E-Mail Account verschickt eigenmächtig E-Mails, Virenscanner kann nichts finden (Norton)

FlyingDragon · 26.03.2014, 21:52

Hallo,
ich habe jetzt zum zweiten Mal das Problem, dass mir mein E-Mail-Account (AOL) gesperrt worden ist wegen ungewöhnlicher Aktivitäten. Mein PC wird durch Norton geschützt. Ende letzten Jahres habe ich das Update Win 8.1 installiert. Während der Installation wurde offenbar Norton "ausgeknockt"; ich musste das Programm nach erfolgloser Reparatur neu installieren. Norton findet garnichts. Ich habe mit Malwarebytes einen Systemscan gemacht und einige infizierte Dateien gemeldet erhalten aber noch nichts unternommen. Auch mit HijackThis habe ich einen Scan vorgenommen und die Logdatei im Netz prüfen lassen. Die dortigen Ergebnisse fand ich aber doch sehr zweifelhaft. Durch Zufall bin ich dann auf diese Seite im Internet gestossen.

Wie in der Anleitung angegeben habe ich Defogger, FRST und GMER durchgeführt; da die Logfiles zu groß sind habe ich sie nun als Zip-Archiv angehangen. Die letzten Logdateien von HijackThis und Malwarebytes füge ich als separates Zip-Archiv ebenfalls bei.

Ich bin für jede Hilfe dankbar, habe aber selbst erst immer am Abend Zeit, mich um gepostete Anworten zu kümmern.

Schon einmal vielen Dank an alle, die helfen können/wollen,
FlyingDragon

schrauber · 27.03.2014, 07:11

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

FlyingDragon · 27.03.2014, 18:33

Sorry, die Vorschau hat angezeigt, die Dateien seien zu groß und ich solle sie als Zip anhängen.

Okay, hier nun die Codes, in mehreren Posts.

Schon einmal vielen Dank im Voraus
gez. FlyingDragon

Defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:41 on 26/03/2014 (Britta)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Britta (administrator) on HUPSY on 26-03-2014 20:43:00
Running from C:\0 - Britta's Programme\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Adobe Systems Incorporated) C:\0 - Britta's Programme\Fotobearbeitung\Adobe Fotoshops Elements 9\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(IvoSoft) C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicStartMenu.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Users\Britta\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SterJo Software) C:\Program Files (x86)\SterJo NetStalker\NetStalker.exe
(Mozilla Corporation) C:\0 - Britta's Programme\Arbeitsprogramme\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\0 - Britta's Programme\Fotobearbeitung\Adobe Photoshop Elements 11\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\0 - Britta's Programme\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11554688 2012-08-08] (Motorola Solutions, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-21] (Synaptics Incorporated)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\WINDOWS\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SterJo NetStalker] - C:\Program Files (x86)\SterJo NetStalker\NetStalker.exe [820232 2013-11-10] (SterJo Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-885508780-3488564519-4253053766-1002\...\Run: [Spiele Post] - C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe [479984 2013-01-11] (Intenium)
HKU\S-1-5-21-885508780-3488564519-4253053766-1002\...\Run: [Amazon Cloud Player] - C:\Users\Britta\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
Startup: C:\Users\Britta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
URLSearchHook: HKLM-x32 - (No Name) - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - No File
SearchScopes: HKLM - DefaultScope {C0B8E795-7C41-4B83-B445-D943D1949BA0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {C0B8E795-7C41-4B83-B445-D943D1949BA0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {C0B8E795-7C41-4B83-B445-D943D1949BA0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {C0B8E795-7C41-4B83-B445-D943D1949BA0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {1E5B04A9-36E9-4430-8D02-E132C9366C24} URL = hxxp://search.gophoto.it/?pl=1&q={searchTerms}&ch=v1noadmin_1402
SearchScopes: HKCU - {1E5B04A9-36E9-4430-8D02-E132C9366C24} URL = hxxp://search.gophoto.it/?pl=1&q={searchTerms}&ch=v1noadmin_1402
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869
SearchScopes: HKCU - {C0B8E795-7C41-4B83-B445-D943D1949BA0} URL = 
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: No Name - {03fee850-0101-4e9e-b6d4-6fc74d3db360} -  No File
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: flash-Enhancer - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiBho.dll ()
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {03fee850-0101-4e9e-b6d4-6fc74d3db360} -  No File
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Tcpip\..\Interfaces\{EA75B47C-74EC-405E-8154-E14E7D35C72C}: [NameServer]62.109.121.1 62.109.121.2

FireFox:
========
FF ProfilePath: C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default
FF user.js: detected! => C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\user.js
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF SearchPlugin: C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\searchplugins\gophotoit.xml
FF SearchPlugin: C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\searchplugins\webde-suche.xml
FF Extension: RealoreStudios  - C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\Extensions\{03fee850-0101-4e9e-b6d4-6fc74d3db360} [2013-12-12]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-02-16]
FF StartMenuInternet: FIREFOX.EXE - C:\0 - Britta's Programme\Arbeitsprogramme\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HomePage: hxxp://search.gophoto.it/?pl=2&ch=v1noadmin_1402
CHR RestoreOnStartup: "hxxp://search.gophoto.it/?pl=2&ch=v1noadmin_1402"
CHR DefaultSearchProvider: Search The Web (GoPhotoIt)
CHR DefaultSearchURL: hxxp://search.gophoto.it/?pl=1&ch=v1noadmin_1402&q={searchTerms}
CHR Extension: (GoPhotoIt Chrome Extension) - C:\Users\Britta\AppData\Local\Google\Chrome\User Data\Default\Extensions\begbnpffhnpedhocnobliippgejhjpfp [2014-02-01]
CHR HKCU\...\Chrome\Extension: [begbnpffhnpedhocnobliippgejhjpfp] - C:\Users\Britta\AppData\Roaming\Cool Mirage Ltd\gophotoit\1.8.29.5\gophotoit.crx [2013-12-24]
CHR HKLM-x32\...\Chrome\Extension: [ehmnjgkmbpbohelngpclcdhgochdeoej] - C:\Program Files (x86)\AmiExt\flashEnhancer\ch\flashEnhancer.crx [2013-12-10]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [2014-02-18]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-03] (Adobe Systems)
R2 AdobeActiveFileMonitor11.0; C:\0 - Britta's Programme\Fotobearbeitung\Adobe Photoshop Elements 11\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor9.0; C:\0 - Britta's Programme\Fotobearbeitung\Adobe Fotoshops Elements 9\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-06] (Adobe Systems Incorporated)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [64848 2012-08-06] (Condusiv Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\0 - Britta's Programme\Arbeitsprogramme\Mobile Partner\UpdateDog\ouc.exe [239968 2013-07-31] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-15] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140324.002\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-17] (Microsoft Corporation)
R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [24400 2012-08-06] (Condusiv Technologies)
R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [73552 2012-08-06] (Condusiv Technologies)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140325.009\ENG64.SYS [126040 2014-02-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140325.009\EX64.SYS [2099288 2014-02-15] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-10-26] (Windows (R) 2003 DDK 3790 provider)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-17] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-26 20:42 - 2014-03-26 20:43 - 00000000 ____D () C:\FRST
2014-03-26 20:41 - 2014-03-26 20:41 - 00000474 _____ () C:\Users\Britta\Desktop\defogger_disable.log
2014-03-26 20:41 - 2014-03-26 20:41 - 00000000 _____ () C:\Users\Britta\defogger_reenable
2014-03-26 18:22 - 2014-03-26 18:22 - 00012484 _____ () C:\Users\Britta\Desktop\26.03.2014 - hijackthis.log
2014-03-25 20:56 - 2014-03-25 20:56 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-03-25 20:56 - 2014-03-25 20:56 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-03-25 11:10 - 2014-03-25 11:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-25 11:10 - 2013-11-11 16:02 - 06674208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2014-03-25 11:10 - 2013-11-11 16:02 - 03490080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2014-03-25 11:10 - 2013-11-11 16:01 - 03467927 _____ () C:\WINDOWS\system32\nvcoproc.bin
2014-03-25 11:10 - 2013-11-11 16:01 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2014-03-25 11:10 - 2013-11-11 16:01 - 01065248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2014-03-25 11:10 - 2013-11-11 16:01 - 00922912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2014-03-25 11:10 - 2013-11-11 16:01 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2014-03-25 11:10 - 2013-11-11 16:01 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2014-03-25 11:10 - 2013-11-11 16:01 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 30361888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 25257248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 22951200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 18293608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 18208624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 17560352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 15862272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 15218504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 12613408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-03-25 11:07 - 2013-11-14 12:58 - 11600432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 11514624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 09691888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 09619872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 03132704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 03125024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 03069608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 02947872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 02747680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 02697248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 01884448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6433182.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 01511712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6433182.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 01436528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 01242400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 00707360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 00657184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 00609568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 00562464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 00317472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 00266984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 00168616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 00141336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 00032544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2014-03-25 11:07 - 2013-11-14 12:58 - 00023754 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-03-25 10:47 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2014-03-25 10:47 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2014-03-25 10:47 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2014-03-25 10:47 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2014-03-25 10:47 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2014-03-25 10:47 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2014-03-25 10:46 - 2014-03-25 10:47 - 00000000 ____D () C:\Users\Britta\AppData\Local\NVIDIA Corporation
2014-03-25 10:45 - 2014-03-25 10:45 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-03-25 10:45 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-03-25 10:45 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-03-25 10:15 - 2014-03-25 10:48 - 00000000 ____D () C:\Users\Britta\AppData\Local\NVIDIA
2014-03-25 10:14 - 2013-12-10 03:13 - 01100248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-03-25 10:14 - 2013-12-10 03:13 - 00982232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-03-25 10:11 - 2014-03-25 10:11 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-25 10:10 - 2014-03-25 11:09 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-25 10:05 - 2013-12-05 09:42 - 00035104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2014-03-25 10:00 - 2014-03-25 10:00 - 00000000 ____D () C:\NVIDIA
2014-03-25 09:09 - 2014-03-25 09:39 - 259887872 _____ (NVIDIA Corporation) C:\Users\Britta\Downloads\331.82-notebook-win8-win7-64bit-international-whql.exe
2014-03-25 09:03 - 2014-03-25 09:03 - 00291840 _____ () C:\WINDOWS\Minidump\032514-25562-01.dmp
2014-03-24 19:03 - 2014-03-24 19:03 - 00291744 _____ () C:\WINDOWS\Minidump\032414-23187-01.dmp
2014-03-22 13:14 - 2014-03-22 13:14 - 00000000 ____D () C:\Users\Britta\AppData\Roaming\Malwarebytes
2014-03-22 13:13 - 2014-03-22 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-22 13:13 - 2014-03-22 13:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-22 13:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-22 12:32 - 2014-03-22 12:40 - 00000000 ____D () C:\!KillBox
2014-03-22 09:31 - 2014-03-22 13:30 - 00000000 ____D () C:\Program Files (x86)\SterJo NetStalker
2014-03-22 09:31 - 2005-04-15 19:58 - 01351392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.ocx
2014-03-21 20:12 - 2014-03-21 20:12 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-03-21 20:11 - 2014-03-23 19:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-18 21:51 - 2014-01-08 02:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-03-18 21:51 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-03-18 21:51 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-03-18 21:51 - 2014-01-04 16:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-03-18 21:51 - 2014-01-04 16:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-03-18 21:51 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-03-18 21:51 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-03-18 21:51 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-03-18 21:51 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-03-18 21:51 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-03-18 21:51 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-03-18 21:51 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-03-18 21:51 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-03-18 21:51 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-03-18 21:51 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-03-18 21:51 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-03-18 21:51 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-03-18 21:51 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-03-18 21:51 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-03-18 21:51 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-03-18 21:51 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-03-18 21:51 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-03-18 21:51 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-03-18 21:51 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-03-18 21:51 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-03-18 21:51 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-03-18 21:51 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-03-18 21:51 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-03-18 21:51 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-03-18 21:51 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-03-18 21:51 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-03-18 21:51 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-03-18 21:51 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-03-18 21:51 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-03-18 21:51 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-03-18 21:51 - 2013-12-09 09:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-03-18 21:51 - 2013-12-09 05:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-03-14 07:01 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-14 07:01 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-14 07:01 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-14 07:01 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-14 07:01 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-14 07:01 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-14 07:01 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-14 07:01 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-14 07:01 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-14 07:01 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-14 07:01 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-14 07:01 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-14 07:01 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-14 07:01 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-14 07:01 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-14 07:01 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-14 07:01 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-14 07:01 - 2014-02-22 13:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-03-14 07:01 - 2014-02-22 12:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-03-14 07:01 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-14 07:01 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-14 07:01 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-14 07:01 - 2014-01-31 17:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-14 07:01 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-14 07:01 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-14 07:01 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-14 07:01 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-14 07:01 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-14 07:01 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-14 07:01 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-14 07:01 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-14 07:01 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-14 07:01 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-14 07:01 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-14 07:01 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-14 07:01 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-14 07:01 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-14 07:01 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-14 07:01 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-14 07:01 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-14 07:01 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-14 07:01 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-14 07:01 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-14 07:01 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-14 07:01 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-14 07:01 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-14 07:01 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-14 07:01 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-14 07:01 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-14 07:01 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-14 07:01 - 2014-01-27 12:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-14 07:01 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-14 07:01 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-14 07:01 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-14 07:01 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-14 07:01 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-14 07:01 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-14 07:01 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-14 07:01 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-14 07:01 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-13 22:32 - 2014-03-13 22:32 - 00000000 ____D () C:\Users\Britta\AppData\Local\Amazon Cloud Player
2014-03-08 13:33 - 2014-03-08 13:33 - 00291896 _____ () C:\WINDOWS\Minidump\030814-18843-01.dmp
2014-03-02 11:33 - 2014-03-02 11:33 - 00292032 _____ () C:\WINDOWS\Minidump\030214-24281-01.dmp

==================== One Month Modified Files and Folders =======

2014-03-26 20:43 - 2014-03-26 20:42 - 00000000 ____D () C:\FRST
2014-03-26 20:41 - 2014-03-26 20:41 - 00000474 _____ () C:\Users\Britta\Desktop\defogger_disable.log
2014-03-26 20:41 - 2014-03-26 20:41 - 00000000 _____ () C:\Users\Britta\defogger_reenable
2014-03-26 20:41 - 2013-12-17 23:01 - 00000000 ____D () C:\Users\Britta
2014-03-26 20:37 - 2013-12-17 23:42 - 00000000 ____D () C:\Users\Britta\AppData\Roaming\ClassicShell
2014-03-26 20:36 - 2013-01-11 18:07 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-885508780-3488564519-4253053766-1002
2014-03-26 20:33 - 2013-01-12 13:15 - 00000000 ____D () C:\Users\Britta\AppData\Local\CrashDumps
2014-03-26 20:32 - 2013-12-22 12:54 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E375E84D-6A2A-4AE5-AC99-D98D879404EE}
2014-03-26 20:32 - 2013-01-11 20:14 - 00000000 ____D () C:\Users\Britta\AppData\Local\Adobe
2014-03-26 20:31 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-26 19:45 - 2013-01-11 18:31 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-26 19:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-26 18:22 - 2014-03-26 18:22 - 00012484 _____ () C:\Users\Britta\Desktop\26.03.2014 - hijackthis.log
2014-03-26 07:13 - 2013-12-17 23:19 - 01141788 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-26 06:59 - 2013-11-13 23:18 - 00753100 _____ () C:\WINDOWS\PFRO.log
2014-03-25 20:56 - 2014-03-25 20:56 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-03-25 20:56 - 2014-03-25 20:56 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-03-25 11:10 - 2014-03-25 11:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-25 11:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2014-03-25 11:10 - 2012-09-10 09:36 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-25 11:09 - 2014-03-25 10:10 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-25 11:09 - 2012-09-10 09:36 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-25 10:48 - 2014-03-25 10:15 - 00000000 ____D () C:\Users\Britta\AppData\Local\NVIDIA
2014-03-25 10:47 - 2014-03-25 10:46 - 00000000 ____D () C:\Users\Britta\AppData\Local\NVIDIA Corporation
2014-03-25 10:45 - 2014-03-25 10:45 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-03-25 10:45 - 2013-08-22 15:46 - 00333397 _____ () C:\WINDOWS\setupact.log
2014-03-25 10:11 - 2014-03-25 10:11 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-25 10:00 - 2014-03-25 10:00 - 00000000 ____D () C:\NVIDIA
2014-03-25 09:39 - 2014-03-25 09:09 - 259887872 _____ (NVIDIA Corporation) C:\Users\Britta\Downloads\331.82-notebook-win8-win7-64bit-international-whql.exe
2014-03-25 09:03 - 2014-03-25 09:03 - 00291840 _____ () C:\WINDOWS\Minidump\032514-25562-01.dmp
2014-03-25 09:03 - 2014-02-23 19:03 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-25 09:03 - 2012-09-11 01:22 - 1437250579 _____ () C:\WINDOWS\MEMORY.DMP
2014-03-24 19:03 - 2014-03-24 19:03 - 00291744 _____ () C:\WINDOWS\Minidump\032414-23187-01.dmp
2014-03-23 23:01 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-23 19:44 - 2014-03-21 20:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-23 19:44 - 2013-05-25 21:42 - 00000170 _____ () C:\WINDOWS\wininit.ini
2014-03-23 19:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-23 13:28 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-22 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-22 13:51 - 2014-01-01 16:41 - 00000000 ____D () C:\Users\Britta\AppData\Local\NPE
2014-03-22 13:30 - 2014-03-22 09:31 - 00000000 ____D () C:\Program Files (x86)\SterJo NetStalker
2014-03-22 13:14 - 2014-03-22 13:14 - 00000000 ____D () C:\Users\Britta\AppData\Roaming\Malwarebytes
2014-03-22 13:13 - 2014-03-22 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-22 13:13 - 2014-03-22 13:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-22 12:40 - 2014-03-22 12:32 - 00000000 ____D () C:\!KillBox
2014-03-21 20:12 - 2014-03-21 20:12 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-03-21 19:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-03-20 20:08 - 2013-01-11 18:04 - 00000000 ____D () C:\0 - Britta's Programme
2014-03-19 06:57 - 2014-02-18 20:11 - 00000000 ___RD () C:\Users\Britta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-19 06:57 - 2013-01-11 18:02 - 00000000 ___RD () C:\Users\Britta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-18 23:14 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-03-18 22:22 - 2013-08-26 15:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 22:12 - 2013-01-11 20:29 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-18 20:43 - 2013-12-31 08:05 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64
2014-03-15 19:03 - 2013-11-14 08:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-15 19:03 - 2013-11-14 08:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-03-15 19:03 - 2013-11-14 08:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-03-14 19:55 - 2013-08-22 15:44 - 02000096 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-14 07:26 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-14 07:26 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-14 07:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-14 07:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-13 22:32 - 2014-03-13 22:32 - 00000000 ____D () C:\Users\Britta\AppData\Local\Amazon Cloud Player
2014-03-11 21:45 - 2014-02-20 19:45 - 05777288 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-03-11 21:45 - 2013-01-11 18:31 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-08 13:33 - 2014-03-08 13:33 - 00291896 _____ () C:\WINDOWS\Minidump\030814-18843-01.dmp
2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-02 11:33 - 2014-03-02 11:33 - 00292032 _____ () C:\WINDOWS\Minidump\030214-24281-01.dmp
2014-03-01 22:51 - 2013-04-26 20:56 - 00000000 ____D () C:\Users\Britta\Documents\My Kindle Content
2014-03-01 07:05 - 2014-03-14 07:01 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-01 05:58 - 2014-03-14 07:01 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-01 05:30 - 2014-03-14 07:01 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-01 05:17 - 2014-03-14 07:01 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-01 04:54 - 2014-03-14 07:01 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-01 04:47 - 2014-03-14 07:01 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-01 04:42 - 2014-03-14 07:01 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-01 04:18 - 2014-03-14 07:01 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-01 04:14 - 2014-03-14 07:01 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-14 07:01 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-01 04:03 - 2014-03-14 07:01 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-01 03:57 - 2014-03-14 07:01 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-14 07:01 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-14 07:01 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-14 07:01 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-14 07:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-14 07:01 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some content of TEMP:
====================
C:\Users\Britta\AppData\Local\Temp\nsq1850.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-14 07:01] - [2014-01-31 17:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02



LastRegBack: 2014-03-25 10:54

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Britta at 2014-03-26 20:43:52
Running from C:\0 - Britta's Programme\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

10 Talismans (HKLM-x32\...\10 Talismans) (Version: 1.00 - phenomedia publishing gmbh)
100 Prozent Wimmelbild (HKLM-x32\...\{149F9A5E-889D-474B-BA15-AFA0E614E5EA}_is1) (Version:  - cerasus.media GmbH)
4 Elements II (HKLM-x32\...\4 Elements II_is1) (Version:  - Playrix Entertainment)
7 Wonders - Reise zu vergessenen Legenden (HKLM-x32\...\7 Wonders - Reise zu vergessenen Legenden) (Version: 1.1.0.0 - MumboJumbo)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Adel verpflichtet (HKLM-x32\...\Adel verpflichtet_is1) (Version:  - rondomedia Marketing & Vertriebs GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.2.1 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (x32 Version: 9.0.3.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Aegypten Box (HKLM-x32\...\Aegypten Box) (Version:  - )
Affair Bureau (HKLM-x32\...\Affair Bureau) (Version: 1.0.0.0 - INTENIUM GmbH)
Age of Emerald (VOLLVERSION) (HKLM-x32\...\Age of Emerald (VOLLVERSION)) (Version:  - )
Akademie der Magie (HKLM-x32\...\Akademie der Magie) (Version: 0.0.0.0 - INTENIUM GmbH)
Alabama Smith (HKLM-x32\...\Alabama Smith) (Version:  - )
Aladins Wunderlampe (HKLM-x32\...\Aladins Wunderlampe_is1) (Version:  - )
Alchemy Mahjongg (HKLM-x32\...\Alchemy Mahjongg) (Version:  - )
Alice im Wunderland (HKLM-x32\...\{C6D7ABF3-3BE5-4A75-9638-7A770CB57B38}) (Version: 1.00.0000 - PurpleHills)
Alice und die magischen Gärten (HKLM-x32\...\Alice und die magischen Gärten) (Version: 1.0.0.0 - INTENIUM GmbH)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Annabel (HKLM-x32\...\Annabel) (Version:  - )
Antiquarius: Die Trödelsammler (HKLM-x32\...\Antiquarius: Die Trödelsammler) (Version: 1.0.0.0 - INTENIUM GmbH)
Art Mogul (HKLM-x32\...\Art Mogul) (Version: 1.0.0.0 - INTENIUM GmbH)
Artifacts (HKCU\...\Artifacts) (Version:  - )
Atlantica – Wunder der Tiefe (VOLLVERSION) (HKLM-x32\...\Atlantica – Wunder der Tiefe (VOLLVERSION)) (Version:  - )
Awakening: Schloss ohne Tr&auml;ume (HKLM-x32\...\BFG-Awakening - Schloss ohne Traeume) (Version:  - )
Barn Yarn (HKLM-x32\...\BFG-Barn Yarn) (Version:  - )
Bau der Großen Mauer in China (HKLM-x32\...\BFG-Bau der Großen Mauer in China) (Version:  - )
Beach Party Craze (HKLM-x32\...\Beach Party Craze) (Version:  - )
Big City Adventure: London Classic (HKLM-x32\...\BFG-Big City Adventure - London Classic) (Version:  - )
Big City Adventure: San Francisco (HKLM-x32\...\Big City Adventure: San Francisco) (Version: 1.0.0.0 - INTENIUM GmbH)
Big City Adventure: Sydney, Australia (HKLM-x32\...\Big City Adventure: Sydney, Australia) (Version: 1.0.0.0 - INTENIUM GmbH)
Big City Adventure: Vancouver (nur deinstallation) (HKLM-x32\...\Big City Adventure: Vancouver) (Version:  - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.6 - )
Butterfly Magic (HKLM-x32\...\Butterfly Magic) (Version:  - )
Caesar III  (HKLM-x32\...\Caesar III) (Version:  - SHP)
calibre (HKLM-x32\...\{D0940326-79BF-4D05-98CA-ED208661D34B}) (Version: 1.19.0 - Kovid Goyal)
Christmas Mahjongg (HKLM-x32\...\{4ADFFACA-FB58-44F1-9ED5-E144D6F3BBC6}) (Version: 1.00.0000 - PurpleHills)
ChristmasVille (HKLM-x32\...\{874A8120-FEEC-4D1A-BBA9-D2A381BCB666}) (Version: 1.00.0000 - PurpleHills)
Chroniken von Albian: Die magische Versammlung (HKLM-x32\...\BFG-Chroniken von Albian - Die magische Versammlung) (Version:  - )
Chroniken von Albian: Die Zauberschule von Wizbury (HKLM-x32\...\BFG-Chroniken von Albian - Die Zauberschule von Wizbury) (Version:  - )
City Style (HKLM-x32\...\City Style) (Version:  - )
Classic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft)
Cradle of Egypt (HKLM-x32\...\{2C02C8E3-CF3B-44BE-98C8-12A16EAF2713}_is1) (Version:  - cerasus.media GmbH)
Cradle of Rome 2 (HKLM-x32\...\{E60E8119-F64A-436B-8449-4FF87FC97350}_is1) (Version:  - cerasus.media GmbH)
CrossWorlds – Die Stadt in den Wolken (HKLM-x32\...\CrossWorlds – Die Stadt in den Wolken) (Version: 1.0.0.0 - INTENIUM GmbH)
Cursed House (HKLM-x32\...\Cursed House) (Version: 1.0.0.0 - INTENIUM GmbH)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das Neue Dr.Brain Gehirn Jogging (HKLM-x32\...\Das Neue Dr.Brain Gehirn Jogging) (Version:  - )
Das Reich des Drachen (HKLM-x32\...\Das Reich des Drachen) (Version: 1.0.0.0 - INTENIUM GmbH)
Das Verlorene Königreich: Die Prophezeiung (HKLM-x32\...\Das Verlorene Königreich: Die Prophezeiung) (Version: 1.0.0.0 - INTENIUM GmbH)
Data Download Utility (HKLM-x32\...\{7B635986-F485-4415-9238-0654C789DD95}) (Version: 1.2.15.40 - RoyalTek Cpmpany Ltd.)
Deep Blue Sea – Die Schatztaucherin (HKLM-x32\...\Deep Blue Sea – Die Schatztaucherin_is1) (Version:  - rondomedia Marketing & Vertriebs GmbH)
DER ERSTE KAISER: Aufstieg des Reichs der Mitte 1.0.1.0 (HKLM-x32\...\{821DABD6-26F2-49E5-AE55-40A589ADBE6D}) (Version:  - )
Deutschland Spielt - Spiele Post (HKLM-x32\...\Deutschland Spielt - Spiele Post) (Version: 1.0.3.0 - INTENIUM GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\{D2B31FE6-127F-4E79-8186-F080A282FBC7}) (Version: 1.0.0.46 - Intenium GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.0.0.46 - INTENIUM GmbH)
DEUTSCHLAND SPIELT Spiele Post (HKLM-x32\...\DEUTSCHLAND SPIELT Spiele Post) (Version: 1.0.3.0 - INTENIUM GmbH)
Diamantenzauber (HKLM-x32\...\Diamantenzauber) (Version:  - )
Diamantris 2 (HKLM-x32\...\Diamantris 2_is1) (Version:  - Suricate Software)
Die Chroniken von Emerland Solitär (HKLM-x32\...\BFG-Die Chroniken von Emerland Solitaer) (Version:  - )
Die Sage von Kolossus (HKLM-x32\...\Die Sage von Kolossus) (Version:  - )
Die Sage von Odysseus (HKLM-x32\...\Die Sage von Odysseus_is1) (Version:  - rondomedia Marketing & Vertriebs GmbH)
Die Spur des Erfinders (HKLM-x32\...\Die Spur des Erfinders) (Version: 0.0.0.0 - INTENIUM GmbH)
Die verzauberten Inseln (HKLM-x32\...\Die verzauberten Inseln) (Version:  - )
Dragon Portals (HKLM-x32\...\Dragon Portals) (Version: 1.00 - phenomedia publishing gmbh)
Dream Inn: Driftwood (HKLM-x32\...\BFG-Dream Inn - Driftwood) (Version:  - )
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
Elements 9 Organizer (x32 Version: 9.0 - Ihr Firmenname) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Enchanted Cavern 2 (HKLM-x32\...\Enchanted Cavern 2) (Version:  - )
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Erntezeit (HKLM-x32\...\Erntezeit) (Version:  - )
Escape from Lost Island (HKLM-x32\...\Escape from Lost Island) (Version: 1.0.0.0 - INTENIUM GmbH)
Exzellent, Eure Majestät (HKLM-x32\...\BFG-Exzellent, Eure Majestaet) (Version:  - )
Farm Frenzy - Das antike Rom (HKLM-x32\...\Farm Frenzy - Das antike Rom) (Version:  - )
Farm Frenzy - Frische Fische (HKLM-x32\...\Farm Frenzy - Frische Fische) (Version:  - )
Farm Frenzy 2 (HKLM-x32\...\Farm Frenzy 2) (Version:  - )
Farm Frenzy 3 - Madagaskar (HKLM-x32\...\Farm Frenzy 3 - Madagaskar) (Version:  - )
Farm Frenzy 3 (HKLM-x32\...\Farm Frenzy 3) (Version:  - )
Farm Frenzy 3 American Pie (HKLM-x32\...\Farm Frenzy 3 American Pie) (Version:  - )
Farm Frenzy 3 Ice Age (HKLM-x32\...\Farm Frenzy 3 Ice Age) (Version:  - )
Farm Frenzy 3 Russisches Roulette (HKLM-x32\...\Farm Frenzy 3 Russisches Roulette) (Version:  - )
Farm Quest (HKLM-x32\...\BFG-Farm Quest) (Version:  - )
Farmington Tales (HKLM-x32\...\BFG-Farmington Tales) (Version:  - )
Farmscapes (HKLM-x32\...\Farmscapes_is1) (Version:  - Playrix Entertainment)
Findet Doggy (HKLM-x32\...\Findet Doggy) (Version: 0.0.0.0 - INTENIUM GmbH)
Fishdom - Seasons under the Sea (HKLM-x32\...\{1640189E-C8BA-4D20-BA63-F2B925E1A3D6}) (Version: 1.00.0000 - PurpleHills)
Fishdom 1.0 (HKLM-x32\...\Fishdom_is1) (Version:  - )
flash-Enhancer (HKLM-x32\...\flash-Enhancer) (Version: 2.1 - flash-Enhancer.com) <==== ATTENTION
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
FreeRIP MP3 Converter 4.5 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.5 - GreenTree Applications SRL)
freundin - Aquitania (HKLM-x32\...\{853E78D3-C7A8-4857-B9E8-4A2DF05105FD}_is1) (Version:  - cerasus.media GmbH)
freundin - Jewel Master Persia (HKLM-x32\...\{A0A1AC53-0B9E-42AD-9D97-783E164180D0}_is1) (Version:  - cerasus.media GmbH)
freundin - Secrets of Olympus (HKLM-x32\...\{95633C79-33E2-4B54-BF18-4BAFAE6980AC}_is1) (Version:  - cerasus.media GmbH)
freundin - Steine von Avalon (HKLM-x32\...\{6E23FA80-AB31-4C3F-892A-4DB54F6B1A95}_is1) (Version:  - cerasus.media GmbH)
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
GameCatalog17.2013 (x32 Version: 1.00.0000 - Intenium GmbH) Hidden
GameCatalog21.2013 (x32 Version: 1.00.0000 - Intenium GmbH) Hidden
Gardenscapes – Gestalte dein Haus (HKLM-x32\...\Gardenscapes – Gestalte dein Haus_is1) (Version:  - Playrix Entertainment)
Gardenscapes 2 (HKLM-x32\...\Gardenscapes 2_is1) (Version: 1.0 - Playrix Entertainment)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Geheime Fälle: Auf den Spuren von Casanova (HKLM-x32\...\Geheime Fälle: Auf den Spuren von Casanova) (Version: 1.0.0.0 - INTENIUM GmbH)
GeoSetter 3.4.16 (HKLM-x32\...\GeoSetter_is1) (Version:  - Friedemann Schmidt)
Golden Trails (HKLM-x32\...\Golden Trails) (Version:  - )
Governor of Poker (HKLM-x32\...\Governor of Poker) (Version:  - )
Governor of Poker 2 (HKLM-x32\...\Governor of Poker 2) (Version: 1.0.0.0 - INTENIUM GmbH)
Great Mahjongg (HKLM-x32\...\Great Mahjongg) (Version:  - )
Green Valley (HKLM-x32\...\Green Valley) (Version:  - )
Hello Venice (HKLM-x32\...\BFG-Hello Venice) (Version:  - )
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
Heroes of Hellas - Athen (HKLM-x32\...\Heroes of Hellas - Athen) (Version:  - )
Heroes of Hellas (HKLM-x32\...\{C0906D83-1FE0-4176-A940-45A348080987}) (Version: 1.00.0000 - Purplehills)
Heroes of Hellas 2- Olympia (HKLM-x32\...\Heroes of Hellas 2- Olympia) (Version:  - )
Herr des Wetters (HKLM-x32\...\Herr des Wetters) (Version:  - )
HERRSCHER DES OLYMP - ZEUS & HERRSCHER von ATLANTIS - POSEIDON (HKLM-x32\...\{8043219B-D2C0-4561-90AB-3F1113ED5A87}) (Version:  - )
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
Hexus Premium (HKLM-x32\...\Hexus Premium) (Version: 1.0.0.0 - INTENIUM GmbH)
Hidden Expedition: Amazon ™ (HKLM-x32\...\BFG-Hidden Expedition Amazon) (Version:  - )
Hidden Mysteries - Buckingham Palace (HKLM-x32\...\Hidden Mysteries - Buckingham Palace) (Version: 1.0 - Astragon)
Hidden Mysteries Salem Secrets (HKLM-x32\...\Hidden Mysteries Salem Secrets) (Version: 1.0 - astrogon Software)
Hidden Mysteries Vampire Secrets (HKLM-x32\...\Hidden Mysteries Vampire Secrets) (Version: 1.0 - astragon Software)
Hidden Object Crosswords (HKLM-x32\...\BFG-Hidden Object Crosswords) (Version:  - )
Holly - Ein Weihnachtsmärchen (HKLM-x32\...\{02E8BB55-0FBA-488A-80D5-E75B3EB96A45}) (Version: 1.00.0000 - PurpleHills)
Hoyle Slots & Video Poker 3 (HKLM-x32\...\Hoyle Slots & Video Poker 3) (Version:  - )
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}) (Version: 2.5.0.0248 - Motorola Solutions, Inc)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IntelliMemory (HKLM\...\{B506207A-C977-48B6-A14F-2C7E98EF0BE4}) (Version: 1.0.26 - Condusiv Technologies)
Island Realms (HKLM-x32\...\Island Realms) (Version:  - )
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Empire-Hidden Secrets (HKLM-x32\...\{60356853-8141-8377-6786-288431479053}) (Version: 1.0 - rondomedia)
Jewel Legends: Atlantis (HKLM-x32\...\BFG-Jewel Legends - Atlantis) (Version:  - )
Jewel Master - Jade Dynastie (HKLM-x32\...\{90BD33E9-BADD-4823-8BA6-79645A9D3FA8}_is1) (Version:  - cerasus.media GmbH)
Jewel Match 3 (HKLM-x32\...\Jewel Match 3) (Version: 1.0.0.0 - INTENIUM GmbH)
Jewel Mystery: Die Villa (HKLM-x32\...\Jewel Mystery: Die Villa) (Version: 1.0.0.0 - INTENIUM GmbH)
Jewel Quest (nur deinstallation) (HKLM-x32\...\Jewel Quest) (Version:  - )
Jewels of Atlantis (HKLM-x32\...\JOA_is1) (Version:  - City Interactive)
Jewels of the East India Company (HKLM-x32\...\Jewels of the East India Company) (Version:  - )
Judge Dee (HKLM-x32\...\Judge Dee) (Version:  - )
Jules Vernes: Das Abenteuer Jangada (HKLM-x32\...\Jules Vernes: Das Abenteuer Jangada) (Version: 1.0.0.0 - INTENIUM GmbH)
Kitten Sanctuary (HKLM-x32\...\Kitten Sanctuary) (Version: 1.00 - phenomedia publishing gmbh)
Langenscheidt Grammatiktrainer 6.0 Englisch (HKLM-x32\...\Grammatiktrainer 6.0 Englisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Kurs 1 6.0 Englisch (HKLM-x32\...\Kurs 1 6.0 Englisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Kurs 2 6.0 Englisch (HKLM-x32\...\Kurs 2 6.0 Englisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Vokabeltrainer 6.0 Englisch (HKLM-x32\...\{67F91DB9-1958-4328-869C-032415F04AD1}) (Version: 6.0.21 - Langenscheidt)
Lawn & Order: Die Gartenprofis (HKLM-x32\...\Lawn & Order: Die Gartenprofis) (Version: 1.0.0.0 - INTENIUM GmbH)
Le Bistro 1.0 (HKLM-x32\...\Le Bistro_is1) (Version:  - )
Lightspark 0.5.3-git (HKLM-x32\...\Lightspark) (Version: 0.5.3-git - Lightspark Team)
lingDIALOG (HKLM-x32\...\InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}) (Version: 3.0908 - WEVOSYS)
lingDIALOG (x32 Version: 3.0908 - WEVOSYS) Hidden
Liong: The Lost Amulets (HKLM-x32\...\BFG-Liong - The Lost Amulets) (Version:  - )
locr GPS Photo (HKLM-x32\...\{72FDEEA6-18ED-4214-9F0C-7EF59EB13D53}) (Version: 1.2.2 - locr)
Lost City of Gold (HKLM-x32\...\Lost City of Gold) (Version:  - )
Lost Treasures of Alexandria (HKLM-x32\...\{8DCC4911-EC3D-41E9-85C9-168CA356EFE1}) (Version: 1.00.0000 - Valusoft)
Love Chronicles: Der Fluch (HKLM-x32\...\BFG-Love Chronicles - Der Fluch) (Version:  - )
Magic Elements 1.15 (HKLM-x32\...\Magic Elements_is1) (Version:  - Mayplay Games)
Magic Encyclopedia (HKLM-x32\...\Magic Encyclopedia) (Version:  - )
Magic Encyclopedia 2 (HKLM-x32\...\Magic Encyclopedia 2) (Version:  - )
Magic Encyclopedia 3 - Illusionen (HKLM-x32\...\Magic Encyclopedia 3 - Illusionen) (Version:  - )
Magic Tale (HKLM-x32\...\BFG-Magic Tale) (Version:  - )
Mahjongg - Ancient Egypt (HKLM-x32\...\{47A0EDD9-BAC6-4F7C-A22A-D69122970160}_is1) (Version:  - cerasus.media GmbH)
Mahjongg - Ancient Mayas (HKLM-x32\...\{BDA4BA81-D380-4596-95D3-5D8FA612FDA1}_is1) (Version:  - cerasus.media GmbH)
Mahjongg - Reise durch die Zeit (HKLM-x32\...\Mahjongg - Reise durch die Zeit) (Version:  - )
Mahjongg Artifacts (HKLM-x32\...\Mahjongg Artifacts) (Version:  - )
Mahjongg Dreams (HKLM-x32\...\{AD07C5E9-C15D-4508-92CA-C527F386D548}_is1) (Version:  - cerasus.media GmbH)
Mahjongg Mysteries - Ancient Athena (HKLM-x32\...\{90AB5541-2FC9-41E7-BF33-16A162E97F2B}_is1) (Version:  - cerasus.media GmbH)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Masque IGT Slots Little Green Men (HKLM-x32\...\{A54F806B-A2E1-4794-A7FE-365167EC67CB}) (Version: 1.0.1 - Masque Publishing)
Masque Slots (HKLM-x32\...\Masque Slots) (Version:  - )
Masque Slots from Bally Gaming (HKLM-x32\...\Masque Slots from Bally Gaming) (Version:  - )
Maxxjongg (HKLM-x32\...\Maxxjongg) (Version:  - )
Mein Aquarium (HKLM-x32\...\{B0D792A7-BD06-4C91-AB2A-D082ACA9DC0B}_is1) (Version:  - cerasus.media GmbH)
Mein kleiner Farmplanet (HKLM-x32\...\Mein kleiner Farmplanet) (Version: 1.0.0.0 - INTENIUM GmbH)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mini Golf 2008 (HKCU\...\Mini Golf 2008) (Version:  - )
MiniGolf Pro (HKLM-x32\...\{913E9552-1988-467E-BB4A-DEBA1676F6CA}) (Version: 1.00.0000 - Purplehils)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.382 - Huawei Technologies Co.,Ltd)
Monarch - The Butterfly King (HKLM-x32\...\Monarch - The Butterfly King) (Version: 1.00 - phenomedia publishing gmbh)
Moonlight Match - Eine zauberhafte Nacht (HKLM-x32\...\{3E99C26B-8FA9-452B-908B-43EA573A3FAF}) (Version: 1.00.0000 - Intenium GmbH)
Moonlight Match: Eine zauberhafte Nacht (HKLM-x32\...\Moonlight Match: Eine zauberhafte Nacht) (Version: 1.0.0.0 - INTENIUM GmbH)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 25.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 de)) (Version: 25.0.1 - Mozilla)
Mozilla Firefox 27.0.1 (x86 de) (HKCU\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Mysteries of Horus (HKLM-x32\...\Mysteries of Horus) (Version:  - )
Mystery Cookbook (HKLM-x32\...\Mystery Cookbook) (Version:  - )
Mystery P.I. - The London Caper (HKLM-x32\...\Mystery P.I. - The London Caper) (Version:  - PopCap Games)
Mystery Stories - Das Geisterschiff (HKLM-x32\...\{9C362EEE-BEDE-4E97-9930-8F463B95BFF0}_is1) (Version:  - Rondomedia)
Mystery Stories - Expedition des Grauens (HKLM-x32\...\{91AC4ECB-8C44-47CA-833D-0769B8CD0E7E}_is1) (Version:  - cerasus.media GmbH)
Mystic Gallery (HKLM-x32\...\BFG-Mystic Gallery) (Version:  - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.1.0.18 - Symantec Corporation)
Nostalgie (HKLM-x32\...\Nostalgie_is1) (Version:  - rondomedia Marketing & Vertriebs GmbH)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Odyssee ins Ungewisse (HKLM-x32\...\Odyssee ins Ungewisse) (Version: 1.0.0.0 - INTENIUM GmbH)
Odysseus: Die Heimkehr (HKLM-x32\...\Odysseus: Die Heimkehr) (Version: 1.0.0.0 - INTENIUM GmbH)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Paradise Quest (HKLM-x32\...\Paradise Quest_is1) (Version:  - rondomedia Marketing & Vertriebs GmbH)
Pharao (HKLM-x32\...\Pharao) (Version:  - )
Pharao (HKLM-x32\...\Pharaoh) (Version:  - )
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Pioneer Lands (HKLM-x32\...\BFG-Pioneer Lands) (Version:  - )
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Poker Mania (HKLM-x32\...\Poker Mania) (Version:  - )
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Puzzle Mania (HKLM-x32\...\Puzzle Mania) (Version:  - )
Puzzle Park (HKLM-x32\...\BFG-Puzzle Park) (Version:  - )
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Rainbow Mystery (HKLM-x32\...\Rainbow Mystery) (Version: 1.00 - phenomedia publishing gmbh)
RealoreStudios Toolbar (HKLM-x32\...\RealoreStudios Toolbar) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.1 - Samsung Electronics CO., LTD.)
Reel Deal Slots Adventure Combo Pack (HKLM-x32\...\{F7D58C1E-A0CC-4078-8B82-63A2CD51CEC9}) (Version: 1.00.0000 - Phantom EFX)
Ritter Arthur (HKLM-x32\...\Ritter Arthur) (Version: 1.0.0.0 - INTENIUM GmbH)
Ritter Arthur II - Collectors Edition (HKLM-x32\...\Ritter Arthur II - Collectors Edition) (Version: 1.0.0.0 - INTENIUM GmbH)
Ritter Arthur III (HKLM-x32\...\Ritter Arthur III) (Version: 1.0.0.0 - INTENIUM GmbH)
Roads Of Rome (HKLM-x32\...\Roads Of Rome_is1) (Version:  - Realore Studios)
Roads of Rome 2 (HKLM-x32\...\Roads of Rome 2_is1) (Version:  - Realore Studios)
Roads of Rome 3 (HKLM-x32\...\Roads of Rome 3_is1) (Version:  - Realore Studios)
Roll (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version:  - )
Romance of Rome (HKLM-x32\...\{02CF7793-9F94-45E9-BB0F-E0E5FAB463E6}_is1) (Version:  - cerasus.media GmbH)
Royal Envoy™ (HKLM-x32\...\Royal Envoy™_is1) (Version:  - Playrix Entertainment)
Rune Stones Quest (HKLM-x32\...\BFG-Rune Stones Quest) (Version:  - )
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
SeaQuest (HKCU\...\SeaQuest) (Version:  - )
Season Match 3: Der Fluch der Krähe (HKLM-x32\...\Season Match 3: Der Fluch der Krähe) (Version: 1.0.0.0 - INTENIUM GmbH)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Seven Seas Solitaire - Ein karibisches Abenteuer (HKLM-x32\...\{FE3FDCC8-1DB6-44C8-AC79-CD165A8D57A6}) (Version: 1.00.0000 - Intenium GmbH)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Sierra-Dienstprogramme (HKLM-x32\...\Sierra-Dienstprogramme) (Version:  - )
Simajo (HKLM-x32\...\Simajo) (Version:  - )
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
Soul Mysteries (HKLM-x32\...\Soul Mysteries_is1) (Version:  - rondomedia Marketing & Vertriebs GmbH)
Spooky Mahjongg (HKLM-x32\...\Spooky Mahjongg) (Version:  - )
Sprill Bermuda (HKLM-x32\...\Sprill Bermuda) (Version:  - )
SterJo NetStalker (HKLM-x32\...\{8BFC59A7-4F93-4E92-A6A7-67E3E35F9A07}_is1) (Version: 1.1 - SterJo Software)
Sticky Linky (HKLM-x32\...\Sticky Linky) (Version:  - )
Stolz und Vorurteil (HKLM-x32\...\Stolz und Vorurteil) (Version:  - )
Straße des Erfolgs (HKLM-x32\...\Straße des Erfolgs) (Version:  - )
Support Center (HKLM\...\{C178F0E8-75AF-4C21-9828-98B9BED82470}) (Version: 2.0.10 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.1 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{ADC15B86-A3F8-4DE3-9E0A-047FF12D6941}) (Version: 2.0.18 - Samsung Electronics CO., LTD.)
SYBEX Spieltrieb Poker und Casinospiele    (HKLM-x32\...\SYBEX Spieltrieb Poker und Casinospiele) (Version:   - KlickMedia)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.1 - Synaptics Incorporated)
Tales of Lagoona: Waisen des Ozeans (HKLM-x32\...\BFG-Tales of Lagoona - Waisen des Ozeans) (Version:  - )
Tales of Lagoona: Waisen des Ozeans (HKLM-x32\...\Tales of Lagoona: Waisen des Ozeans) (Version: 1.0.0.0 - INTENIUM GmbH)
Tearstone Game (HKLM-x32\...\Tearstone) (Version:  - )
Texas Hold'em Poker 3D - Deluxe Edition 1.0 (HKLM-x32\...\{E8889865-31D8-4BE9-8CE4-20AEF81AD85E}_is1) (Version: Texas Hold'em Poker 3D - Deluxe Edition - S.A.D. GmbH)
The Clockmaker: Die Stunde des Uhrmachers (HKLM-x32\...\The Clockmaker: Die Stunde des Uhrmachers) (Version: 1.0.0.0 - INTENIUM GmbH)
The Enchanted Kingdom: Elisa’s Adventure (HKLM-x32\...\The Enchanted Kingdom: Elisa’s Adventure) (Version: 1.0.0.0 - INTENIUM GmbH)
The Enchanted Kingdom: Elisa's Adventure (HKLM-x32\...\BFG-The Enchanted Kingdom - Elisa's Adventure) (Version:  - )
The Legend of Egypt (HKCU\...\The Legend of Egypt) (Version:  - )
The Race (HKLM-x32\...\BFG-The Race) (Version:  - )
The Rise of Atlantis (HKLM-x32\...\{230043FE-1042-4ECF-879C-17D440B5D32A}) (Version: 1.00.0000 - PurpleHills)
The Tiny Bang Story (HKLM-x32\...\The Tiny Bang Story) (Version: 1.0.0.0 - INTENIUM GmbH)
Treasure Island (HKLM-x32\...\{456EE36A-8D08-41E2-B0CE-E97934B4A27F}) (Version: 1.00.0000 - PurpleHills)
Treasure Island (HKLM-x32\...\{68EB8188-55D4-4BFA-9F37-F8167B095B17}) (Version: 1.00.0000 - Purplehills)
Treasure Island 2 (HKLM-x32\...\Treasure Island 2) (Version:  - )
Trio - The Great Settlement (HKLM-x32\...\Trio - The Great Settlement) (Version: 1.00 - phenomedia publishing gmbh)
Tropical Farm (HKLM-x32\...\Tropical Farm) (Version:  - )
Under the sea 2 (HKLM-x32\...\Under the sea 2_is1) (Version:  - )
User Guide (HKLM-x32\...\{039EA659-E421-45C6-8913-BED5D69B5536}) (Version: 1.1.00 - Samsung Electronics CO., LTD.)
Virtual City 2: Paradise Resort (HKLM-x32\...\Virtual City 2: Paradise Resort) (Version: 1.0.0.0 - INTENIUM GmbH)
Wild West Story: The Beginnings (HKLM-x32\...\Wild West Story: The Beginnings) (Version: 1.0.0.0 - INTENIUM GmbH)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Woodville Chronicles (HKLM-x32\...\Woodville Chronicles) (Version: 1.0.0.0 - INTENIUM GmbH)
World Riddles: Seven wonders 1.0 (HKLM-x32\...\World Riddles: Seven wonders_is1) (Version:  - Funny Bear Studio)
World Series Of Poker  (HKLM-x32\...\World_Series_Of_Poker_1.0) (Version:  - )
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)

==================== Restore Points  =========================

09-03-2014 16:04:02 Geplanter Prüfpunkt
14-03-2014 06:07:48 Windows Update
18-03-2014 21:11:49 Windows Update
25-03-2014 09:46:44 DirectX wurde installiert

==================== Hosts content: ==========================

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00751A0B-8A23-454D-907A-1250B55F4621} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {113866C7-F329-40FA-B1F3-C5EA1109B07F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-18] (Microsoft Corporation)
Task: {1CEB5F40-F485-4FD9-8431-F46858BCBCAA} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {262B3897-55D4-4CFF-88BA-AF4BF9D7C5D0} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-21] (Synaptics Incorporated)
Task: {2C48F505-5E3C-4757-9E9F-0DE9FF9DD595} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-09-04] (SEC)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2FDE4DB4-5CAC-487C-B9EC-CCD12208C243} - System32\Tasks\AmiUpdXp => C:\Users\Britta\AppData\Local\SwvUpdater\Updater.exe [2014-01-03] (Amonetizé Ltd) <==== ATTENTION
Task: {301D0302-35E0-4BAA-9F88-87E0FF2F5475} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {306187A5-C32A-486D-862A-04AE5ED1165D} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-09-10] (Samsung Electronics CO., LTD.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6E95863C-874F-4DC7-8328-5737E5D19515} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {98DFB094-4ECF-47B5-8196-19C40F0CBF2F} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\SymErr.exe
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AADD779E-6E8D-43E1-8DFC-2B819F0A0962} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {B77E821B-F785-4942-8A4B-B1171C25396F} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\SymErr.exe
Task: {C5107311-3AFB-47BB-B18E-C75724E8688D} - System32\Tasks\AdobeAAMUpdater-1.0-Hupsy-Britta => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DE66FC0A-FB16-4713-9929-03DB91D03598} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {E1F07FC3-194E-4B5E-971F-13B6BC1EE4DE} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {E2F64592-3402-41A7-837D-8CEA54C8FA01} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {E44E1047-1F74-487B-989D-C78B89E5E015} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E7290090-74F4-4439-81F1-6A141AE66798} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AmiUpdXp.job => C:\Users\Britta\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2014-03-25 11:07 - 2013-11-14 12:58 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-03-25 11:10 - 2013-11-11 16:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-12-17 20:03 - 2013-07-31 19:06 - 00239968 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2013-10-03 23:42 - 2013-10-03 23:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-13 22:32 - 2014-03-07 21:39 - 03168576 _____ () C:\Users\Britta\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2014-03-26 20:37 - 2014-03-26 20:37 - 00050477 _____ () C:\0 - Britta's Programme\Downloads\Defogger.exe
2012-09-05 08:50 - 2012-09-05 08:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-07-31 19:07 - 2013-07-31 19:06 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2013-07-31 19:07 - 2013-07-31 19:06 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2013-07-31 19:07 - 2013-07-31 19:06 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2013-07-31 19:07 - 2013-07-31 19:06 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2013-07-31 19:07 - 2013-07-31 19:06 - 00383488 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2013-07-31 19:07 - 2013-07-31 19:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2012-09-10 09:40 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 03:34 - 2012-06-08 03:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-02-15 13:12 - 2014-02-15 13:12 - 03578992 _____ () C:\0 - Britta's Programme\Arbeitsprogramme\Mozilla Firefox\mozjs.dll
2012-09-10 09:36 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:04560D68
AlternateDataStreams: C:\ProgramData\Temp:0AC32449
AlternateDataStreams: C:\ProgramData\Temp:0ACF1AF5
AlternateDataStreams: C:\ProgramData\Temp:0ADCCF52
AlternateDataStreams: C:\ProgramData\Temp:165AF2C6
AlternateDataStreams: C:\ProgramData\Temp:1D8AAA7B
AlternateDataStreams: C:\ProgramData\Temp:206470A5
AlternateDataStreams: C:\ProgramData\Temp:2727F067
AlternateDataStreams: C:\ProgramData\Temp:2775F9E2
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:33E12B7A
AlternateDataStreams: C:\ProgramData\Temp:384AA0FD
AlternateDataStreams: C:\ProgramData\Temp:391535F9
AlternateDataStreams: C:\ProgramData\Temp:488F7244
AlternateDataStreams: C:\ProgramData\Temp:4C71A42B
AlternateDataStreams: C:\ProgramData\Temp:4FE30352
AlternateDataStreams: C:\ProgramData\Temp:51E83E25
AlternateDataStreams: C:\ProgramData\Temp:56699AAF
AlternateDataStreams: C:\ProgramData\Temp:574F975B
AlternateDataStreams: C:\ProgramData\Temp:60E0AB2A
AlternateDataStreams: C:\ProgramData\Temp:6C5EC3CD
AlternateDataStreams: C:\ProgramData\Temp:79C6A9CE
AlternateDataStreams: C:\ProgramData\Temp:7BFAAE70
AlternateDataStreams: C:\ProgramData\Temp:7DC5D762
AlternateDataStreams: C:\ProgramData\Temp:8318A814
AlternateDataStreams: C:\ProgramData\Temp:8331D35A
AlternateDataStreams: C:\ProgramData\Temp:8944C195
AlternateDataStreams: C:\ProgramData\Temp:8AED9359
AlternateDataStreams: C:\ProgramData\Temp:8B3C3098
AlternateDataStreams: C:\ProgramData\Temp:8F067037
AlternateDataStreams: C:\ProgramData\Temp:8FC1A8C4
AlternateDataStreams: C:\ProgramData\Temp:902C848D
AlternateDataStreams: C:\ProgramData\Temp:92D91D7E
AlternateDataStreams: C:\ProgramData\Temp:938EC881
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:9BFB769D
AlternateDataStreams: C:\ProgramData\Temp:A4ACFB14
AlternateDataStreams: C:\ProgramData\Temp:ACCFA538
AlternateDataStreams: C:\ProgramData\Temp:B2112CA5
AlternateDataStreams: C:\ProgramData\Temp:B65E763D
AlternateDataStreams: C:\ProgramData\Temp:BDDA21B6
AlternateDataStreams: C:\ProgramData\Temp:D0AB0B4A
AlternateDataStreams: C:\ProgramData\Temp:D3A82449
AlternateDataStreams: C:\ProgramData\Temp:D46ECFD5
AlternateDataStreams: C:\ProgramData\Temp:D696AA12
AlternateDataStreams: C:\ProgramData\Temp:D9E6828A
AlternateDataStreams: C:\ProgramData\Temp:DE9AC04F
AlternateDataStreams: C:\ProgramData\Temp:E2C9E369
AlternateDataStreams: C:\ProgramData\Temp:E3B5F2D1
AlternateDataStreams: C:\ProgramData\Temp:EC752217
AlternateDataStreams: C:\ProgramData\Temp:F7FFE8AF

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/26/2014 08:32:54 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0xf18
Startzeit der fehlerhaften Anwendung: 0xCommonAgent.exe0
Pfad der fehlerhaften Anwendung: CommonAgent.exe1
Pfad des fehlerhaften Moduls: CommonAgent.exe2
Berichtskennung: CommonAgent.exe3
Vollständiger Name des fehlerhaften Pakets: CommonAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CommonAgent.exe5

Error: (03/26/2014 08:29:51 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (03/26/2014 08:29:35 PM) (Source: RasClient) (User: )
Description: CoID={7C4C00A6-A929-42E7-8567-1AC364850801}: Der Benutzer "Hupsy\Britta" hat eine Verbindung mit dem Namen "Alice" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (03/26/2014 08:28:59 PM) (Source: RasClient) (User: )
Description: CoID={8CEAF356-AC56-44FB-A11B-FFEC51DF39D9}: Der Benutzer "Hupsy\Britta" hat eine Verbindung mit dem Namen "Alice" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (03/26/2014 07:15:17 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (03/26/2014 06:20:29 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0x12bc
Startzeit der fehlerhaften Anwendung: 0xCommonAgent.exe0
Pfad der fehlerhaften Anwendung: CommonAgent.exe1
Pfad des fehlerhaften Moduls: CommonAgent.exe2
Berichtskennung: CommonAgent.exe3
Vollständiger Name des fehlerhaften Pakets: CommonAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CommonAgent.exe5

Error: (03/26/2014 07:30:04 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (03/26/2014 07:01:11 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0x12c8
Startzeit der fehlerhaften Anwendung: 0xCommonAgent.exe0
Pfad der fehlerhaften Anwendung: CommonAgent.exe1
Pfad des fehlerhaften Moduls: CommonAgent.exe2
Berichtskennung: CommonAgent.exe3
Vollständiger Name des fehlerhaften Pakets: CommonAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CommonAgent.exe5

Error: (03/25/2014 10:59:32 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (03/25/2014 09:03:15 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0x1040
Startzeit der fehlerhaften Anwendung: 0xCommonAgent.exe0
Pfad der fehlerhaften Anwendung: CommonAgent.exe1
Pfad des fehlerhaften Moduls: CommonAgent.exe2
Berichtskennung: CommonAgent.exe3
Vollständiger Name des fehlerhaften Pakets: CommonAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CommonAgent.exe5


System errors:
=============
Error: (03/26/2014 08:32:20 PM) (Source: RemoteAccess) (User: )
Description: Fehler beim Starten der RAS-Verbindungsverwaltung, da das Protokoll-Engine [IKEv2] nicht initialisiert wurde. Die Anforderung wird nicht unterstützt.

Error: (03/26/2014 08:32:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/26/2014 08:32:04 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (03/26/2014 06:27:43 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/26/2014 06:19:48 PM) (Source: RemoteAccess) (User: )
Description: Fehler beim Starten der RAS-Verbindungsverwaltung, da das Protokoll-Engine [IKEv2] nicht initialisiert wurde. Die Anforderung wird nicht unterstützt.

Error: (03/26/2014 06:19:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/26/2014 06:19:37 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (03/26/2014 07:00:21 AM) (Source: RemoteAccess) (User: )
Description: Fehler beim Starten der RAS-Verbindungsverwaltung, da das Protokoll-Engine [IKEv2] nicht initialisiert wurde. Die Anforderung wird nicht unterstützt.

Error: (03/26/2014 07:00:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/26/2014 07:00:14 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.


Microsoft Office Sessions:
=========================
Error: (03/26/2014 08:32:54 PM) (Source: Application Error)(User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd20400000150000000000183835f1801cf492a2e6614b4C:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exe6c9342b6-b51d-11e3-81b4-50b7c30615aa

Error: (03/26/2014 08:29:51 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (03/26/2014 08:29:35 PM) (Source: RasClient)(User: )
Description: {7C4C00A6-A929-42E7-8567-1AC364850801}Hupsy\BrittaAlice0

Error: (03/26/2014 08:28:59 PM) (Source: RasClient)(User: )
Description: {8CEAF356-AC56-44FB-A11B-FFEC51DF39D9}Hupsy\BrittaAlice0

Error: (03/26/2014 07:15:17 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (03/26/2014 06:20:29 PM) (Source: Application Error)(User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd2040000015000000000018383512bc01cf4917af38e383C:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exeed368091-b50a-11e3-81b3-50b7c30615aa

Error: (03/26/2014 07:30:04 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (03/26/2014 07:01:11 AM) (Source: Application Error)(User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd2040000015000000000018383512c801cf48b8c919f56aC:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exe0757f2a4-b4ac-11e3-81b2-50b7c30615aa

Error: (03/25/2014 10:59:32 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (03/25/2014 09:03:15 PM) (Source: Application Error)(User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd20400000150000000000183835104001cf486541191154C:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exe7fbd9542-b458-11e3-81b1-50b7c30615aa


CodeIntegrity Errors:
===================================
  Date: 2013-01-27 16:32:18.287
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-27 16:28:58.345
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-27 16:23:30.965
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-27 16:15:10.220
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-27 16:15:10.220
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-27 16:06:33.698
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-27 15:54:42.425
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-27 15:48:41.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-26 08:21:31.526
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-26 08:21:22.217
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 79%
Total physical RAM: 8079.48 MB
Available physical RAM: 1669.96 MB
Total Pagefile: 16271.48 MB
Available Pagefile: 9947.55 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:671.25 GB) (Free:487.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: D6ABA6F2)

Partition: GPT Partition Type.

==================== End Of Log ============================

FlyingDragon · 27.03.2014, 18:36

Hier nun noch

GMER:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-26 20:54:27
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000034 Hitachi_HTS727575A9E364 rev.JF4OA0D0 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\Britta\AppData\Local\Temp\fxldipoc.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                                                                      fffff9600013fe00 15 bytes [00, FA, 0E, 02, C0, 9C, 70, ...]
.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16                                                                                                                 fffff9600013fe10 11 bytes [00, 00, FC, FF, 80, FA, C0, ...]

---- User code sections - GMER 2.1 ----

.text    C:\WINDOWS\system32\dwm.exe[256] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                                                                            00007ffbbafd3110 7 bytes JMP 00007ffcb87802d0
.text    C:\WINDOWS\system32\dwm.exe[256] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                                                                   00007ffbbafd44f0 7 bytes JMP 00007ffcb8780308
.text    C:\WINDOWS\system32\dwm.exe[256] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                                                                    00007ffbbb081258 7 bytes JMP 00007ffcb8780340
.text    C:\WINDOWS\system32\dwm.exe[256] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                                                                     00007ffbbb0812cc 7 bytes JMP 00007ffcb87803b0
.text    C:\WINDOWS\system32\dwm.exe[256] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                                                                     00007ffbbb081720 7 bytes JMP 00007ffcb8780378
.text    C:\WINDOWS\system32\dwm.exe[256] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW                                                                            00007ffbbb0873a0 7 bytes JMP 00007ffcb8780260
.text    C:\WINDOWS\system32\dwm.exe[256] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                                                            00007ffbbb0ad634 7 bytes JMP 00007ffcb8780228
.text    C:\WINDOWS\system32\dwm.exe[256] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                                                              00007ffbbb0ad6a4 7 bytes JMP 00007ffcb8780298
.text    C:\WINDOWS\system32\dwm.exe[256] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                                                                 00007ffbb8792164 7 bytes JMP 00007ffcb87800d8
.text    C:\WINDOWS\system32\dwm.exe[256] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                                                                      00007ffbb8794ee8 5 bytes JMP 00007ffcb8780180
.text    C:\WINDOWS\system32\dwm.exe[256] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                                                                   00007ffbb87950a0 5 bytes JMP 00007ffcb8780148
.text    C:\WINDOWS\system32\dwm.exe[256] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                                                               00007ffbb87958c0 5 bytes JMP 00007ffcb8780110
.text    C:\WINDOWS\system32\dwm.exe[256] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                                                                      00007ffbbae37b64 10 bytes JMP 00007ffcb8780490
.text    C:\WINDOWS\system32\dwm.exe[256] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                                                                  00007ffbbae52910 5 bytes JMP 00007ffcb8780420
.text    C:\WINDOWS\system32\dwm.exe[256] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                                                                  00007ffbbae54578 5 bytes JMP 00007ffcb8780458
.text    C:\WINDOWS\system32\dwm.exe[256] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                                                                           00007ffbbae54980 9 bytes JMP 00007ffcb87803e8
.text    C:\WINDOWS\system32\dwm.exe[256] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                              00007ffbb9241500 8 bytes JMP 00007ffcb87801b8
.text    C:\WINDOWS\system32\dwm.exe[256] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                00007ffbb9241750 8 bytes JMP 00007ffcb87801f0
.text    C:\WINDOWS\system32\nvvsvc.exe[1136] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                          00007ffbb988169a 4 bytes [88, B9, FB, 7F]
.text    C:\WINDOWS\system32\nvvsvc.exe[1136] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                          00007ffbb98816a2 4 bytes [88, B9, FB, 7F]
.text    C:\WINDOWS\system32\nvvsvc.exe[1136] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                             00007ffbb988181a 4 bytes [88, B9, FB, 7F]
.text    C:\WINDOWS\system32\nvvsvc.exe[1136] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                             00007ffbb9881832 4 bytes [88, B9, FB, 7F]
.text    C:\WINDOWS\system32\WLANExt.exe[1552] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                         00007ffbb988169a 4 bytes [88, B9, FB, 7F]
.text    C:\WINDOWS\system32\WLANExt.exe[1552] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                         00007ffbb98816a2 4 bytes [88, B9, FB, 7F]
.text    C:\WINDOWS\system32\WLANExt.exe[1552] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                            00007ffbb988181a 4 bytes [88, B9, FB, 7F]
.text    C:\WINDOWS\system32\WLANExt.exe[1552] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                            00007ffbb9881832 4 bytes [88, B9, FB, 7F]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2064] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                              00007ffbb988169a 4 bytes [88, B9, FB, 7F]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2064] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                              00007ffbb98816a2 4 bytes [88, B9, FB, 7F]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2064] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                 00007ffbb988181a 4 bytes [88, B9, FB, 7F]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2064] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                 00007ffbb9881832 4 bytes [88, B9, FB, 7F]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2064] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                                                                    00007ffbae5c1f6a 4 bytes [5C, AE, FB, 7F]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2064] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                                                                    00007ffbae5c1f82 4 bytes [5C, AE, FB, 7F]
.text    C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[2288] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                     00007ffbb988169a 4 bytes [88, B9, FB, 7F]
.text    C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[2288] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                     00007ffbb98816a2 4 bytes [88, B9, FB, 7F]
.text    C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[2288] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                        00007ffbb988181a 4 bytes [88, B9, FB, 7F]
.text    C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe[2288] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                        00007ffbb9881832 4 bytes [88, B9, FB, 7F]
.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1752] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                          00007ffbb988169a 4 bytes [88, B9, FB, 7F]
.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1752] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                          00007ffbb98816a2 4 bytes [88, B9, FB, 7F]
.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1752] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                             00007ffbb988181a 4 bytes [88, B9, FB, 7F]
.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1752] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                             00007ffbb9881832 4 bytes [88, B9, FB, 7F]
.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3240] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                   00007ffbb988169a 4 bytes [88, B9, FB, 7F]
.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3240] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                   00007ffbb98816a2 4 bytes [88, B9, FB, 7F]
.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3240] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                      00007ffbb988181a 4 bytes [88, B9, FB, 7F]
.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3240] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                      00007ffbb9881832 4 bytes [88, B9, FB, 7F]
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                   00007ffbb988169a 4 bytes [88, B9, FB, 7F]
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                   00007ffbb98816a2 4 bytes [88, B9, FB, 7F]
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                      00007ffbb988181a 4 bytes [88, B9, FB, 7F]
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3992] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                      00007ffbb9881832 4 bytes [88, B9, FB, 7F]
.text    C:\Windows\System32\igfxpers.exe[4932] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                        00007ffbb988169a 4 bytes [88, B9, FB, 7F]
.text    C:\Windows\System32\igfxpers.exe[4932] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                        00007ffbb98816a2 4 bytes [88, B9, FB, 7F]
.text    C:\Windows\System32\igfxpers.exe[4932] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                           00007ffbb988181a 4 bytes [88, B9, FB, 7F]
.text    C:\Windows\System32\igfxpers.exe[4932] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                           00007ffbb9881832 4 bytes [88, B9, FB, 7F]

---- Threads - GMER 2.1 ----

Thread   C:\WINDOWS\system32\csrss.exe [752:768]                                                                                                                              fffff960009404d0
---- Processes - GMER 2.1 ----

Library  C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2908](2013-07-31 18:07:48)        000000006fbc0000
Library  C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2908](2013-07-31 18:07:48)  000000006e940000
Library  C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2908](2013-07-31 18:07:48)         000000006a1c0000
Library  C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2908](2013-07-31 18:07:50)      000000006ff00000
Library  C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2908](2013-07-31 18:07:50)   000000006efc0000
Library  C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2908](2013-07-31 18:07:50)          000000006ed40000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                unknown MBR code

---- EOF - GMER 2.1 ----

HijackThis:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:21:45, on 26.03.2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)

FIREFOX: 25.0.1 (de)
Boot mode: Normal

Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Users\Britta\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\0 - Britta's Programme\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - (no file)
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicExplorer32.dll
O2 - BHO: AmiExt IE plugin - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiBho.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: (no name) - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - (no file)
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicExplorer32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SterJo NetStalker] C:\Program Files (x86)\SterJo NetStalker\NetStalker.exe
O4 - HKCU\..\Run: [Spiele Post] C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe
O4 - HKCU\..\Run: [Amazon Cloud Player] "C:\Users\Britta\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\WINDOWS\SysWOW64\nvinit.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\0 - Britta's Programme\Fotobearbeitung\Adobe Photoshop Elements 11\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\0 - Britta's Programme\Fotobearbeitung\Adobe Fotoshops Elements 9\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: IntelliMemory - Condusiv Technologies - C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mobile Partner. OUC (Mobile Partner. RunOuc) - Unknown owner - C:\0 - Britta's Programme\Arbeitsprogramme\Mobile Partner\UpdateDog\ouc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.1.0.18\NIS.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 12482 bytes

Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.24.07

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16521
Britta :: HUPSY [Administrator]

Schutz: Aktiviert

26.03.2014 18:23:13
MBAM-log-2014-03-26 (20-27-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 685926
Laufzeit: 2 Stunde(n), 4 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 20
HKCR\CLSID\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BDB0F124-48E8-43A5-A263-45A7093CF058} (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKCR\Interface\{5C6B193D-C4D0-4A0C-8509-8EA566380A7C} (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Optional.SoftwareUpdater) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Optional.SoftwareUpdater) -> Keine Aktion durchgeführt.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Optional.SoftwareUpdater) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Optional.SoftwareUpdater) -> Keine Aktion durchgeführt.
HKCR\Updater.AmiUpd.1 (PUP.Optional.SoftwareUpdater) -> Keine Aktion durchgeführt.
HKCR\Updater.AmiUpd (PUP.Optional.SoftwareUpdater) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Cool Mirage Ltd\gophotoit (PUP.Optional.GoPhoto.A) -> Keine Aktion durchgeführt.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Keine Aktion durchgeführt.
HKCU\Software\gophotoit.com (PUP.Optional.GoPhoto.A) -> Keine Aktion durchgeführt.
HKCU\Software\AmiExt\IE plugin (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\AmiExt\flash-Enhancer (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{66B51873-B53D-42EC-BC1A-862EB4DB041D} (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKCR\Interface\{D01C1E11-ED7A-4791-8408-E63EECDA48FF} (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 25
C:\Users\Britta\AppData\Roaming\Cool Mirage Ltd (PUP.Optional.CoolMirage.A) -> Keine Aktion durchgeführt.
C:\Users\Britta\AppData\Roaming\Cool Mirage Ltd\1.8.29.5 (PUP.Optional.CoolMirage.A) -> Keine Aktion durchgeführt.
C:\Users\Britta\AppData\Roaming\Cool Mirage Ltd\gophotoit (PUP.Optional.CoolMirage.A) -> Keine Aktion durchgeführt.
C:\Users\Britta\AppData\Roaming\Cool Mirage Ltd\gophotoit\1.8.29.5 (PUP.Optional.CoolMirage.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ch (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\core (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\icons (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\icons\default (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\locale (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\defaults (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\defaults\preferences (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\core (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Users\Britta\AppData\Local\Temp\flashEnhancer1 (PUP.Optional.FlashEnhancer.A) -> Keine Aktion durchgeführt.
C:\Users\Britta\AppData\Local\Temp\flashEnhancer1\Install (PUP.Optional.FlashEnhancer.A) -> Keine Aktion durchgeführt.
C:\Users\Britta\AppData\Local\Temp\mt_ffx\Cool Mirage Ltd (PUP.Optional.ToolBarInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\Britta\AppData\Local\Temp\mt_ffx\Cool Mirage Ltd\gophotoit (PUP.Optional.ToolBarInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\Britta\AppData\Local\Temp\mt_ffx\Cool Mirage Ltd\gophotoit\1.8.29.5 (PUP.Optional.ToolBarInstaller.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 37
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiBho.dll (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Users\Britta\AppData\Local\SwvUpdater\Updater.exe (PUP.Optional.SoftwareUpdater) -> Keine Aktion durchgeführt.
C:\Users\Britta\AppData\Local\Microsoft\Windows\INetCache\IE\1C3RPWKE\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Britta\AppData\Local\Microsoft\Windows\INetCache\IE\FYZY35ZT\sp-downloader[1].exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Britta\AppData\Local\Microsoft\Windows\INetCache\IE\ME2NZZ59\spstub[1].exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Britta\AppData\Local\Temp\nsq1850.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt.
C:\Users\Britta\AppData\Roaming\Cool Mirage Ltd\sqlite3.dll (PUP.Optional.CoolMirage.A) -> Keine Aktion durchgeführt.
C:\Users\Britta\AppData\Roaming\Cool Mirage Ltd\gophotoit\1.8.29.5\gophotoit.crx (PUP.Optional.CoolMirage.A) -> Keine Aktion durchgeführt.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ch\flashEnhancer.crx (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\bootstrap.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome.manifest (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\install.rdf (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\preferencesWindow.xul (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\myext.xul (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\core\core.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\icons\Thumbs.db (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\icons\default\star1_32.png (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\amiextension.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\amihelper.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\amilocal.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\chaddon.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\chback.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\ffaddon.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\hostutils.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\ieaddon.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\defaults\preferences\myext.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiStorage.exe (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\core\core.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\amiextension.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\amihelper.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\amilocal.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\chaddon.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\chback.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\ffaddon.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\hostutils.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\ieaddon.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.

(Ende)

schrauber · 28.03.2014, 10:37

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

FlyingDragon · 28.03.2014, 16:00

Hallo Schrauber,

leider läßt sich ComboFix nicht ausführen.

Ich habe die Datei heruntergeladen und auf dem Desktop gespeichert. Dann jeden Virenscanner etc. deaktiviert. Die Datei ist trotzdem mit dem "Schild von Norton" rechts unten markiert. Wenn ich auf das Programm-Icon klicke (egal ob als Administrator oder nicht) erhalte ich folgende Fehlermeldung:

ComboFix is not meant run in Compatibility Mode. The program shall now exit.

Ein Kompatibilitätsmodus ist unter Eigenschaften nicht ausgewählt.

FlyingDragon

schrauber · 29.03.2014, 09:53

Mein Fehler. MBAM nochmal laufen lassen, Funde löschen lassen.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

FlyingDragon · 29.03.2014, 16:52

Hallo Schrauber,

bin wie angegeben verfahren, nachstehend die diversen Log-Dateien, vermutlich zwei Posts.

Vorab noch eine allgemeine Frage, bin nicht gerade glücklich mit Norton (wir verwenden das Programm auch auf Arbeit und dort "bremst" es uns regelmäßig aus). Gibt es eine gute Alternative zu diesem Internetschutz? Da demnächst mein Jahresabo ausläuft, könnte ich dann umsteigen. Schon mal danke dafür.

1) Malwarebytes ausgeführt und alle Funde beheben lassen.

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.27.05

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16521
Britta :: HUPSY [Administrator]

Schutz: Deaktiviert

29.03.2014 14:01:20
mbam-log-2014-03-29 (14-01-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 697067
Laufzeit: 2 Stunde(n), 10 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 20
HKCR\CLSID\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BDB0F124-48E8-43A5-A263-45A7093CF058} (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{5C6B193D-C4D0-4A0C-8509-8EA566380A7C} (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Optional.SoftwareUpdater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Optional.SoftwareUpdater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Optional.SoftwareUpdater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Optional.SoftwareUpdater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Updater.AmiUpd.1 (PUP.Optional.SoftwareUpdater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Updater.AmiUpd (PUP.Optional.SoftwareUpdater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Cool Mirage Ltd\gophotoit (PUP.Optional.GoPhoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\gophotoit.com (PUP.Optional.GoPhoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\AmiExt\IE plugin (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\AmiExt\flash-Enhancer (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{66B51873-B53D-42EC-BC1A-862EB4DB041D} (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{D01C1E11-ED7A-4791-8408-E63EECDA48FF} (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 25
C:\Users\Britta\AppData\Roaming\Cool Mirage Ltd (PUP.Optional.CoolMirage.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Britta\AppData\Roaming\Cool Mirage Ltd\1.8.29.5 (PUP.Optional.CoolMirage.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Britta\AppData\Roaming\Cool Mirage Ltd\gophotoit (PUP.Optional.CoolMirage.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Britta\AppData\Roaming\Cool Mirage Ltd\gophotoit\1.8.29.5 (PUP.Optional.CoolMirage.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ch (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\core (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\icons (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\icons\default (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\locale (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\defaults (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\defaults\preferences (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\core (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Britta\AppData\Local\Temp\flashEnhancer1 (PUP.Optional.FlashEnhancer.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Britta\AppData\Local\Temp\flashEnhancer1\Install (PUP.Optional.FlashEnhancer.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Britta\AppData\Local\Temp\mt_ffx\Cool Mirage Ltd (PUP.Optional.ToolBarInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Britta\AppData\Local\Temp\mt_ffx\Cool Mirage Ltd\gophotoit (PUP.Optional.ToolBarInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Britta\AppData\Local\Temp\mt_ffx\Cool Mirage Ltd\gophotoit\1.8.29.5 (PUP.Optional.ToolBarInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 37
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiBho.dll (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Britta\AppData\Local\SwvUpdater\Updater.exe (PUP.Optional.SoftwareUpdater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Britta\AppData\Local\Microsoft\Windows\INetCache\IE\1C3RPWKE\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Britta\AppData\Local\Microsoft\Windows\INetCache\IE\FYZY35ZT\sp-downloader[1].exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Britta\AppData\Local\Microsoft\Windows\INetCache\IE\ME2NZZ59\spstub[1].exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Britta\AppData\Local\Temp\nsq1850.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Britta\AppData\Roaming\Cool Mirage Ltd\sqlite3.dll (PUP.Optional.CoolMirage.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Britta\AppData\Roaming\Cool Mirage Ltd\gophotoit\1.8.29.5\gophotoit.crx (PUP.Optional.CoolMirage.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ch\flashEnhancer.crx (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\bootstrap.js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome.manifest (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\install.rdf (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\preferencesWindow.xul (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\myext.xul (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\core\core.js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\icons\Thumbs.db (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\icons\default\star1_32.png (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\amiextension.js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\amihelper.js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\amilocal.js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\chaddon.js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\chback.js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\ffaddon.js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\hostutils.js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\ieaddon.js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\defaults\preferences\myext.js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiStorage.exe (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\core\core.js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\amiextension.js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\amihelper.js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\amilocal.js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\chaddon.js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\chback.js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\ffaddon.js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\hostutils.js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\ieaddon.js (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

2) Alle Virenscanner etc. deaktivert und Adaware ausgeführt:

Code:

ATTFilter

# AdwCleaner v3.022 - Bericht erstellt am 29/03/2014 um 16:27:53
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Britta - HUPSY
# Gestartet von : C:\Users\Britta\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\StarApp
Ordner Gelöscht : C:\Program Files (x86)\AmiExt
Ordner Gelöscht : C:\Program Files (x86)\RealoreStudios
Ordner Gelöscht : C:\Users\Britta\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\Britta\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\Extensions\{03fee850-0101-4e9e-b6d4-6fc74d3db360}
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
Datei Gelöscht : C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03FEE850-0101-4E9E-B6D4-6FC74D3DB360}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03FEE850-0101-4E9E-B6D4-6FC74D3DB360}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{03FEE850-0101-4E9E-B6D4-6FC74D3DB360}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\RealoreStudios
Schlüssel Gelöscht : HKLM\Software\RealoreStudios
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealoreStudios Toolbar

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.gophotoit.srchPrvdr", "Search The Web (GoPhotoIt)");

-\\ Google Chrome v

[ Datei : C:\Users\Britta\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3165 octets] - [29/03/2014 16:26:46]
AdwCleaner[S0].txt - [2926 octets] - [29/03/2014 16:27:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2986 octets] ##########

3) Dann JRT ausführen lassen:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 8.1 x64
Ran by Britta on 29.03.2014 at 16:29:56,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\Britta\appdata\local\big fish"
Successfully deleted: [Folder] "C:\bigfishcache"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.03.2014 at 16:41:13,32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

4) Zu guter Letzt noch FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Britta (administrator) on HUPSY on 29-03-2014 16:42:07
Running from C:\Users\Britta\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Adobe Systems Incorporated) C:\0 - Britta's Programme\Fotobearbeitung\Adobe Fotoshops Elements 9\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicStartMenu.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\0 - Britta's Programme\Fotobearbeitung\Adobe Photoshop Elements 11\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11554688 2012-08-08] (Motorola Solutions, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-21] (Synaptics Incorporated)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\WINDOWS\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SterJo NetStalker] - C:\Program Files (x86)\SterJo NetStalker\NetStalker.exe [820232 2013-11-10] (SterJo Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-885508780-3488564519-4253053766-1002\...\Run: [Spiele Post] - C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe [479984 2013-01-11] (Intenium)
HKU\S-1-5-21-885508780-3488564519-4253053766-1002\...\Run: [Amazon Cloud Player] - C:\Users\Britta\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
Startup: C:\Users\Britta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {C0B8E795-7C41-4B83-B445-D943D1949BA0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {C0B8E795-7C41-4B83-B445-D943D1949BA0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {C0B8E795-7C41-4B83-B445-D943D1949BA0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - {1E5B04A9-36E9-4430-8D02-E132C9366C24} URL = hxxp://search.gophoto.it/?pl=1&q={searchTerms}&ch=v1noadmin_1402
SearchScopes: HKCU - {C0B8E795-7C41-4B83-B445-D943D1949BA0} URL = 
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF SearchPlugin: C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\searchplugins\gophotoit.xml
FF SearchPlugin: C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\searchplugins\webde-suche.xml
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-02-16]
FF StartMenuInternet: FIREFOX.EXE - C:\0 - Britta's Programme\Arbeitsprogramme\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HomePage: hxxp://search.gophoto.it/?pl=2&ch=v1noadmin_1402
CHR RestoreOnStartup: "hxxp://search.gophoto.it/?pl=2&ch=v1noadmin_1402"
CHR DefaultSearchProvider: Search The Web (GoPhotoIt)
CHR DefaultSearchURL: hxxp://search.gophoto.it/?pl=1&ch=v1noadmin_1402&q={searchTerms}
CHR Extension: (GoPhotoIt Chrome Extension) - C:\Users\Britta\AppData\Local\Google\Chrome\User Data\Default\Extensions\begbnpffhnpedhocnobliippgejhjpfp [2014-02-01]
CHR HKCU\...\Chrome\Extension: [begbnpffhnpedhocnobliippgejhjpfp] - C:\Users\Britta\AppData\Roaming\Cool Mirage Ltd\gophotoit\1.8.29.5\gophotoit.crx [2014-02-01]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-18]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-03] (Adobe Systems)
R2 AdobeActiveFileMonitor11.0; C:\0 - Britta's Programme\Fotobearbeitung\Adobe Photoshop Elements 11\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor9.0; C:\0 - Britta's Programme\Fotobearbeitung\Adobe Fotoshops Elements 9\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-06] (Adobe Systems Incorporated)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [64848 2012-08-06] (Condusiv Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\0 - Britta's Programme\Arbeitsprogramme\Mobile Partner\UpdateDog\ouc.exe [239968 2013-07-31] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-15] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140328.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-17] (Microsoft Corporation)
R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [24400 2012-08-06] (Condusiv Technologies)
R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [73552 2012-08-06] (Condusiv Technologies)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140328.017\ENG64.SYS [126040 2014-02-15] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140328.017\EX64.SYS [2099288 2014-02-15] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-10-26] (Windows (R) 2003 DDK 3790 provider)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-17] (Microsoft Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1502000.026\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-29 16:42 - 2014-03-29 16:42 - 00022862 _____ () C:\Users\Britta\Desktop\FRST.txt
2014-03-29 16:41 - 2014-03-29 16:41 - 00000862 _____ () C:\Users\Britta\Desktop\JRT.txt
2014-03-29 16:29 - 2014-03-29 16:29 - 00003070 _____ () C:\Users\Britta\Desktop\AdwCleaner[S0].txt
2014-03-29 16:29 - 2014-03-29 16:29 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-29 16:26 - 2014-03-29 16:27 - 00000000 ____D () C:\AdwCleaner
2014-03-29 14:05 - 2014-03-29 14:05 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-03-29 14:00 - 2014-03-26 20:38 - 02157056 _____ (Farbar) C:\Users\Britta\Desktop\FRST64.exe
2014-03-29 13:59 - 2014-03-29 13:55 - 01038974 _____ (Thisisu) C:\Users\Britta\Desktop\JRT.exe
2014-03-29 13:59 - 2014-03-29 13:54 - 01950720 _____ () C:\Users\Britta\Desktop\adwcleaner.exe
2014-03-26 21:37 - 2014-03-26 21:37 - 00005439 _____ () C:\Users\Britta\Downloads\Logfiles.7z
2014-03-26 20:42 - 2014-03-29 16:42 - 00000000 ____D () C:\FRST
2014-03-26 20:41 - 2014-03-26 20:41 - 00000000 _____ () C:\Users\Britta\defogger_reenable
2014-03-25 20:56 - 2014-03-25 20:56 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-03-25 20:56 - 2014-03-25 20:56 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-03-25 11:10 - 2014-03-25 11:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-25 11:10 - 2013-11-11 16:02 - 06674208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2014-03-25 11:10 - 2013-11-11 16:02 - 03490080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2014-03-25 11:10 - 2013-11-11 16:01 - 03467927 _____ () C:\WINDOWS\system32\nvcoproc.bin
2014-03-25 11:10 - 2013-11-11 16:01 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2014-03-25 11:10 - 2013-11-11 16:01 - 01065248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2014-03-25 11:10 - 2013-11-11 16:01 - 00922912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2014-03-25 11:10 - 2013-11-11 16:01 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2014-03-25 11:10 - 2013-11-11 16:01 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2014-03-25 11:10 - 2013-11-11 16:01 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 30361888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 25257248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 22951200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 18293608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 18208624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 17560352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 15862272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 15218504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 12613408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-03-25 11:07 - 2013-11-14 12:58 - 11600432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 11514624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 09691888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 09619872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 03132704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 03125024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 03069608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 02947872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 02747680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 02697248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 01884448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6433182.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 01511712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6433182.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 01436528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 01242400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 00707360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 00657184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 00609568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 00562464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 00317472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 00266984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 00168616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 00141336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2014-03-25 11:07 - 2013-11-14 12:58 - 00032544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2014-03-25 11:07 - 2013-11-14 12:58 - 00023754 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-03-25 10:47 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2014-03-25 10:47 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2014-03-25 10:47 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2014-03-25 10:47 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2014-03-25 10:47 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2014-03-25 10:47 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2014-03-25 10:46 - 2014-03-25 10:47 - 00000000 ____D () C:\Users\Britta\AppData\Local\NVIDIA Corporation
2014-03-25 10:45 - 2014-03-25 10:45 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-03-25 10:45 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-03-25 10:45 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-03-25 10:15 - 2014-03-25 10:48 - 00000000 ____D () C:\Users\Britta\AppData\Local\NVIDIA
2014-03-25 10:14 - 2013-12-10 03:13 - 01100248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-03-25 10:14 - 2013-12-10 03:13 - 00982232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-03-25 10:11 - 2014-03-25 10:11 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-25 10:10 - 2014-03-25 11:09 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-25 10:05 - 2013-12-05 09:42 - 00035104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2014-03-25 10:00 - 2014-03-25 10:00 - 00000000 ____D () C:\NVIDIA
2014-03-25 09:09 - 2014-03-25 09:39 - 259887872 _____ (NVIDIA Corporation) C:\Users\Britta\Downloads\331.82-notebook-win8-win7-64bit-international-whql.exe
2014-03-25 09:03 - 2014-03-25 09:03 - 00291840 _____ () C:\WINDOWS\Minidump\032514-25562-01.dmp
2014-03-24 19:03 - 2014-03-24 19:03 - 00291744 _____ () C:\WINDOWS\Minidump\032414-23187-01.dmp
2014-03-22 13:14 - 2014-03-22 13:14 - 00000000 ____D () C:\Users\Britta\AppData\Roaming\Malwarebytes
2014-03-22 13:13 - 2014-03-22 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-22 13:13 - 2014-03-22 13:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-22 13:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-22 12:32 - 2014-03-22 12:40 - 00000000 ____D () C:\!KillBox
2014-03-22 09:31 - 2014-03-22 13:30 - 00000000 ____D () C:\Program Files (x86)\SterJo NetStalker
2014-03-22 09:31 - 2005-04-15 19:58 - 01351392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.ocx
2014-03-21 20:12 - 2014-03-21 20:12 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-03-21 20:11 - 2014-03-23 19:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-18 21:51 - 2014-01-08 02:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-03-18 21:51 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-03-18 21:51 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-03-18 21:51 - 2014-01-04 16:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-03-18 21:51 - 2014-01-04 16:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-03-18 21:51 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-03-18 21:51 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-03-18 21:51 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-03-18 21:51 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-03-18 21:51 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-03-18 21:51 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-03-18 21:51 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-03-18 21:51 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-03-18 21:51 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-03-18 21:51 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-03-18 21:51 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-03-18 21:51 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-03-18 21:51 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-03-18 21:51 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-03-18 21:51 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-03-18 21:51 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-03-18 21:51 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-03-18 21:51 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-03-18 21:51 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-03-18 21:51 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-03-18 21:51 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-03-18 21:51 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-03-18 21:51 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-03-18 21:51 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-03-18 21:51 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-03-18 21:51 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-03-18 21:51 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-03-18 21:51 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-03-18 21:51 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-03-18 21:51 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-03-18 21:51 - 2013-12-09 09:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-03-18 21:51 - 2013-12-09 05:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-03-14 07:01 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-14 07:01 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-14 07:01 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-14 07:01 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-14 07:01 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-14 07:01 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-14 07:01 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-14 07:01 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-14 07:01 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-14 07:01 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-14 07:01 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-14 07:01 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-14 07:01 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-14 07:01 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-14 07:01 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-14 07:01 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-14 07:01 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-14 07:01 - 2014-02-22 13:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-03-14 07:01 - 2014-02-22 12:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-03-14 07:01 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-14 07:01 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-14 07:01 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-14 07:01 - 2014-01-31 17:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-14 07:01 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-14 07:01 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-14 07:01 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-14 07:01 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-14 07:01 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-14 07:01 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-14 07:01 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-14 07:01 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-14 07:01 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-14 07:01 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-14 07:01 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-14 07:01 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-14 07:01 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-14 07:01 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-14 07:01 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-14 07:01 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-14 07:01 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-14 07:01 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-14 07:01 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-14 07:01 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-14 07:01 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-14 07:01 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-14 07:01 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-14 07:01 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-14 07:01 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-14 07:01 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-14 07:01 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-14 07:01 - 2014-01-27 12:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-14 07:01 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-14 07:01 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-14 07:01 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-14 07:01 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-14 07:01 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-14 07:01 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-14 07:01 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-14 07:01 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-14 07:01 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-13 22:32 - 2014-03-13 22:32 - 00000000 ____D () C:\Users\Britta\AppData\Local\Amazon Cloud Player
2014-03-08 13:33 - 2014-03-08 13:33 - 00291896 _____ () C:\WINDOWS\Minidump\030814-18843-01.dmp
2014-03-02 11:33 - 2014-03-02 11:33 - 00292032 _____ () C:\WINDOWS\Minidump\030214-24281-01.dmp

==================== One Month Modified Files and Folders =======

2014-03-29 16:42 - 2014-03-29 16:42 - 00022862 _____ () C:\Users\Britta\Desktop\FRST.txt
2014-03-29 16:42 - 2014-03-26 20:42 - 00000000 ____D () C:\FRST
2014-03-29 16:41 - 2014-03-29 16:41 - 00000862 _____ () C:\Users\Britta\Desktop\JRT.txt
2014-03-29 16:38 - 2013-01-11 18:07 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-885508780-3488564519-4253053766-1002
2014-03-29 16:29 - 2014-03-29 16:29 - 00003070 _____ () C:\Users\Britta\Desktop\AdwCleaner[S0].txt
2014-03-29 16:29 - 2014-03-29 16:29 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-29 16:29 - 2013-01-12 13:15 - 00000000 ____D () C:\Users\Britta\AppData\Local\CrashDumps
2014-03-29 16:28 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-29 16:27 - 2014-03-29 16:26 - 00000000 ____D () C:\AdwCleaner
2014-03-29 16:27 - 2013-11-14 08:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-29 16:27 - 2013-11-14 08:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-03-29 16:27 - 2013-11-14 08:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-03-29 16:22 - 2013-11-13 23:18 - 00770048 _____ () C:\WINDOWS\PFRO.log
2014-03-29 15:45 - 2013-01-11 18:31 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-29 15:40 - 2013-12-17 23:19 - 01391371 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-29 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-29 14:05 - 2014-03-29 14:05 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-03-29 14:00 - 2013-12-17 23:42 - 00000000 ____D () C:\Users\Britta\AppData\Roaming\ClassicShell
2014-03-29 13:57 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-03-29 13:55 - 2014-03-29 13:59 - 01038974 _____ (Thisisu) C:\Users\Britta\Desktop\JRT.exe
2014-03-29 13:54 - 2014-03-29 13:59 - 01950720 _____ () C:\Users\Britta\Desktop\adwcleaner.exe
2014-03-29 09:54 - 2013-12-31 08:08 - 00003284 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-03-29 09:54 - 2013-12-31 08:05 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64
2014-03-29 09:52 - 2013-12-22 12:54 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E375E84D-6A2A-4AE5-AC99-D98D879404EE}
2014-03-29 09:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-29 09:06 - 2013-01-11 20:14 - 00000000 ____D () C:\Users\Britta\AppData\Local\Adobe
2014-03-28 23:27 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-28 15:32 - 2013-08-22 15:46 - 00334194 _____ () C:\WINDOWS\setupact.log
2014-03-27 21:29 - 2013-01-11 18:04 - 00000000 ____D () C:\0 - Britta's Programme
2014-03-26 21:37 - 2014-03-26 21:37 - 00005439 _____ () C:\Users\Britta\Downloads\Logfiles.7z
2014-03-26 20:41 - 2014-03-26 20:41 - 00000000 _____ () C:\Users\Britta\defogger_reenable
2014-03-26 20:41 - 2013-12-17 23:01 - 00000000 ____D () C:\Users\Britta
2014-03-26 20:38 - 2014-03-29 14:00 - 02157056 _____ (Farbar) C:\Users\Britta\Desktop\FRST64.exe
2014-03-25 20:56 - 2014-03-25 20:56 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-03-25 20:56 - 2014-03-25 20:56 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-03-25 11:10 - 2014-03-25 11:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-25 11:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2014-03-25 11:10 - 2012-09-10 09:36 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-25 11:09 - 2014-03-25 10:10 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-25 11:09 - 2012-09-10 09:36 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-25 10:48 - 2014-03-25 10:15 - 00000000 ____D () C:\Users\Britta\AppData\Local\NVIDIA
2014-03-25 10:47 - 2014-03-25 10:46 - 00000000 ____D () C:\Users\Britta\AppData\Local\NVIDIA Corporation
2014-03-25 10:45 - 2014-03-25 10:45 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-03-25 10:11 - 2014-03-25 10:11 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-25 10:00 - 2014-03-25 10:00 - 00000000 ____D () C:\NVIDIA
2014-03-25 09:39 - 2014-03-25 09:09 - 259887872 _____ (NVIDIA Corporation) C:\Users\Britta\Downloads\331.82-notebook-win8-win7-64bit-international-whql.exe
2014-03-25 09:03 - 2014-03-25 09:03 - 00291840 _____ () C:\WINDOWS\Minidump\032514-25562-01.dmp
2014-03-25 09:03 - 2014-02-23 19:03 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-25 09:03 - 2012-09-11 01:22 - 1437250579 _____ () C:\WINDOWS\MEMORY.DMP
2014-03-24 19:03 - 2014-03-24 19:03 - 00291744 _____ () C:\WINDOWS\Minidump\032414-23187-01.dmp
2014-03-23 19:44 - 2014-03-21 20:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-23 19:44 - 2013-05-25 21:42 - 00000170 _____ () C:\WINDOWS\wininit.ini
2014-03-23 13:28 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-22 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-22 13:51 - 2014-01-01 16:41 - 00000000 ____D () C:\Users\Britta\AppData\Local\NPE
2014-03-22 13:30 - 2014-03-22 09:31 - 00000000 ____D () C:\Program Files (x86)\SterJo NetStalker
2014-03-22 13:14 - 2014-03-22 13:14 - 00000000 ____D () C:\Users\Britta\AppData\Roaming\Malwarebytes
2014-03-22 13:13 - 2014-03-22 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-22 13:13 - 2014-03-22 13:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-22 12:40 - 2014-03-22 12:32 - 00000000 ____D () C:\!KillBox
2014-03-21 20:12 - 2014-03-21 20:12 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-03-21 19:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-03-19 06:57 - 2014-02-18 20:11 - 00000000 ___RD () C:\Users\Britta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-19 06:57 - 2013-01-11 18:02 - 00000000 ___RD () C:\Users\Britta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-18 23:14 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-03-18 22:22 - 2013-08-26 15:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 22:12 - 2013-01-11 20:29 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-14 19:55 - 2013-08-22 15:44 - 02000096 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-14 07:26 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-14 07:26 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-14 07:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-14 07:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-13 22:32 - 2014-03-13 22:32 - 00000000 ____D () C:\Users\Britta\AppData\Local\Amazon Cloud Player
2014-03-11 21:45 - 2014-02-20 19:45 - 05777288 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-03-11 21:45 - 2013-01-11 18:31 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-08 13:33 - 2014-03-08 13:33 - 00291896 _____ () C:\WINDOWS\Minidump\030814-18843-01.dmp
2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-02 11:33 - 2014-03-02 11:33 - 00292032 _____ () C:\WINDOWS\Minidump\030214-24281-01.dmp
2014-03-01 22:51 - 2013-04-26 20:56 - 00000000 ____D () C:\Users\Britta\Documents\My Kindle Content
2014-03-01 07:05 - 2014-03-14 07:01 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-01 05:58 - 2014-03-14 07:01 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-01 05:30 - 2014-03-14 07:01 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-01 05:17 - 2014-03-14 07:01 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-01 04:54 - 2014-03-14 07:01 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-01 04:47 - 2014-03-14 07:01 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-01 04:42 - 2014-03-14 07:01 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-01 04:18 - 2014-03-14 07:01 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-01 04:14 - 2014-03-14 07:01 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-14 07:01 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-01 04:03 - 2014-03-14 07:01 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-01 03:57 - 2014-03-14 07:01 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-14 07:01 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-14 07:01 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-14 07:01 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-14 07:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-14 07:01 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some content of TEMP:
====================
C:\Users\Britta\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-14 07:01] - [2014-01-31 17:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02



LastRegBack: 2014-03-28 15:59

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 30.03.2014, 07:38

Norton is auch Müll. Ich empfehle immer Emsisoft.

FlyingDragon · 01.04.2014, 20:33

Hallo Schrauber,

leider fehlt noch eine Rückmeldung von Dir auf meine letzte Antwort. Ist mein PC jetzt wieder "sauber". Kann ich Defogger noch einmal aktivieren und alles auf Disable setzen? Für eine kurze Rückmeldung wäre ich Dir sehr dankbar.

Gruß, FlyingDragon

schrauber · 02.04.2014, 13:46

Sorry, vergessen. Noch einen Onlinescan zur Kontrolle:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

FlyingDragon · 05.04.2014, 11:04

Hallo Schrauber,

sorry für die späte Antwort. Leider muss ich Dir sagen, dass ich aus Sicherheitsgründen den OnlineScanner nach 25 Minuten abgebrochen haben. Zu diesem Zeitpunkt waren mal gerade 7% geprüft und die Fortschrittsanzeige war seit über 5 Minuten unverändert. Grob überschlagen bin ich auf über 4 Stunden Zeitaufwand gekommen, die der PC dann vollkommen ungeschützt im Internet wäre. Ich habe zwar gleich einen Scan durchgeführt und gestern schien alles in Ordnung, heute morgen hatte ich dann aber einen sogenannten "Kernel-Security" Fehler und konnte erst nach einem Neustart ins Internet. Das Phänomen hatte ich auch, als ich offenbar den Schädling auf der Festplatte hatte.

Okay SecurityCheck und FRST habe ich ausgeführt, nachstehend die Logs:

SecurityCheck:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.80  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender           
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 51  
 Adobe Flash Player 	12.0.0.77  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox 25.0.1 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Mobile Partner OnlineUpdate ouc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Britta (administrator) on HUPSY on 05-04-2014 11:48:24
Running from C:\Users\Britta\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Adobe Systems Incorporated) C:\0 - Britta's Programme\Fotobearbeitung\Adobe Fotoshops Elements 9\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(IvoSoft) C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicStartMenu.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Adobe Systems Incorporated) C:\0 - Britta's Programme\Fotobearbeitung\Adobe Photoshop Elements 11\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11554688 2012-08-08] (Motorola Solutions, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-21] (Synaptics Incorporated)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\WINDOWS\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SterJo NetStalker] - C:\Program Files (x86)\SterJo NetStalker\NetStalker.exe [820232 2013-11-10] (SterJo Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-885508780-3488564519-4253053766-1002\...\Run: [Spiele Post] - C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe [479984 2013-01-11] (Intenium)
HKU\S-1-5-21-885508780-3488564519-4253053766-1002\...\Run: [Amazon Cloud Player] - C:\Users\Britta\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
Startup: C:\Users\Britta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {C0B8E795-7C41-4B83-B445-D943D1949BA0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {C0B8E795-7C41-4B83-B445-D943D1949BA0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {C0B8E795-7C41-4B83-B445-D943D1949BA0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - {1E5B04A9-36E9-4430-8D02-E132C9366C24} URL = hxxp://search.gophoto.it/?pl=1&q={searchTerms}&ch=v1noadmin_1402
SearchScopes: HKCU - {C0B8E795-7C41-4B83-B445-D943D1949BA0} URL = 
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\0 - Britta's Programme\Betriebsprogramme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF SearchPlugin: C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\searchplugins\gophotoit.xml
FF SearchPlugin: C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\fi9szxxf.default\searchplugins\webde-suche.xml
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-02-16]
FF StartMenuInternet: FIREFOX.EXE - C:\0 - Britta's Programme\Arbeitsprogramme\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HomePage: hxxp://search.gophoto.it/?pl=2&ch=v1noadmin_1402
CHR RestoreOnStartup: "hxxp://search.gophoto.it/?pl=2&ch=v1noadmin_1402"
CHR DefaultSearchProvider: Search The Web (GoPhotoIt)
CHR DefaultSearchURL: hxxp://search.gophoto.it/?pl=1&ch=v1noadmin_1402&q={searchTerms}
CHR Extension: (GoPhotoIt Chrome Extension) - C:\Users\Britta\AppData\Local\Google\Chrome\User Data\Default\Extensions\begbnpffhnpedhocnobliippgejhjpfp [2014-02-01]
CHR HKCU\...\Chrome\Extension: [begbnpffhnpedhocnobliippgejhjpfp] - C:\Users\Britta\AppData\Roaming\Cool Mirage Ltd\gophotoit\1.8.29.5\gophotoit.crx [2014-02-01]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-18]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-03] (Adobe Systems)
R2 AdobeActiveFileMonitor11.0; C:\0 - Britta's Programme\Fotobearbeitung\Adobe Photoshop Elements 11\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor9.0; C:\0 - Britta's Programme\Fotobearbeitung\Adobe Fotoshops Elements 9\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-06] (Adobe Systems Incorporated)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [64848 2012-08-06] (Condusiv Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\0 - Britta's Programme\Arbeitsprogramme\Mobile Partner\UpdateDog\ouc.exe [239968 2013-07-31] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-15] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140403.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-17] (Microsoft Corporation)
R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [24400 2012-08-06] (Condusiv Technologies)
R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [73552 2012-08-06] (Condusiv Technologies)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140404.001\ENG64.SYS [126040 2014-02-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140404.001\EX64.SYS [2099288 2014-02-15] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-10-26] (Windows (R) 2003 DDK 3790 provider)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-17] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1502000.026\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-05 11:48 - 2014-04-05 11:48 - 00022659 _____ () C:\Users\Britta\Desktop\FRST.txt
2014-04-05 11:48 - 2014-04-05 11:48 - 00000937 _____ () C:\Users\Britta\Desktop\checkup.txt
2014-04-05 11:43 - 2014-03-26 21:38 - 02157056 _____ (Farbar) C:\Users\Britta\Desktop\FRST64.exe
2014-04-04 19:57 - 2014-04-04 19:57 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-04 19:51 - 2014-04-04 19:51 - 02347384 _____ (ESET) C:\Users\Britta\Desktop\esetsmartinstaller_enu.exe
2014-04-04 19:51 - 2014-04-04 19:51 - 00987442 _____ () C:\Users\Britta\Desktop\SecurityCheck.exe
2014-03-29 23:36 - 2014-03-29 23:36 - 00000000 ____D () C:\BigFishCache
2014-03-29 17:29 - 2014-03-29 17:29 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-29 17:26 - 2014-03-29 17:27 - 00000000 ____D () C:\AdwCleaner
2014-03-29 15:05 - 2014-03-29 15:05 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-03-26 22:37 - 2014-03-26 22:37 - 00005439 _____ () C:\Users\Britta\Downloads\Logfiles.7z
2014-03-26 21:42 - 2014-04-05 11:48 - 00000000 ____D () C:\FRST
2014-03-26 21:41 - 2014-03-26 21:41 - 00000000 _____ () C:\Users\Britta\defogger_reenable
2014-03-25 21:56 - 2014-03-25 21:56 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-03-25 21:56 - 2014-03-25 21:56 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-03-25 12:10 - 2014-03-25 12:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-25 12:10 - 2013-11-11 17:02 - 06674208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2014-03-25 12:10 - 2013-11-11 17:02 - 03490080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2014-03-25 12:10 - 2013-11-11 17:01 - 03467927 _____ () C:\WINDOWS\system32\nvcoproc.bin
2014-03-25 12:10 - 2013-11-11 17:01 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2014-03-25 12:10 - 2013-11-11 17:01 - 01065248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2014-03-25 12:10 - 2013-11-11 17:01 - 00922912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2014-03-25 12:10 - 2013-11-11 17:01 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2014-03-25 12:10 - 2013-11-11 17:01 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2014-03-25 12:10 - 2013-11-11 17:01 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 30361888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 25257248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 22951200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 18293608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 18208624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 17560352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 15862272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 15218504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 12613408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-03-25 12:07 - 2013-11-14 13:58 - 11600432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 11514624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 09691888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 09619872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 03132704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 03125024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 03069608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 02947872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 02747680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 02697248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 01884448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6433182.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 01511712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6433182.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 01436528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 01242400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 00707360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 00657184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 00609568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 00562464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 00317472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 00266984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 00168616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 00141336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2014-03-25 12:07 - 2013-11-14 13:58 - 00032544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2014-03-25 12:07 - 2013-11-14 13:58 - 00023754 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-03-25 11:47 - 2010-05-26 12:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2014-03-25 11:47 - 2010-05-26 12:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2014-03-25 11:47 - 2010-05-26 12:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2014-03-25 11:47 - 2010-05-26 12:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2014-03-25 11:47 - 2010-05-26 12:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2014-03-25 11:47 - 2010-05-26 12:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2014-03-25 11:46 - 2014-03-25 11:47 - 00000000 ____D () C:\Users\Britta\AppData\Local\NVIDIA Corporation
2014-03-25 11:45 - 2014-03-25 11:45 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-03-25 11:45 - 2013-12-05 10:42 - 00039200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-03-25 11:45 - 2013-12-05 10:42 - 00032544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-03-25 11:15 - 2014-03-25 11:48 - 00000000 ____D () C:\Users\Britta\AppData\Local\NVIDIA
2014-03-25 11:14 - 2013-12-10 04:13 - 01100248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-03-25 11:14 - 2013-12-10 04:13 - 00982232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-03-25 11:11 - 2014-03-25 11:11 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-25 11:10 - 2014-03-25 12:09 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-25 11:05 - 2013-12-05 10:42 - 00035104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2014-03-25 11:00 - 2014-03-25 11:00 - 00000000 ____D () C:\NVIDIA
2014-03-25 10:09 - 2014-03-25 10:39 - 259887872 _____ (NVIDIA Corporation) C:\Users\Britta\Downloads\331.82-notebook-win8-win7-64bit-international-whql.exe
2014-03-25 10:03 - 2014-03-25 10:03 - 00291840 _____ () C:\WINDOWS\Minidump\032514-25562-01.dmp
2014-03-24 20:03 - 2014-03-24 20:03 - 00291744 _____ () C:\WINDOWS\Minidump\032414-23187-01.dmp
2014-03-22 14:14 - 2014-03-22 14:14 - 00000000 ____D () C:\Users\Britta\AppData\Roaming\Malwarebytes
2014-03-22 14:13 - 2014-03-22 14:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-22 14:13 - 2014-03-22 14:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-22 14:13 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-22 13:32 - 2014-03-22 13:40 - 00000000 ____D () C:\!KillBox
2014-03-22 10:31 - 2014-03-22 14:30 - 00000000 ____D () C:\Program Files (x86)\SterJo NetStalker
2014-03-22 10:31 - 2005-04-15 20:58 - 01351392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.ocx
2014-03-21 21:12 - 2014-03-21 21:12 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-03-21 21:11 - 2014-03-23 20:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-18 22:51 - 2014-01-08 03:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-03-18 22:51 - 2014-01-08 03:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-03-18 22:51 - 2014-01-08 03:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-03-18 22:51 - 2014-01-04 17:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-03-18 22:51 - 2014-01-04 17:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-03-18 22:51 - 2014-01-04 16:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-03-18 22:51 - 2014-01-04 15:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-03-18 22:51 - 2014-01-03 01:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-03-18 22:51 - 2014-01-03 01:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-03-18 22:51 - 2014-01-01 03:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-03-18 22:51 - 2014-01-01 03:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-03-18 22:51 - 2014-01-01 02:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-03-18 22:51 - 2014-01-01 02:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-03-18 22:51 - 2014-01-01 01:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-03-18 22:51 - 2014-01-01 01:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-03-18 22:51 - 2014-01-01 01:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-03-18 22:51 - 2013-12-31 01:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-03-18 22:51 - 2013-12-31 01:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-03-18 22:51 - 2013-12-31 01:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-03-18 22:51 - 2013-12-31 01:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-03-18 22:51 - 2013-12-31 01:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-03-18 22:51 - 2013-12-27 17:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-03-18 22:51 - 2013-12-27 10:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-03-18 22:51 - 2013-12-27 10:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-03-18 22:51 - 2013-12-27 10:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-03-18 22:51 - 2013-12-27 09:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-03-18 22:51 - 2013-12-27 09:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-03-18 22:51 - 2013-12-27 08:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-03-18 22:51 - 2013-12-21 09:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-03-18 22:51 - 2013-12-17 09:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-03-18 22:51 - 2013-12-14 08:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-03-18 22:51 - 2013-12-14 08:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-03-18 22:51 - 2013-12-13 12:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-03-18 22:51 - 2013-12-13 08:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-03-18 22:51 - 2013-12-13 07:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-03-18 22:51 - 2013-12-09 10:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-03-18 22:51 - 2013-12-09 06:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-03-14 08:01 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-14 08:01 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-14 08:01 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-14 08:01 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-14 08:01 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-14 08:01 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-14 08:01 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-14 08:01 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-14 08:01 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-14 08:01 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-14 08:01 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-14 08:01 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-14 08:01 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-14 08:01 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-14 08:01 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-14 08:01 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-14 08:01 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-14 08:01 - 2014-02-22 14:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-03-14 08:01 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-03-14 08:01 - 2014-02-11 05:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-14 08:01 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-14 08:01 - 2014-02-11 04:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-14 08:01 - 2014-01-31 18:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-14 08:01 - 2014-01-31 18:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-14 08:01 - 2014-01-31 18:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-14 08:01 - 2014-01-31 15:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-14 08:01 - 2014-01-31 11:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-14 08:01 - 2014-01-29 11:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-14 08:01 - 2014-01-29 10:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-14 08:01 - 2014-01-29 10:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-14 08:01 - 2014-01-29 10:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-14 08:01 - 2014-01-29 10:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-14 08:01 - 2014-01-29 09:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-14 08:01 - 2014-01-29 09:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-14 08:01 - 2014-01-29 09:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-14 08:01 - 2014-01-29 08:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-14 08:01 - 2014-01-29 02:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-14 08:01 - 2014-01-27 21:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-14 08:01 - 2014-01-27 21:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-14 08:01 - 2014-01-27 21:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-14 08:01 - 2014-01-27 20:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-14 08:01 - 2014-01-27 20:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-14 08:01 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-14 08:01 - 2014-01-27 20:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-14 08:01 - 2014-01-27 20:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-14 08:01 - 2014-01-27 19:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-14 08:01 - 2014-01-27 19:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-14 08:01 - 2014-01-27 19:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-14 08:01 - 2014-01-27 17:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-14 08:01 - 2014-01-27 17:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-14 08:01 - 2014-01-27 13:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-14 08:01 - 2014-01-18 01:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-14 08:01 - 2014-01-17 23:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-14 08:01 - 2013-12-21 16:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-14 08:01 - 2013-12-21 10:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-14 08:01 - 2013-12-20 12:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-14 08:01 - 2013-12-20 12:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-14 08:01 - 2013-10-31 02:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-14 08:01 - 2013-10-31 02:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-14 08:01 - 2013-10-31 02:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-13 23:32 - 2014-03-13 23:32 - 00000000 ____D () C:\Users\Britta\AppData\Local\Amazon Cloud Player
2014-03-08 14:33 - 2014-03-08 14:33 - 00291896 _____ () C:\WINDOWS\Minidump\030814-18843-01.dmp

==================== One Month Modified Files and Folders =======

2014-04-05 11:48 - 2014-04-05 11:48 - 00022659 _____ () C:\Users\Britta\Desktop\FRST.txt
2014-04-05 11:48 - 2014-04-05 11:48 - 00000937 _____ () C:\Users\Britta\Desktop\checkup.txt
2014-04-05 11:48 - 2014-03-26 21:42 - 00000000 ____D () C:\FRST
2014-04-05 11:46 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-05 11:46 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-05 11:46 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-05 11:45 - 2013-12-22 13:54 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E375E84D-6A2A-4AE5-AC99-D98D879404EE}
2014-04-05 11:45 - 2013-01-11 21:14 - 00000000 ____D () C:\Users\Britta\AppData\Local\Adobe
2014-04-05 11:45 - 2013-01-11 19:31 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-05 11:42 - 2013-01-12 14:15 - 00000000 ____D () C:\Users\Britta\AppData\Local\CrashDumps
2014-04-05 11:41 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-05 00:05 - 2013-12-18 00:42 - 00000000 ____D () C:\Users\Britta\AppData\Roaming\ClassicShell
2014-04-05 00:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-04 21:38 - 2013-01-11 19:07 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-885508780-3488564519-4253053766-1002
2014-04-04 20:44 - 2013-12-18 00:19 - 02064582 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-04 19:57 - 2014-04-04 19:57 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-04 19:51 - 2014-04-04 19:51 - 02347384 _____ (ESET) C:\Users\Britta\Desktop\esetsmartinstaller_enu.exe
2014-04-04 19:51 - 2014-04-04 19:51 - 00987442 _____ () C:\Users\Britta\Desktop\SecurityCheck.exe
2014-04-04 17:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-04-03 22:44 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-31 18:35 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-29 23:36 - 2014-03-29 23:36 - 00000000 ____D () C:\BigFishCache
2014-03-29 17:29 - 2014-03-29 17:29 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-29 17:27 - 2014-03-29 17:26 - 00000000 ____D () C:\AdwCleaner
2014-03-29 17:27 - 2013-01-26 00:44 - 00000000 ____D () C:\Users\Britta\AppData\Roaming\CheckPoint
2014-03-29 17:22 - 2013-11-14 00:18 - 00770048 _____ () C:\WINDOWS\PFRO.log
2014-03-29 15:05 - 2014-03-29 15:05 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-03-29 14:57 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-03-29 10:54 - 2013-12-31 09:08 - 00003284 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-03-29 10:54 - 2013-12-31 09:05 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64
2014-03-28 16:32 - 2013-08-22 16:46 - 00334194 _____ () C:\WINDOWS\setupact.log
2014-03-27 22:29 - 2013-01-11 19:04 - 00000000 ____D () C:\0 - Britta's Programme
2014-03-26 22:37 - 2014-03-26 22:37 - 00005439 _____ () C:\Users\Britta\Downloads\Logfiles.7z
2014-03-26 21:41 - 2014-03-26 21:41 - 00000000 _____ () C:\Users\Britta\defogger_reenable
2014-03-26 21:41 - 2013-12-18 00:01 - 00000000 ____D () C:\Users\Britta
2014-03-26 21:38 - 2014-04-05 11:43 - 02157056 _____ (Farbar) C:\Users\Britta\Desktop\FRST64.exe
2014-03-25 21:56 - 2014-03-25 21:56 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-03-25 21:56 - 2014-03-25 21:56 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-03-25 12:10 - 2014-03-25 12:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-25 12:10 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Help
2014-03-25 12:10 - 2012-09-10 10:36 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-25 12:09 - 2014-03-25 11:10 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-25 12:09 - 2012-09-10 10:36 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-25 11:48 - 2014-03-25 11:15 - 00000000 ____D () C:\Users\Britta\AppData\Local\NVIDIA
2014-03-25 11:47 - 2014-03-25 11:46 - 00000000 ____D () C:\Users\Britta\AppData\Local\NVIDIA Corporation
2014-03-25 11:45 - 2014-03-25 11:45 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-03-25 11:11 - 2014-03-25 11:11 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-25 11:00 - 2014-03-25 11:00 - 00000000 ____D () C:\NVIDIA
2014-03-25 10:39 - 2014-03-25 10:09 - 259887872 _____ (NVIDIA Corporation) C:\Users\Britta\Downloads\331.82-notebook-win8-win7-64bit-international-whql.exe
2014-03-25 10:03 - 2014-03-25 10:03 - 00291840 _____ () C:\WINDOWS\Minidump\032514-25562-01.dmp
2014-03-25 10:03 - 2014-02-23 20:03 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-25 10:03 - 2012-09-11 02:22 - 1437250579 _____ () C:\WINDOWS\MEMORY.DMP
2014-03-24 20:03 - 2014-03-24 20:03 - 00291744 _____ () C:\WINDOWS\Minidump\032414-23187-01.dmp
2014-03-23 20:44 - 2014-03-21 21:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-23 20:44 - 2013-05-25 22:42 - 00000170 _____ () C:\WINDOWS\wininit.ini
2014-03-22 23:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-22 14:51 - 2014-01-01 17:41 - 00000000 ____D () C:\Users\Britta\AppData\Local\NPE
2014-03-22 14:30 - 2014-03-22 10:31 - 00000000 ____D () C:\Program Files (x86)\SterJo NetStalker
2014-03-22 14:14 - 2014-03-22 14:14 - 00000000 ____D () C:\Users\Britta\AppData\Roaming\Malwarebytes
2014-03-22 14:13 - 2014-03-22 14:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-22 14:13 - 2014-03-22 14:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-22 13:40 - 2014-03-22 13:32 - 00000000 ____D () C:\!KillBox
2014-03-21 21:12 - 2014-03-21 21:12 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-03-21 20:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-03-19 07:57 - 2014-02-18 21:11 - 00000000 ___RD () C:\Users\Britta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-19 07:57 - 2013-01-11 19:02 - 00000000 ___RD () C:\Users\Britta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-19 00:14 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-03-18 23:22 - 2013-08-26 16:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 23:12 - 2013-01-11 21:29 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-14 20:55 - 2013-08-22 16:44 - 02000096 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-14 08:26 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-14 08:26 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-14 08:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-14 08:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-13 23:32 - 2014-03-13 23:32 - 00000000 ____D () C:\Users\Britta\AppData\Local\Amazon Cloud Player
2014-03-11 22:45 - 2014-02-20 20:45 - 05777288 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-03-11 22:45 - 2013-01-11 19:31 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-08 14:33 - 2014-03-08 14:33 - 00291896 _____ () C:\WINDOWS\Minidump\030814-18843-01.dmp

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some content of TEMP:
====================
C:\Users\Britta\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-14 08:01] - [2014-01-31 18:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02



LastRegBack: 2014-04-04 20:33

==================== End Of Log ============================

--- --- ---

schrauber · 06.04.2014, 11:57

Zitat:

heute morgen hatte ich dann aber einen sogenannten "Kernel-Security" Fehler

Wer meldet das?

FlyingDragon · 11.04.2014, 17:05

Sorry,
hatte bisher keine Zeit gehabt.
Windows selbst hat den Fehler gemeldet, das heißt blauer Bildschirm mit dem Text
Windows hat einen Fehler festgestellt, es werden Daten gesammelt und das System neu gestartet. Für weitere Informationen können Sie unter folgender Punkt nachsehen "Kernel-Secuirity-Fehler"....
Hatte ich aber seit dem nicht mehr gehabt. War offenkundig ein einmaliger Ausrutscher.

Gruß Flying-Dragon

schrauber · 13.04.2014, 16:31

Aso

Adobe und Flash updaten.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

30.03.2014, 07:38	#9
schrauber /// the machine /// TB-Ausbilder	E-Mail Account verschickt eigenmächtig E-Mails, Virenscanner kann nichts finden (Norton) Norton is auch Müll. Ich empfehle immer Emsisoft. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

E-Mail Account verschickt eigenmächtig E-Mails, Virenscanner kann nichts finden (Norton)

Log-Analyse und Auswertung: E-Mail Account verschickt eigenmächtig E-Mails, Virenscanner kann nichts finden (Norton)