaller.job not found.
C:\Windows\Tasks\Feven 1.5-codedownloader.job not found.
C:\Windows\Tasks\Feven 1.5-enabler.job not found.
C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job not found.
C:\Windows\Tasks\Feven 1.5-updater.job not found.
C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job not found.
C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job not found.
C:\Windows\Tasks\Plus-HD-1.3-enabler.job not found.
C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job not found.
C:\Windows\Tasks\Plus-HD-1.3-updater.job not found.
"C:\Program Files (x86)\Plus-HD-1.3" => File/Directory not found.
"C:\Users\Nina\Downloads\ZipExtractorSetup.exe" => File/Directory not found.
"C:\Windows\system32\poua5bj0s.dll" => File/Directory not found.
"C:\Windows\system32\UpdSvc.dll" => File/Directory not found.
"C:\Windows\system32\DRIVERS\clwvd.sys" => File/Directory not found.
"C:\Users\Nina\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Nina\AppData\Local\Temp\avgnt.exe" => File/Directory not found.
"C:\Program Files (x86)\Feven 1.5" => File/Directory not found.

==== End of Fixlog ====

Sorry hab das grad doppelt gepostet. Frisches Log kommt sofort!

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-11-2013 01
Ran by Nina (administrator) on NINA-HP on 26-11-2013 13:02:59
Running from C:\Users\Nina\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\Eap3Host.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-12-13] (IDT, Inc.)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-19] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [Facebook Update] - C:\Users\Nina\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-04-19] (Facebook Inc.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
Startup: C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 134.100.33.240 134.100.9.61

FireFox:
========
FF ProfilePath: C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\k2krtde8.default-1375103848156
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Nina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

Chrome: 
=======
CHR Extension: (avast! WebRep) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0

==================== Services (Whitelisted) =================


==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U4 clwvd; 
U4 Dnscache; 
U4 Update-Service; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-26 12:43 - 2013-11-26 12:49 - 00000306 _____ C:\Users\Nina\Desktop\Search.txt
2013-11-26 11:49 - 2013-11-26 11:50 - 00004999 _____ C:\Windows\IE11_main.log
2013-11-26 11:04 - 2013-11-26 11:04 - 00000000 ____D C:\Program Files (x86)\SecureW2
2013-11-26 11:03 - 2013-11-26 11:03 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
2013-11-26 11:01 - 2013-11-26 11:01 - 00596309 _____ C:\Users\Nina\Downloads\UHH_SecureW2_113.exe
2013-11-26 00:14 - 2013-11-26 00:14 - 00000000 ____D C:\FRST
2013-11-25 23:58 - 2013-11-25 23:58 - 01958474 _____ (Farbar) C:\Users\Nina\Desktop\FRST64.exe
2013-11-25 22:56 - 2013-11-25 22:57 - 00033050 _____ C:\Users\Nina\Downloads\FRST.txt
2013-11-25 22:09 - 2013-11-25 22:09 - 01958474 _____ (Farbar) C:\Users\Nina\Downloads\FRST64(2).exe
2013-11-23 21:19 - 2013-11-23 21:19 - 00010597 _____ C:\Users\Nina\Desktop\JRT.txt
2013-11-23 21:12 - 2013-11-23 21:12 - 00000000 ____D C:\Windows\ERUNT
2013-11-23 21:11 - 2013-11-23 21:11 - 01034531 _____ (Thisisu) C:\Users\Nina\Downloads\JRT.exe
2013-11-23 20:53 - 2013-11-23 20:53 - 00039604 _____ C:\Users\Nina\Desktop\AdwCleaner[S0].txt
2013-11-23 20:44 - 2013-11-23 20:49 - 00000000 ____D C:\AdwCleaner
2013-11-23 20:44 - 2013-11-23 20:44 - 01085542 _____ C:\Users\Nina\Downloads\adwcleaner.exe
2013-11-23 20:43 - 2013-11-23 20:43 - 00681176 _____ C:\Users\Nina\Downloads\ImageEditorSetup.exe
2013-11-23 13:25 - 2013-11-23 13:30 - 126764512 _____ C:\Users\Nina\Downloads\avira_free1401_antivirus_de(2).exe
2013-11-22 20:47 - 2013-11-22 20:47 - 00024533 _____ C:\Users\Nina\Desktop\combofix.txt.txt
2013-11-22 20:46 - 2013-11-22 20:46 - 00024533 _____ C:\ComboFix.txt
2013-11-22 20:26 - 2013-11-22 20:46 - 00000000 ____D C:\Qoobox
2013-11-22 20:26 - 2013-11-22 20:43 - 00000000 ____D C:\Windows\erdnt
2013-11-22 20:26 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-22 20:26 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-22 20:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-22 20:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-22 20:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-22 20:26 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-22 20:26 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-22 20:26 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-22 20:25 - 2013-11-22 20:26 - 05147802 ____R (Swearware) C:\Users\Nina\Downloads\ComboFix.exe
2013-11-22 20:20 - 2013-11-22 20:20 - 00000242 _____ C:\Users\Nina\Desktop\defogger_enable.log
2013-11-21 23:38 - 2013-11-22 16:00 - 00000000 ____D C:\Users\Nina\Desktop\BIO 10.Kl
2013-11-21 23:03 - 2013-11-21 23:03 - 00002318 _____ C:\Users\Nina\Desktop\ESET.txt
2013-11-21 20:58 - 2013-11-21 20:58 - 00003584 _____ C:\Users\Nina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-21 19:20 - 2013-11-21 19:20 - 02347384 _____ (ESET) C:\Users\Nina\Downloads\esetsmartinstaller_deu.exe
2013-11-21 19:15 - 2013-11-21 19:19 - 201413432 _____ (Emsisoft GmbH                                               ) C:\Users\Nina\Downloads\EmsisoftAntiMalwareSetup_8.1.0.19.exe
2013-11-21 19:12 - 2013-11-21 19:12 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Malwarebytes
2013-11-21 19:12 - 2013-11-21 19:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-21 19:11 - 2013-11-21 19:11 - 00618912 _____ C:\Users\Nina\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2013-11-21 19:08 - 2013-11-21 19:08 - 00024574 _____ C:\Users\Nina\Desktop\Avira Free Antivirus.txt
2013-11-21 19:06 - 2013-11-21 19:08 - 126764512 _____ C:\Users\Nina\Downloads\avira_free1401_antivirus_de(1).exe
2013-11-21 18:53 - 2013-11-21 18:55 - 126764512 _____ C:\Users\Nina\Downloads\avira_free1401_antivirus_de.exe
2013-11-21 01:53 - 2013-11-21 01:53 - 00002407 _____ C:\Users\Nina\Desktop\GMER.tx.log
2013-11-21 01:26 - 2013-11-21 01:26 - 00000470 _____ C:\Users\Nina\Desktop\defogger_disable.log
2013-11-21 01:16 - 2013-11-21 01:16 - 00050477 _____ C:\Users\Nina\Desktop\Defogger.exe
2013-11-21 01:11 - 2013-11-21 01:12 - 00377856 _____ C:\Users\Nina\Desktop\pk91pmbk.exe
2013-11-21 01:02 - 2013-11-26 12:50 - 00023083 _____ C:\Users\Nina\Desktop\Addition.txt
2013-11-21 00:58 - 2013-11-26 13:03 - 00011452 _____ C:\Users\Nina\Desktop\FRST.txt
2013-11-21 00:58 - 2013-11-25 22:07 - 00000000 ____D C:\Users\Nina\Desktop\FRST
2013-11-21 00:25 - 2013-11-21 00:26 - 92120848 _____ (Microsoft Corporation) C:\Users\Nina\Downloads\msert.exe
2013-11-19 23:56 - 2013-11-19 23:57 - 05077672 _____ (ShieldApps                                                  ) C:\Users\Nina\Downloads\PCRegistryShieldWWSetup.exe
2013-11-19 22:10 - 2013-11-19 22:10 - 00457280 _____ C:\Users\Nina\Downloads\setup.exe
2013-11-18 07:40 - 2013-11-18 07:40 - 104837737 _____ C:\Windows\SysWOW64\䔣놛©
2013-11-17 18:56 - 2013-11-17 18:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 18:41 - 2013-11-17 18:45 - 104695876 _____ C:\Windows\SysWOW64\럆ໟQ
2013-11-14 00:43 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 00:43 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 00:43 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 00:43 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 00:43 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 00:43 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 00:43 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 00:43 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 00:43 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 00:43 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 00:43 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 00:43 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 00:42 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 00:42 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 09:52 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 09:52 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 09:52 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 09:52 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 09:52 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 09:52 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 09:52 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 09:52 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 09:52 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 09:52 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 09:52 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 09:52 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 09:52 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 09:52 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 09:52 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 09:52 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 09:52 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 09:52 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 09:52 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 09:52 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 09:52 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 09:52 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 09:52 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 09:52 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 09:52 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 09:52 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 09:52 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 09:52 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 09:52 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 09:52 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-11 23:12 - 2013-11-11 23:13 - 00000000 ____D C:\Program Files (x86)\JFileManager
2013-11-11 23:00 - 2013-11-11 23:00 - 00554576 _____ C:\Users\Nina\Downloads\Java7(1).exe
2013-11-11 22:10 - 2013-11-11 22:10 - 00554576 _____ C:\Users\Nina\Downloads\Java7.exe
2013-11-11 21:26 - 2013-11-11 21:26 - 00262144 _____ C:\Windows\Minidump\111113-23805-01.dmp
2013-11-07 18:33 - 2013-11-11 19:08 - 103716811 _____ C:\Windows\SysWOW64\⋛깛@

==================== One Month Modified Files and Folders =======

2013-11-26 13:03 - 2013-11-21 00:58 - 00011452 _____ C:\Users\Nina\Desktop\FRST.txt
2013-11-26 13:00 - 2011-04-22 09:42 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Skype
2013-11-26 12:50 - 2013-11-21 01:02 - 00023083 _____ C:\Users\Nina\Desktop\Addition.txt
2013-11-26 12:49 - 2013-11-26 12:43 - 00000306 _____ C:\Users\Nina\Desktop\Search.txt
2013-11-26 12:46 - 2011-02-20 01:37 - 01055708 _____ C:\Windows\WindowsUpdate.log
2013-11-26 12:45 - 2009-07-14 05:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-26 12:45 - 2009-07-14 05:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-26 12:38 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-26 12:38 - 2009-07-14 05:51 - 00160283 _____ C:\Windows\setupact.log
2013-11-26 12:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2013-11-26 11:50 - 2013-11-26 11:49 - 00004999 _____ C:\Windows\IE11_main.log
2013-11-26 11:04 - 2013-11-26 11:04 - 00000000 ____D C:\Program Files (x86)\SecureW2
2013-11-26 11:03 - 2013-11-26 11:03 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
2013-11-26 11:01 - 2013-11-26 11:01 - 00596309 _____ C:\Users\Nina\Downloads\UHH_SecureW2_113.exe
2013-11-26 10:38 - 2013-04-19 18:33 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3930853845-1546403764-1166621345-1000UA.job
2013-11-26 10:26 - 2011-01-10 01:49 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-11-26 10:26 - 2011-01-10 01:49 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-11-26 10:26 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-26 10:06 - 2013-07-15 06:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-26 00:14 - 2013-11-26 00:14 - 00000000 ____D C:\FRST
2013-11-25 23:58 - 2013-11-25 23:58 - 01958474 _____ (Farbar) C:\Users\Nina\Desktop\FRST64.exe
2013-11-25 22:57 - 2013-11-25 22:56 - 00033050 _____ C:\Users\Nina\Downloads\FRST.txt
2013-11-25 22:09 - 2013-11-25 22:09 - 01958474 _____ (Farbar) C:\Users\Nina\Downloads\FRST64(2).exe
2013-11-25 22:07 - 2013-11-21 00:58 - 00000000 ____D C:\Users\Nina\Desktop\FRST
2013-11-25 20:37 - 2013-09-08 09:30 - 00003518 _____ C:\Windows\System32\Tasks\FileAdvisorCheck
2013-11-25 20:37 - 2013-09-08 09:30 - 00000000 ____D C:\Program Files (x86)\File Type Advisor
2013-11-25 19:38 - 2013-04-19 18:33 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3930853845-1546403764-1166621345-1000Core.job
2013-11-24 22:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-24 01:26 - 2013-08-15 20:48 - 00000526 _____ C:\Users\Nina\Desktop\Neues Textdokument.txt
2013-11-23 21:19 - 2013-11-23 21:19 - 00010597 _____ C:\Users\Nina\Desktop\JRT.txt
2013-11-23 21:12 - 2013-11-23 21:12 - 00000000 ____D C:\Windows\ERUNT
2013-11-23 21:11 - 2013-11-23 21:11 - 01034531 _____ (Thisisu) C:\Users\Nina\Downloads\JRT.exe
2013-11-23 21:04 - 2011-02-20 01:40 - 00630048 _____ C:\Windows\PFRO.log
2013-11-23 21:03 - 2012-09-27 22:12 - 00000000 ____D C:\ProgramData\Avira
2013-11-23 20:53 - 2013-11-23 20:53 - 00039604 _____ C:\Users\Nina\Desktop\AdwCleaner[S0].txt
2013-11-23 20:49 - 2013-11-23 20:44 - 00000000 ____D C:\AdwCleaner
2013-11-23 20:44 - 2013-11-23 20:44 - 01085542 _____ C:\Users\Nina\Downloads\adwcleaner.exe
2013-11-23 20:43 - 2013-11-23 20:43 - 00681176 _____ C:\Users\Nina\Downloads\ImageEditorSetup.exe
2013-11-23 13:30 - 2013-11-23 13:25 - 126764512 _____ C:\Users\Nina\Downloads\avira_free1401_antivirus_de(2).exe
2013-11-23 02:45 - 2013-03-27 16:32 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNina
2013-11-23 02:45 - 2013-03-27 16:32 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForNina.job
2013-11-22 20:47 - 2013-11-22 20:47 - 00024533 _____ C:\Users\Nina\Desktop\combofix.txt.txt
2013-11-22 20:46 - 2013-11-22 20:46 - 00024533 _____ C:\ComboFix.txt
2013-11-22 20:46 - 2013-11-22 20:26 - 00000000 ____D C:\Qoobox
2013-11-22 20:46 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-11-22 20:43 - 2013-11-22 20:26 - 00000000 ____D C:\Windows\erdnt
2013-11-22 20:42 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-22 20:26 - 2013-11-22 20:25 - 05147802 ____R (Swearware) C:\Users\Nina\Downloads\ComboFix.exe
2013-11-22 20:20 - 2013-11-22 20:20 - 00000242 _____ C:\Users\Nina\Desktop\defogger_enable.log
2013-11-22 20:20 - 2011-04-19 16:18 - 00000000 ____D C:\Users\Nina
2013-11-22 16:00 - 2013-11-21 23:38 - 00000000 ____D C:\Users\Nina\Desktop\BIO 10.Kl
2013-11-22 01:00 - 2011-04-23 20:07 - 00000000 ____D C:\Users\Nina\AppData\Local\CrashDumps
2013-11-21 23:03 - 2013-11-21 23:03 - 00002318 _____ C:\Users\Nina\Desktop\ESET.txt
2013-11-21 22:00 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-21 20:58 - 2013-11-21 20:58 - 00003584 _____ C:\Users\Nina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-21 19:20 - 2013-11-21 19:20 - 02347384 _____ (ESET) C:\Users\Nina\Downloads\esetsmartinstaller_deu.exe
2013-11-21 19:19 - 2013-11-21 19:15 - 201413432 _____ (Emsisoft GmbH                                               ) C:\Users\Nina\Downloads\EmsisoftAntiMalwareSetup_8.1.0.19.exe
2013-11-21 19:12 - 2013-11-21 19:12 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Malwarebytes
2013-11-21 19:12 - 2013-11-21 19:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-21 19:11 - 2013-11-21 19:11 - 00618912 _____ C:\Users\Nina\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2013-11-21 19:08 - 2013-11-21 19:08 - 00024574 _____ C:\Users\Nina\Desktop\Avira Free Antivirus.txt
2013-11-21 19:08 - 2013-11-21 19:06 - 126764512 _____ C:\Users\Nina\Downloads\avira_free1401_antivirus_de(1).exe
2013-11-21 18:55 - 2013-11-21 18:53 - 126764512 _____ C:\Users\Nina\Downloads\avira_free1401_antivirus_de.exe
2013-11-21 01:53 - 2013-11-21 01:53 - 00002407 _____ C:\Users\Nina\Desktop\GMER.tx.log
2013-11-21 01:26 - 2013-11-21 01:26 - 00000470 _____ C:\Users\Nina\Desktop\defogger_disable.log
2013-11-21 01:16 - 2013-11-21 01:16 - 00050477 _____ C:\Users\Nina\Desktop\Defogger.exe
2013-11-21 01:12 - 2013-11-21 01:11 - 00377856 _____ C:\Users\Nina\Desktop\pk91pmbk.exe
2013-11-21 00:26 - 2013-11-21 00:25 - 92120848 _____ (Microsoft Corporation) C:\Users\Nina\Downloads\msert.exe
2013-11-20 20:06 - 2012-07-26 10:32 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-20 20:06 - 2011-04-20 22:10 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-11-19 23:57 - 2013-11-19 23:56 - 05077672 _____ (ShieldApps                                                  ) C:\Users\Nina\Downloads\PCRegistryShieldWWSetup.exe
2013-11-19 22:37 - 2011-04-19 16:23 - 00000000 ___RD C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-19 22:26 - 2012-08-28 11:47 - 00000000 ____D C:\Users\Nina\AppData\Roaming\elsterformular
2013-11-19 22:26 - 2012-08-28 11:47 - 00000000 ____D C:\ProgramData\elsterformular
2013-11-19 22:12 - 2013-03-23 07:23 - 00001645 _____ C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-19 22:10 - 2013-11-19 22:10 - 00457280 _____ C:\Users\Nina\Downloads\setup.exe
2013-11-18 12:53 - 2012-09-27 21:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-18 07:40 - 2013-11-18 07:40 - 104837737 _____ C:\Windows\SysWOW64\䔣놛©
2013-11-17 18:56 - 2013-11-17 18:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 18:45 - 2013-11-17 18:41 - 104695876 _____ C:\Windows\SysWOW64\럆ໟQ
2013-11-14 00:42 - 2013-05-23 09:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 00:41 - 2013-07-22 12:30 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 00:38 - 2012-07-14 01:52 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 23:13 - 2013-11-11 23:12 - 00000000 ____D C:\Program Files (x86)\JFileManager
2013-11-11 23:00 - 2013-11-11 23:00 - 00554576 _____ C:\Users\Nina\Downloads\Java7(1).exe
2013-11-11 22:10 - 2013-11-11 22:10 - 00554576 _____ C:\Users\Nina\Downloads\Java7.exe
2013-11-11 21:26 - 2013-11-11 21:26 - 00262144 _____ C:\Windows\Minidump\111113-23805-01.dmp
2013-11-11 21:26 - 2011-09-07 20:46 - 477985246 _____ C:\Windows\MEMORY.DMP
2013-11-11 21:26 - 2011-09-07 20:46 - 00000000 ____D C:\Windows\Minidump
2013-11-11 19:08 - 2013-11-07 18:33 - 103716811 _____ C:\Windows\SysWOW64\⋛깛@
2013-11-10 14:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-08 22:16 - 2013-09-10 09:30 - 00000000 ____D C:\Users\Nina\AppData\Roaming\FileAdvisor
2013-11-07 15:37 - 2011-06-12 13:02 - 00000000 ____D C:\Users\Nina\Documents\DVDVideoSoft
2013-11-05 00:43 - 2011-04-19 19:46 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNINA-HP$
2013-11-05 00:43 - 2011-04-19 19:46 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForNINA-HP$.job
2013-11-03 12:26 - 2013-02-03 20:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-03 12:26 - 2011-04-22 09:41 - 00000000 ____D C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\Nina\AppData\Local\Temp\WZCPlugin_VISTA.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-24 22:42

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-11-2013 01
Ran by Nina at 2013-11-26 13:03:44
Running from C:\Users\Nina\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.8.612)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
ATI Catalyst Install Manager (Version: 3.0.804.0)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Bounce Symphony (x32 Version: 2.2.0.95)
Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95)
Cake Mania (x32 Version: 2.2.0.95)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.1217.1530.27758)
Catalyst Control Center InstallProxy (x32 Version: 2010.1217.1530.27758)
Catalyst Control Center Localization All (x32 Version: 2010.1217.1530.27758)
Catalyst Control Center Profiles Mobile (x32 Version: 2010.1217.1530.27758)
CCC Help Chinese Standard (x32 Version: 2010.1217.1529.27758)
CCC Help Chinese Traditional (x32 Version: 2010.1217.1529.27758)
CCC Help Czech (x32 Version: 2010.1217.1529.27758)
CCC Help Danish (x32 Version: 2010.1217.1529.27758)
CCC Help Dutch (x32 Version: 2010.1217.1529.27758)
CCC Help English (x32 Version: 2010.1217.1529.27758)
CCC Help Finnish (x32 Version: 2010.1217.1529.27758)
CCC Help French (x32 Version: 2010.1217.1529.27758)
CCC Help German (x32 Version: 2010.1217.1529.27758)
CCC Help Greek (x32 Version: 2010.1217.1529.27758)
CCC Help Hungarian (x32 Version: 2010.1217.1529.27758)
CCC Help Italian (x32 Version: 2010.1217.1529.27758)
CCC Help Japanese (x32 Version: 2010.1217.1529.27758)
CCC Help Korean (x32 Version: 2010.1217.1529.27758)
CCC Help Norwegian (x32 Version: 2010.1217.1529.27758)
CCC Help Polish (x32 Version: 2010.1217.1529.27758)
CCC Help Portuguese (x32 Version: 2010.1217.1529.27758)
CCC Help Russian (x32 Version: 2010.1217.1529.27758)
CCC Help Spanish (x32 Version: 2010.1217.1529.27758)
CCC Help Swedish (x32 Version: 2010.1217.1529.27758)
CCC Help Thai (x32 Version: 2010.1217.1529.27758)
ccc-core-static (x32 Version: 2010.1217.1530.27758)
ccc-utility64 (Version: 2010.1217.1530.27758)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Citavi (x32 Version: 3.3.0.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
DMUninstaller (x32)
Energy Star Digital Logo (x32 Version: 1.0.1)
EPSON SX430 Series Printer Uninstall
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.95)
File Type Advisor 1.0 (x32)
Free M4a to MP3 Converter 8.0 (x32)
Free Studio version 5.2.1 (x32)
Free YouTube to MP3 Converter version 3.11.33.1005 (x32 Version: 3.11.33.1005)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP CloudDrive (x32)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.1.0.0)
HP Game Console (x32)
HP Games (x32 Version: 1.0.1.5)
HP On Screen Display (x32 Version: 1.3.5)
HP Power Manager (x32 Version: 1.1.2)
HP Quick Launch (x32 Version: 2.7.2)
HP Setup (x32 Version: 8.4.4487.3576)
HP Setup Manager (x32 Version: 1.0.12845.3522)
HP Software Framework (x32 Version: 4.6.10.1)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Wireless Assistant (Version: 4.0.10.0)
IDT Audio (x32 Version: 1.0.6315.0)
Insaniquarium Deluxe (x32 Version: 2.2.0.95)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3074)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.02.00.1002)
Java Auto Updater (x32 Version: 2.0.2.4)
Java(TM) 6 Update 22 (64-bit) (Version: 6.0.220)
Java(TM) 6 Update 22 (x32 Version: 6.0.220)
Jewel Quest II (x32 Version: 2.2.0.95)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
JFileManager (x32 Version: v1.10)
John Deere Drive Green (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Penguins! (x32 Version: 2.2.0.95)
Pixum Fotobuch (x32)
Plants vs. Zombies (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
PX Profile Update (x32 Version: 1.00.1.)
Ralink RT5390 802.11b/g/n WiFi Adapter (x32 Version: 3.2.13.0)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.69)
Recovery Manager (x32 Version: 1.0.22)
SecureW2 EAP Suite 1.1.3 for Windows (x32)
Skype™ 6.9 (x32 Version: 6.9.106)
Slingo Deluxe (x32 Version: 2.2.0.95)
Synaptics Pointing Device Driver (Version: 15.2.4.4)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95)
Wedding Dash (x32 Version: 2.2.0.95)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.01 (32-Bit) (x32 Version: 4.01.0)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points  =========================

11-11-2013 22:12:12 Uniblue SpeedUpMyPC installation
13-11-2013 23:36:10 Windows Update
17-11-2013 18:00:09 Windows-Sicherung
19-11-2013 21:12:30 Uniblue DriverScanner installation
19-11-2013 21:18:41 Removed GlobeTrotter Connect
19-11-2013 21:24:48 Removed PictureMover.
19-11-2013 23:03:19 PC Registry Shield Mi, Nov 20, 13  00:03
21-11-2013 00:21:55 Installed GlobeTrotter Connect
24-11-2013 20:54:02 Windows-Sicherung
26-11-2013 10:48:52 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-11-22 20:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {2407C1A5-0BE0-4FB9-B946-FCB165F26153} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-11-17] ()
Task: {418078C8-683A-4557-A14C-C7DC9FF8A1E1} - System32\Tasks\HPCeeScheduleForNINA-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {44986713-F1D4-4AFC-BC0D-422ECA539149} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-07-12] (filetypeadvisor.com                                         )
Task: {562C1879-EBFC-4230-AF45-802BEC59E2BE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {68D44781-418F-4425-BB08-F5473F5E19DC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7C642886-9853-4E62-BDC5-376A3C3BB1BB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {8173BDB1-3F66-44F7-BD4F-635E72356941} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {874C0486-385E-4B54-8AAC-0F90BF28263E} - System32\Tasks\HPCeeScheduleForNina => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {8D1BB6AD-0EEB-4CE3-8910-ED11DBAAF38E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3930853845-1546403764-1166621345-1000UA => C:\Users\Nina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-19] (Facebook Inc.)
Task: {8F8FA523-F79E-43B2-9468-33043A514603} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {9DD70B12-1DCF-412A-AB6A-248852E5BF03} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3930853845-1546403764-1166621345-1000Core => C:\Users\Nina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-19] (Facebook Inc.)
Task: {AE5A6614-8386-4382-939D-41FFFD34D865} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-11-17] ()
Task: {BBFED22E-4546-4A9F-8295-819015F12D65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-11-19] (Microsoft)
Task: {C14A589E-0F39-4CF9-B372-5A1E0EBD9C38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {C59F3E7A-1B95-44B1-B954-BBF611014F5F} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-07-12] (File Type Advisor)
Task: {CD97BB2B-2B18-4DB7-BF9B-0B2B03AEF9C8} - \Feven 1.5-codedownloader No Task File
Task: {E26D2507-4D2B-42D5-A7A5-411DCC0937B9} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {EBB72869-9E03-4A86-9766-1BFA29E2D703} - \Feven 1.5-chromeinstaller No Task File
Task: {FCBBA331-8C26-4B30-B3FC-84DE8086A11C} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-09-26] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3930853845-1546403764-1166621345-1000Core.job => C:\Users\Nina\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3930853845-1546403764-1166621345-1000UA.job => C:\Users\Nina\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForNINA-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForNina.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-12-15 16:46 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2010-11-29 05:34 - 2010-11-29 05:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-12-02 10:09 - 2010-12-02 10:09 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-12-17 15:29 - 2010-12-17 15:29 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-07-21 14:33 - 2010-07-21 14:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-07-21 14:33 - 2010-07-21 14:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-07-21 14:33 - 2010-07-21 14:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2011-01-17 15:19 - 2011-05-18 19:16 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-08-14 19:03 - 2013-08-14 19:03 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9ab0e818cb3d1b6930eba54179f89300\IsdiInterop.ni.dll
2011-02-20 01:36 - 2011-01-12 16:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-11-17 18:56 - 2013-11-17 18:56 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/24/2013 10:45:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/23/2013 09:24:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (11/26/2013 11:50:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 für Windows 7 für x64-basierte Systeme

Error: (11/23/2013 11:16:06 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-11-22 20:39:44.765
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-22 20:39:44.585
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 3893.86 MB
Available physical RAM: 2120.69 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 5767.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.93 GB) (Free:360.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.53 GB) (Free:1.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: FBCCF9BA)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

cosinus · 26.11.2013, 13:38

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Manira · 27.11.2013, 10:20

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.26.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Nina :: NINA-HP [Administrator]

Schutz: Deaktiviert

26.11.2013 16:51:47
mbam-log-2013-11-26 (16-51-47).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 219401
Laufzeit: 4 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Nina\Downloads\ImageEditorSetup.exe (PUP.Optional.JumpyApps.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nina\Downloads\Java7(1).exe (PUP.Optional.Domalq) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nina\Downloads\Java7.exe (PUP.Optional.Domalq) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nina\Downloads\setup.exe (PUP.Optional.DomalIQ.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=005d0d9707001e43af8f55f5c60f3e87
# engine=16033
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-26 06:32:36
# local_time=2013-11-26 07:32:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776574 66 85 12022291 137120606 0 0
# scanned=223781
# found=0
# cleaned=0
# scan_time=8324
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=005d0d9707001e43af8f55f5c60f3e87
# engine=16033
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-26 08:29:38
# local_time=2013-11-26 09:29:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776574 66 85 12029313 137127628 0 0
# scanned=185237
# found=0
# cleaned=0
# scan_time=6946
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=005d0d9707001e43af8f55f5c60f3e87
# engine=16036
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-27 09:07:32
# local_time=2013-11-27 10:07:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776574 66 85 12074787 137173102 0 0
# scanned=257974
# found=14
# cleaned=0
# scan_time=45209
sh=7F767736133978B4595686663EC492BFC767A694 ft=0 fh=0000000000000000 vn="WMA/TrojanDownloader.GetCodec.C trojan" ac=I fn="G:\iTunes Music\charria music\money is for nothing.mp3"
sh=FFBBB555628735E67A65CE4C2A7BEDB6F1DCBB3A ft=0 fh=0000000000000000 vn="WMA/TrojanDownloader.Wimad.NAA trojan" ac=I fn="G:\iTunes Music\limewre\20. Bart B More Vs. Oliver Twizt - Finally 2009 (Original Radio Edit).wma"
sh=A8BB17F869E3AFE9C2C747E89996E105E837C3DF ft=0 fh=0000000000000000 vn="a variant of WMA/TrojanDownloader.GetCodec.gen trojan" ac=I fn="G:\iTunes Music\limewre\corrupted sexy girl has shaking orgasm during sex.mp3"
sh=C7B993C5A5063247674161856C7C75D657A3DB1C ft=0 fh=0000000000000000 vn="WMA/TrojanDownloader.GetCodec.C trojan" ac=I fn="G:\iTunes Music\limewre\el presente julieta vanegas.mp3"
sh=52EF4DE7B92D3D717FDF3D255C57DD3F687B33FF ft=0 fh=0000000000000000 vn="a variant of Generik.CFDFCZI trojan" ac=I fn="G:\iTunes Music\limewre\himno de santafe de bogota.wma"
sh=D3B305BC93D0B60AB6A3A6FA544AD3142CD763B5 ft=0 fh=0000000000000000 vn="a variant of WMA/TrojanDownloader.GetCodec.gen trojan" ac=I fn="G:\iTunes Music\limewre\himno de santiago de cali mp3.snd"
sh=7F767736133978B4595686663EC492BFC767A694 ft=0 fh=0000000000000000 vn="WMA/TrojanDownloader.GetCodec.C trojan" ac=I fn="G:\iTunes Music\limewre\i kiseed girl katy perry.mp3"
sh=E808E2E002B6D80D44FCCF3C1C58CFB27BC6AF36 ft=0 fh=0000000000000000 vn="a variant of Generik.IIYTTCE trojan" ac=I fn="G:\iTunes Music\limewre\juan luis guerra 2009.wma"
sh=2C0D6190E9925F024B469009FB38A23D24FDF2CA ft=0 fh=0000000000000000 vn="a variant of WMA/TrojanDownloader.GetCodec.gen trojan" ac=I fn="G:\iTunes Music\limewre\love song mario kart MTV.mp3"
sh=56914D6E80036E3A809AC8AA6A5D0343630A8F0D ft=0 fh=0000000000000000 vn="a variant of Generik.FNYASWI trojan" ac=I fn="G:\iTunes Music\limewre\love song mario kart.wma"
sh=B7FF87C1F5E8417304CAB4CEC88BF800B9FBE110 ft=0 fh=0000000000000000 vn="a variant of WMA/TrojanDownloader.GetCodec.gen trojan" ac=I fn="G:\iTunes Music\limewre\Ministry Of Sound The Sound Of Bassline 2008.wma"
sh=7AB030373377CCDCBDFE18BF092E92A0DDD2AD4E ft=0 fh=0000000000000000 vn="a variant of WMA/TrojanDownloader.GetCodec.gen trojan" ac=I fn="G:\iTunes Music\limewre\rod lee ken knott.mp3"
sh=7F767736133978B4595686663EC492BFC767A694 ft=0 fh=0000000000000000 vn="WMA/TrojanDownloader.GetCodec.C trojan" ac=I fn="G:\iTunes Music\limewre\si no te hubieras ido mana.mp3"
sh=EBDB8E6B0A21BB2D3B6D28C6E364EF6E92D0F8FC ft=0 fh=0000000000000000 vn="a variant of WMA/TrojanDownloader.GetCodec.gen trojan" ac=I fn="G:\iTunes Music\limewre\thump mr timothy 192kb.mp3"

25.11.2013, 20:46	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7 : Wie entferne ich Do-Search? Da fehlt aber was, das zeigt nur den Inhalt der Fixliste, aber nicht ob der Fix tatsächlich durchgeführt wurde __________________ Logfiles bitte immer in CODE-Tags posten

26.11.2013, 13:00	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7 : Wie entferne ich Do-Search? Frisches FRST Log bitte. Vor dem Scan bitte Haken bei additions.txt setzen __________________ Logfiles bitte immer in CODE-Tags posten

Windows 7 : Wie entferne ich Do-Search?

Log-Analyse und Auswertung: Windows 7 : Wie entferne ich Do-Search?