Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Computer voller Spam, Werbebannern, etc.

Computer voller Spam, Werbebannern, etc.


Plagegeister aller Art und deren Bekämpfung: Computer voller Spam, Werbebannern, etc.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 07.01.2014, 15:32   #1
schnüffel
 
Computer voller Spam, Werbebannern, etc. - Standard

Computer voller Spam, Werbebannern, etc.


Guten Tag

Kann mir jemand helfen? Auf meinem PC gehen laufend neue Fenster auf, Werbebanner werden eingeblendet, etc.
Habe Windows 7 Professional, PC.

Vielen Dank für die Unterstützung!

Alt 07.01.2014, 15:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer voller Spam, Werbebannern, etc. - Standard

Computer voller Spam, Werbebannern, etc.


Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 07.01.2014, 17:09   #3
schnüffel
 
Computer voller Spam, Werbebannern, etc. - Standard

Computer voller Spam, Werbebannern, etc.


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by Sabrina (administrator) on SABRINA-THINK on 07-01-2014 17:08:02
Running from C:\Users\Sabrina\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

ATTENTION: If processes are not listed WMI should be repaired.


==================== Processes (Whitelisted) =================





==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] - C:\Program Files\CONEXANT\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] - C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe [281960 2011-05-25] (Lenovo Group Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] - C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [1629544 2011-08-31] (Lenovo Group Limited)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-14] (Lenovo, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [606208 2009-10-13] ()
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Swisscom Quick Help] - C:\Program Files (x86)\Swisscom\Quick Help\SwisscomQuickHelp.exe [16668080 2013-10-02] (Swisscom)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744 2012-06-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKCU\...\Run: [LTT] - C:\Program Files\PC-Doctor\EnableToolbarW32.exe [23120 2011-06-27] (PC-Doctor, Inc.)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\SWTOOLS\SimpleTap DeskBand\ShowBand.exe [156472 2011-12-21] ()
HKU\Default User\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\SWTOOLS\SimpleTap DeskBand\ShowBand.exe [156472 2011-12-21] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-11-02] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll  c:\progra~2\gsb779~1.en~ [3041792 2014-01-04] ()
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sabrina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: proxy.lfrz.at:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchsunmy.info/?pid=377&r=2014/01/04&hid=6896541430164809529&lg=EN&cc=CH&unqvl=45
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchsunmy.info/?pid=377&r=2014/01/04&hid=6896541430164809529&lg=EN&cc=CH&unqvl=45
URLSearchHook: HKLM-x32 - Default Value = {74198672-5F7D-4FE9-A611-4AC1D5A66A15}
URLSearchHook: HKLM-x32 - SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dll (SimilarGroup)
URLSearchHook: HKCU - Default Value = {74198672-5F7D-4FE9-A611-4AC1D5A66A15}
URLSearchHook: HKCU - SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dll (SimilarGroup)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchsunmy.info/?l=1&q={searchTerms}&pid=377&r=2014/01/04&hid=6896541430164809529&lg=EN&cc=CH&unqvl=45
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deCH472
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deCH472
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchsunmy.info/?l=1&q={searchTerms}&pid=377&r=2014/01/04&hid=6896541430164809529&lg=EN&cc=CH&unqvl=45
BHO: YoutubeAdblocker - {159BC49F-2CD6-4CB7-932B-1027665E58BD} - C:\Program Files (x86)\YoutubeAdblocker\_2iD.x64.dll ()
BHO: greaotssaVer - {4F72390C-3192-91EF-ECD9-D90061D298A2} - C:\Program Files (x86)\greaotssaVer\2ZKW9c.x64.dll ()
BHO: SNT - {847493A0-9B57-E1D5-FE2C-CC1B12BC46CB} - C:\Program Files (x86)\SNT\p7T2DTlA.x64.dll ()
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: YoutubeAdblocker - {159BC49F-2CD6-4CB7-932B-1027665E58BD} - C:\Program Files (x86)\YoutubeAdblocker\_2iD.dll ()
BHO-x32: greaotssaVer - {4F72390C-3192-91EF-ECD9-D90061D298A2} - C:\Program Files (x86)\greaotssaVer\2ZKW9c.dll ()
BHO-x32: SNT - {847493A0-9B57-E1D5-FE2C-CC1B12BC46CB} - C:\Program Files (x86)\SNT\p7T2DTlA.dll ()
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
Toolbar: HKLM-x32 - SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dll (SimilarGroup)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D5A2C57D-7554-4054-AE53-57D7A4D0B831}: [NameServer]195.186.152.33 195.186.216.33

FireFox:
========
FF ProfilePath: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: WebSearch
FF Homepage: https://www.google.ch/
FF Keyword.URL: hxxp://websearch.searchsunmy.info/?pid=377&r=2014/01/04&hid=6896541430164809529&lg=EN&cc=CH&unqvl=45&l=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YoutubeAdblocker - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\ae1p.9uu@oeydjckxxkya-.co.uk
FF Extension: SimilarWeb - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\FirefoxAddon@similarWeb.com
FF Extension: goreatsoAvver - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\x-7oyya@odukqlwm-.org
FF Extension: SNT - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\yurxzs.t@iiio-eyule.edu
FF Extension: Swisscom Quick Help - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\{6A6114A5-EEF5-45F4-BCD1-B00A7B33E04B}
FF Extension: iMacros for Firefox - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF Extension: Firebug - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
FF HKLM-x32\...\Firefox\Extensions: [{E4D8AFFF-DA7C-412F-A976-05ED142C7806}] - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\FireFox_Remote\
FF Extension: Unlimited Data Manager - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\FireFox_Remote\

Chrome: 
=======
CHR HomePage: hxxp://websearch.searchsunmy.info/?pid=377&r=2014/01/04&hid=6896541430164809529&lg=EN&cc=CH&unqvl=45
CHR RestoreOnStartup: "hxxp://websearch.searchsunmy.info/?pid=377&r=2014/01/04&hid=6896541430164809529&lg=EN&cc=CH&unqvl=45"
CHR Extension: (YTBBookMark) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\amabcieebhjofcnbdphdmfkfcdgfilgk\1.1
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0
CHR Extension: (goreatsoAvver) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmnkecdffcoibofckamdddfgeohpikij\2.7
CHR Extension: (Google Search) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0
CHR Extension: () - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpicgdnjfnbkibnicdnnpkkpklkjkki\2.0.0.4_0
CHR Extension: (Speedy Shopper) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp\167
CHR Extension: (SNT) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgmnfaeohlofnjigiimjlbjleaomlei\2.1
CHR Extension: (YoutubeAdblocker) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfpknoifpolmopniafjdmhgpeobpcbba\1.0
CHR Extension: (Norton Identity Protection) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0
CHR Extension: (Gmail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0

==================== Services (Whitelisted) =================

R2 1a34a8e0; C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
R2 1a34a8e0; C:\Windows\SysWow64\rundll32.exe [44544 2009-07-14] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 SesamService; C:\Program Files (x86)\Swisscom\Sesam\BIN\SecMIPService.exe [1482240 2011-05-16] (Swisscom)
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [307568 2010-09-22] (Sierra Wireless, Inc.)
R2 UDM Service; C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe [182128 2011-05-20] (Swisscom)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-06-30] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-25] (Samsung Electronics Co., Ltd.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2011-02-18] (Huawei Technologies Co., Ltd.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284008 2012-11-02] (NVIDIA Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 WtSmpAdap; C:\Windows\System32\DRIVERS\wtsmpadap.sys [56688 2011-04-11] (Swisscom)
R1 WtSmpFlt; C:\Windows\System32\DRIVERS\wtsmpflt.sys [409456 2011-04-11] (Swisscom)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-07 17:07 - 2014-01-07 17:07 - 01931762 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2014-01-06 22:19 - 2014-01-06 22:20 - 00000093 _____ C:\Users\Sabrina\AppData\Roaming\ARCompanion.log
2014-01-05 14:51 - 2014-01-05 14:51 - 00001179 _____ C:\Users\UpdatusUser\Desktop\CH-Finance.lnk
2014-01-05 14:51 - 2014-01-05 14:51 - 00001179 _____ C:\Users\Sabrina\Desktop\CH-Finance.lnk
2014-01-05 14:51 - 2014-01-05 14:51 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amadeus Informatik
2014-01-05 14:51 - 2014-01-05 14:51 - 00000000 ____D C:\Program Files (x86)\Amadeus Informatik
2014-01-05 14:50 - 2014-01-05 14:50 - 00001955 _____ C:\Program Files (x86)\INSTALL.LOG
2014-01-05 14:50 - 2002-07-26 17:02 - 00153088 _____ C:\Program Files (x86)\UNWISE.EXE
2014-01-04 18:10 - 2014-01-05 14:47 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2014-01-04 18:10 - 2014-01-04 18:14 - 00000000 ____D C:\Users\Sabrina\Documents\Decrypt Output
2014-01-04 18:09 - 2014-01-04 18:09 - 08098484 _____ (Epubor.com.                                                 ) C:\Users\Sabrina\Downloads\epubee.exe
2014-01-04 18:09 - 2014-01-04 18:09 - 00524384 _____ C:\Users\Sabrina\Downloads\epubee drm removal setup(1).exe
2014-01-04 18:08 - 2014-01-04 18:08 - 00524384 _____ C:\Users\Sabrina\Downloads\epubee drm removal setup.exe
2014-01-04 18:05 - 2014-01-04 18:05 - 00000000 ____D C:\ProgramData\SNT
2014-01-04 18:05 - 2014-01-04 18:05 - 00000000 ____D C:\Program Files (x86)\SNT
2014-01-04 18:04 - 2014-01-04 18:05 - 00000000 ____D C:\ProgramData\SoftWarehouse
2014-01-04 18:04 - 2014-01-04 18:04 - 03041792 _____ C:\Program Files (x86)\GS.Enabler
2014-01-04 18:04 - 2014-01-04 18:04 - 02759168 _____ C:\Program Files (x86)\GS_x64.Enabler
2014-01-04 18:04 - 2014-01-04 18:04 - 00146768 _____ C:\Program Files (x86)\GSSvc.dll
2014-01-04 18:04 - 2014-01-04 18:04 - 00002710 _____ C:\Windows\System32\Tasks\GS.Enabler-S-926685765
2014-01-04 18:04 - 2014-01-04 18:04 - 00000464 ____H C:\Windows\Tasks\GS.Enabler-S-926685765.job
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Packages
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\ProgramData\YoutubeAdblocker
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\ProgramData\greaotssaVer
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\Program Files (x86)\YoutubeAdblocker
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\Program Files (x86)\greaotssaVer
2014-01-04 18:02 - 2014-01-04 18:05 - 00000000 ____D C:\ProgramData\InstallMate
2014-01-04 18:02 - 2014-01-04 18:05 - 00000000 ____D C:\ProgramData\fc124d4af23c6577
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator
2014-01-04 18:01 - 2014-01-04 18:01 - 00321512 _____ (SoftWarehouse) C:\Users\Sabrina\Downloads\tools v6.0.8.exe
2014-01-04 17:51 - 2014-01-04 17:51 - 00000000 ____D C:\Users\Sabrina\AppData\Local\calibre-cache
2014-01-04 17:50 - 2014-01-04 18:27 - 00000000 ____D C:\Users\Sabrina\Documents\Calibre-Bibliothek
2014-01-04 17:50 - 2014-01-04 18:20 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\calibre
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\Users\Sabrina\Documents\My Books
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Sony Corporation
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\Users\Sabrina\AppData\Local\kinoma
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\ProgramData\Sony Corporation
2014-01-04 17:46 - 2014-01-06 22:07 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Sony Corporation
2014-01-04 17:45 - 2014-01-04 17:47 - 54211072 _____ C:\Users\Sabrina\Downloads\calibre-1.18.0.msi
2014-01-04 17:38 - 2014-01-04 17:43 - 00000000 ____D C:\Users\Sabrina\Documents\My Kindle Content
2014-01-04 17:37 - 2014-01-04 17:38 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Amazon
2014-01-04 17:37 - 2014-01-04 17:37 - 38103832 _____ (Amazon.com) C:\Users\Sabrina\Downloads\KindleForPC-installer.exe
2014-01-04 17:34 - 2014-01-04 17:38 - 44221288 _____ (Sony Corporation                                             ) C:\Users\Sabrina\Downloads\ReaderInstaller.exe
2014-01-02 20:28 - 2014-01-02 20:28 - 00010484 _____ C:\Users\Sabrina\Desktop\Wochenplan.xlsx
2013-12-20 14:55 - 2013-12-20 14:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 20:43 - 2014-01-03 11:14 - 00199492 _____ C:\Windows\SysWOW64\~.tmp
2013-12-12 19:04 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 19:04 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 19:04 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 19:04 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 19:02 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 19:02 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 19:02 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 19:02 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 19:02 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 19:02 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 19:02 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 19:02 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 19:02 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 19:02 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 19:02 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 19:02 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 19:02 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 19:02 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 19:02 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 19:02 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 19:02 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 19:02 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 19:02 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 19:02 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 19:02 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 19:02 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 19:02 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 19:02 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 19:02 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 19:02 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 19:02 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 19:01 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 19:01 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 19:01 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 19:01 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-10 21:36 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-10 21:36 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-10 21:35 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-10 21:35 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-10 21:35 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-10 21:34 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-10 21:34 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-10 21:29 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-10 21:29 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-10 21:29 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-10 21:29 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 21:28 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-10 21:28 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-10 21:28 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-10 21:28 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-10 21:28 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-10 21:28 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-10 21:28 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-10 21:28 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe

==================== One Month Modified Files and Folders =======

2014-01-07 17:08 - 2013-10-17 21:07 - 00019437 _____ C:\Users\Sabrina\Downloads\FRST.txt
2014-01-07 17:07 - 2014-01-07 17:07 - 01931762 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2014-01-07 17:01 - 2012-04-06 13:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-07 16:42 - 2009-07-14 05:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-07 16:42 - 2009-07-14 05:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-07 16:26 - 2012-02-13 08:42 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-07 16:03 - 2012-02-13 07:46 - 01778180 _____ C:\Windows\WindowsUpdate.log
2014-01-07 15:07 - 2012-02-25 10:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-07 14:29 - 2012-02-13 08:42 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-07 14:25 - 2012-02-13 07:16 - 00659842 _____ C:\Windows\system32\perfh007.dat
2014-01-07 14:25 - 2012-02-13 07:16 - 00131942 _____ C:\Windows\system32\perfc007.dat
2014-01-07 14:25 - 2009-07-14 06:13 - 01507566 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-07 14:22 - 2012-02-25 11:07 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Adobe
2014-01-07 14:21 - 2012-03-22 17:39 - 00000000 ____D C:\ProgramData\UDM
2014-01-07 14:21 - 2012-02-25 17:46 - 00003506 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-01-07 14:21 - 2012-02-25 17:46 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2014-01-07 14:21 - 2012-02-25 17:46 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2014-01-06 22:23 - 2012-02-25 17:47 - 00117032 _____ C:\Users\Sabrina\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-06 22:21 - 2009-07-14 05:51 - 00112312 _____ C:\Windows\setupact.log
2014-01-06 22:20 - 2014-01-06 22:19 - 00000093 _____ C:\Users\Sabrina\AppData\Roaming\ARCompanion.log
2014-01-06 22:20 - 2013-05-15 06:51 - 00000000 ____D C:\Program Files (x86)\Citrix
2014-01-06 22:19 - 2013-05-15 06:51 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Citrix
2014-01-06 22:19 - 2012-02-25 10:11 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Mozilla
2014-01-06 22:18 - 2012-02-25 09:57 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Google
2014-01-06 22:07 - 2014-01-04 17:46 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Sony Corporation
2014-01-06 22:05 - 2012-02-13 07:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-05 21:24 - 2012-03-06 06:54 - 00000000 ____D C:\Users\Sabrina\AppData\Local\CrashDumps
2014-01-05 14:51 - 2014-01-05 14:51 - 00001179 _____ C:\Users\UpdatusUser\Desktop\CH-Finance.lnk
2014-01-05 14:51 - 2014-01-05 14:51 - 00001179 _____ C:\Users\Sabrina\Desktop\CH-Finance.lnk
2014-01-05 14:51 - 2014-01-05 14:51 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amadeus Informatik
2014-01-05 14:51 - 2014-01-05 14:51 - 00000000 ____D C:\Program Files (x86)\Amadeus Informatik
2014-01-05 14:50 - 2014-01-05 14:50 - 00001955 _____ C:\Program Files (x86)\INSTALL.LOG
2014-01-05 14:47 - 2014-01-04 18:10 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2014-01-05 14:47 - 2012-02-25 09:58 - 00000000 ___RD C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-04 18:27 - 2014-01-04 17:50 - 00000000 ____D C:\Users\Sabrina\Documents\Calibre-Bibliothek
2014-01-04 18:20 - 2014-01-04 17:50 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\calibre
2014-01-04 18:14 - 2014-01-04 18:10 - 00000000 ____D C:\Users\Sabrina\Documents\Decrypt Output
2014-01-04 18:09 - 2014-01-04 18:09 - 08098484 _____ (Epubor.com.                                                 ) C:\Users\Sabrina\Downloads\epubee.exe
2014-01-04 18:09 - 2014-01-04 18:09 - 00524384 _____ C:\Users\Sabrina\Downloads\epubee drm removal setup(1).exe
2014-01-04 18:08 - 2014-01-04 18:08 - 00524384 _____ C:\Users\Sabrina\Downloads\epubee drm removal setup.exe
2014-01-04 18:05 - 2014-01-04 18:05 - 00000000 ____D C:\ProgramData\SNT
2014-01-04 18:05 - 2014-01-04 18:05 - 00000000 ____D C:\Program Files (x86)\SNT
2014-01-04 18:05 - 2014-01-04 18:04 - 00000000 ____D C:\ProgramData\SoftWarehouse
2014-01-04 18:05 - 2014-01-04 18:02 - 00000000 ____D C:\ProgramData\InstallMate
2014-01-04 18:05 - 2014-01-04 18:02 - 00000000 ____D C:\ProgramData\fc124d4af23c6577
2014-01-04 18:04 - 2014-01-04 18:04 - 03041792 _____ C:\Program Files (x86)\GS.Enabler
2014-01-04 18:04 - 2014-01-04 18:04 - 02759168 _____ C:\Program Files (x86)\GS_x64.Enabler
2014-01-04 18:04 - 2014-01-04 18:04 - 00146768 _____ C:\Program Files (x86)\GSSvc.dll
2014-01-04 18:04 - 2014-01-04 18:04 - 00002710 _____ C:\Windows\System32\Tasks\GS.Enabler-S-926685765
2014-01-04 18:04 - 2014-01-04 18:04 - 00000464 ____H C:\Windows\Tasks\GS.Enabler-S-926685765.job
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Packages
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\ProgramData\YoutubeAdblocker
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\ProgramData\greaotssaVer
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\Program Files (x86)\YoutubeAdblocker
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\Program Files (x86)\greaotssaVer
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator
2014-01-04 18:01 - 2014-01-04 18:01 - 00321512 _____ (SoftWarehouse) C:\Users\Sabrina\Downloads\tools v6.0.8.exe
2014-01-04 17:51 - 2014-01-04 17:51 - 00000000 ____D C:\Users\Sabrina\AppData\Local\calibre-cache
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\Users\Sabrina\Documents\My Books
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Sony Corporation
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\Users\Sabrina\AppData\Local\kinoma
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\ProgramData\Sony Corporation
2014-01-04 17:47 - 2014-01-04 17:45 - 54211072 _____ C:\Users\Sabrina\Downloads\calibre-1.18.0.msi
2014-01-04 17:43 - 2014-01-04 17:38 - 00000000 ____D C:\Users\Sabrina\Documents\My Kindle Content
2014-01-04 17:38 - 2014-01-04 17:37 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Amazon
2014-01-04 17:38 - 2014-01-04 17:34 - 44221288 _____ (Sony Corporation                                             ) C:\Users\Sabrina\Downloads\ReaderInstaller.exe
2014-01-04 17:37 - 2014-01-04 17:37 - 38103832 _____ (Amazon.com) C:\Users\Sabrina\Downloads\KindleForPC-installer.exe
2014-01-03 11:14 - 2013-12-19 20:43 - 00199492 _____ C:\Windows\SysWOW64\~.tmp
2014-01-02 20:28 - 2014-01-02 20:28 - 00010484 _____ C:\Users\Sabrina\Desktop\Wochenplan.xlsx
2014-01-02 19:11 - 2012-04-03 21:34 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Dropbox
2014-01-02 16:15 - 2012-04-03 21:35 - 00000000 ___RD C:\Users\Sabrina\Dropbox
2014-01-02 16:14 - 2012-02-13 08:01 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-02 16:13 - 2012-02-25 17:46 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-01-02 16:13 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-28 15:11 - 2012-02-25 17:46 - 00004246 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-12-23 17:03 - 2013-12-01 20:48 - 00001040 _____ C:\Users\Sabrina\Desktop\Dropbox.lnk
2013-12-23 17:03 - 2013-12-01 20:47 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-23 13:52 - 2012-02-25 10:20 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Microsoft Help
2013-12-21 12:22 - 2012-05-22 16:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 14:55 - 2013-12-20 14:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 13:04 - 2009-07-14 05:45 - 05247912 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-20 07:48 - 2013-03-11 13:57 - 00000000 ____D C:\Users\Sabrina\Documents\Heino
2013-12-18 20:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-18 03:03 - 2013-08-02 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-12-18 03:01 - 2012-08-29 06:47 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 12:50 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-14 12:48 - 2010-11-21 04:47 - 00811210 _____ C:\Windows\PFRO.log
2013-12-13 13:38 - 2012-02-13 08:42 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-12 22:19 - 2012-06-14 15:51 - 00000000 ____D C:\Users\Sabrina\Documents\Masterarbeit
2013-12-10 21:01 - 2012-04-06 13:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 21:01 - 2012-04-06 13:52 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 21:01 - 2012-02-27 18:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-08 19:54 - 2012-03-06 11:40 - 00000000 ____D C:\Users\Sabrina\Documents\ETH

Some content of TEMP:
====================
C:\Users\Sabrina\AppData\Local\Temp\1381228536_Cloud_Backup_Setup.exe
C:\Users\Sabrina\AppData\Local\Temp\ARCompanionForSession1.exe
C:\Users\Sabrina\AppData\Local\Temp\BackupSetup.exe
C:\Users\Sabrina\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 10:29

==================== End Of Log ============================
--- --- ---

--- --- ---
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Sabrina at 2013-10-17 22:07:22
Running from C:\Users\Sabrina\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
Adobe AIR (x32 Version: 3.7.0.1530)
Adobe Extension Manager CS6 (x32 Version: 6.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe InDesign CS5 (x32 Version: 7.0)
Adobe Media Player (x32 Version: 1.8)
Adobe Photoshop 7.0.1 (x32 Version: 7.0.1)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8)
Apple Application Support (x32 Version: 2.3)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (x32 Version: 2.1.3.127)
Avira Free Antivirus (x32 Version: 12.1.9.2500)
Bonjour (Version: 3.0.0.10)
Broadcom InConcert Maestro (Version: 1.0.1.1500)
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.0.08057)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.08057)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7)
Citrix Authentication Manager (x32 Version: 4.0.0.53726)
Citrix Endpoint Analysis Plugin (x32 Version: 4.5.5.0)
Citrix Receiver (DV) (x32 Version: 13.4.0.25)
Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 13.4.0.25)
Citrix Receiver (USB) (x32 Version: 13.4.0.25)
Citrix Receiver (x32 Version: 13.4.0.25)
Citrix Receiver Inside (x32 Version: 3.4.0.29585)
Citrix Receiver Updater (x32 Version: 3.4.0.29577)
Citrix Receiver(Aero) (x32 Version: 13.4.0.25)
Conexant 20672 SmartAudio HD (Version: 8.32.23.0)
Corel WinDVD (x32 Version: 10.0.5.828)
Create Recovery Media (x32 Version: 1.20.0.00)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (Version: 1.00)
EasyRotator Wizard (x32 Version: 1.0.123)
EasyTax 2012 AG 1.02 (x32 Version: 1.02)
Evernote v. 4.2.3 (x32 Version: 4.2.3.15)
Free Audio Converter version 5.0.15.706 (x32 Version: 5.0.15.706)
Free DVD Video Converter version 2.0.9.706 (x32 Version: 2.0.9.706)
Free Video to Flash Converter version 5.0.15.706 (x32 Version: 5.0.15.706)
Free YouTube Download version 3.1.42.1212 (x32 Version: 3.1.42.1212)
Free YouTube to MP3 Converter version 3.11.37.1212 (x32 Version: 3.11.37.1212)
Google Chrome (x32 Version: 30.0.1599.69)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
IB Updater Service (x32 Version: 4.0.7.4)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (x32 Version: 1.1.0.1147)
Integrated Camera TWAIN (x32 Version: 1.0.11.1223)
Intel PROSet Wireless
Intel PROSet Wireless (x32)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2321)
Intel(R) PROSet/Wireless WiFi Software (Version: 14.2.0000)
Internet Explorer Toolbar 4.6 by SweetPacks (x32 Version: 4.6.0003)
iTunes (Version: 10.6.3.25)
Kalender-Excel-8.8 (x32 Version: 8.8)
Lenovo Auto Scroll Utility (Version: 1.10)
Lenovo Patch Utility (x32 Version: 1.0.1.1)
Lenovo Patch Utility 64 bit (Version: 1.2.0.1)
Lenovo Registration (x32 Version: 1.0.4)
Lenovo SimpleTap (Version: 3.0.0010.00)
Lenovo System Interface Driver (Version: 1.05)
Lenovo ThinkVantage Toolbox (Version: 6.0.5849.23)
Lenovo User Guide (x32 Version: 1.0.0008.00)
Lenovo Warranty Information (x32 Version: 1.0.0005.00)
Lenovo Welcome (x32 Version: 3.00.006.0)
Macromedia Contribute 3 (x32 Version: 3.0.2.2326)
Macromedia Dreamweaver 8 (x32 Version: 8.0.0.2751)
Macromedia Extension Manager (x32 Version: 1.7.270)
Macromedia Fireworks 8 (x32 Version: 8.0.0.777)
Macromedia Flash 8 (x32 Version: 8.00.0000)
Macromedia Flash 8 Video Encoder (x32 Version: 1.00.0000)
Macromedia HomeSite+ (x32)
Message Center Plus (x32 Version: 2.0.0012.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nur Entfernen der CopyTrans Suite möglich (HKCU Version: 2.36)
NVIDIA 3D Vision Treiber 306.97 (Version: 306.97)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA HD-Audiotreiber 1.2.23.3 (Version: 1.2.23.3)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.0697)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Update Components (Version: 1.10.8)
On Screen Display (Version: 6.50.00)
Online Plug-in (x32 Version: 13.4.0.25)
PDF Settings CS5 (x32 Version: 10.0)
PDFCreator (x32 Version: 1.2.3)
Picasa 3 (x32 Version: 3.9)
Private Tax 2011 1.4 (x32 Version: 1.4)
Programmer's Notepad (x32 Version: 2.3.4.2350)
ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14)
QuickTime (x32 Version: 7.73.80.64)
R for Windows 2.14.1 (Version: 2.14.1)
RapidBoot (Version: 1.11)
Readiris Pro 10 (x32)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)
RICOH_Media_Driver_v2.14.18.01 (x32 Version: 2.14.18.01)
Samsung CLX-3170 Series (x32)
Secure Download Manager (x32 Version: 3.0.3)
Self-Service Plug-in (x32 Version: 3.4.0.33684)
SimilarWeb (x32 Version: 0.0.0.1)
SmarThru 4 (x32)
SmarThru PC Fax (x32)
SweetIM for Messenger 3.7 (x32 Version: 3.7.0005)
Swisscom Quick Help (x32 Version: 3.3.2.340)
System Update (x32 Version: 4.01.0015)
TDM-GCC (x32 Version: 1.1006.0)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.4.0.1500)
ThinkPad FullScreen Magnifier (Version: 2.40)
ThinkPad Modem Adapter (Version: 7.80.5.0)
ThinkPad Power Management Driver (Version: 1.61.00.11)
ThinkPad Power Manager (x32 Version: 3.63)
ThinkPad UltraNav Driver (Version: 15.3.8.0)
ThinkPad UltraNav Utility (x32 Version: 2.13.0)
ThinkVantage Active Protection System (Version: 1.73)
ThinkVantage AutoLock (Version: 1.03)
ThinkVantage Communications Utility (Version: 2.07)
ThinkVantage Fingerprint Software (Version: 5.9.4.6882)
Tinn-R 2.3.7.1 (x32)
TopStyle Lite (Version 3.0) (x32 Version: 3.1.0)
Unlimited Data Manager 10.0.0 (x32 Version: 10.0.21168.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Update Manager for SweetPacks 1.0 (x32 Version: 1.0.0005)
VIP Access (x32 Version: 2.0.2.140)
VLC media player 2.0.2 (x32 Version: 2.0.2)
Wajam (x32 Version: 1.76)
Windows Driver Package - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0) (Version: 12/21/2010 11.8.84.0)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (Version: 09/10/2010 9.2.0.1011)
Windows Driver Package - Intel System  (11/20/2010 9.2.0.1016) (Version: 11/20/2010 9.2.0.1016)
Windows Driver Package - Intel USB  (12/21/2010 9.2.0.1021) (Version: 12/21/2010 9.2.0.1021)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (Version: 11/11/2010 1.61.00.11)
Windows Driver Package - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0) (Version: 05/19/2011 15.3.8.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows XP Mode (Version: 1.3.7600.16422)
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)
WinVPP 1.3.4 (x32 Version: 1.3.4)
Wondershare Vivideo(Build 2.0.0.12) (x32)

==================== Restore Points  =========================

15-09-2013 08:24:19 Geplanter Prüfpunkt
15-09-2013 09:45:46 Windows Update
22-09-2013 18:37:41 Geplanter Prüfpunkt
24-09-2013 01:00:27 Windows Update
03-10-2013 09:32:13 Macromedia Dreamweaver 8 wird entfernt
03-10-2013 09:41:15 Macromedia Dreamweaver 8 wird installiert
03-10-2013 10:01:21 Macromedia Dreamweaver 8 wird entfernt
03-10-2013 10:10:13 Macromedia Dreamweaver 8 wird installiert
12-10-2013 01:00:50 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0BC77D44-74FA-455A-B587-E73CE62C5990} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-13] (Google Inc.)
Task: {11EF87FA-F5C4-4F01-89D7-E8ECB43B7D7C} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {3BE08FEC-0FC8-441D-939E-C609A500E540} - System32\Tasks\AdobeAAMUpdater-1.0-Sabrina-THINK-Sabrina => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {3D74BFA3-1C0A-4739-B737-FCDF6999E8B4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2011-12-21] (Lenovo)
Task: {73978FBE-6EAD-4932-8803-2008ACAD057D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {7629E501-D646-44BF-8DF0-85E237916E4B} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {7EBBFFA8-F9C9-4534-8D6D-8A9AC2815D03} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {94B59A78-1266-4B6B-983C-AA7837A977BC} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {957D2B91-634E-4D2B-9EE4-85AE74F41DFC} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {C32FF76B-6D11-4288-8203-8954890ED5EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DBC194AD-8A8E-4AAA-BFE4-C43BFCEBA7C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-13] (Google Inc.)
Task: {EF259D21-F761-4E73-8FA3-F6DDC6A2B365} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-31] (Lenovo Group Limited)
Task: {F2E147F1-A5C9-45E3-B2D9-9940C0B51F8D} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Sabrina-THINK.Sabrina => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2011-12-21] (Lenovo)
Task: {F3B604C6-B7CE-4E96-B52F-0B4A5F5B3B23} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2013 09:24:14 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_WbioSrvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1677
Ausnahmecode: 0x80004004
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0x7f4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_WbioSrvc0
Pfad der fehlerhaften Anwendung: svchost.exe_WbioSrvc1
Pfad des fehlerhaften Moduls: svchost.exe_WbioSrvc2
Berichtskennung: svchost.exe_WbioSrvc3

Error: (10/17/2013 09:20:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2013 08:56:59 PM) (Source: PC-Doctor) (User: )
Description: (15072) Asapi: (20:56:59:3020)(15072) libTonopahClient.DownloadManager - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007) failed with error: 317

Error: (10/17/2013 08:56:59 PM) (Source: PC-Doctor) (User: )
Description: (15072) Asapi: (20:56:59:2710)(15072) libTonopahClient.DownloadManager - Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007) failed with error: 317

Error: (10/15/2013 06:25:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028

Error: (10/15/2013 06:25:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028

Error: (10/15/2013 06:25:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/15/2013 06:25:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1030

Error: (10/15/2013 06:25:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1030

Error: (10/15/2013 06:25:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (10/17/2013 09:24:19 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows-Biometriedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/17/2013 09:24:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (10/17/2013 09:24:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (10/17/2013 09:24:10 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (10/17/2013 09:24:01 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{E089CE53-2835-477B-AD7E-785AC58EF460}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (10/17/2013 09:23:58 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.

Error: (10/17/2013 09:20:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (10/17/2013 09:09:53 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (10/17/2013 09:03:35 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{E089CE53-2835-477B-AD7E-785AC58EF460}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (10/16/2013 09:11:05 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{E089CE53-2835-477B-AD7E-785AC58EF460}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.


Microsoft Office Sessions:
=========================
Error: (07/22/2013 01:47:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 52 seconds with 0 seconds of active time.  This session ended with a crash.
__________________
Alt 08.01.2014, 11:20   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer voller Spam, Werbebannern, etc. - Standard

Computer voller Spam, Werbebannern, etc.


Zitat:
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)

Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Adobe InDesign CS5 (x32 Version: 7.0)
Wie ist denn 2x MS-Office installiert?
Zudem: Professional Windows, Professional Office und Adobe CS5, das ist nichr gerade eine typische Privatprofil-Ausstattung.

Ist das ein gewerblich genutzter Rechner?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.01.2014, 20:01   #5
schnüffel
 
Computer voller Spam, Werbebannern, etc. - Standard

Computer voller Spam, Werbebannern, etc.


Genau, ein privat gebrauchter Rechner.
Als Student hat man eben von der Uni ziemlich viele Privilegien und Preisvorteile.


Alt 10.01.2014, 09:53   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer voller Spam, Werbebannern, etc. - Standard

Computer voller Spam, Werbebannern, etc.


Ok Dann mach ma bitte ein Log mit CF

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Computer voller Spam, Werbebannern, etc.

Alt 11.01.2014, 00:15   #7
schnüffel
 
Computer voller Spam, Werbebannern, etc. - Standard

Computer voller Spam, Werbebannern, etc.


Code:
ATTFilter
ComboFix 14-01-08.03 - Sabrina 10.01.2014  23:59:53.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.41.1031.18.8075.4973 [GMT 1:00]
ausgeführt von:: c:\users\Sabrina\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\INSTALL.LOG
c:\program files (x86)\UNWISE.EXE
c:\programdata\Local
c:\programdata\Local\Temp\WtUtilBlackBoard_EngineBBDashBoardV1_\10.bb
c:\programdata\Local\Temp\WtUtilBlackBoard_EngineBBDashBoardV1_\8.bb
c:\programdata\Local\Temp\WtUtilBlackBoard_EngineBBDashBoardV1_\9.bb
c:\windows\SysWow64\~.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-12-10 bis 2014-01-10  ))))))))))))))))))))))))))))))
.
.
2014-01-10 23:10 . 2014-01-10 23:10	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-01-10 23:10 . 2014-01-10 23:10	--------	d-----w-	c:\users\Public\AppData\Local\temp
2014-01-10 23:10 . 2014-01-10 23:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-01-10 22:53 . 2013-12-04 03:28	10315576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CADA77AB-3CA7-438E-A433-B62B906481C5}\mpengine.dll
2014-01-05 13:51 . 2014-01-05 13:51	--------	d-----w-	c:\program files (x86)\Amadeus Informatik
2014-01-04 17:10 . 2014-01-05 13:47	--------	d-----w-	c:\program files (x86)\MyPC Backup
2014-01-04 17:05 . 2014-01-04 17:05	--------	d-----w-	c:\programdata\SNT
2014-01-04 17:05 . 2014-01-04 17:05	--------	d-----w-	c:\program files (x86)\SNT
2014-01-04 17:04 . 2014-01-04 17:05	--------	d-----w-	c:\programdata\SoftWarehouse
2014-01-04 17:04 . 2014-01-04 17:04	3041792	----a-w-	c:\program files (x86)\GS.Enabler
2014-01-04 17:04 . 2014-01-04 17:04	2759168	----a-w-	c:\program files (x86)\GS_x64.Enabler
2014-01-04 17:04 . 2014-01-04 17:04	146768	----a-w-	c:\program files (x86)\GSSvc.dll
2014-01-04 17:03 . 2014-01-04 17:03	--------	d-----w-	c:\programdata\YoutubeAdblocker
2014-01-04 17:03 . 2014-01-04 17:03	--------	d-----w-	c:\program files (x86)\YoutubeAdblocker
2014-01-04 17:03 . 2014-01-04 17:03	--------	d-----w-	c:\users\Sabrina\AppData\Local\Packages
2014-01-04 17:03 . 2014-01-04 17:03	--------	d-----w-	c:\programdata\greaotssaVer
2014-01-04 17:03 . 2014-01-04 17:03	--------	d-----w-	c:\program files (x86)\greaotssaVer
2014-01-04 17:02 . 2014-01-04 17:05	--------	d-----w-	c:\programdata\fc124d4af23c6577
2014-01-04 17:02 . 2014-01-04 17:02	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\Torch
2014-01-04 17:02 . 2014-01-04 17:02	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\Comodo
2014-01-04 17:02 . 2014-01-04 17:02	--------	d-----w-	c:\users\Sabrina\AppData\Local\Torch
2014-01-04 17:02 . 2014-01-04 17:02	--------	d-----w-	c:\users\Sabrina\AppData\Local\Comodo
2014-01-04 17:02 . 2014-01-04 17:02	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\Google
2014-01-04 17:02 . 2014-01-04 17:02	--------	d-----w-	c:\users\HomeGroupUser$
2014-01-04 17:02 . 2014-01-04 17:02	--------	d-----w-	c:\users\Gast
2014-01-04 17:02 . 2014-01-04 17:02	--------	d-----w-	c:\users\Administrator
2014-01-04 17:02 . 2014-01-04 17:05	--------	d-----w-	c:\programdata\InstallMate
2014-01-04 16:51 . 2014-01-04 16:51	--------	d-----w-	c:\users\Sabrina\AppData\Local\calibre-cache
2014-01-04 16:50 . 2014-01-04 17:20	--------	d-----w-	c:\users\Sabrina\AppData\Roaming\calibre
2014-01-04 16:47 . 2014-01-04 16:47	--------	d-----w-	c:\users\Sabrina\AppData\Roaming\Sony Corporation
2014-01-04 16:47 . 2014-01-04 16:47	--------	d-----w-	c:\programdata\Sony Corporation
2014-01-04 16:47 . 2014-01-04 16:47	--------	d-----w-	c:\users\Sabrina\AppData\Local\kinoma
2014-01-04 16:46 . 2014-01-06 21:07	--------	d-----w-	c:\users\Sabrina\AppData\Local\Sony Corporation
2014-01-04 16:37 . 2014-01-04 16:38	--------	d-----w-	c:\users\Sabrina\AppData\Local\Amazon
2013-12-19 19:43 . 2014-01-03 10:14	199492	----a-w-	c:\windows\SysWow64\~.tmp
2013-12-12 18:04 . 2013-05-10 04:30	167424	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 18:04 . 2013-05-10 03:48	164864	----a-w-	c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 18:04 . 2013-05-10 05:56	12625920	----a-w-	c:\windows\system32\wmploc.DLL
2013-12-12 18:04 . 2013-05-10 04:56	12625408	----a-w-	c:\windows\SysWow64\wmploc.DLL
2013-12-12 18:04 . 2013-05-10 05:56	14631424	----a-w-	c:\windows\system32\wmp.dll
2013-12-12 18:01 . 2013-11-26 08:16	4243968	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-12-12 18:01 . 2013-11-26 08:35	5769216	----a-w-	c:\windows\system32\jscript9.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-18 02:01 . 2012-08-29 05:47	90708896	----a-w-	c:\windows\system32\MRT.exe
2013-12-10 20:01 . 2012-04-06 12:52	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 20:01 . 2012-02-27 17:10	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-23 18:26 . 2013-12-10 20:35	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-10 20:35	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-11-19 02:33 . 2010-11-21 03:27	267936	------w-	c:\windows\system32\MpSigStub.exe
2013-11-18 02:02 . 2013-11-18 02:02	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-18 02:02 . 2013-11-18 02:02	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-11-18 02:01 . 2013-11-18 02:01	942592	----a-w-	c:\windows\system32\jsIntl.dll
2013-11-18 02:01 . 2013-11-18 02:01	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-11-18 02:01 . 2013-11-18 02:01	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-11-18 02:01 . 2013-11-18 02:01	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-11-18 02:01 . 2013-11-18 02:01	84992	----a-w-	c:\windows\system32\mshtmled.dll
2013-11-18 02:01 . 2013-11-18 02:01	83968	----a-w-	c:\windows\system32\MshtmlDac.dll
2013-11-18 02:01 . 2013-11-18 02:01	81408	----a-w-	c:\windows\system32\icardie.dll
2013-11-18 02:01 . 2013-11-18 02:01	774144	----a-w-	c:\windows\system32\jscript.dll
2013-11-18 02:01 . 2013-11-18 02:01	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-11-18 02:01 . 2013-11-18 02:01	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-18 02:01 . 2013-11-18 02:01	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-18 02:01 . 2013-11-18 02:01	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2013-11-18 02:01 . 2013-11-18 02:01	626176	----a-w-	c:\windows\system32\msfeeds.dll
2013-11-18 02:01 . 2013-11-18 02:01	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-11-18 02:01 . 2013-11-18 02:01	62464	----a-w-	c:\windows\system32\pngfilt.dll
2013-11-18 02:01 . 2013-11-18 02:01	61952	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2013-11-18 02:01 . 2013-11-18 02:01	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-11-18 02:01 . 2013-11-18 02:01	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2013-11-18 02:01 . 2013-11-18 02:01	548352	----a-w-	c:\windows\system32\vbscript.dll
2013-11-18 02:01 . 2013-11-18 02:01	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-11-18 02:01 . 2013-11-18 02:01	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2013-11-18 02:01 . 2013-11-18 02:01	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-11-18 02:01 . 2013-11-18 02:01	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-11-18 02:01 . 2013-11-18 02:01	48128	----a-w-	c:\windows\system32\imgutil.dll
2013-11-18 02:01 . 2013-11-18 02:01	454656	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-11-18 02:01 . 2013-11-18 02:01	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2013-11-18 02:01 . 2013-11-18 02:01	413696	----a-w-	c:\windows\system32\html.iec
2013-11-18 02:01 . 2013-11-18 02:01	40448	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-18 02:01 . 2013-11-18 02:01	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-11-18 02:01 . 2013-11-18 02:01	34816	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-18 02:01 . 2013-11-18 02:01	337408	----a-w-	c:\windows\SysWow64\html.iec
2013-11-18 02:01 . 2013-11-18 02:01	30208	----a-w-	c:\windows\system32\licmgr10.dll
2013-11-18 02:01 . 2013-11-18 02:01	296960	----a-w-	c:\windows\system32\dxtrans.dll
2013-11-18 02:01 . 2013-11-18 02:01	263376	----a-w-	c:\windows\system32\iedkcs32.dll
2013-11-18 02:01 . 2013-11-18 02:01	247808	----a-w-	c:\windows\system32\msls31.dll
2013-11-18 02:01 . 2013-11-18 02:01	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-11-18 02:01 . 2013-11-18 02:01	243200	----a-w-	c:\windows\system32\webcheck.dll
2013-11-18 02:01 . 2013-11-18 02:01	235520	----a-w-	c:\windows\system32\url.dll
2013-11-18 02:01 . 2013-11-18 02:01	235008	----a-w-	c:\windows\system32\elshyph.dll
2013-11-18 02:01 . 2013-11-18 02:01	195584	----a-w-	c:\windows\system32\msrating.dll
2013-11-18 02:01 . 2013-11-18 02:01	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2013-11-18 02:01 . 2013-11-18 02:01	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-11-18 02:01 . 2013-11-18 02:01	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-11-18 02:01 . 2013-11-18 02:01	147968	----a-w-	c:\windows\system32\occache.dll
2013-11-18 02:01 . 2013-11-18 02:01	143872	----a-w-	c:\windows\system32\wextract.exe
2013-11-18 02:01 . 2013-11-18 02:01	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2013-11-18 02:01 . 2013-11-18 02:01	13824	----a-w-	c:\windows\system32\mshta.exe
2013-11-18 02:01 . 2013-11-18 02:01	135680	----a-w-	c:\windows\system32\iepeers.dll
2013-11-18 02:01 . 2013-11-18 02:01	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2013-11-18 02:01 . 2013-11-18 02:01	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2013-11-18 02:01 . 2013-11-18 02:01	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-11-18 02:01 . 2013-11-18 02:01	1228800	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-11-18 02:01 . 2013-11-18 02:01	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-11-18 02:01 . 2013-11-18 02:01	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-11-18 02:01 . 2013-11-18 02:01	105984	----a-w-	c:\windows\system32\iesysprep.dll
2013-11-18 02:01 . 2013-11-18 02:01	1051136	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-11-18 02:01 . 2013-11-18 02:01	101376	----a-w-	c:\windows\system32\inseng.dll
2013-11-12 02:23 . 2013-12-10 20:29	2048	----a-w-	c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-10 20:29	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-10 20:36	335360	----a-w-	c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-10 20:36	301568	----a-w-	c:\windows\SysWow64\msieftp.dll
2013-10-30 01:24 . 2013-12-10 20:35	3155968	----a-w-	c:\windows\system32\win32k.sys
2013-10-19 02:18 . 2013-12-10 20:34	81408	----a-w-	c:\windows\system32\imagehlp.dll
2013-10-19 01:36 . 2013-12-10 20:34	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2013-10-14 17:00 . 2013-11-18 02:04	28368	----a-w-	c:\windows\system32\IEUDINIT.EXE
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{159BC49F-2CD6-4CB7-932B-1027665E58BD}]
2013-01-04 17:03	427008	----a-w-	c:\program files (x86)\YoutubeAdblocker\_2iD.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4F72390C-3192-91EF-ECD9-D90061D298A2}]
2013-01-04 17:03	427008	----a-w-	c:\program files (x86)\greaotssaVer\2ZKW9c.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{847493A0-9B57-E1D5-FE2C-CC1B12BC46CB}]
2014-01-04 17:05	427008	----a-w-	c:\program files (x86)\SNT\p7T2DTlA.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-01-08 12:59	220632	----a-w-	c:\users\Sabrina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-01-08 12:59	220632	----a-w-	c:\users\Sabrina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-01-08 12:59	220632	----a-w-	c:\users\Sabrina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Sabrina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Sabrina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Sabrina\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTT"="c:\program files\PC-Doctor\EnableToolbarW32.exe" [2011-06-27 23120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-08-31 1629544]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-10-13 606208]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Swisscom Quick Help"="c:\program files (x86)\Swisscom\Quick Help\SwisscomQuickHelp.exe" [2013-10-02 16668080]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-06-07 522744]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
c:\users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sabrina\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-12-18 30714312]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-19 1202976]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2012-2-13 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
R2 1a34a8e0;GS.Supporter;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S1 WtSmpFlt;Sesam LightWeight Filter;c:\windows\system32\DRIVERS\wtsmpflt.sys;c:\windows\SYSNATIVE\DRIVERS\wtsmpflt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 SesamService;Sesam Control Service;c:\program files (x86)\Swisscom\Sesam\BIN\SecMIPService.exe;c:\program files (x86)\Swisscom\Sesam\BIN\SecMIPService.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UDM Service;UDM Service;c:\program files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe;c:\program files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 WtSmpAdap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys;c:\windows\SYSNATIVE\DRIVERS\wtsmpadap.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 22:08	1210320	----a-w-	c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 20:01]
.
2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-13 07:42]
.
2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-13 07:42]
.
2014-01-07 c:\windows\Tasks\GS.Enabler-S-926685765.job
- c:\programdata\softwarehouse\gs.enabler\GS.Enabler.exe [2014-01-04 17:04]
.
2014-01-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2014-01-10 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{159BC49F-2CD6-4CB7-932B-1027665E58BD}]
2014-01-04 17:03	476160	----a-w-	c:\program files (x86)\YoutubeAdblocker\_2iD.x64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F72390C-3192-91EF-ECD9-D90061D298A2}]
2014-01-04 17:03	476160	----a-w-	c:\program files (x86)\greaotssaVer\2ZKW9c.x64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{847493A0-9B57-E1D5-FE2C-CC1B12BC46CB}]
2013-01-04 17:05	476160	----a-w-	c:\program files (x86)\SNT\p7T2DTlA.x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-01-08 12:59	244696	----a-w-	c:\users\Sabrina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-01-08 12:59	244696	----a-w-	c:\users\Sabrina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-01-08 12:59	244696	----a-w-	c:\users\Sabrina\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Sabrina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Sabrina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Sabrina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Sabrina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TpShocks"="TpShocks.exe" [2010-12-09 380776]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-14 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-10 418840]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-05-25 281960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://websearch.searchsunmy.info/?pid=377&r=2014/01/04&hid=6896541430164809529&lg=EN&cc=CH&unqvl=45
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://websearch.searchsunmy.info/?pid=377&r=2014/01/04&hid=6896541430164809529&lg=EN&cc=CH&unqvl=45
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = proxy.lfrz.at:8080
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Sabrina\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Sabrina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: SmarThru4 Als HTML speichern - c:\program files (x86)\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Auswahl erfassen - c:\program files (x86)\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
IE: SmarThru4 Markierten Text speichern - c:\program files (x86)\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\WebCapture.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D5A2C57D-7554-4054-AE53-57D7A4D0B831}: NameServer = 195.186.152.33 195.186.216.33
FF - ProfilePath - c:\users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchsunmy.info/?pid=377&r=2014/01/04&hid=6896541430164809529&lg=EN&cc=CH&unqvl=45&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ch/
FF - prefs.js: keyword.URL - hxxp://websearch.searchsunmy.info/?pid=377&r=2014/01/04&hid=6896541430164809529&lg=EN&cc=CH&unqvl=45&l=1&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-Adobe Photoshop 7.0.1 - c:\windows\ISUN0407.EXE
AddRemove-Fonts CH-Line - c:\progra~2\UNWISE.EXE
AddRemove-TDM-GCC - c:\mingw64\__installer\tdm64-gcc-4.7.1-3.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-11  00:14:56
ComboFix-quarantined-files.txt  2014-01-10 23:14
ComboFix2.txt  2013-10-21 05:51
.
Vor Suchlauf: 19 Verzeichnis(se), 376'136'134'656 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 375'975'911'424 Bytes frei
.
- - End Of File - - 84AF0132A7A199A6757ED70115B72948

Alt 11.01.2014, 02:20   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer voller Spam, Werbebannern, etc. - Standard

Computer voller Spam, Werbebannern, etc.


Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.01.2014, 11:09   #9
schnüffel
 
Computer voller Spam, Werbebannern, etc. - Standard

Computer voller Spam, Werbebannern, etc.


Code:
ATTFilter
# AdwCleaner v3.016 - Bericht erstellt am 11/01/2014 um 12:58:23
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Sabrina - SABRINA-THINK
# Gestartet von : C:\Users\Sabrina\Downloads\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden C:\Program Files (x86)\MyPC Backup
Ordner Gefunden C:\Program Files (x86)\YoutubeAdblocker
Ordner Gefunden C:\ProgramData\YoutubeAdblocker
Ordner Gefunden C:\Users\Sabrina\AppData\Local\torch
Ordner Gefunden C:\Users\UpdatusUser\AppData\Local\torch
Ordner Gefunden C:\Windows\System32\ljkb

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gefunden : HKCU\Software\WEDLMNGR
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gefunden : [x64] HKCU\Software\WEDLMNGR
Schlüssel Gefunden : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.searchsunmy.info/?pid=377&r=2014/01/04&hid=6896541430164809529&lg=EN&cc=CH&unqvl=45
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.searchsunmy.info/?pid=377&r=2014/01/04&hid=6896541430164809529&lg=EN&cc=CH&unqvl=45

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\prefs.js ]

Zeile gefunden : user_pref("browser.search.defaultenginename", "WebSearch");
Zeile gefunden : user_pref("browser.search.defaultenginename,S", "WebSearch");
Zeile gefunden : user_pref("browser.search.defaulturl", "hxxp://websearch.searchsunmy.info/?pid=377&r=2014/01/04&hid=6896541430164809529&lg=EN&cc=CH&unqvl=45&l=1&q=");
Zeile gefunden : user_pref("browser.search.order.1", "WebSearch");
Zeile gefunden : user_pref("browser.search.order.1,S", "WebSearch");
Zeile gefunden : user_pref("browser.search.selectedEngine", "WebSearch");
Zeile gefunden : user_pref("browser.search.selectedEngine,S", "WebSearch");
Zeile gefunden : user_pref("extensions.JnkGPYLJwX.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i+[...]
Zeile gefunden : user_pref("extensions.LTQ5hNWIrrY.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.protocol.indexOf('hxxp')>-1 && window.self==window.t[...]
Zeile gefunden : user_pref("extensions.p1LpPE.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement('script');script.ty[...]
Zeile gefunden : user_pref("keyword.URL", "hxxp://websearch.searchsunmy.info/?pid=377&r=2014/01/04&hid=6896541430164809529&lg=EN&cc=CH&unqvl=45&l=1&q=");

-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden : homepage
Gefunden : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [9030 octets] - [21/10/2013 13:26:05]
AdwCleaner[R1].txt - [5102 octets] - [11/01/2014 12:58:23]
AdwCleaner[S0].txt - [8615 octets] - [21/10/2013 13:27:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [5222 octets] ##########
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by Sabrina on 11.01.2014 at 13:07:58.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{159BC49F-2CD6-4CB7-932B-1027665E58BD}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{159BC49F-2CD6-4CB7-932B-1027665E58BD}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{159BC49F-2CD6-4CB7-932B-1027665E58BD}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F72390C-3192-91EF-ECD9-D90061D298A2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4F72390C-3192-91EF-ECD9-D90061D298A2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4F72390C-3192-91EF-ECD9-D90061D298A2}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{0DA2FFD1-951C-4F5C-9323-B7ED3425597A}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{D78211E7-6B7D-4FDF-806D-2AC5F1A4005B}



~~~ FireFox

Successfully deleted the following from C:\Users\Sabrina\AppData\Roaming\mozilla\firefox\profiles\9ulbhy7c.default\prefs.js

user_pref("extensions.JnkGPYLJwX.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-
user_pref("extensions.LTQ5hNWIrrY.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.protocol.indexOf('hxxp')>-1
user_pref("extensions.p1LpPE.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createEl
user_pref("extensions.p1LpPE.url", "hxxp://jpi-syncs.info/sync2/?q=hfZ9ofV9CShEAen0rHC6tMqLDe49CNU0n9YMCMlNhd9FqdaFrdnFqHaHrjaMBzqUojw9rdwFrjwGrds8qSh7hfs0pihPBMn0rjkEpdsGpdwE
Emptied folder: C:\Users\Sabrina\AppData\Roaming\mozilla\firefox\profiles\9ulbhy7c.default\minidumps [8 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.01.2014 at 13:14:09.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST funktioniert nun leider nicht mehr :-(.
Folgende Fehlermeldung erscheint.
AutoIt Errer
Line 10181 (File "c:\users\sabrina\downloads\FRST64.exe")
Error: Array variable has incorrect number of subscripts or subscript dimension range exceeded.


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2014 05
Ran by Sabrina (administrator) on SABRINA-THINK on 12-01-2014 11:08:22
Running from C:\Users\Sabrina\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\ProgramData\SoftWarehouse\GS.Enabler\GS.Enabler.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Swisscom) C:\Program Files (x86)\Swisscom\Sesam\BIN\SecMIPService.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(Swisscom) C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Dropbox, Inc.) C:\Users\Sabrina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Swisscom) C:\Program Files (x86)\Swisscom\Quick Help\SwisscomQuickHelp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Farbar) C:\Users\Sabrina\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] - C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] - C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-14] (Lenovo, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [606208 2009-10-13] ()
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Swisscom Quick Help] - C:\Program Files (x86)\Swisscom\Quick Help\SwisscomQuickHelp.exe [16668080 2013-10-02] (Swisscom)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744 2012-06-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKCU\...\Run: [LTT] - C:\Program Files\PC-Doctor\EnableToolbarW32.exe [23120 2011-06-27] (PC-Doctor, Inc.)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\SWTOOLS\SimpleTap DeskBand\ShowBand.exe [156472 2011-12-21] ()
HKU\Default User\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\SWTOOLS\SimpleTap DeskBand\ShowBand.exe [156472 2011-12-21] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-11-02] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll [202600 2012-11-02] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sabrina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: proxy.lfrz.at:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
URLSearchHook: HKLM-x32 - Default Value = {74198672-5F7D-4FE9-A611-4AC1D5A66A15}
URLSearchHook: HKLM-x32 - SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dll (SimilarGroup)
URLSearchHook: HKCU - Default Value = {74198672-5F7D-4FE9-A611-4AC1D5A66A15}
URLSearchHook: HKCU - SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dll (SimilarGroup)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deCH472
BHO: YoutubeAdblocker - {159BC49F-2CD6-4CB7-932B-1027665E58BD} - C:\Program Files (x86)\YoutubeAdblocker\_2iD.x64.dll No File
BHO: greaotssaVer - {4F72390C-3192-91EF-ECD9-D90061D298A2} - C:\Program Files (x86)\greaotssaVer\2ZKW9c.x64.dll ()
BHO: SNT - {847493A0-9B57-E1D5-FE2C-CC1B12BC46CB} - C:\Program Files (x86)\SNT\p7T2DTlA.x64.dll ()
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: SNT - {847493A0-9B57-E1D5-FE2C-CC1B12BC46CB} - C:\Program Files (x86)\SNT\p7T2DTlA.dll ()
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
Toolbar: HKLM-x32 - SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dll (SimilarGroup)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D5A2C57D-7554-4054-AE53-57D7A4D0B831}: [NameServer]195.186.152.33 195.186.216.33

FireFox:
========
FF ProfilePath: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default
FF Homepage: https://www.google.ch/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YoutubeAdblocker - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\ae1p.9uu@oeydjckxxkya-.co.uk [2014-01-04]
FF Extension: SimilarWeb - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\FirefoxAddon@similarWeb.com [2013-04-12]
FF Extension: goreatsoAvver - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\x-7oyya@odukqlwm-.org [2014-01-04]
FF Extension: SNT - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\yurxzs.t@iiio-eyule.edu [2014-01-04]
FF Extension: Swisscom Quick Help - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\{6A6114A5-EEF5-45F4-BCD1-B00A7B33E04B} [2012-10-17]
FF Extension: iMacros for Firefox - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2013-11-25]
FF Extension: Firebug - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\firebug@software.joehewitt.com.xpi [2013-02-17]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []
FF HKLM-x32\...\Firefox\Extensions: [{E4D8AFFF-DA7C-412F-A976-05ED142C7806}] - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\FireFox_Remote\
FF Extension: Unlimited Data Manager - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\FireFox_Remote\ []

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (YTBBookMark) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\amabcieebhjofcnbdphdmfkfcdgfilgk\1.1 [2014-01-04]
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0 [2012-02-25]
CHR Extension: (goreatsoAvver) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmnkecdffcoibofckamdddfgeohpikij\2.7 [2014-01-04]
CHR Extension: (Google Search) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0 [2012-02-25]
CHR Extension: () - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpicgdnjfnbkibnicdnnpkkpklkjkki\2.0.0.4_0 [2013-04-12]
CHR Extension: (Speedy Shopper) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp\167 [2014-01-04]
CHR Extension: (SNT) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgmnfaeohlofnjigiimjlbjleaomlei\2.1 [2014-01-04]
CHR Extension: (YoutubeAdblocker) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfpknoifpolmopniafjdmhgpeobpcbba\1.0 [2014-01-04]
CHR Extension: (Norton Identity Protection) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0 [2012-02-25]
CHR Extension: (Gmail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0 [2012-02-25]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-01-15]

==================== Services (Whitelisted) =================

S2 1a34a8e0; C:\Program Files (x86)\GSSvc.dll [146768 2014-01-04] ()
S2 1a34a8e0; C:\Windows\SysWow64\rundll32.exe [44544 2009-07-14] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 SesamService; C:\Program Files (x86)\Swisscom\Sesam\BIN\SecMIPService.exe [1482240 2011-05-16] (Swisscom)
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [307568 2010-09-22] (Sierra Wireless, Inc.)
R2 UDM Service; C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe [182128 2011-05-20] (Swisscom)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-06-30] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-25] (Samsung Electronics Co., Ltd.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2011-02-18] (Huawei Technologies Co., Ltd.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284008 2012-11-02] (NVIDIA Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 WtSmpAdap; C:\Windows\System32\DRIVERS\wtsmpadap.sys [56688 2011-04-11] (Swisscom)
R1 WtSmpFlt; C:\Windows\System32\DRIVERS\wtsmpflt.sys [409456 2011-04-11] (Swisscom)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-12 11:07 - 2014-01-12 11:08 - 02076672 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64(1).exe
2014-01-11 13:27 - 2014-01-11 13:27 - 00000000 ____D C:\Users\Sabrina\Downloads\FRST-OlderVersion
2014-01-11 13:14 - 2014-01-11 13:14 - 00002739 _____ C:\Users\Sabrina\Desktop\JRT.txt
2014-01-11 13:07 - 2014-01-11 13:07 - 01037068 _____ (Thisisu) C:\Users\Sabrina\Downloads\JRT.exe
2014-01-11 12:57 - 2014-01-11 12:57 - 01233962 _____ C:\Users\Sabrina\Downloads\adwcleaner.exe
2014-01-11 00:14 - 2014-01-11 00:14 - 00038897 _____ C:\ComboFix.txt
2014-01-10 23:56 - 2014-01-10 23:56 - 05162489 _____ (Swearware) C:\Users\Sabrina\Downloads\ComboFix(1).exe
2014-01-10 23:55 - 2014-01-10 23:56 - 05162489 ____R (Swearware) C:\Users\Sabrina\Downloads\ComboFix.exe
2014-01-07 17:07 - 2014-01-11 13:27 - 02076160 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2014-01-06 22:19 - 2014-01-06 22:20 - 00000093 _____ C:\Users\Sabrina\AppData\Roaming\ARCompanion.log
2014-01-05 14:51 - 2014-01-05 14:51 - 00001179 _____ C:\Users\UpdatusUser\Desktop\CH-Finance.lnk
2014-01-05 14:51 - 2014-01-05 14:51 - 00001179 _____ C:\Users\Sabrina\Desktop\CH-Finance.lnk
2014-01-05 14:51 - 2014-01-05 14:51 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amadeus Informatik
2014-01-05 14:51 - 2014-01-05 14:51 - 00000000 ____D C:\Program Files (x86)\Amadeus Informatik
2014-01-04 18:10 - 2014-01-04 18:14 - 00000000 ____D C:\Users\Sabrina\Documents\Decrypt Output
2014-01-04 18:09 - 2014-01-04 18:09 - 08098484 _____ (Epubor.com.                                                 ) C:\Users\Sabrina\Downloads\epubee.exe
2014-01-04 18:09 - 2014-01-04 18:09 - 00524384 _____ C:\Users\Sabrina\Downloads\epubee drm removal setup(1).exe
2014-01-04 18:08 - 2014-01-04 18:08 - 00524384 _____ C:\Users\Sabrina\Downloads\epubee drm removal setup.exe
2014-01-04 18:05 - 2014-01-04 18:05 - 00000000 ____D C:\ProgramData\SNT
2014-01-04 18:05 - 2014-01-04 18:05 - 00000000 ____D C:\Program Files (x86)\SNT
2014-01-04 18:04 - 2014-01-11 13:22 - 00000464 ____H C:\Windows\Tasks\GS.Enabler-S-926685765.job
2014-01-04 18:04 - 2014-01-04 18:05 - 00000000 ____D C:\ProgramData\SoftWarehouse
2014-01-04 18:04 - 2014-01-04 18:04 - 03041792 _____ C:\Program Files (x86)\GS.Enabler
2014-01-04 18:04 - 2014-01-04 18:04 - 02759168 _____ C:\Program Files (x86)\GS_x64.Enabler
2014-01-04 18:04 - 2014-01-04 18:04 - 00146768 _____ C:\Program Files (x86)\GSSvc.dll
2014-01-04 18:04 - 2014-01-04 18:04 - 00002710 _____ C:\Windows\System32\Tasks\GS.Enabler-S-926685765
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Packages
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\ProgramData\greaotssaVer
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\Program Files (x86)\greaotssaVer
2014-01-04 18:02 - 2014-01-04 18:05 - 00000000 ____D C:\ProgramData\InstallMate
2014-01-04 18:02 - 2014-01-04 18:05 - 00000000 ____D C:\ProgramData\fc124d4af23c6577
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator
2014-01-04 18:01 - 2014-01-04 18:01 - 00321512 _____ (SoftWarehouse) C:\Users\Sabrina\Downloads\tools v6.0.8.exe
2014-01-04 17:51 - 2014-01-04 17:51 - 00000000 ____D C:\Users\Sabrina\AppData\Local\calibre-cache
2014-01-04 17:50 - 2014-01-04 18:27 - 00000000 ____D C:\Users\Sabrina\Documents\Calibre-Bibliothek
2014-01-04 17:50 - 2014-01-04 18:20 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\calibre
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\Users\Sabrina\Documents\My Books
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Sony Corporation
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\Users\Sabrina\AppData\Local\kinoma
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\ProgramData\Sony Corporation
2014-01-04 17:46 - 2014-01-06 22:07 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Sony Corporation
2014-01-04 17:45 - 2014-01-04 17:47 - 54211072 _____ C:\Users\Sabrina\Downloads\calibre-1.18.0.msi
2014-01-04 17:38 - 2014-01-04 17:43 - 00000000 ____D C:\Users\Sabrina\Documents\My Kindle Content
2014-01-04 17:37 - 2014-01-04 17:38 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Amazon
2014-01-04 17:37 - 2014-01-04 17:37 - 38103832 _____ (Amazon.com) C:\Users\Sabrina\Downloads\KindleForPC-installer.exe
2014-01-04 17:34 - 2014-01-04 17:38 - 44221288 _____ (Sony Corporation                                             ) C:\Users\Sabrina\Downloads\ReaderInstaller.exe
2014-01-02 20:28 - 2014-01-02 20:28 - 00010484 _____ C:\Users\Sabrina\Desktop\Wochenplan.xlsx
2013-12-20 14:55 - 2013-12-20 14:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 20:43 - 2014-01-03 11:14 - 00199492 _____ C:\Windows\SysWOW64\~.tmp

==================== One Month Modified Files and Folders =======

2014-01-12 11:08 - 2014-01-12 11:07 - 02076672 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64(1).exe
2014-01-12 11:08 - 2013-10-17 21:07 - 00023010 _____ C:\Users\Sabrina\Downloads\FRST.txt
2014-01-12 11:06 - 2012-02-25 17:46 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2014-01-12 11:01 - 2012-04-06 13:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-12 10:36 - 2012-02-13 07:16 - 00659842 _____ C:\Windows\system32\perfh007.dat
2014-01-12 10:36 - 2012-02-13 07:16 - 00131942 _____ C:\Windows\system32\perfc007.dat
2014-01-12 10:36 - 2009-07-14 06:13 - 01507566 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-12 10:35 - 2012-02-13 08:42 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-12 09:56 - 2012-02-13 08:42 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-12 09:56 - 2012-02-13 07:46 - 01907109 _____ C:\Windows\WindowsUpdate.log
2014-01-11 17:52 - 2012-03-22 17:39 - 00000000 ____D C:\ProgramData\UDM
2014-01-11 13:30 - 2009-07-14 05:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-11 13:30 - 2009-07-14 05:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-11 13:27 - 2014-01-11 13:27 - 00000000 ____D C:\Users\Sabrina\Downloads\FRST-OlderVersion
2014-01-11 13:27 - 2014-01-07 17:07 - 02076160 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2014-01-11 13:27 - 2013-10-17 21:06 - 00000000 ____D C:\FRST
2014-01-11 13:24 - 2012-04-03 21:34 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Dropbox
2014-01-11 13:23 - 2012-04-03 21:35 - 00000000 ___RD C:\Users\Sabrina\Dropbox
2014-01-11 13:22 - 2014-01-04 18:04 - 00000464 ____H C:\Windows\Tasks\GS.Enabler-S-926685765.job
2014-01-11 13:22 - 2012-02-13 08:01 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-11 13:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-11 13:22 - 2009-07-14 05:51 - 00112480 _____ C:\Windows\setupact.log
2014-01-11 13:14 - 2014-01-11 13:14 - 00002739 _____ C:\Users\Sabrina\Desktop\JRT.txt
2014-01-11 13:07 - 2014-01-11 13:07 - 01037068 _____ (Thisisu) C:\Users\Sabrina\Downloads\JRT.exe
2014-01-11 13:01 - 2009-07-14 05:45 - 05259168 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-11 13:00 - 2010-11-21 04:47 - 00814144 _____ C:\Windows\PFRO.log
2014-01-11 12:59 - 2013-10-21 13:25 - 00000000 ____D C:\AdwCleaner
2014-01-11 12:57 - 2014-01-11 12:57 - 01233962 _____ C:\Users\Sabrina\Downloads\adwcleaner.exe
2014-01-11 00:15 - 2013-10-20 20:51 - 00000000 ____D C:\Qoobox
2014-01-11 00:14 - 2014-01-11 00:14 - 00038897 _____ C:\ComboFix.txt
2014-01-11 00:11 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-10 23:56 - 2014-01-10 23:56 - 05162489 _____ (Swearware) C:\Users\Sabrina\Downloads\ComboFix(1).exe
2014-01-10 23:56 - 2014-01-10 23:55 - 05162489 ____R (Swearware) C:\Users\Sabrina\Downloads\ComboFix.exe
2014-01-10 23:56 - 2012-03-06 06:54 - 00000000 ____D C:\Users\Sabrina\AppData\Local\CrashDumps
2014-01-09 21:12 - 2012-02-25 10:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-09 18:25 - 2012-02-25 17:47 - 00117032 _____ C:\Users\Sabrina\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-09 18:25 - 2012-02-25 17:46 - 00003506 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-01-09 18:25 - 2012-02-25 17:46 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2014-01-08 07:25 - 2012-02-29 21:41 - 00000000 ____D C:\Users\Sabrina\Documents\KVL
2014-01-08 07:17 - 2012-02-25 11:07 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Adobe
2014-01-07 20:27 - 2012-02-13 08:42 - 00000000 ____D C:\Program Files\Google
2014-01-07 20:27 - 2012-02-13 08:42 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-06 22:20 - 2014-01-06 22:19 - 00000093 _____ C:\Users\Sabrina\AppData\Roaming\ARCompanion.log
2014-01-06 22:20 - 2013-05-15 06:51 - 00000000 ____D C:\Program Files (x86)\Citrix
2014-01-06 22:19 - 2013-05-15 06:51 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Citrix
2014-01-06 22:19 - 2012-02-25 10:11 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Mozilla
2014-01-06 22:18 - 2012-02-25 09:57 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Google
2014-01-06 22:07 - 2014-01-04 17:46 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Sony Corporation
2014-01-06 22:05 - 2012-02-13 07:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-05 14:51 - 2014-01-05 14:51 - 00001179 _____ C:\Users\UpdatusUser\Desktop\CH-Finance.lnk
2014-01-05 14:51 - 2014-01-05 14:51 - 00001179 _____ C:\Users\Sabrina\Desktop\CH-Finance.lnk
2014-01-05 14:51 - 2014-01-05 14:51 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amadeus Informatik
2014-01-05 14:51 - 2014-01-05 14:51 - 00000000 ____D C:\Program Files (x86)\Amadeus Informatik
2014-01-05 14:47 - 2012-02-25 09:58 - 00000000 ___RD C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-04 18:27 - 2014-01-04 17:50 - 00000000 ____D C:\Users\Sabrina\Documents\Calibre-Bibliothek
2014-01-04 18:20 - 2014-01-04 17:50 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\calibre
2014-01-04 18:14 - 2014-01-04 18:10 - 00000000 ____D C:\Users\Sabrina\Documents\Decrypt Output
2014-01-04 18:09 - 2014-01-04 18:09 - 08098484 _____ (Epubor.com.                                                 ) C:\Users\Sabrina\Downloads\epubee.exe
2014-01-04 18:09 - 2014-01-04 18:09 - 00524384 _____ C:\Users\Sabrina\Downloads\epubee drm removal setup(1).exe
2014-01-04 18:08 - 2014-01-04 18:08 - 00524384 _____ C:\Users\Sabrina\Downloads\epubee drm removal setup.exe
2014-01-04 18:05 - 2014-01-04 18:05 - 00000000 ____D C:\ProgramData\SNT
2014-01-04 18:05 - 2014-01-04 18:05 - 00000000 ____D C:\Program Files (x86)\SNT
2014-01-04 18:05 - 2014-01-04 18:04 - 00000000 ____D C:\ProgramData\SoftWarehouse
2014-01-04 18:05 - 2014-01-04 18:02 - 00000000 ____D C:\ProgramData\InstallMate
2014-01-04 18:05 - 2014-01-04 18:02 - 00000000 ____D C:\ProgramData\fc124d4af23c6577
2014-01-04 18:04 - 2014-01-04 18:04 - 03041792 _____ C:\Program Files (x86)\GS.Enabler
2014-01-04 18:04 - 2014-01-04 18:04 - 02759168 _____ C:\Program Files (x86)\GS_x64.Enabler
2014-01-04 18:04 - 2014-01-04 18:04 - 00146768 _____ C:\Program Files (x86)\GSSvc.dll
2014-01-04 18:04 - 2014-01-04 18:04 - 00002710 _____ C:\Windows\System32\Tasks\GS.Enabler-S-926685765
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Packages
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\ProgramData\greaotssaVer
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\Program Files (x86)\greaotssaVer
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator
2014-01-04 18:01 - 2014-01-04 18:01 - 00321512 _____ (SoftWarehouse) C:\Users\Sabrina\Downloads\tools v6.0.8.exe
2014-01-04 17:51 - 2014-01-04 17:51 - 00000000 ____D C:\Users\Sabrina\AppData\Local\calibre-cache
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\Users\Sabrina\Documents\My Books
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Sony Corporation
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\Users\Sabrina\AppData\Local\kinoma
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\ProgramData\Sony Corporation
2014-01-04 17:47 - 2014-01-04 17:45 - 54211072 _____ C:\Users\Sabrina\Downloads\calibre-1.18.0.msi
2014-01-04 17:43 - 2014-01-04 17:38 - 00000000 ____D C:\Users\Sabrina\Documents\My Kindle Content
2014-01-04 17:38 - 2014-01-04 17:37 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Amazon
2014-01-04 17:38 - 2014-01-04 17:34 - 44221288 _____ (Sony Corporation                                             ) C:\Users\Sabrina\Downloads\ReaderInstaller.exe
2014-01-04 17:37 - 2014-01-04 17:37 - 38103832 _____ (Amazon.com) C:\Users\Sabrina\Downloads\KindleForPC-installer.exe
2014-01-03 11:14 - 2013-12-19 20:43 - 00199492 _____ C:\Windows\SysWOW64\~.tmp
2014-01-02 20:28 - 2014-01-02 20:28 - 00010484 _____ C:\Users\Sabrina\Desktop\Wochenplan.xlsx
2014-01-02 16:13 - 2012-02-25 17:46 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-12-28 15:11 - 2012-02-25 17:46 - 00004246 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-12-23 17:03 - 2013-12-01 20:48 - 00001040 _____ C:\Users\Sabrina\Desktop\Dropbox.lnk
2013-12-23 17:03 - 2013-12-01 20:47 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-23 13:52 - 2012-02-25 10:20 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Microsoft Help
2013-12-21 12:22 - 2012-05-22 16:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 14:55 - 2013-12-20 14:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 07:48 - 2013-03-11 13:57 - 00000000 ____D C:\Users\Sabrina\Documents\Heino
2013-12-18 20:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-18 03:03 - 2013-08-02 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-12-18 03:01 - 2012-08-29 06:47 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 12:50 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

Some content of TEMP:
====================
C:\Users\Sabrina\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 18:56

==================== End Of Log ============================
--- --- ---

--- --- ---

Alt 12.01.2014, 17:10   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer voller Spam, Werbebannern, etc. - Standard

Computer voller Spam, Werbebannern, etc.


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.01.2014, 18:48   #11
schnüffel
 
Computer voller Spam, Werbebannern, etc. - Standard

Computer voller Spam, Werbebannern, etc.


Vielen herzlichen Dank für die Unterstützung!
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Sabrina :: SABRINA-THINK [Administrator]

12.01.2014 17:16:20
mbam-log-2014-01-12 (17-16-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 269607
Laufzeit: 2 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\SoftWarehouse\GS.Enabler\GS.Enabler.exe (PUP.Optional.MultiPlug.A) -> 3176 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-926685765 (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{847493A0-9B57-E1D5-FE2C-CC1B12BC46CB} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{847493A0-9B57-E1D5-FE2C-CC1B12BC46CB} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{847493A0-9B57-E1D5-FE2C-CC1B12BC46CB} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{847493A0-9B57-E1D5-FE2C-CC1B12BC46CB} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{847493A0-9B57-E1D5-FE2C-CC1B12BC46CB} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866} (PUP.Optional.Multiplug) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\SNT (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 10
C:\ProgramData\SoftWarehouse\GS.Enabler\GS.Enabler.exe (PUP.Optional.MultiPlug.A) -> Löschen bei Neustart.
C:\Program Files (x86)\SNT\p7T2DTlA.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\greaotssaVer\GYHQUJS.exe (PUP.Optional.Multiplug) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\SNT\YoD1ZT1jA.exe (PUP.Optional.Multiplug) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sabrina\Downloads\epubee drm removal setup(1).exe (PUP.Optional.Soft32.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sabrina\Downloads\epubee drm removal setup.exe (PUP.Optional.Soft32.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sabrina\Downloads\tools v6.0.8.exe (PUP.Optional.InstalleRex) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SNT\p7T2DTlA.tlb (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SNT\p7T2DTlA.dat (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SNT\p7T2DTlA.x64.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Das Problem mit den Werbebannern besteht leider immer noch...
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=68b1296e4aba0d41a86cb19270476a99
# engine=16622
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-12 05:39:07
# local_time=2014-01-12 06:39:07 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 157513 141178197 0 0
# scanned=252631
# found=13
# cleaned=0
# scan_time=4242
sh=147FA4281120C99BA14DC5D5951C1A2972BDE759 ft=1 fh=c71c0011c04eb408 vn="a variant of Win32/AdWare.MultiPlug.N application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YoutubeAdblocker\_2iD.dll.vir"
sh=8E518927746CD24C92DFACD4EA709E7154F43D56 ft=1 fh=c71c00119c47ca32 vn="a variant of Win64/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YoutubeAdblocker\_2iD.x64.dll.vir"
sh=13FFDBAB9F8DF78798EE14AB2640F21EB7DEAA67 ft=1 fh=c71c0011a169624a vn="a variant of Win32/AdWare.MultiPlug.K.gen application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\YoutubeAdblocker\FvjZh.exe.vir"
sh=147FA4281120C99BA14DC5D5951C1A2972BDE759 ft=1 fh=c71c0011c04eb408 vn="a variant of Win32/AdWare.MultiPlug.N application" ac=I fn="C:\Program Files (x86)\greaotssaVer\2ZKW9c.dll"
sh=8E518927746CD24C92DFACD4EA709E7154F43D56 ft=1 fh=c71c00119c47ca32 vn="a variant of Win64/Adware.MultiPlug.A application" ac=I fn="C:\Program Files (x86)\greaotssaVer\2ZKW9c.x64.dll"
sh=7BC4998793462E1932A4F74E3A139DCDDA7653C6 ft=1 fh=19edba72960273eb vn="probably unknown NewHeur_PE virus" ac=I fn="C:\Program Files (x86)\Swisscom\Quick Help\m2mupdate.exe"
sh=E33DD3B0CB4E6677B453ECFC513E156C6E9681CD ft=1 fh=bea9fe3d774702de vn="a variant of Win32/AdWare.MultiPlug.O application" ac=I fn="C:\Users\Sabrina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AH7A412\3frrcD[1].exe"
sh=D23AAA9DA205264C7D2F21B91BC6640253289BDF ft=1 fh=0f401a72abd82eb8 vn="a variant of Win32/AdWare.MultiPlug.O application" ac=I fn="C:\Users\Sabrina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AH7A412\g3Q7J0e2[1].exe"
sh=3DDE113DAFAF29AAB7C72F4CF6B71C661CD167D3 ft=1 fh=cd3b6b8aeb620d4d vn="a variant of Win32/AdWare.MultiPlug.O application" ac=I fn="C:\Users\Sabrina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED7P0S7G\4zev[1].exe"
sh=3B2C90B0A0AF44B405D746E437ACBE2DA1E5E741 ft=1 fh=d0e8a9f046f91a20 vn="a variant of Win32/TrojanDownloader.Agent.AFD trojan" ac=I fn="C:\Users\Sabrina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED7P0S7G\agent2[1].exe"
sh=AE0FC6B2040E090DB5FD785DB94FB4390980D329 ft=1 fh=222deb84eeb9c823 vn="a variant of Win32/AdWare.MultiPlug.O application" ac=I fn="C:\Users\Sabrina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED7P0S7G\bK[1].exe"
sh=2E43945A390D73A58291902EA9BB656FAD37CDCF ft=1 fh=7798336fa31471fd vn="a variant of Win32/AdWare.MultiPlug.O application" ac=I fn="C:\Users\Sabrina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED7P0S7G\CPCYdcnEV[1].exe"
sh=FA89CEC2186BF23E3343E936976A438A1D9142F1 ft=1 fh=95e04e72930a3e8e vn="a variant of Win32/AdWare.MultiPlug.O application" ac=I fn="C:\Users\Sabrina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KZV7Y29F\MOyGgZi9[1].exe"

Alt 13.01.2014, 11:43   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer voller Spam, Werbebannern, etc. - Standard

Computer voller Spam, Werbebannern, etc.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Program Files (x86)\greaotssaVer

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.01.2014, 15:29   #13
schnüffel
 
Computer voller Spam, Werbebannern, etc. - Standard

Computer voller Spam, Werbebannern, etc.


Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-01-2014 01
Ran by Sabrina at 2014-01-13 15:25:56 Run:1
Running from C:\Users\Sabrina\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\greaotssaVer
*****************

C:\Program Files (x86)\greaotssaVer => Moved successfully.

==== End of Fixlog ====
Das Problem mit dem Werbebanner besteht nach wie vor.


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-01-2014 01
Ran by Sabrina (administrator) on SABRINA-THINK on 13-01-2014 15:27:28
Running from C:\Users\Sabrina\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Swisscom) C:\Program Files (x86)\Swisscom\Sesam\BIN\SecMIPService.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(Swisscom) C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Dropbox, Inc.) C:\Users\Sabrina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Swisscom) C:\Program Files (x86)\Swisscom\Quick Help\SwisscomQuickHelp.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Farbar) C:\Users\Sabrina\Desktop\FRST64(2).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] - C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] - C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-14] (Lenovo, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\ssmmgr.exe [606208 2009-10-13] ()
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Swisscom Quick Help] - C:\Program Files (x86)\Swisscom\Quick Help\SwisscomQuickHelp.exe [16668080 2013-10-02] (Swisscom)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKCU\...\Run: [LTT] - C:\Program Files\PC-Doctor\EnableToolbarW32.exe [23120 2011-06-27] (PC-Doctor, Inc.)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\SWTOOLS\SimpleTap DeskBand\ShowBand.exe [156472 2011-12-21] ()
HKU\Default User\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\SWTOOLS\SimpleTap DeskBand\ShowBand.exe [156472 2011-12-21] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-11-02] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll [202600 2012-11-02] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sabrina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: proxy.lfrz.at:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
URLSearchHook: HKLM-x32 - Default Value = {74198672-5F7D-4FE9-A611-4AC1D5A66A15}
URLSearchHook: HKLM-x32 - SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dll (SimilarGroup)
URLSearchHook: HKCU - Default Value = {74198672-5F7D-4FE9-A611-4AC1D5A66A15}
URLSearchHook: HKCU - SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dll (SimilarGroup)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deCH472
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deCH472
BHO: YoutubeAdblocker - {159BC49F-2CD6-4CB7-932B-1027665E58BD} - C:\Program Files (x86)\YoutubeAdblocker\_2iD.x64.dll No File
BHO: greaotssaVer - {4F72390C-3192-91EF-ECD9-D90061D298A2} - C:\Program Files (x86)\greaotssaVer\2ZKW9c.x64.dll No File
BHO: SNT - {847493A0-9B57-E1D5-FE2C-CC1B12BC46CB} - C:\Program Files (x86)\SNT\p7T2DTlA.x64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
Toolbar: HKLM-x32 - SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dll (SimilarGroup)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D5A2C57D-7554-4054-AE53-57D7A4D0B831}: [NameServer]195.186.152.33 195.186.216.33

FireFox:
========
FF ProfilePath: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default
FF Homepage: https://www.google.ch/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: goreatsoAvver - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\x-7oyya@odukqlwm-.org [2014-01-04]
FF Extension: SNT - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\yurxzs.t@iiio-eyule.edu [2014-01-04]
FF Extension: Swisscom Quick Help - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\{6A6114A5-EEF5-45F4-BCD1-B00A7B33E04B} [2014-01-12]
FF Extension: iMacros for Firefox - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2013-11-25]
FF Extension: Firebug - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\9ulbhy7c.default\Extensions\firebug@software.joehewitt.com.xpi [2013-02-17]
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []
FF HKLM-x32\...\Firefox\Extensions: [{E4D8AFFF-DA7C-412F-A976-05ED142C7806}] - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\FireFox_Remote\
FF Extension: Unlimited Data Manager - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\FireFox_Remote\ []

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (YTBBookMark) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\amabcieebhjofcnbdphdmfkfcdgfilgk\1.1 [2014-01-04]
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0 [2012-02-25]
CHR Extension: (goreatsoAvver) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmnkecdffcoibofckamdddfgeohpikij\2.7 [2014-01-04]
CHR Extension: (Google Search) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0 [2012-02-25]
CHR Extension: () - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpicgdnjfnbkibnicdnnpkkpklkjkki\2.0.0.4_0 [2013-04-12]
CHR Extension: (Speedy Shopper) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp\167 [2014-01-04]
CHR Extension: (SNT) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgmnfaeohlofnjigiimjlbjleaomlei\2.1 [2014-01-04]
CHR Extension: (YoutubeAdblocker) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfpknoifpolmopniafjdmhgpeobpcbba\1.0 [2014-01-04]
CHR Extension: (Norton Identity Protection) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0 [2012-02-25]
CHR Extension: (Gmail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0 [2012-02-25]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-01-15]

==================== Services (Whitelisted) =================

S2 1a34a8e0; C:\Program Files (x86)\GSSvc.dll [146768 2014-01-04] ()
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SesamService; C:\Program Files (x86)\Swisscom\Sesam\BIN\SecMIPService.exe [1482240 2011-05-16] (Swisscom)
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [307568 2010-09-22] (Sierra Wireless, Inc.)
R2 UDM Service; C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe [182128 2011-05-20] (Swisscom)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-06-30] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-25] (Samsung Electronics Co., Ltd.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2011-02-18] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284008 2012-11-02] (NVIDIA Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 WtSmpAdap; C:\Windows\System32\DRIVERS\wtsmpadap.sys [56688 2011-04-11] (Swisscom)
R1 WtSmpFlt; C:\Windows\System32\DRIVERS\wtsmpflt.sys [409456 2011-04-11] (Swisscom)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 vpnva; system32\DRIVERS\vpnva64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-13 15:27 - 2014-01-13 15:27 - 00022144 _____ C:\Users\Sabrina\Desktop\FRST.txt
2014-01-13 15:24 - 2014-01-13 15:24 - 02075648 _____ (Farbar) C:\Users\Sabrina\Desktop\FRST64(2).exe
2014-01-12 19:56 - 2014-01-13 08:07 - 00010234 _____ C:\Users\Sabrina\Desktop\Ü_Programm1-14.xlsx
2014-01-12 18:12 - 2014-01-12 18:12 - 00001081 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-12 18:11 - 2014-01-12 18:11 - 24097311 _____ C:\Users\Sabrina\Downloads\vlc-2.1.2-win32.exe
2014-01-12 17:25 - 2014-01-12 17:25 - 02347384 _____ (ESET) C:\Users\Sabrina\Downloads\esetsmartinstaller_enu.exe
2014-01-12 17:13 - 2014-01-12 17:13 - 00001124 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-12 17:13 - 2014-01-12 17:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-12 17:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-12 17:12 - 2014-01-12 17:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sabrina\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-12 12:23 - 2014-01-12 12:24 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2014-01-12 12:19 - 2014-01-12 12:19 - 00003198 _____ C:\Windows\System32\Tasks\{3D22A633-E4C1-4426-B590-EE9D260FDF03}
2014-01-12 12:05 - 2014-01-12 12:05 - 00000000 ____D C:\Users\Sabrina\AppData\Local\PackageAware
2014-01-12 12:03 - 2014-01-12 12:03 - 00001483 _____ C:\Users\Sabrina\Desktop\JRT.txt
2014-01-12 11:47 - 2014-01-12 11:47 - 01037068 _____ (Thisisu) C:\Users\Sabrina\Downloads\JRT(1).exe
2014-01-12 11:40 - 2014-01-12 11:41 - 01233962 _____ C:\Users\Sabrina\Downloads\adwcleaner(1).exe
2014-01-12 11:39 - 2014-01-12 11:39 - 00038876 _____ C:\ComboFix.txt
2014-01-12 11:07 - 2014-01-12 11:08 - 02076672 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64(1).exe
2014-01-11 13:27 - 2014-01-11 13:27 - 00000000 ____D C:\Users\Sabrina\Downloads\FRST-OlderVersion
2014-01-11 13:07 - 2014-01-11 13:07 - 01037068 _____ (Thisisu) C:\Users\Sabrina\Downloads\JRT.exe
2014-01-11 12:57 - 2014-01-11 12:57 - 01233962 _____ C:\Users\Sabrina\Downloads\adwcleaner.exe
2014-01-10 23:56 - 2014-01-10 23:56 - 05162489 _____ (Swearware) C:\Users\Sabrina\Downloads\ComboFix(1).exe
2014-01-10 23:55 - 2014-01-12 11:18 - 05162489 ____R (Swearware) C:\Users\Sabrina\Downloads\ComboFix.exe
2014-01-07 17:07 - 2014-01-11 13:27 - 02076160 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2014-01-06 22:19 - 2014-01-06 22:20 - 00000093 _____ C:\Users\Sabrina\AppData\Roaming\ARCompanion.log
2014-01-05 14:51 - 2014-01-05 14:51 - 00001179 _____ C:\Users\UpdatusUser\Desktop\CH-Finance.lnk
2014-01-05 14:51 - 2014-01-05 14:51 - 00001179 _____ C:\Users\Sabrina\Desktop\CH-Finance.lnk
2014-01-05 14:51 - 2014-01-05 14:51 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amadeus Informatik
2014-01-05 14:51 - 2014-01-05 14:51 - 00000000 ____D C:\Program Files (x86)\Amadeus Informatik
2014-01-04 18:10 - 2014-01-04 18:14 - 00000000 ____D C:\Users\Sabrina\Documents\Decrypt Output
2014-01-04 18:09 - 2014-01-04 18:09 - 08098484 _____ (Epubor.com.                                                 ) C:\Users\Sabrina\Downloads\epubee.exe
2014-01-04 18:05 - 2014-01-04 18:05 - 00000000 ____D C:\ProgramData\SNT
2014-01-04 18:04 - 2014-01-12 17:21 - 00000464 ____H C:\Windows\Tasks\GS.Enabler-S-926685765.job
2014-01-04 18:04 - 2014-01-04 18:05 - 00000000 ____D C:\ProgramData\SoftWarehouse
2014-01-04 18:04 - 2014-01-04 18:04 - 03041792 _____ C:\Program Files (x86)\GS.Enabler
2014-01-04 18:04 - 2014-01-04 18:04 - 02759168 _____ C:\Program Files (x86)\GS_x64.Enabler
2014-01-04 18:04 - 2014-01-04 18:04 - 00146768 _____ C:\Program Files (x86)\GSSvc.dll
2014-01-04 18:04 - 2014-01-04 18:04 - 00002710 _____ C:\Windows\System32\Tasks\GS.Enabler-S-926685765
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Packages
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\ProgramData\greaotssaVer
2014-01-04 18:02 - 2014-01-04 18:05 - 00000000 ____D C:\ProgramData\InstallMate
2014-01-04 18:02 - 2014-01-04 18:05 - 00000000 ____D C:\ProgramData\fc124d4af23c6577
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator
2014-01-04 17:51 - 2014-01-04 17:51 - 00000000 ____D C:\Users\Sabrina\AppData\Local\calibre-cache
2014-01-04 17:50 - 2014-01-04 18:27 - 00000000 ____D C:\Users\Sabrina\Documents\Calibre-Bibliothek
2014-01-04 17:50 - 2014-01-04 18:20 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\calibre
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\Users\Sabrina\Documents\My Books
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Sony Corporation
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\Users\Sabrina\AppData\Local\kinoma
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\ProgramData\Sony Corporation
2014-01-04 17:46 - 2014-01-06 22:07 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Sony Corporation
2014-01-04 17:45 - 2014-01-04 17:47 - 54211072 _____ C:\Users\Sabrina\Downloads\calibre-1.18.0.msi
2014-01-04 17:38 - 2014-01-04 17:43 - 00000000 ____D C:\Users\Sabrina\Documents\My Kindle Content
2014-01-04 17:37 - 2014-01-04 17:38 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Amazon
2014-01-04 17:37 - 2014-01-04 17:37 - 38103832 _____ (Amazon.com) C:\Users\Sabrina\Downloads\KindleForPC-installer.exe
2014-01-04 17:34 - 2014-01-04 17:38 - 44221288 _____ (Sony Corporation                                             ) C:\Users\Sabrina\Downloads\ReaderInstaller.exe
2014-01-02 20:28 - 2014-01-02 20:28 - 00010484 _____ C:\Users\Sabrina\Desktop\Wochenplan.xlsx
2013-12-20 14:55 - 2013-12-20 14:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 20:43 - 2014-01-12 20:32 - 00163638 _____ C:\Windows\SysWOW64\~.tmp

==================== One Month Modified Files and Folders =======

2014-01-13 15:27 - 2014-01-13 15:27 - 00022144 _____ C:\Users\Sabrina\Desktop\FRST.txt
2014-01-13 15:26 - 2012-02-13 08:42 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-13 15:24 - 2014-01-13 15:24 - 02075648 _____ (Farbar) C:\Users\Sabrina\Desktop\FRST64(2).exe
2014-01-13 15:20 - 2012-02-25 17:46 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2014-01-13 15:01 - 2012-04-06 13:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-13 15:00 - 2012-02-13 07:16 - 00659842 _____ C:\Windows\system32\perfh007.dat
2014-01-13 15:00 - 2012-02-13 07:16 - 00131942 _____ C:\Windows\system32\perfc007.dat
2014-01-13 15:00 - 2009-07-14 06:13 - 01507566 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-13 14:59 - 2012-03-22 17:39 - 00000000 ____D C:\ProgramData\UDM
2014-01-13 08:07 - 2014-01-12 19:56 - 00010234 _____ C:\Users\Sabrina\Desktop\Ü_Programm1-14.xlsx
2014-01-13 07:51 - 2012-02-13 07:46 - 01991910 _____ C:\Windows\WindowsUpdate.log
2014-01-13 07:49 - 2012-02-13 08:42 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-13 07:40 - 2012-02-25 11:07 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Adobe
2014-01-12 22:36 - 2012-02-25 10:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-12 21:09 - 2012-02-25 17:47 - 00117032 _____ C:\Users\Sabrina\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-12 20:50 - 2012-03-06 06:54 - 00000000 ____D C:\Users\Sabrina\AppData\Local\CrashDumps
2014-01-12 20:32 - 2013-12-19 20:43 - 00163638 _____ C:\Windows\SysWOW64\~.tmp
2014-01-12 20:30 - 2012-02-29 21:41 - 00000000 ____D C:\Users\Sabrina\Documents\KVL
2014-01-12 18:13 - 2012-08-26 14:38 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\vlc
2014-01-12 18:12 - 2014-01-12 18:12 - 00001081 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-12 18:11 - 2014-01-12 18:11 - 24097311 _____ C:\Users\Sabrina\Downloads\vlc-2.1.2-win32.exe
2014-01-12 18:02 - 2012-02-25 09:58 - 00000000 ___RD C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-12 18:02 - 2012-02-13 08:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2014-01-12 18:01 - 2012-02-25 10:20 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-12 18:01 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-12 17:36 - 2012-02-25 17:46 - 00003506 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-01-12 17:36 - 2012-02-25 17:46 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2014-01-12 17:28 - 2009-07-14 05:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-12 17:28 - 2009-07-14 05:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-12 17:25 - 2014-01-12 17:25 - 02347384 _____ (ESET) C:\Users\Sabrina\Downloads\esetsmartinstaller_enu.exe
2014-01-12 17:22 - 2012-04-03 21:35 - 00000000 ___RD C:\Users\Sabrina\Dropbox
2014-01-12 17:22 - 2012-04-03 21:34 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Dropbox
2014-01-12 17:21 - 2014-01-04 18:04 - 00000464 ____H C:\Windows\Tasks\GS.Enabler-S-926685765.job
2014-01-12 17:20 - 2012-02-13 08:01 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-12 17:20 - 2010-11-21 04:47 - 00817048 _____ C:\Windows\PFRO.log
2014-01-12 17:20 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-12 17:20 - 2009-07-14 05:51 - 00112760 _____ C:\Windows\setupact.log
2014-01-12 17:13 - 2014-01-12 17:13 - 00001124 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-12 17:13 - 2014-01-12 17:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-12 17:12 - 2014-01-12 17:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sabrina\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-12 12:26 - 2012-02-13 07:52 - 00000000 ____D C:\Program Files (x86)\Cisco
2014-01-12 12:24 - 2014-01-12 12:23 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2014-01-12 12:19 - 2014-01-12 12:19 - 00003198 _____ C:\Windows\System32\Tasks\{3D22A633-E4C1-4426-B590-EE9D260FDF03}
2014-01-12 12:13 - 2013-01-15 13:09 - 00000000 ____D C:\Program Files (x86)\Wondershare
2014-01-12 12:13 - 2012-04-04 15:41 - 00000000 ____D C:\Program Files (x86)\Bradbury
2014-01-12 12:05 - 2014-01-12 12:05 - 00000000 ____D C:\Users\Sabrina\AppData\Local\PackageAware
2014-01-12 12:03 - 2014-01-12 12:03 - 00001483 _____ C:\Users\Sabrina\Desktop\JRT.txt
2014-01-12 11:47 - 2014-01-12 11:47 - 01037068 _____ (Thisisu) C:\Users\Sabrina\Downloads\JRT(1).exe
2014-01-12 11:42 - 2013-10-21 13:25 - 00000000 ____D C:\AdwCleaner
2014-01-12 11:41 - 2014-01-12 11:40 - 01233962 _____ C:\Users\Sabrina\Downloads\adwcleaner(1).exe
2014-01-12 11:39 - 2014-01-12 11:39 - 00038876 _____ C:\ComboFix.txt
2014-01-12 11:39 - 2013-10-20 20:51 - 00000000 ____D C:\Qoobox
2014-01-12 11:35 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-12 11:18 - 2014-01-10 23:55 - 05162489 ____R (Swearware) C:\Users\Sabrina\Downloads\ComboFix.exe
2014-01-12 11:12 - 2013-10-17 21:07 - 00040883 _____ C:\Users\Sabrina\Downloads\FRST.txt
2014-01-12 11:08 - 2014-01-12 11:07 - 02076672 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64(1).exe
2014-01-11 13:27 - 2014-01-11 13:27 - 00000000 ____D C:\Users\Sabrina\Downloads\FRST-OlderVersion
2014-01-11 13:27 - 2014-01-07 17:07 - 02076160 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2014-01-11 13:27 - 2013-10-17 21:06 - 00000000 ____D C:\FRST
2014-01-11 13:07 - 2014-01-11 13:07 - 01037068 _____ (Thisisu) C:\Users\Sabrina\Downloads\JRT.exe
2014-01-11 13:01 - 2009-07-14 05:45 - 05259168 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-11 12:57 - 2014-01-11 12:57 - 01233962 _____ C:\Users\Sabrina\Downloads\adwcleaner.exe
2014-01-10 23:56 - 2014-01-10 23:56 - 05162489 _____ (Swearware) C:\Users\Sabrina\Downloads\ComboFix(1).exe
2014-01-07 20:27 - 2012-02-13 08:42 - 00000000 ____D C:\Program Files\Google
2014-01-07 20:27 - 2012-02-13 08:42 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-06 22:20 - 2014-01-06 22:19 - 00000093 _____ C:\Users\Sabrina\AppData\Roaming\ARCompanion.log
2014-01-06 22:20 - 2013-05-15 06:51 - 00000000 ____D C:\Program Files (x86)\Citrix
2014-01-06 22:19 - 2013-05-15 06:51 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Citrix
2014-01-06 22:19 - 2012-02-25 10:11 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Mozilla
2014-01-06 22:18 - 2012-02-25 09:57 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Google
2014-01-06 22:07 - 2014-01-04 17:46 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Sony Corporation
2014-01-06 22:05 - 2012-02-13 07:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-05 14:51 - 2014-01-05 14:51 - 00001179 _____ C:\Users\UpdatusUser\Desktop\CH-Finance.lnk
2014-01-05 14:51 - 2014-01-05 14:51 - 00001179 _____ C:\Users\Sabrina\Desktop\CH-Finance.lnk
2014-01-05 14:51 - 2014-01-05 14:51 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amadeus Informatik
2014-01-05 14:51 - 2014-01-05 14:51 - 00000000 ____D C:\Program Files (x86)\Amadeus Informatik
2014-01-04 18:27 - 2014-01-04 17:50 - 00000000 ____D C:\Users\Sabrina\Documents\Calibre-Bibliothek
2014-01-04 18:20 - 2014-01-04 17:50 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\calibre
2014-01-04 18:14 - 2014-01-04 18:10 - 00000000 ____D C:\Users\Sabrina\Documents\Decrypt Output
2014-01-04 18:09 - 2014-01-04 18:09 - 08098484 _____ (Epubor.com.                                                 ) C:\Users\Sabrina\Downloads\epubee.exe
2014-01-04 18:05 - 2014-01-04 18:05 - 00000000 ____D C:\ProgramData\SNT
2014-01-04 18:05 - 2014-01-04 18:04 - 00000000 ____D C:\ProgramData\SoftWarehouse
2014-01-04 18:05 - 2014-01-04 18:02 - 00000000 ____D C:\ProgramData\InstallMate
2014-01-04 18:05 - 2014-01-04 18:02 - 00000000 ____D C:\ProgramData\fc124d4af23c6577
2014-01-04 18:04 - 2014-01-04 18:04 - 03041792 _____ C:\Program Files (x86)\GS.Enabler
2014-01-04 18:04 - 2014-01-04 18:04 - 02759168 _____ C:\Program Files (x86)\GS_x64.Enabler
2014-01-04 18:04 - 2014-01-04 18:04 - 00146768 _____ C:\Program Files (x86)\GSSvc.dll
2014-01-04 18:04 - 2014-01-04 18:04 - 00002710 _____ C:\Windows\System32\Tasks\GS.Enabler-S-926685765
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Packages
2014-01-04 18:03 - 2014-01-04 18:03 - 00000000 ____D C:\ProgramData\greaotssaVer
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\HomeGroupUser$
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Gast
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Torch
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo
2014-01-04 18:02 - 2014-01-04 18:02 - 00000000 ____D C:\Users\Administrator
2014-01-04 17:51 - 2014-01-04 17:51 - 00000000 ____D C:\Users\Sabrina\AppData\Local\calibre-cache
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\Users\Sabrina\Documents\My Books
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Sony Corporation
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\Users\Sabrina\AppData\Local\kinoma
2014-01-04 17:47 - 2014-01-04 17:47 - 00000000 ____D C:\ProgramData\Sony Corporation
2014-01-04 17:47 - 2014-01-04 17:45 - 54211072 _____ C:\Users\Sabrina\Downloads\calibre-1.18.0.msi
2014-01-04 17:43 - 2014-01-04 17:38 - 00000000 ____D C:\Users\Sabrina\Documents\My Kindle Content
2014-01-04 17:38 - 2014-01-04 17:37 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Amazon
2014-01-04 17:38 - 2014-01-04 17:34 - 44221288 _____ (Sony Corporation                                             ) C:\Users\Sabrina\Downloads\ReaderInstaller.exe
2014-01-04 17:37 - 2014-01-04 17:37 - 38103832 _____ (Amazon.com) C:\Users\Sabrina\Downloads\KindleForPC-installer.exe
2014-01-02 20:28 - 2014-01-02 20:28 - 00010484 _____ C:\Users\Sabrina\Desktop\Wochenplan.xlsx
2014-01-02 16:13 - 2012-02-25 17:46 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-12-28 15:11 - 2012-02-25 17:46 - 00004246 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-12-23 17:03 - 2013-12-01 20:48 - 00001040 _____ C:\Users\Sabrina\Desktop\Dropbox.lnk
2013-12-23 17:03 - 2013-12-01 20:47 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-23 13:52 - 2012-02-25 10:20 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Microsoft Help
2013-12-21 12:22 - 2012-05-22 16:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 14:55 - 2013-12-20 14:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 07:48 - 2013-03-11 13:57 - 00000000 ____D C:\Users\Sabrina\Documents\Heino
2013-12-18 20:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-18 03:03 - 2013-08-02 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-12-18 03:01 - 2012-08-29 06:47 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 12:50 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

Some content of TEMP:
====================
C:\Users\Sabrina\AppData\Local\Temp\ose00000.exe
C:\Users\Sabrina\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 18:56

==================== End Of Log ============================
--- --- ---

--- --- ---

Alt 13.01.2014, 15:32   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer voller Spam, Werbebannern, etc. - Standard

Computer voller Spam, Werbebannern, etc.


TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.




Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.01.2014, 15:55   #15
schnüffel
 
Computer voller Spam, Werbebannern, etc. - Standard

Computer voller Spam, Werbebannern, etc.


Leider ist immer noch das Problem, dass überall Werbebanner erscheinen "ads not by this site" und dass z.T. Wörter bründ unterstrichen sind wie Hyperlinks! Und der Computer scheint mir dadurch mit Firefox etc. immer noch viel langsamer.

Antwort
Seite 1 von 2 1 2

Themen zu Computer voller Spam, Werbebannern, etc.
compu, computer, eingeblendet, fenster, guten, laufe, laufend, neue, professional, spam, unterstützung, voller, werbebanner, windows, windows 7


« W-Lan Probleme , E Mails ?? , Antivir gibt folgende Meldung | firefox, doppelt-unterstrichene grüne links mit popups »


Ähnliche Themen: Computer voller Spam, Werbebannern, etc.


  1. Windows 7: Computer ist langsam, Installation von Antiviren/Spam-Software nicht möglich, Werbung auf Webseiten
    Log-Analyse und Auswertung - 04.01.2015 (14)
  2. Alle installierten Browser mit Werbebannern und Popups befallen - lassen sich nicht entfernen
    Log-Analyse und Auswertung - 22.10.2014 (14)
  3. Firefox voller Werbung und Pop-ups die 2.
    Plagegeister aller Art und deren Bekämpfung - 05.03.2014 (4)
  4. Firefox voller Werbung und Pop-ups
    Plagegeister aller Art und deren Bekämpfung - 05.03.2014 (13)
  5. Computer verschickt offensichtlich Spam-Mails über t-online-account
    Log-Analyse und Auswertung - 23.10.2013 (2)
  6. Windows 7: PC voller Trojaner
    Log-Analyse und Auswertung - 22.10.2013 (2)
  7. schädlicher link mit werbebannern http://tracking999.com
    Plagegeister aller Art und deren Bekämpfung - 17.06.2013 (19)
  8. Trojaner mit Zahlungsaufforderung, Computer-Sperrung und Spam-Mail
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (11)
  9. Computer versendet automatisch mit Hotmail an alle Kontakte Spam-Mails
    Log-Analyse und Auswertung - 08.02.2011 (13)
  10. Eigentor von Symantec: Eigene WM-Website voller Spam-Kommentare [Update]
    Nachrichten - 10.07.2010 (0)
  11. Eigentor von Symantec: Eigene WM-Website voller Spam-Kommentare
    Nachrichten - 09.07.2010 (0)
  12. Mein Computer versende SPAM - Internet-Zugang gesperrt...
    Log-Analyse und Auswertung - 31.03.2010 (4)
  13. Voller Viren ?
    Log-Analyse und Auswertung - 13.09.2009 (2)
  14. PC voller Trojaner und sonstigem.
    Plagegeister aller Art und deren Bekämpfung - 17.04.2008 (6)
  15. Pc voller Viren
    Plagegeister aller Art und deren Bekämpfung - 01.08.2007 (28)
  16. PC voller Viren!
    Log-Analyse und Auswertung - 01.10.2006 (9)
  17. Lauferk voller dateien
    Plagegeister aller Art und deren Bekämpfung - 28.05.2006 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Computer voller Spam, Werbebannern, etc. - Guten Tag Kann mir jemand helfen? Auf meinem PC gehen laufend neue Fenster auf, Werbebanner werden eingeblendet, etc. Habe Windows 7 Professional, PC. Vielen Dank für die Unterstützung! - Computer voller Spam, Werbebannern, etc....
Archiv
Du betrachtest: Computer voller Spam, Werbebannern, etc. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130