| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: VIRUS Werbung bei lila unterstrichenen WörternWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.04.2014, 08:35
| #1 |
 |  VIRUS Werbung bei lila unterstrichenen Wörtern Hallo! Ich habe seit ein paar Tagen Probleme mit meinem Browser (Firefox). Auf manchen Seiten werden Wörter lila doppelt unterstrichen, die auf Werbung für irgendwelche Handy-Flats verweisen. Kann mir bitte jemand schnell helfen? Schreibe gerade etwas für die Uni, und es nervt echt! Danke und Liebe Grüße |
|
03.04.2014, 08:51
| #2 |
| /// the machine /// TB-Ausbilder    | VIRUS Werbung bei lila unterstrichenen Wörtern hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
03.04.2014, 12:58
| #3 |
| | VIRUS Werbung bei lila unterstrichenen Wörtern Erste:
__________________FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Freya-Sophie (administrator) on FREYA-SOPHIE-HP on 03-04-2014 09:55:39
Running from C:\Users\Freya-Sophie\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(HP) C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-02-24] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2012-01-30] (EasyBits Software AS)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [B2C_AGENT] - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2012-03-28] (LG Electronics)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [PMSpeed] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-13] (Cisco Systems, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-12-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-12-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [Scan Buttons] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE [214360 2011-01-21] (NewSoft Technology Corporation)
HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [jSugLyCC] - wscript.exe //B "C:\Users\FREYA-~1\AppData\Local\Temp\jSugLyCC.vbs" <===== ATTENTION
HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Policies\system: [DisableChangePassword] 0
Startup: C:\Users\Freya-Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
BHO: HP SimplePass Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: HP SimplePass Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-06-21] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Freya-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\n3jtrf3m.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013-04-24]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [260424 2011-12-11] (HP)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [269640 2011-12-09] (AuthenTec, Inc.)
==================== Drivers (Whitelisted) ====================
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-05] (Avira Operations GmbH & Co. KG)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20111201.001\BHDrvx64.sys [1157240 2011-11-28] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20111130.012\IDSVia64.sys [488568 2011-11-23] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20111203.009\ENG64.SYS [117880 2011-12-03] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20111203.009\EX64.SYS [2048632 2011-12-03] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-02-24] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-06-21] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-03 09:55 - 2014-04-03 09:55 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(1).exe
2014-04-03 09:00 - 2014-04-03 09:00 - 01426178 _____ () C:\Users\Freya-Sophie\Downloads\adwcleaner(1).exe
2014-03-30 20:15 - 2014-03-30 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-26 09:56 - 2014-03-26 10:11 - 00025561 _____ () C:\Users\Freya-Sophie\Desktop\Drux Arbeit korrigiert.odt
2014-03-25 17:57 - 2014-03-28 11:46 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\BA Arbeit
2014-03-17 23:18 - 2014-03-17 23:18 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Hamburg
2014-03-17 22:45 - 2014-03-17 22:45 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-03-13 14:36 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 14:36 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 14:36 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 14:36 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 14:36 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 14:36 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 14:36 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 14:36 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 14:36 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 14:36 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 14:36 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 14:36 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 14:35 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 14:35 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 14:35 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 14:35 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 14:35 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 14:35 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 14:35 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 14:35 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 14:35 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 14:35 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 14:35 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 14:35 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 14:35 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 14:35 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 14:35 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 14:35 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 14:35 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 14:35 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 14:35 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 14:35 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 14:35 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 14:35 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 14:35 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 14:35 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 14:35 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 14:35 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 14:35 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 14:35 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 14:35 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 14:35 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 14:35 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 14:35 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 14:35 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 14:35 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 14:34 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 14:34 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-09 18:42 - 2014-03-09 18:46 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Skype
2014-03-06 14:06 - 2014-03-06 14:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-05 13:17 - 2014-03-26 10:02 - 00019789 _____ () C:\Users\Freya-Sophie\Desktop\Sonderteil Drux.odt
==================== One Month Modified Files and Folders =======
2014-04-03 09:55 - 2014-04-03 09:55 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(1).exe
2014-04-03 09:55 - 2013-10-14 12:33 - 00021996 _____ () C:\Users\Freya-Sophie\Downloads\FRST.txt
2014-04-03 09:55 - 2013-10-14 12:31 - 00000000 ____D () C:\FRST
2014-04-03 09:50 - 2012-03-15 07:32 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-04-03 09:50 - 2012-03-15 07:32 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-04-03 09:50 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 09:43 - 2013-10-15 18:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-03 09:30 - 2009-07-14 06:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 09:30 - 2009-07-14 06:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 09:23 - 2013-04-25 07:58 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\.oit
2014-04-03 09:22 - 2012-10-13 11:39 - 01374959 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 09:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-03 09:22 - 2009-07-14 06:51 - 00110864 _____ () C:\Windows\setupact.log
2014-04-03 09:21 - 2013-10-13 23:36 - 00000000 ____D () C:\AdwCleaner
2014-04-03 09:00 - 2014-04-03 09:00 - 01426178 _____ () C:\Users\Freya-Sophie\Downloads\adwcleaner(1).exe
2014-04-02 23:23 - 2012-11-28 23:49 - 00000000 ___HD () C:\Users\Freya-Sophie\Desktop\.picasaoriginals
2014-04-02 22:13 - 2012-10-13 11:46 - 00003986 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{85A2C3B9-F210-4290-81FF-A833E868492A}
2014-04-02 17:55 - 2014-01-02 22:41 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForFreya-Sophie
2014-04-02 17:55 - 2014-01-02 22:41 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForFreya-Sophie.job
2014-04-02 17:53 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-01 13:41 - 2013-10-13 22:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-30 20:15 - 2014-03-30 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 19:46 - 2013-03-17 16:01 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-30 19:46 - 2012-11-04 18:48 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-03-28 11:46 - 2014-03-25 17:57 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\BA Arbeit
2014-03-26 10:11 - 2014-03-26 09:56 - 00025561 _____ () C:\Users\Freya-Sophie\Desktop\Drux Arbeit korrigiert.odt
2014-03-26 10:02 - 2014-03-05 13:17 - 00019789 _____ () C:\Users\Freya-Sophie\Desktop\Sonderteil Drux.odt
2014-03-25 20:25 - 2014-02-17 17:10 - 00046196 _____ () C:\Users\Freya-Sophie\Desktop\Ha Drux Fertig.odt
2014-03-25 19:31 - 2012-11-26 00:10 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Dokumente
2014-03-25 17:56 - 2013-03-12 23:07 - 00000000 ____D () C:\ProgramData\Cisco
2014-03-25 17:56 - 2013-03-12 23:07 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-03-25 17:21 - 2012-10-26 12:18 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Musik
2014-03-19 16:17 - 2013-09-08 00:07 - 00000000 ___RD () C:\Users\Freya-Sophie\Desktop\Sonstiges
2014-03-19 15:54 - 2012-10-26 12:31 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Bilder
2014-03-17 23:18 - 2014-03-17 23:18 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Hamburg
2014-03-17 22:50 - 2012-03-14 23:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-17 22:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-03-17 22:47 - 2012-03-14 23:07 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-03-17 22:45 - 2014-03-17 22:45 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-03-17 22:43 - 2012-03-14 23:24 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-17 22:43 - 2011-02-10 21:23 - 00000000 ____D () C:\SWSetup
2014-03-16 23:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-14 10:10 - 2009-07-14 06:45 - 00311952 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 10:09 - 2013-03-15 21:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 10:09 - 2013-03-15 21:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 18:43 - 2013-10-15 18:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 18:43 - 2013-10-15 18:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 18:43 - 2013-10-15 18:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 22:46 - 2013-07-04 12:13 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Uni
2014-03-09 18:46 - 2014-03-09 18:42 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Skype
2014-03-06 14:06 - 2014-03-06 14:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 14:06 - 2012-03-14 23:24 - 00000000 ____D () C:\ProgramData\Skype
2014-03-06 14:01 - 2012-10-13 16:26 - 01596516 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-06 13:52 - 2010-11-21 05:47 - 00207720 _____ () C:\Windows\PFRO.log
Some content of TEMP:
====================
C:\Users\Freya-Sophie\AppData\Local\Temp\AskSLib.dll
C:\Users\Freya-Sophie\AppData\Local\Temp\avgnt.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\Extract.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\Quarantine.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\Resource.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\SP56942.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\sp58915.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\SP59202.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\sp64126.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\ylb2mz36.dll
C:\Users\Freya-Sophie\AppData\Local\Temp\_is3325.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\_is6F4A.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-16 23:11
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- Das war alles...Das Programm hat nur das angezeigt. Auf dem Desktop wurde auch nichts gespeichert. Hab ich etwas falsch gemacht? FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Freya-Sophie (administrator) on FREYA-SOPHIE-HP on 03-04-2014 10:03:08
Running from C:\Users\Freya-Sophie\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(HP) C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(2).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-02-24] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2012-01-30] (EasyBits Software AS)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [B2C_AGENT] - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2012-03-28] (LG Electronics)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [PMSpeed] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-13] (Cisco Systems, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-12-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-12-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [Scan Buttons] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE [214360 2011-01-21] (NewSoft Technology Corporation)
HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [jSugLyCC] - wscript.exe //B "C:\Users\FREYA-~1\AppData\Local\Temp\jSugLyCC.vbs" <===== ATTENTION
HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Policies\system: [DisableChangePassword] 0
Startup: C:\Users\Freya-Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
BHO: HP SimplePass Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: HP SimplePass Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-06-21] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Freya-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\n3jtrf3m.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013-04-24]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [260424 2011-12-11] (HP)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [269640 2011-12-09] (AuthenTec, Inc.)
==================== Drivers (Whitelisted) ====================
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-05] (Avira Operations GmbH & Co. KG)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20111201.001\BHDrvx64.sys [1157240 2011-11-28] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20111130.012\IDSVia64.sys [488568 2011-11-23] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20111203.009\ENG64.SYS [117880 2011-12-03] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20111203.009\EX64.SYS [2048632 2011-12-03] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-02-24] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-06-21] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-03 10:02 - 2014-04-03 10:02 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(2).exe
2014-04-03 09:55 - 2014-04-03 09:55 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(1).exe
2014-04-03 09:00 - 2014-04-03 09:00 - 01426178 _____ () C:\Users\Freya-Sophie\Downloads\adwcleaner(1).exe
2014-03-30 20:15 - 2014-03-30 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-26 09:56 - 2014-03-26 10:11 - 00025561 _____ () C:\Users\Freya-Sophie\Desktop\Drux Arbeit korrigiert.odt
2014-03-25 17:57 - 2014-03-28 11:46 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\BA Arbeit
2014-03-17 23:18 - 2014-03-17 23:18 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Hamburg
2014-03-17 22:45 - 2014-03-17 22:45 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-03-13 14:36 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 14:36 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 14:36 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 14:36 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 14:36 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 14:36 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 14:36 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 14:36 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 14:36 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 14:36 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 14:36 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 14:36 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 14:35 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 14:35 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 14:35 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 14:35 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 14:35 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 14:35 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 14:35 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 14:35 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 14:35 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 14:35 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 14:35 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 14:35 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 14:35 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 14:35 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 14:35 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 14:35 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 14:35 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 14:35 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 14:35 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 14:35 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 14:35 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 14:35 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 14:35 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 14:35 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 14:35 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 14:35 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 14:35 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 14:35 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 14:35 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 14:35 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 14:35 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 14:35 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 14:35 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 14:35 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 14:34 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 14:34 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-09 18:42 - 2014-03-09 18:46 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Skype
2014-03-06 14:06 - 2014-03-06 14:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-05 13:17 - 2014-03-26 10:02 - 00019789 _____ () C:\Users\Freya-Sophie\Desktop\Sonderteil Drux.odt
==================== One Month Modified Files and Folders =======
2014-04-03 10:03 - 2013-10-14 12:33 - 00021942 _____ () C:\Users\Freya-Sophie\Downloads\FRST.txt
2014-04-03 10:03 - 2013-10-14 12:31 - 00000000 ____D () C:\FRST
2014-04-03 10:02 - 2014-04-03 10:02 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(2).exe
2014-04-03 09:59 - 2012-10-26 12:31 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Bilder
2014-04-03 09:58 - 2009-07-14 06:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 09:58 - 2009-07-14 06:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 09:55 - 2014-04-03 09:55 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(1).exe
2014-04-03 09:54 - 2012-10-13 11:39 - 01374959 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 09:50 - 2012-03-15 07:32 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-04-03 09:50 - 2012-03-15 07:32 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-04-03 09:50 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 09:43 - 2013-10-15 18:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-03 09:23 - 2013-04-25 07:58 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\.oit
2014-04-03 09:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-03 09:22 - 2009-07-14 06:51 - 00110864 _____ () C:\Windows\setupact.log
2014-04-03 09:21 - 2013-10-13 23:36 - 00000000 ____D () C:\AdwCleaner
2014-04-03 09:00 - 2014-04-03 09:00 - 01426178 _____ () C:\Users\Freya-Sophie\Downloads\adwcleaner(1).exe
2014-04-02 23:23 - 2012-11-28 23:49 - 00000000 ___HD () C:\Users\Freya-Sophie\Desktop\.picasaoriginals
2014-04-02 22:13 - 2012-10-13 11:46 - 00003986 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{85A2C3B9-F210-4290-81FF-A833E868492A}
2014-04-02 17:55 - 2014-01-02 22:41 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForFreya-Sophie
2014-04-02 17:55 - 2014-01-02 22:41 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForFreya-Sophie.job
2014-04-02 17:53 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-01 13:41 - 2013-10-13 22:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-30 20:15 - 2014-03-30 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 19:46 - 2013-03-17 16:01 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-30 19:46 - 2012-11-04 18:48 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-03-28 11:46 - 2014-03-25 17:57 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\BA Arbeit
2014-03-26 10:11 - 2014-03-26 09:56 - 00025561 _____ () C:\Users\Freya-Sophie\Desktop\Drux Arbeit korrigiert.odt
2014-03-26 10:02 - 2014-03-05 13:17 - 00019789 _____ () C:\Users\Freya-Sophie\Desktop\Sonderteil Drux.odt
2014-03-25 20:25 - 2014-02-17 17:10 - 00046196 _____ () C:\Users\Freya-Sophie\Desktop\Ha Drux Fertig.odt
2014-03-25 19:31 - 2012-11-26 00:10 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Dokumente
2014-03-25 17:56 - 2013-03-12 23:07 - 00000000 ____D () C:\ProgramData\Cisco
2014-03-25 17:56 - 2013-03-12 23:07 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-03-25 17:21 - 2012-10-26 12:18 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Musik
2014-03-19 16:17 - 2013-09-08 00:07 - 00000000 ___RD () C:\Users\Freya-Sophie\Desktop\Sonstiges
2014-03-17 23:18 - 2014-03-17 23:18 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Hamburg
2014-03-17 22:50 - 2012-03-14 23:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-17 22:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-03-17 22:47 - 2012-03-14 23:07 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-03-17 22:45 - 2014-03-17 22:45 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-03-17 22:43 - 2012-03-14 23:24 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-17 22:43 - 2011-02-10 21:23 - 00000000 ____D () C:\SWSetup
2014-03-16 23:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-14 10:10 - 2009-07-14 06:45 - 00311952 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 10:09 - 2013-03-15 21:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 10:09 - 2013-03-15 21:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 18:43 - 2013-10-15 18:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 18:43 - 2013-10-15 18:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 18:43 - 2013-10-15 18:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 22:46 - 2013-07-04 12:13 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Uni
2014-03-09 18:46 - 2014-03-09 18:42 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Skype
2014-03-06 14:06 - 2014-03-06 14:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 14:06 - 2012-03-14 23:24 - 00000000 ____D () C:\ProgramData\Skype
2014-03-06 14:01 - 2012-10-13 16:26 - 01596516 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-06 13:52 - 2010-11-21 05:47 - 00207720 _____ () C:\Windows\PFRO.log
Some content of TEMP:
====================
C:\Users\Freya-Sophie\AppData\Local\Temp\AskSLib.dll
C:\Users\Freya-Sophie\AppData\Local\Temp\avgnt.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\Extract.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\Quarantine.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\Resource.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\SP56942.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\sp58915.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\SP59202.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\sp64126.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\ylb2mz36.dll
C:\Users\Freya-Sophie\AppData\Local\Temp\_is3325.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\_is6F4A.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-16 23:11
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Habe es nochmal gemacht, kam wieder nur das, was ich gepostet habe... Mittlerweile sind die Wörter grün unterstrichen und in ejdem Browser auf jeder Seite vorhanden  ( HIIILFE |
|
03.04.2014, 16:00
| #4 |
| /// the machine /// TB-Ausbilder | VIRUS Werbung bei lila unterstrichenen Wörtern hi, da fehlt noch die Additional.txt. Wenn nicht vorhanden, FRST öffnen , Haken setzen bei Additional und scannen, dann das Logfile posten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.04.2014, 06:16
| #5 |
| | VIRUS Werbung bei lila unterstrichenen Wörtern Ok Fertig: Hier nochmal alles, danke schonmal für deine Antwort!  FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Freya-Sophie (administrator) on FREYA-SOPHIE-HP on 03-04-2014 18:28:14
Running from C:\Users\Freya-Sophie\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Program Files (x86)\LPT\srpts.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Mobogenie\MgAssist.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\PlurPush\updatePlurPush.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Smartbar) C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\Smartbar.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
(Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-02-24] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2012-01-30] (EasyBits Software AS)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [B2C_AGENT] - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2012-03-28] (LG Electronics)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [PMSpeed] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-08-31] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [748736 2014-04-02] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-12-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-12-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [Scan Buttons] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE [214360 2011-01-21] (NewSoft Technology Corporation)
HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [jSugLyCC] - wscript.exe //B "C:\Users\FREYA-~1\AppData\Local\Temp\jSugLyCC.vbs" <===== ATTENTION
HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [Browser Infrastructure Helper] - C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\Smartbar.exe [28192 2014-03-30] (Smartbar)
HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Policies\system: [DisableChangePassword] 0
Startup: C:\Users\Freya-Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search,
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUK354Imucep18IhloEg7llTGPxnjSNp8kBWLfHiVco_6HBvCvSGhU3jxB6OOO3v0XVmj0r_HzkiMYdL0DH98XwsM2ADUn9oClXvB_cBsksIsBciYKe8AxozxXYjbFrlA,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUK354Imucep18IhloEg7llTGPxnjSNp8kBWLfHiVco_6HBvCvSGhU3jxB6OOO3v0XVmj0r_HzkiMYdL0DH98XwsM2ADUn9oClXvB_cBsksIsBciYKe8AxozxXYjbFrlA,&q={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUK354Imucep18IhloEg7llTGPxnjSNp8kBWLfHiVco_6HBvCvSGhU3jxB6OOO3v0XVmj0r_HzkiMYdL0DH98XwsM2ADUn9oClXvB_cBsksIsBciYKe8AxozxXYjbFrlA,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUK354Imucep18IhloEg7llTGPxnjSNp8kBWLfHiVco_6HBvCvSGhU3jxB6OOO3v0XVmj0r_HzkiMYdL0DH98XwsM2ADUn9oClXvB_cBsksIsBciYKe8AxozxXYjbFrlA,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUK354Imucep18IhloEg7llTGPxnjSNp8kBWLfHiVco_6HBvCvSGhU3jxB6OOO3v0XVmj0r_HzkiMYdL0DH98XwsM2ADUn9oClXvB_cBsksIsBciYKe8AxozxXYjbFrlA,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUK354Imucep18IhloEg7llTGPxnjSNp8kBWLfHiVco_6HBvCvSGhU3jxB6OOO3v0XVmj0r_HzkiMYdL0DH98XwsM2ADUn9oClXvB_cBsksIsBciYKe8AxozxXYjbFrlA,&q={searchTerms}
BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: HP SimplePass Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: PlurPush - {82249076-d5c8-431d-982b-023779779587} - C:\Program Files (x86)\PlurPush\PlurPushbho.dll (PlurPush)
BHO-x32: HP SimplePass Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-06-21] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Freya-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\nmtme4z7.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ []
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [260424 2011-12-11] (HP)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [37920 2014-03-30] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [70848 2014-04-02] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [269640 2011-12-09] (AuthenTec, Inc.)
R2 Update PlurPush; C:\Program Files (x86)\PlurPush\updatePlurPush.exe [350488 2014-04-02] ()
R2 Util PlurPush; C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe [350488 2014-04-03] ()
==================== Drivers (Whitelisted) ====================
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20111201.001\BHDrvx64.sys [1157240 2011-11-28] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20111130.012\IDSVia64.sys [488568 2011-11-23] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20111203.009\ENG64.SYS [117880 2011-12-03] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20111203.009\EX64.SYS [2048632 2011-12-03] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-02-24] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-06-21] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-08-30] (Cisco Systems, Inc.)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-04-03] (StdLib)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-03 18:27 - 2014-04-03 18:28 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(1).exe
2014-04-03 17:31 - 2014-04-03 17:31 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Avira
2014-04-03 17:30 - 2014-04-03 17:30 - 00002066 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-04-03 17:30 - 2014-04-03 17:30 - 00000000 ____D () C:\ProgramData\Avira
2014-04-03 17:30 - 2014-04-03 17:30 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-03 17:30 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-03 17:30 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-03 17:30 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-03 17:26 - 2014-04-03 17:26 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-03 17:25 - 2014-04-03 17:28 - 138607664 _____ () C:\Users\Freya-Sophie\Downloads\avira_free_antivirus_de_14.0.3.350.exe
2014-04-03 17:20 - 2014-04-03 17:20 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-03 17:20 - 2014-04-03 17:20 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Mozilla
2014-04-03 17:20 - 2014-04-03 17:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-03 17:20 - 2014-04-03 17:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-03 17:19 - 2014-04-03 17:20 - 25032080 _____ (Mozilla) C:\Users\Freya-Sophie\Downloads\Firefox_Setup_de28.0.exe
2014-04-03 16:53 - 2014-04-03 16:58 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Local\Mobogenie
2014-04-03 16:53 - 2014-04-03 16:54 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 ____D () C:\Users\Freya-Sophie\Documents\Mobogenie
2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Local\cache
2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 ____D () C:\Users\Freya-Sophie\.android
2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 _____ () C:\Users\Freya-Sophie\daemonprocess.txt
2014-04-03 16:52 - 2014-04-03 16:56 - 00000000 ____D () C:\Program Files (x86)\PlurPush
2014-04-03 16:51 - 2014-04-03 17:05 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-04-03 16:51 - 2014-04-03 16:51 - 00002211 _____ () C:\Users\Freya-Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-04-03 16:51 - 2014-04-03 16:51 - 00000000 ____D () C:\AuthLog
2014-04-03 16:50 - 2014-04-03 16:50 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Local\Smartbar
2014-04-03 16:50 - 2014-04-03 16:50 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Local\LPT
2014-04-03 16:43 - 2014-04-03 16:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Freya-Sophie\Downloads\revosetup95.exe
2014-04-03 16:43 - 2014-04-03 16:43 - 00001264 _____ () C:\Users\Freya-Sophie\Desktop\Revo Uninstaller.lnk
2014-04-03 16:43 - 2014-04-03 16:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-03 15:15 - 2014-04-03 15:15 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\pc
2014-04-03 13:12 - 2014-04-04 01:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-03-26 09:56 - 2014-03-26 10:11 - 00025561 _____ () C:\Users\Freya-Sophie\Desktop\Drux Arbeit korrigiert.odt
2014-03-25 17:57 - 2014-03-28 11:46 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\BA Arbeit
2014-03-17 23:18 - 2014-03-17 23:18 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Hamburg
2014-03-17 22:45 - 2014-03-17 22:45 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-03-13 14:36 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 14:36 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 14:36 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 14:36 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 14:36 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 14:36 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 14:36 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 14:36 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 14:36 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 14:36 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 14:36 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 14:36 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 14:35 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 14:35 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 14:35 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 14:35 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 14:35 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 14:35 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 14:35 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 14:35 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 14:35 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 14:35 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 14:35 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 14:35 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 14:35 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 14:35 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 14:35 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 14:35 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 14:35 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 14:35 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 14:35 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 14:35 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 14:35 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 14:35 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 14:35 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 14:35 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 14:35 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 14:35 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 14:35 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 14:35 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 14:35 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 14:35 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 14:35 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 14:35 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 14:35 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 14:35 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 14:34 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 14:34 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-09 18:42 - 2014-03-09 18:46 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Skype
2014-03-06 14:06 - 2014-03-06 14:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-05 13:17 - 2014-04-03 15:17 - 00020286 _____ () C:\Users\Freya-Sophie\Desktop\Sonderteil Drux.odt
==================== One Month Modified Files and Folders =======
2014-04-04 01:27 - 2014-04-03 13:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-04 01:27 - 2013-10-14 00:05 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Malwarebytes
2014-04-04 01:27 - 2013-10-14 00:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 01:27 - 2013-10-14 00:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-04 01:27 - 2012-11-28 23:49 - 00000000 ___HD () C:\Users\Freya-Sophie\Desktop\.picasaoriginals
2014-04-04 01:27 - 2012-10-26 12:31 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Bilder
2014-04-04 01:27 - 2012-06-21 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-04 01:27 - 2012-06-21 01:07 - 00000000 ____D () C:\ProgramData\Norton
2014-04-04 01:27 - 2012-03-14 23:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-04 01:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-04 01:26 - 2013-10-13 23:36 - 00000000 ____D () C:\AdwCleaner
2014-04-04 01:26 - 2013-03-12 23:07 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-04-03 18:28 - 2014-04-03 18:27 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(1).exe
2014-04-03 18:28 - 2013-10-14 12:33 - 00024011 _____ () C:\Users\Freya-Sophie\Downloads\FRST.txt
2014-04-03 18:28 - 2013-10-14 12:31 - 00000000 ____D () C:\FRST
2014-04-03 18:08 - 2012-03-15 07:32 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-04-03 18:08 - 2012-03-15 07:32 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-04-03 18:08 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 18:07 - 2012-10-13 11:39 - 01107507 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 17:49 - 2014-01-02 22:41 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForFreya-Sophie
2014-04-03 17:49 - 2014-01-02 22:41 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForFreya-Sophie.job
2014-04-03 17:43 - 2013-10-15 18:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-03 17:31 - 2014-04-03 17:31 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Avira
2014-04-03 17:30 - 2014-04-03 17:30 - 00002066 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-04-03 17:30 - 2014-04-03 17:30 - 00000000 ____D () C:\ProgramData\Avira
2014-04-03 17:30 - 2014-04-03 17:30 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-03 17:28 - 2014-04-03 17:25 - 138607664 _____ () C:\Users\Freya-Sophie\Downloads\avira_free_antivirus_de_14.0.3.350.exe
2014-04-03 17:26 - 2014-04-03 17:26 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-04-03 17:20 - 2014-04-03 17:20 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-03 17:20 - 2014-04-03 17:20 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Mozilla
2014-04-03 17:20 - 2014-04-03 17:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-03 17:20 - 2014-04-03 17:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-03 17:20 - 2014-04-03 17:19 - 25032080 _____ (Mozilla) C:\Users\Freya-Sophie\Downloads\Firefox_Setup_de28.0.exe
2014-04-03 17:12 - 2009-07-14 06:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 17:12 - 2009-07-14 06:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 17:06 - 2013-04-25 07:58 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\.oit
2014-04-03 17:05 - 2014-04-03 16:51 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-04-03 17:04 - 2010-11-21 05:47 - 00210884 _____ () C:\Windows\PFRO.log
2014-04-03 17:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-03 17:04 - 2009-07-14 06:51 - 00107930 _____ () C:\Windows\setupact.log
2014-04-03 17:01 - 2012-03-14 23:29 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-03 16:58 - 2014-04-03 16:53 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Local\Mobogenie
2014-04-03 16:56 - 2014-04-03 16:52 - 00000000 ____D () C:\Program Files (x86)\PlurPush
2014-04-03 16:54 - 2014-04-03 16:53 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 ____D () C:\Users\Freya-Sophie\Documents\Mobogenie
2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Local\cache
2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 ____D () C:\Users\Freya-Sophie\.android
2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 _____ () C:\Users\Freya-Sophie\daemonprocess.txt
2014-04-03 16:53 - 2012-10-13 11:39 - 00000000 ____D () C:\Users\Freya-Sophie
2014-04-03 16:51 - 2014-04-03 16:51 - 00002211 _____ () C:\Users\Freya-Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-04-03 16:51 - 2014-04-03 16:51 - 00000000 ____D () C:\AuthLog
2014-04-03 16:50 - 2014-04-03 16:50 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Local\Smartbar
2014-04-03 16:50 - 2014-04-03 16:50 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Local\LPT
2014-04-03 16:43 - 2014-04-03 16:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Freya-Sophie\Downloads\revosetup95.exe
2014-04-03 16:43 - 2014-04-03 16:43 - 00001264 _____ () C:\Users\Freya-Sophie\Desktop\Revo Uninstaller.lnk
2014-04-03 16:43 - 2014-04-03 16:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-03 16:34 - 2012-10-13 11:46 - 00003986 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{85A2C3B9-F210-4290-81FF-A833E868492A}
2014-04-03 16:34 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-03 16:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-04-03 15:17 - 2014-03-05 13:17 - 00020286 _____ () C:\Users\Freya-Sophie\Desktop\Sonderteil Drux.odt
2014-04-03 15:15 - 2014-04-03 15:15 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\pc
2014-03-28 11:46 - 2014-03-25 17:57 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\BA Arbeit
2014-03-26 10:11 - 2014-03-26 09:56 - 00025561 _____ () C:\Users\Freya-Sophie\Desktop\Drux Arbeit korrigiert.odt
2014-03-25 20:25 - 2014-02-17 17:10 - 00046196 _____ () C:\Users\Freya-Sophie\Desktop\Ha Drux Fertig.odt
2014-03-25 17:56 - 2013-03-12 23:07 - 00000000 ____D () C:\ProgramData\Cisco
2014-03-17 23:18 - 2014-03-17 23:18 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Hamburg
2014-03-17 22:47 - 2012-03-14 23:07 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-03-17 22:45 - 2014-03-17 22:45 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-03-17 22:43 - 2012-03-14 23:24 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-17 22:43 - 2011-02-10 21:23 - 00000000 ____D () C:\SWSetup
2014-03-16 23:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-16 16:14 - 2012-11-04 18:48 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-03-16 16:13 - 2013-03-17 16:01 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-14 10:10 - 2009-07-14 06:45 - 00311952 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 10:09 - 2013-03-15 21:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 10:09 - 2013-03-15 21:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 18:43 - 2013-10-15 18:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 18:43 - 2013-10-15 18:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 18:43 - 2013-10-15 18:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 22:46 - 2013-07-04 12:13 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Uni
2014-03-10 22:46 - 2012-10-26 12:18 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Musik
2014-03-09 18:46 - 2014-03-09 18:42 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Skype
2014-03-06 14:06 - 2014-03-06 14:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 14:06 - 2012-03-14 23:24 - 00000000 ____D () C:\ProgramData\Skype
2014-03-06 14:01 - 2012-10-13 16:26 - 01596516 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
Some content of TEMP:
====================
C:\Users\Freya-Sophie\AppData\Local\Temp\6_Offer_13.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\AskSLib.dll
C:\Users\Freya-Sophie\AppData\Local\Temp\avgnt.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\Extract.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\instruct.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\Quarantine.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\Resource.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\SP56942.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\sp58915.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\SP59202.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\sp64126.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\ylb2mz36.dll
C:\Users\Freya-Sophie\AppData\Local\Temp\_is3325.exe
C:\Users\Freya-Sophie\AppData\Local\Temp\_is6F4A.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-16 23:11
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Freya-Sophie at 2014-04-03 18:29:01
Running from C:\Users\Freya-Sophie\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.5.0.165 - AuthenTec, Inc.) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Benutzerhandbuch EPSON BX535WD Series (HKLM-x32\...\EPSON BX535WD Series Useg) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04066 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04066 - Cisco Systems, Inc.) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.3.5010 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.3.5010 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Download Navigator (HKLM-x32\...\{D0353B68-A142-4F89-A46E-1C9A7745D636}) (Version: 3.4.1 - SEIKO EPSON CORPORATION)
EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version: - SEIKO EPSON Corporation)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson E-Web Print (HKLM-x32\...\{695C8469-7822-4B31-A673-5ED84815B649}) (Version: 1.17.0000 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{7DA9DD7F-F4D9-40FB-BD27-69B7731DEDD9}) (Version: 5.1.3 - Hewlett-Packard)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{DB183033-C2DD-4A37-B43C-943DD4B28C77}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Security Assistant (HKLM\...\{D3AA8FD3-5FFA-4CFC-BA8E-99BFC6A41943}) (Version: 3.0.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP SimplePass PE (HKLM-x32\...\{880B5A98-B242-4B53-BD6F-41EA17495EAD}) (Version: 5.4.0.402 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.7.2.0 - LG Electronics)
LG USB WML Modem Driver (HKLM-x32\...\{FBA0CA60-8BF2-4381-B819-74F020E165A9}) (Version: 1.0 - LG Electronics)
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mahjongg Artifacts (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Excel 2002 (HKLM-x32\...\{90160407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft PowerPoint 2002 (HKLM-x32\...\{90180407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2002 (HKLM-x32\...\{901B0407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Mobogenie (HKLM-x32\...\Mobogenie) (Version: - Mobogenie.com) <==== ATTENTION
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Netzwerkhandbuch EPSON BX535WD Series (HKLM-x32\...\EPSON BX535WD Series Netg) (Version: - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlurPush (HKLM\...\PlurPush) (Version: 2014.04.02.201943 - PlurPush)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Presto! PageManager 9.03 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation)
Ralink RT5390R 802.11b/g/n 1x1 Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.12.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.51.116.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6577 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shopping Helper Smartbar (HKLM-x32\...\{7DD65DA0-AD4F-4974-AAC6-5834DD7F6841}) (Version: 11.43.63.16271 - ReSoft Ltd.) <==== ATTENTION
Shopping Helper Smartbar Engine (HKCU\...\{268947d4-8200-431f-b198-d15a86aa9377}) (Version: 11.43.63.16271 - ReSoft Ltd.) <==== ATTENTION
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VIS (HKLM-x32\...\VIS) (Version: - ) <==== ATTENTION
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Restore Points =========================
14-03-2014 00:16:15 Windows Update
17-03-2014 20:46:05 Installed HP Support Assistant
17-03-2014 20:48:58 Windows Modules Installer
17-03-2014 20:49:59 Windows Modules Installer
03-04-2014 14:31:25 Windows Modules Installer
03-04-2014 14:32:08 Windows Modules Installer
03-04-2014 14:44:51 Revo Uninstaller's restore point - Mozilla Firefox 27.0.1 (x86 de)
03-04-2014 14:46:22 Revo Uninstaller's restore point - Mozilla Firefox 27.0.1 (x86 de)
03-04-2014 14:51:35 Uniblue SpeedUpMyPC installation
03-04-2014 14:55:29 Revo Uninstaller's restore point - VO Package
03-04-2014 14:56:24 Revo Uninstaller's restore point - SpeedUpMyPC
03-04-2014 14:57:25 Revo Uninstaller's restore point - WebEnhance
03-04-2014 14:59:22 Revo Uninstaller's restore point - Windows Live Mesh ActiveX Control for Remote Connections
03-04-2014 15:00:47 Revo Uninstaller's restore point - Adobe Reader X (10.1.9) MUI
03-04-2014 15:02:46 Revo Uninstaller's restore point - Avira Free Antivirus
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {18C7C69B-D51D-47DE-A239-83AD5CB45283} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {20F939D9-1A8C-40F9-AE9E-B1306BB65BCC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {5C9F6B69-247C-418F-BFE0-34A9400DA327} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {747B5C5E-AD3D-4116-8DF7-F07ABC373D96} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {79712EB4-8C55-438E-A146-B83F7F83EEC7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {7E1AB936-B3C3-43F4-B709-E5FD3E90A1EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_backup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {964527E7-49EF-4396-9767-67E3D5879E39} - System32\Tasks\HPCeeScheduleForFreya-Sophie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {B33C62BE-0DE7-4F33-8CBD-7E0B34EA2503} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B4B5CF31-E967-42DA-8FCD-F6A159943364} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {BEA4A914-8432-4693-ABBE-C6427046EA76} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CA75F678-04B9-4525-B195-80D589153504} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-10] (CyberLink)
Task: {CCD2C709-BF9F-47DF-89AE-A3EADE5559EC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {F99EABE5-7105-470E-ACAD-CBD3542DE659} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForFreya-Sophie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2014-03-30 10:50 - 2014-03-30 10:50 - 00037920 _____ () C:\Program Files (x86)\LPT\srpts.exe
2014-04-03 16:53 - 2014-04-02 09:17 - 00070848 _____ () C:\Program Files (x86)\Mobogenie\MgAssist.exe
2014-04-02 22:19 - 2014-04-02 22:19 - 00350488 _____ () C:\Program Files (x86)\PlurPush\updatePlurPush.exe
2014-04-03 16:53 - 2014-04-02 09:17 - 00748736 _____ () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
2012-02-14 19:53 - 2012-02-14 19:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-19 23:34 - 2011-12-19 23:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2014-04-03 16:56 - 2014-04-03 16:56 - 00350488 _____ () C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe
2013-12-13 00:36 - 2013-08-31 00:11 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-30 10:50 - 2014-03-30 10:50 - 00077856 _____ () C:\Program Files (x86)\LPT\srpt.dll
2014-03-30 10:50 - 2014-03-30 10:50 - 00023072 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-03-30 10:49 - 2014-03-30 10:49 - 00018976 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2014-04-03 16:53 - 2014-04-02 09:17 - 00065728 _____ () C:\Program Files (x86)\Mobogenie\Device.dll
2014-04-03 16:53 - 2014-04-02 09:17 - 00474816 _____ () C:\Program Files (x86)\Mobogenie\DCR.dll
2013-04-24 20:13 - 2010-05-07 11:46 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PerformOcr.dll
2013-04-24 20:13 - 2010-12-23 13:17 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMISM.dll
2013-04-24 20:13 - 2007-03-30 10:24 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Qem.dll
2013-04-24 20:13 - 2010-12-29 17:52 - 00147456 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMCommon.dll
2013-04-24 20:13 - 2008-08-25 17:19 - 00069632 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PHooKDlg.dll
2013-04-24 20:13 - 2011-03-11 10:47 - 00151040 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ScanModule.dll
2013-04-24 20:13 - 2010-12-20 16:21 - 00098304 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\CategoryManager.dll
2013-04-24 20:13 - 2010-10-22 10:01 - 00139264 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSet.dll
2013-04-24 20:13 - 2010-10-22 10:22 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSave.dll
2013-04-24 20:13 - 2010-12-29 18:32 - 00614400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDB_N.dll
2013-04-24 20:13 - 2009-08-06 10:22 - 00421888 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\FT.dll
2013-04-24 20:13 - 2010-09-09 18:00 - 00061440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMINSO.dll
2013-04-24 20:13 - 2009-09-09 14:44 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMANO.dll
2013-04-24 20:13 - 2007-03-30 09:49 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ComClass.dll
2013-04-24 20:13 - 2010-08-03 10:44 - 00049152 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMOffice.dll
2013-04-24 20:13 - 2007-12-20 14:37 - 00176128 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\DocCate.dll
2013-04-24 20:13 - 2011-01-21 15:05 - 00258048 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMScnSet.dll
2013-04-24 20:13 - 2009-11-26 17:49 - 00081920 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NetFun2k.dll
2014-03-30 10:49 - 2014-03-30 10:49 - 00046624 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-03-30 10:50 - 2014-03-30 10:50 - 00068640 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\srau.dll
2014-03-30 10:49 - 2014-03-30 10:49 - 00165408 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-03-30 10:49 - 2014-03-30 10:49 - 02283040 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-03-30 10:50 - 2014-03-30 10:50 - 00066592 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\spbl.dll
2014-03-30 10:49 - 2014-03-30 10:49 - 00154656 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-03-30 10:49 - 2014-03-30 10:49 - 00014368 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\siem.dll
2014-03-30 10:50 - 2014-03-30 10:50 - 00063520 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\sppsm.dll
2014-03-30 10:49 - 2014-03-30 10:49 - 00696864 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-03-30 10:49 - 2014-03-30 10:49 - 00014880 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-03-30 10:49 - 2014-03-30 10:49 - 00078880 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-03-30 10:49 - 2014-03-30 10:49 - 00027168 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-03-30 10:50 - 2014-03-30 10:50 - 00056864 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\srut.dll
2014-03-30 10:50 - 2014-03-30 10:50 - 00029216 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\srsbs.dll
2014-03-30 10:49 - 2014-03-30 10:49 - 00065568 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-03-30 10:50 - 2014-03-30 10:50 - 00030752 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\srom.dll
2014-03-30 10:50 - 2014-03-30 10:50 - 00030752 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\smtu.dll
2014-03-30 10:50 - 2014-03-30 10:50 - 00038944 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\smta.dll
2014-03-30 10:50 - 2014-03-30 10:50 - 00043552 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\srbu.dll
2014-03-30 10:49 - 2014-03-30 10:49 - 00024096 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\sgml.dll
2014-03-30 10:49 - 2014-03-30 10:49 - 00061472 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-03-30 10:50 - 2014-03-30 10:50 - 00024608 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\srpdm.dll
2014-03-30 10:49 - 2014-03-30 10:49 - 00043040 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-03-30 10:48 - 2014-03-30 10:48 - 00026656 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2014-03-30 10:49 - 2014-03-30 10:49 - 00035360 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-03-30 10:49 - 2014-03-30 10:49 - 00193056 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\sgmu.dll
2014-03-30 10:46 - 2014-03-30 10:46 - 00061440 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
2014-03-30 10:50 - 2014-03-30 10:50 - 00255008 _____ () C:\Users\Freya-Sophie\AppData\Local\Smartbar\Application\srns.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-04-24 20:13 - 2008-11-17 14:56 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\nsSign.dll
2013-04-24 20:13 - 2010-11-30 16:42 - 00352256 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMTree.dll
2013-04-24 20:13 - 2010-07-13 10:48 - 00106496 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMProp.dll
2013-04-24 20:13 - 2007-08-31 17:51 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMVoice.dll
2013-04-24 20:13 - 2010-09-08 17:10 - 00073728 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\OutlookVBA.dll
2013-04-24 20:13 - 2009-11-27 17:38 - 00331776 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAppBar.dll
2013-04-24 20:13 - 2010-11-26 10:33 - 04583424 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMView.dll
2013-04-24 20:13 - 2007-03-30 10:01 - 00038992 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NsOEMKey.dll
2013-04-24 20:13 - 2010-09-26 11:13 - 00430080 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPageVW.dll
2013-04-24 20:13 - 2010-03-02 15:09 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDocVW.dll
2013-04-24 20:13 - 2009-06-26 09:03 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMApSet.dll
2013-04-24 20:13 - 2010-08-03 10:51 - 01036288 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\SlideBarDLL.dll
2013-04-24 20:13 - 2009-12-04 17:20 - 00323584 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAnoSet.dll
2013-04-24 20:13 - 2010-09-26 11:13 - 00184320 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImgVW.dll
2013-04-24 20:13 - 2008-08-25 16:16 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMIEVW.dll
2013-04-24 20:13 - 2010-09-08 10:52 - 00036864 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPDFView.dll
2013-04-24 20:13 - 2010-04-27 15:20 - 00065536 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMStatus.dll
2013-04-24 20:13 - 2007-03-30 09:57 - 00034896 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Import.dll
2013-04-24 20:13 - 2010-11-26 10:45 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImageSplitter.dll
2014-02-15 16:53 - 2014-02-15 16:53 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll
2012-06-21 00:55 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-06-21 00:59 - 2012-02-08 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-04-03 17:20 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-12 18:43 - 2014-03-12 18:43 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
2014-04-03 17:30 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/03/2014 05:56:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9064
Error: (04/03/2014 05:56:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9064
Error: (04/03/2014 05:56:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/03/2014 05:29:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2980
Error: (04/03/2014 05:29:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2980
Error: (04/03/2014 05:29:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/03/2014 05:05:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/03/2014 04:30:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/03/2014 04:29:35 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
Error: (04/03/2014 03:22:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (04/03/2014 05:10:24 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/03/2014 05:10:24 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/03/2014 04:53:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MgAssist Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (04/03/2014 03:23:17 PM) (Source: NetBT) (User: )
Description: Die Registrierungsverknüpfung kann nicht geöffnet werden, um die Konfigurationsinformationen zu lesen.
Error: (04/03/2014 03:22:44 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst iphlpsvc erreicht.
Error: (04/03/2014 01:41:12 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/03/2014 01:41:12 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/03/2014 08:46:53 AM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (03/26/2014 00:11:52 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 25.03.2014 um 23:10:51 unerwartet heruntergefahren.
Error: (03/25/2014 04:21:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Norton Internet Security" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (04/03/2014 05:56:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9064
Error: (04/03/2014 05:56:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9064
Error: (04/03/2014 05:56:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/03/2014 05:29:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2980
Error: (04/03/2014 05:29:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2980
Error: (04/03/2014 05:29:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/03/2014 05:05:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/03/2014 04:30:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/03/2014 04:29:35 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: 0x0
Error: (04/03/2014 03:22:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 61%
Total physical RAM: 3996.36 MB
Available physical RAM: 1533.89 MB
Total Pagefile: 7990.9 MB
Available Pagefile: 5322.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:277.83 GB) (Free:190.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:19.97 GB) (Free:2.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (JOY_04_2014) (CDROM) (Total:1.93 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D2E3023C)
Partition: GPT Partition Type.
==================== End Of Log ============================
Ich glaube ich habe mir wirklich einen ganzen Haufen an Viren etc eingefangen, mein PC läuft total langsam. Und auch auf dem Desktop die Pfeile die auf die Verklinkungen verweisen sind viel größer geworden ( Verzweifel gerade echt...Hey Schrauber, ein Bekannter hat es jetzt anscheinend hinbekommen, die unterstrichenen Wörter sind weg, durch einen Adblocker für firefox. Kann ich denn ein Programm benutzen, was quasi meinen PC scannt womit du sehen kannst ob ich noch gefährliche Sachen drauf habe? Wäre super wenn du einmal drüber gucken könntetst bevor ich weiter mit dem PC arbeite  LG |
|
04.04.2014, 12:08
| #6 |
| /// the machine /// TB-Ausbilder | VIRUS Werbung bei lila unterstrichenen Wörtern Das verhindert nur die Fenster, die Malware ist immer noch auf dem System! Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> VIRUS Werbung bei lila unterstrichenen Wörtern |
|
04.04.2014, 19:26
| #7 |
| | VIRUS Werbung bei lila unterstrichenen Wörtern Ok dann mache ich das gleich. Kannst du mir bitte nich sagen was du mit dem ATTENTIOn löschen meinst? Ich kenne mich da leider überhaupt nicht mit aus. Wen du mir sagst was ich löschen soll mach ich das Folgendes wollte ich nun löschen: LPT System Updater Service Mobogenie Shopping Helper Smartbar Shopping Helper Smartbar Engine VIS Wird dann im Program das Häcken da gesetz wo das programm steht oder darüber in der Tabelle von dem zweig herab alles wo das programm drunter steht? Also ich habe jetzt alle Programme mit ATTENTION gelöscht mit dem Programm. Da ich schonmal ein Virenproblem hatte, hatte ich Malwarebytes Anti-Malware noch drauf. Habe das ebenfalls deinstalliert mit dem Programm, neu runtergeladen und alle Schritte befolgt. Nun läuft der Suchlauf... So hier schonmal das von Malwarebytes: (ich hoffe es war normal das der beim hochfahren ziemlich lange gebraucht hat mit schwarzem bildschirm dazwischen ) Malwarebytes Anti-Malware Malwarebytes | Free Anti-Malware & Internet Security Software Suchlauf Datum: 04.04.2014 Suchlauf-Zeit: 19:23:02 Logdatei: mbam.txt Administrator: Ja Version: 2.00.0.1000 Malware Datenbank: v2014.04.04.04 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Freya-Sophie Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 263708 Verstrichene Zeit: 41 Min, 46 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.PlurPush, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update PlurPush, In Quarantäne, [c63a41bfbb4522debe7f382d0bf7f50b], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 1 PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUK354Imucep18IhloEg7llTGPxnjSNp8kBWLfHiVco_6HBvCvSGhU3jxB6OOO3v0XVmj0r_HzkiMYdL0DH98XwsM2ADUn9oClXvB_cBsksIsBciYKe8AxozxXYjbFrlA,&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwugvkecS8vMTddoFZ1JOSS-uAGUK354Imucep18IhloEg7llTGPxnjSNp8kBWLfHiVco_6HBvCvSGhU3jxB6OOO3v0XVmj0r_HzkiMYdL0DH98XwsM2ADUn9oClXvB_cBsksIsBciYKe8AxozxXYjbFrlA,&q={searchTerms}), Ersetzt,[8977e91704fc27d99096a862fc08f30d] Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Die beiden Funde hab ich in Qarantäne verschoben Ich habe gerade das andere, adw cleaner laufen lassen, beim löschen kam eine fehlermeldung und es wurde abgebrochen, ich versuche es nochmal.. So jetzt im 2. Anlauf hat es mit dem ADWCleaner geklappt.. hier die DateiAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 03/04/2014 um 15:19:11
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Freya-Sophie - FREYA-SOPHIE-HP
# Gestartet von : C:\Users\Freya-Sophie\Downloads\adwcleaner(2).exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Freya-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\n3jtrf3m.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [10224 octets] - [13/10/2013 23:36:49]
AdwCleaner[R1].txt - [960 octets] - [13/10/2013 23:46:34]
AdwCleaner[R2].txt - [1068 octets] - [14/10/2013 17:59:04]
AdwCleaner[R3].txt - [2462 octets] - [03/04/2014 09:15:05]
AdwCleaner[R4].txt - [1317 octets] - [03/04/2014 15:18:04]
AdwCleaner[S0].txt - [9855 octets] - [13/10/2013 23:38:00]
AdwCleaner[S1].txt - [1020 octets] - [13/10/2013 23:48:50]
AdwCleaner[S2].txt - [1130 octets] - [14/10/2013 17:59:46]
AdwCleaner[S3].txt - [2446 octets] - [03/04/2014 09:21:06]
AdwCleaner[S4].txt - [1239 octets] - [03/04/2014 15:19:11]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1299 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 04/04/2014 um 19:47:40
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Freya-Sophie - FREYA-SOPHIE-HP
# Gestartet von : C:\Users\Freya-Sophie\Downloads\adwcleaner(2).exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\Software\Uniblue
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Freya-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\pigyqhry.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [10224 octets] - [13/10/2013 23:36:49]
AdwCleaner[R1].txt - [960 octets] - [13/10/2013 23:46:34]
AdwCleaner[R2].txt - [1068 octets] - [14/10/2013 17:59:04]
AdwCleaner[R3].txt - [6206 octets] - [03/04/2014 09:15:05]
AdwCleaner[R4].txt - [4376 octets] - [03/04/2014 15:18:04]
AdwCleaner[S0].txt - [9855 octets] - [13/10/2013 23:38:00]
AdwCleaner[S1].txt - [1020 octets] - [13/10/2013 23:48:50]
AdwCleaner[S2].txt - [1130 octets] - [14/10/2013 17:59:46]
AdwCleaner[S3].txt - [3256 octets] - [03/04/2014 09:21:06]
AdwCleaner[S4].txt - [4295 octets] - [03/04/2014 15:19:11]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [4355 octets] ##########
Hier das von Junkware Removal ToolJRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Freya-Sophie on 04.04.2014 at 19:53:19,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.04.2014 at 20:15:39,80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Und hier noch das letzte von FRST FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Freya-Sophie (administrator) on FREYA-SOPHIE-HP on 04-04-2014 20:19:02 Running from C:\Users\Freya-Sophie\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe (NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (HP) C:\Program Files (x86)\HP SimplePass\BioMonitor.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(3).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-13] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-02-24] (Synaptics Incorporated) HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation) HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2012-01-30] (EasyBits Software AS) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [B2C_AGENT] - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2012-03-28] (LG Electronics) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [PMSpeed] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-08-31] (Cisco Systems, Inc.) HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-03-18] (Check Point Software Technologies Ltd.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-12-13] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-12-13] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [Scan Buttons] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE [214360 2011-01-21] (NewSoft Technology Corporation) HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [jSugLyCC] - wscript.exe //B "C:\Users\FREYA-~1\AppData\Local\Temp\jSugLyCC.vbs" <===== ATTENTION HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Policies\system: [DisableChangePassword] 0 Startup: C:\Users\Freya-Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} BHO: HP SimplePass Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: HP SimplePass Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Toolbar: HKLM - HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-06-21] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Freya-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\pigyqhry.default FF SearchEngineOrder.1: Search By ZoneAlarm FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: zonealarm.com - C:\Users\Freya-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\pigyqhry.default\Extensions\ffxtlbr@zonealarm.com [2014-04-03] FF Extension: Adblock Plus - C:\Users\Freya-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\pigyqhry.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-03] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [260424 2011-12-11] (HP) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation) S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [269640 2011-12-09] (AuthenTec, Inc.) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3558112 2014-03-18] (Check Point Software Technologies Ltd.) R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [81752 2014-02-23] (Check Point Software Technologies, Ltd.) ==================== Drivers (Whitelisted) ==================== S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.) S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.) S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.) S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20111201.001\BHDrvx64.sys [1157240 2011-11-28] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20111130.012\IDSVia64.sys [488568 2011-11-23] (Symantec Corporation) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-12-24] (Kaspersky Lab ZAO) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-12-24] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [489568 2013-12-24] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-04] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20111203.009\ENG64.SYS [117880 2011-12-03] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20111203.009\EX64.SYS [2048632 2011-12-03] (Symantec Corporation) S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.) R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-02-24] (Synaptics Incorporated) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-06-21] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-08-30] (Cisco Systems, Inc.) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451480 2014-03-18] (Check Point Software Technologies Ltd.) R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-04-03] (StdLib) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-04 20:18 - 2014-04-04 20:18 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(3).exe 2014-04-04 20:18 - 2014-04-04 20:18 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(2).exe 2014-04-04 20:15 - 2014-04-04 20:15 - 00000632 _____ () C:\Users\Freya-Sophie\Desktop\JRT.txt 2014-04-04 19:52 - 2014-04-04 19:52 - 01038974 _____ (Thisisu) C:\Users\Freya-Sophie\Downloads\JRT(1).exe 2014-04-04 19:46 - 2014-04-04 19:46 - 01426178 _____ () C:\Users\Freya-Sophie\Downloads\adwcleaner(2).exe 2014-04-04 19:41 - 2014-04-04 19:41 - 01426178 _____ () C:\Users\Freya-Sophie\Downloads\adwcleaner(1).exe 2014-04-04 19:38 - 2014-04-04 19:38 - 00001883 _____ () C:\Users\Freya-Sophie\Desktop\mbam.txt 2014-04-04 18:38 - 2014-04-04 19:51 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-04 18:38 - 2014-04-04 18:38 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-04 18:38 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-04 18:38 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-04 18:37 - 2014-04-04 18:38 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Freya-Sophie\Downloads\mbam-setup-2.0.0.1000(2).exe 2014-04-04 18:30 - 2014-04-04 18:30 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Freya-Sophie\Downloads\mbam-setup-2.0.0.1000(1).exe 2014-04-04 18:28 - 2014-04-04 18:29 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Freya-Sophie\Downloads\mbam-setup-2.0.0.1000.exe 2014-04-04 18:26 - 2014-04-04 18:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Freya-Sophie\Downloads\revosetup95(1).exe 2014-04-04 18:26 - 2014-04-04 18:26 - 00001224 _____ () C:\Users\Freya-Sophie\Desktop\Revo Uninstaller.lnk 2014-04-04 14:30 - 2014-04-04 14:30 - 00008972 _____ () C:\Users\Freya-Sophie\Desktop\Unbenannt 1.odt 2014-04-04 07:13 - 2014-04-04 07:13 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-04-03 22:07 - 2014-04-03 22:07 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-04-03 21:15 - 2014-04-03 21:15 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-04-03 21:15 - 2014-04-03 21:15 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-04-03 21:07 - 2014-04-03 21:07 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-04-03 21:07 - 2014-04-03 21:07 - 00000000 ____D () C:\ProgramData\McAfee 2014-04-03 20:43 - 2014-04-03 20:43 - 00431135 _____ () C:\Windows\system32\Drivers\vsconfig.xml 2014-04-03 20:42 - 2013-12-24 23:33 - 07717984 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2014-04-03 20:42 - 2013-12-24 23:33 - 00489568 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-04-03 20:42 - 2013-12-24 23:33 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-04-03 20:36 - 2014-04-03 20:42 - 00000000 ____D () C:\Program Files (x86)\CheckPoint 2014-04-03 20:36 - 2014-04-03 20:36 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Check Point Software Technologies LTD 2014-04-03 20:36 - 2014-04-03 20:36 - 00000000 ____D () C:\Program Files (x86)\Check Point Software Technologies LTD 2014-04-03 20:35 - 2014-04-03 20:35 - 03356760 _____ (Check Point Software Technologies Ltd.) C:\Users\Freya-Sophie\Downloads\zaSetupWeb_130_208_000.exe 2014-04-03 20:35 - 2014-04-03 20:35 - 00000000 ____D () C:\ProgramData\CheckPoint 2014-04-03 20:24 - 2014-04-03 20:24 - 00001107 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-03 20:24 - 2014-04-03 20:24 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Mozilla 2014-04-03 20:24 - 2014-04-03 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-03 20:23 - 2014-04-03 20:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-03 19:49 - 2014-04-03 19:49 - 01037734 _____ (Thisisu) C:\Users\Freya-Sophie\Downloads\JRT_6.1.2.exe 2014-04-03 18:27 - 2014-04-03 18:28 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(1).exe 2014-04-03 17:31 - 2014-04-03 17:31 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Avira 2014-04-03 17:30 - 2014-04-03 17:30 - 00002066 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-04-03 17:30 - 2014-04-03 17:30 - 00000000 ____D () C:\ProgramData\Avira 2014-04-03 17:30 - 2014-04-03 17:30 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-04-03 17:30 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-04-03 17:30 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-04-03 17:30 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-04-03 17:26 - 2014-04-03 17:26 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys 2014-04-03 17:25 - 2014-04-03 17:28 - 138607664 _____ () C:\Users\Freya-Sophie\Downloads\avira_free_antivirus_de_14.0.3.350.exe 2014-04-03 17:19 - 2014-04-03 17:20 - 25032080 _____ (Mozilla) C:\Users\Freya-Sophie\Downloads\Firefox_Setup_de28.0.exe 2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Local\cache 2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 ____D () C:\Users\Freya-Sophie\.android 2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 _____ () C:\Users\Freya-Sophie\daemonprocess.txt 2014-04-03 16:52 - 2014-04-03 19:54 - 00000000 ____D () C:\Program Files (x86)\PlurPush 2014-04-03 16:51 - 2014-04-03 16:51 - 00000000 ____D () C:\AuthLog 2014-04-03 16:43 - 2014-04-04 18:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-03 16:43 - 2014-04-03 16:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Freya-Sophie\Downloads\revosetup95.exe 2014-04-03 13:12 - 2014-04-04 18:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-26 09:56 - 2014-03-26 10:11 - 00025561 _____ () C:\Users\Freya-Sophie\Desktop\Drux Arbeit korrigiert.odt 2014-03-25 17:57 - 2014-03-28 11:46 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\BA Arbeit 2014-03-18 02:24 - 2014-03-18 02:24 - 00451480 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys 2014-03-17 23:18 - 2014-03-17 23:18 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Hamburg 2014-03-17 22:45 - 2014-03-17 22:45 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} 2014-03-13 14:36 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-13 14:36 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 14:36 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 14:36 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-13 14:36 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 14:36 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-13 14:36 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 14:36 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 14:36 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 14:36 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 14:36 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-13 14:36 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-13 14:35 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 14:35 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 14:35 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-13 14:35 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-13 14:35 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 14:35 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-13 14:35 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-13 14:35 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-13 14:35 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-13 14:35 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-13 14:35 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-13 14:35 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-13 14:35 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-13 14:35 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-13 14:35 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 14:35 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-13 14:35 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 14:35 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 14:35 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-13 14:35 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-13 14:35 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-13 14:35 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-13 14:35 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 14:35 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-13 14:35 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 14:35 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 14:35 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-13 14:35 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 14:35 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 14:35 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 14:35 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-13 14:35 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-13 14:35 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 14:35 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 14:34 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-13 14:34 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-09 18:42 - 2014-03-09 18:46 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Skype 2014-03-06 14:06 - 2014-03-06 14:06 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-05 13:17 - 2014-04-03 19:40 - 00020895 _____ () C:\Users\Freya-Sophie\Desktop\Sonderteil Drux.odt ==================== One Month Modified Files and Folders ======= 2014-04-04 20:19 - 2013-10-14 12:33 - 00022257 _____ () C:\Users\Freya-Sophie\Downloads\FRST.txt 2014-04-04 20:19 - 2013-10-14 12:31 - 00000000 ____D () C:\FRST 2014-04-04 20:18 - 2014-04-04 20:18 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(3).exe 2014-04-04 20:18 - 2014-04-04 20:18 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(2).exe 2014-04-04 20:15 - 2014-04-04 20:15 - 00000632 _____ () C:\Users\Freya-Sophie\Desktop\JRT.txt 2014-04-04 19:57 - 2009-07-14 06:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-04 19:57 - 2009-07-14 06:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-04 19:54 - 2012-10-13 11:39 - 01242309 _____ () C:\Windows\WindowsUpdate.log 2014-04-04 19:52 - 2014-04-04 19:52 - 01038974 _____ (Thisisu) C:\Users\Freya-Sophie\Downloads\JRT(1).exe 2014-04-04 19:51 - 2014-04-04 18:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-04 19:51 - 2013-04-25 07:58 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\.oit 2014-04-04 19:48 - 2010-11-21 05:47 - 00315446 _____ () C:\Windows\PFRO.log 2014-04-04 19:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-04 19:48 - 2009-07-14 06:51 - 00108658 _____ () C:\Windows\setupact.log 2014-04-04 19:47 - 2013-10-13 23:36 - 00000000 ____D () C:\AdwCleaner 2014-04-04 19:46 - 2014-04-04 19:46 - 01426178 _____ () C:\Users\Freya-Sophie\Downloads\adwcleaner(2).exe 2014-04-04 19:43 - 2013-10-15 18:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-04 19:41 - 2014-04-04 19:41 - 01426178 _____ () C:\Users\Freya-Sophie\Downloads\adwcleaner(1).exe 2014-04-04 19:38 - 2014-04-04 19:38 - 00001883 _____ () C:\Users\Freya-Sophie\Desktop\mbam.txt 2014-04-04 19:37 - 2012-03-15 07:32 - 00700134 _____ () C:\Windows\system32\perfh007.dat 2014-04-04 19:37 - 2012-03-15 07:32 - 00149984 _____ () C:\Windows\system32\perfc007.dat 2014-04-04 19:37 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-04 18:38 - 2014-04-04 18:38 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-04 18:38 - 2014-04-04 18:37 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Freya-Sophie\Downloads\mbam-setup-2.0.0.1000(2).exe 2014-04-04 18:38 - 2014-04-03 13:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-04 18:30 - 2014-04-04 18:30 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Freya-Sophie\Downloads\mbam-setup-2.0.0.1000(1).exe 2014-04-04 18:29 - 2014-04-04 18:28 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Freya-Sophie\Downloads\mbam-setup-2.0.0.1000.exe 2014-04-04 18:26 - 2014-04-04 18:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Freya-Sophie\Downloads\revosetup95(1).exe 2014-04-04 18:26 - 2014-04-04 18:26 - 00001224 _____ () C:\Users\Freya-Sophie\Desktop\Revo Uninstaller.lnk 2014-04-04 18:26 - 2014-04-03 16:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-04 18:23 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-04-04 14:30 - 2014-04-04 14:30 - 00008972 _____ () C:\Users\Freya-Sophie\Desktop\Unbenannt 1.odt 2014-04-04 07:15 - 2012-10-13 11:46 - 00003986 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{85A2C3B9-F210-4290-81FF-A833E868492A} 2014-04-04 07:13 - 2014-04-04 07:13 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-04-04 01:27 - 2013-10-14 00:05 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Malwarebytes 2014-04-04 01:27 - 2013-10-14 00:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-04 01:27 - 2013-10-14 00:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-04-04 01:27 - 2012-11-28 23:49 - 00000000 ___HD () C:\Users\Freya-Sophie\Desktop\.picasaoriginals 2014-04-04 01:27 - 2012-10-26 12:31 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Bilder 2014-04-04 01:27 - 2012-06-21 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-04-04 01:27 - 2012-06-21 01:07 - 00000000 ____D () C:\ProgramData\Norton 2014-04-04 01:27 - 2012-03-14 23:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-04 01:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-04-04 01:26 - 2013-03-12 23:07 - 00000000 ____D () C:\Program Files (x86)\Cisco 2014-04-03 22:07 - 2014-04-03 22:07 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-04-03 21:16 - 2012-10-13 16:20 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Local\Adobe 2014-04-03 21:15 - 2014-04-03 21:15 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-04-03 21:15 - 2014-04-03 21:15 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-04-03 21:15 - 2012-03-14 23:29 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-03 21:07 - 2014-04-03 21:07 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-04-03 21:07 - 2014-04-03 21:07 - 00000000 ____D () C:\ProgramData\McAfee 2014-04-03 21:07 - 2013-10-15 18:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-03 21:07 - 2013-10-15 18:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-03 21:07 - 2013-10-15 18:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-03 20:53 - 2014-04-03 20:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-03 20:43 - 2014-04-03 20:43 - 00431135 _____ () C:\Windows\system32\Drivers\vsconfig.xml 2014-04-03 20:42 - 2014-04-03 20:36 - 00000000 ____D () C:\Program Files (x86)\CheckPoint 2014-04-03 20:36 - 2014-04-03 20:36 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Check Point Software Technologies LTD 2014-04-03 20:36 - 2014-04-03 20:36 - 00000000 ____D () C:\Program Files (x86)\Check Point Software Technologies LTD 2014-04-03 20:35 - 2014-04-03 20:35 - 03356760 _____ (Check Point Software Technologies Ltd.) C:\Users\Freya-Sophie\Downloads\zaSetupWeb_130_208_000.exe 2014-04-03 20:35 - 2014-04-03 20:35 - 00000000 ____D () C:\ProgramData\CheckPoint 2014-04-03 20:24 - 2014-04-03 20:24 - 00001107 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-03 20:24 - 2014-04-03 20:24 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Mozilla 2014-04-03 20:24 - 2014-04-03 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-03 19:54 - 2014-04-03 16:52 - 00000000 ____D () C:\Program Files (x86)\PlurPush 2014-04-03 19:54 - 2012-10-13 16:27 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\SoftGrid Client 2014-04-03 19:49 - 2014-04-03 19:49 - 01037734 _____ (Thisisu) C:\Users\Freya-Sophie\Downloads\JRT_6.1.2.exe 2014-04-03 19:40 - 2014-03-05 13:17 - 00020895 _____ () C:\Users\Freya-Sophie\Desktop\Sonderteil Drux.odt 2014-04-03 19:36 - 2012-03-14 23:16 - 00000000 ____D () C:\Program Files (x86)\HP Games 2014-04-03 19:35 - 2012-03-14 23:16 - 00000000 ____D () C:\ProgramData\WildTangent 2014-04-03 18:30 - 2013-10-14 12:32 - 00039464 _____ () C:\Users\Freya-Sophie\Downloads\Addition.txt 2014-04-03 18:28 - 2014-04-03 18:27 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(1).exe 2014-04-03 17:49 - 2014-01-02 22:41 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForFreya-Sophie 2014-04-03 17:49 - 2014-01-02 22:41 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForFreya-Sophie.job 2014-04-03 17:31 - 2014-04-03 17:31 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Avira 2014-04-03 17:30 - 2014-04-03 17:30 - 00002066 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-04-03 17:30 - 2014-04-03 17:30 - 00000000 ____D () C:\ProgramData\Avira 2014-04-03 17:30 - 2014-04-03 17:30 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-04-03 17:28 - 2014-04-03 17:25 - 138607664 _____ () C:\Users\Freya-Sophie\Downloads\avira_free_antivirus_de_14.0.3.350.exe 2014-04-03 17:26 - 2014-04-03 17:26 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys 2014-04-03 17:20 - 2014-04-03 17:19 - 25032080 _____ (Mozilla) C:\Users\Freya-Sophie\Downloads\Firefox_Setup_de28.0.exe 2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Local\cache 2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 ____D () C:\Users\Freya-Sophie\.android 2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 _____ () C:\Users\Freya-Sophie\daemonprocess.txt 2014-04-03 16:53 - 2012-10-13 11:39 - 00000000 ____D () C:\Users\Freya-Sophie 2014-04-03 16:51 - 2014-04-03 16:51 - 00000000 ____D () C:\AuthLog 2014-04-03 16:43 - 2014-04-03 16:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Freya-Sophie\Downloads\revosetup95.exe 2014-04-03 16:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help 2014-03-28 11:46 - 2014-03-25 17:57 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\BA Arbeit 2014-03-26 10:11 - 2014-03-26 09:56 - 00025561 _____ () C:\Users\Freya-Sophie\Desktop\Drux Arbeit korrigiert.odt 2014-03-25 20:25 - 2014-02-17 17:10 - 00046196 _____ () C:\Users\Freya-Sophie\Desktop\Ha Drux Fertig.odt 2014-03-25 17:56 - 2013-03-12 23:07 - 00000000 ____D () C:\ProgramData\Cisco 2014-03-18 02:24 - 2014-03-18 02:24 - 00451480 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys 2014-03-17 23:18 - 2014-03-17 23:18 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Hamburg 2014-03-17 22:47 - 2012-03-14 23:07 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2014-03-17 22:45 - 2014-03-17 22:45 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} 2014-03-17 22:43 - 2012-03-14 23:24 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2014-03-17 22:43 - 2011-02-10 21:23 - 00000000 ____D () C:\SWSetup 2014-03-16 23:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-03-16 16:14 - 2012-11-04 18:48 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-03-16 16:13 - 2013-03-17 16:01 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-03-14 10:10 - 2009-07-14 06:45 - 00311952 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-14 10:09 - 2013-03-15 21:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 10:09 - 2013-03-15 21:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-10 22:46 - 2013-07-04 12:13 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Uni 2014-03-10 22:46 - 2012-10-26 12:18 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Musik 2014-03-09 18:46 - 2014-03-09 18:42 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Skype 2014-03-06 14:06 - 2014-03-06 14:06 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-06 14:06 - 2012-03-14 23:24 - 00000000 ____D () C:\ProgramData\Skype 2014-03-06 14:01 - 2012-10-13 16:26 - 01596516 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-03-05 09:26 - 2014-04-04 18:38 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-05 09:26 - 2014-04-04 18:38 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-05 09:26 - 2013-10-14 00:04 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys Some content of TEMP: ==================== C:\Users\Freya-Sophie\AppData\Local\Temp\6_Offer_13.exe C:\Users\Freya-Sophie\AppData\Local\Temp\AskSLib.dll C:\Users\Freya-Sophie\AppData\Local\Temp\avgnt.exe C:\Users\Freya-Sophie\AppData\Local\Temp\Extract.exe C:\Users\Freya-Sophie\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\Freya-Sophie\AppData\Local\Temp\instruct.exe C:\Users\Freya-Sophie\AppData\Local\Temp\Quarantine.exe C:\Users\Freya-Sophie\AppData\Local\Temp\Resource.exe C:\Users\Freya-Sophie\AppData\Local\Temp\SP56942.exe C:\Users\Freya-Sophie\AppData\Local\Temp\sp58915.exe C:\Users\Freya-Sophie\AppData\Local\Temp\SP59202.exe C:\Users\Freya-Sophie\AppData\Local\Temp\sp64126.exe C:\Users\Freya-Sophie\AppData\Local\Temp\UninstallHPSA.exe C:\Users\Freya-Sophie\AppData\Local\Temp\ylb2mz36.dll C:\Users\Freya-Sophie\AppData\Local\Temp\_is3325.exe C:\Users\Freya-Sophie\AppData\Local\Temp\_is6F4A.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-16 23:11 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Freya-Sophie at 2014-04-04 20:20:04
Running from C:\Users\Freya-Sophie\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: ZoneAlarm Antivirus (Disabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Anti-Spyware (Disabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
==================== Installed Programs ======================
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.5.0.165 - AuthenTec, Inc.) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Benutzerhandbuch EPSON BX535WD Series (HKLM-x32\...\EPSON BX535WD Series Useg) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04066 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04066 - Cisco Systems, Inc.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.3.5010 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.3.5010 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Download Navigator (HKLM-x32\...\{D0353B68-A142-4F89-A46E-1C9A7745D636}) (Version: 3.4.1 - SEIKO EPSON CORPORATION)
EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version: - SEIKO EPSON Corporation)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson E-Web Print (HKLM-x32\...\{695C8469-7822-4B31-A673-5ED84815B649}) (Version: 1.17.0000 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{7DA9DD7F-F4D9-40FB-BD27-69B7731DEDD9}) (Version: 5.1.3 - Hewlett-Packard)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{DB183033-C2DD-4A37-B43C-943DD4B28C77}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Security Assistant (HKLM\...\{D3AA8FD3-5FFA-4CFC-BA8E-99BFC6A41943}) (Version: 3.0.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP SimplePass PE (HKLM-x32\...\{880B5A98-B242-4B53-BD6F-41EA17495EAD}) (Version: 5.4.0.402 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.7.2.0 - LG Electronics)
LG USB WML Modem Driver (HKLM-x32\...\{FBA0CA60-8BF2-4381-B819-74F020E165A9}) (Version: 1.0 - LG Electronics)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Excel 2002 (HKLM-x32\...\{90160407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft PowerPoint 2002 (HKLM-x32\...\{90180407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2002 (HKLM-x32\...\{901B0407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netzwerkhandbuch EPSON BX535WD Series (HKLM-x32\...\EPSON BX535WD Series Netg) (Version: - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Presto! PageManager 9.03 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation)
Ralink RT5390R 802.11b/g/n 1x1 Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.12.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.51.116.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6577 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ZoneAlarm Antivirus (x32 Version: 13.0.208.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 13.0.208.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.0.208.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.0.208.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (HKCU\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar (HKLM-x32\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
==================== Restore Points =========================
17-03-2014 20:46:05 Installed HP Support Assistant
17-03-2014 20:48:58 Windows Modules Installer
17-03-2014 20:49:59 Windows Modules Installer
03-04-2014 14:31:25 Windows Modules Installer
03-04-2014 14:32:08 Windows Modules Installer
03-04-2014 14:44:51 Revo Uninstaller's restore point - Mozilla Firefox 27.0.1 (x86 de)
03-04-2014 14:46:22 Revo Uninstaller's restore point - Mozilla Firefox 27.0.1 (x86 de)
03-04-2014 14:51:35 Uniblue SpeedUpMyPC installation
03-04-2014 14:55:29 Revo Uninstaller's restore point - VO Package
03-04-2014 14:56:24 Revo Uninstaller's restore point - SpeedUpMyPC
03-04-2014 14:57:25 Revo Uninstaller's restore point - WebEnhance
03-04-2014 14:59:22 Revo Uninstaller's restore point - Windows Live Mesh ActiveX Control for Remote Connections
03-04-2014 15:00:47 Revo Uninstaller's restore point - Adobe Reader X (10.1.9) MUI
03-04-2014 15:02:46 Revo Uninstaller's restore point - Avira Free Antivirus
03-04-2014 17:37:50 Removed Cisco AnyConnect Secure Mobility Client
04-04-2014 16:31:59 Revo Uninstaller's restore point - Malwarebytes Anti-Malware Version 1.75.0.1300
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {18C7C69B-D51D-47DE-A239-83AD5CB45283} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {20F939D9-1A8C-40F9-AE9E-B1306BB65BCC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {5C9F6B69-247C-418F-BFE0-34A9400DA327} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-03] (Adobe Systems Incorporated)
Task: {747B5C5E-AD3D-4116-8DF7-F07ABC373D96} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {79712EB4-8C55-438E-A146-B83F7F83EEC7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {7E1AB936-B3C3-43F4-B709-E5FD3E90A1EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_backup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {964527E7-49EF-4396-9767-67E3D5879E39} - System32\Tasks\HPCeeScheduleForFreya-Sophie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {B33C62BE-0DE7-4F33-8CBD-7E0B34EA2503} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B4B5CF31-E967-42DA-8FCD-F6A159943364} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {BEA4A914-8432-4693-ABBE-C6427046EA76} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CA75F678-04B9-4525-B195-80D589153504} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-10] (CyberLink)
Task: {CCD2C709-BF9F-47DF-89AE-A3EADE5559EC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {F99EABE5-7105-470E-ACAD-CBD3542DE659} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForFreya-Sophie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2012-02-14 19:53 - 2012-02-14 19:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-19 23:34 - 2011-12-19 23:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2013-08-31 00:11 - 2013-08-31 00:11 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-04-03 17:30 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-27 15:43 - 2014-01-27 15:43 - 00065936 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\Community.CsharpSqlite.SQLiteClient.dll
2013-04-24 20:13 - 2010-05-07 11:46 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PerformOcr.dll
2013-04-24 20:13 - 2010-12-23 13:17 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMISM.dll
2013-04-24 20:13 - 2007-03-30 10:24 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Qem.dll
2013-04-24 20:13 - 2010-12-29 17:52 - 00147456 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMCommon.dll
2013-04-24 20:13 - 2008-08-25 17:19 - 00069632 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PHooKDlg.dll
2013-04-24 20:13 - 2011-03-11 10:47 - 00151040 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ScanModule.dll
2013-04-24 20:13 - 2010-12-20 16:21 - 00098304 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\CategoryManager.dll
2013-04-24 20:13 - 2010-10-22 10:01 - 00139264 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSet.dll
2013-04-24 20:13 - 2010-10-22 10:22 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSave.dll
2013-04-24 20:13 - 2010-12-29 18:32 - 00614400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDB_N.dll
2013-04-24 20:13 - 2009-08-06 10:22 - 00421888 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\FT.dll
2013-04-24 20:13 - 2010-09-09 18:00 - 00061440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMINSO.dll
2013-04-24 20:13 - 2009-09-09 14:44 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMANO.dll
2013-04-24 20:13 - 2007-03-30 09:49 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ComClass.dll
2013-04-24 20:13 - 2010-08-03 10:44 - 00049152 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMOffice.dll
2013-04-24 20:13 - 2007-12-20 14:37 - 00176128 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\DocCate.dll
2013-04-24 20:13 - 2011-01-21 15:05 - 00258048 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMScnSet.dll
2013-04-24 20:13 - 2009-11-26 17:49 - 00081920 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NetFun2k.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-04-24 20:13 - 2008-11-17 14:56 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\nsSign.dll
2013-04-24 20:13 - 2010-11-30 16:42 - 00352256 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMTree.dll
2013-04-24 20:13 - 2010-07-13 10:48 - 00106496 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMProp.dll
2013-04-24 20:13 - 2007-08-31 17:51 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMVoice.dll
2013-04-24 20:13 - 2010-09-08 17:10 - 00073728 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\OutlookVBA.dll
2013-04-24 20:13 - 2009-11-27 17:38 - 00331776 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAppBar.dll
2013-04-24 20:13 - 2010-11-26 10:33 - 04583424 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMView.dll
2013-04-24 20:13 - 2007-03-30 10:01 - 00038992 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NsOEMKey.dll
2013-04-24 20:13 - 2010-09-26 11:13 - 00430080 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPageVW.dll
2013-04-24 20:13 - 2010-03-02 15:09 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDocVW.dll
2013-04-24 20:13 - 2009-06-26 09:03 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMApSet.dll
2013-04-24 20:13 - 2010-08-03 10:51 - 01036288 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\SlideBarDLL.dll
2013-04-24 20:13 - 2009-12-04 17:20 - 00323584 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAnoSet.dll
2013-04-24 20:13 - 2010-09-26 11:13 - 00184320 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImgVW.dll
2013-04-24 20:13 - 2008-08-25 16:16 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMIEVW.dll
2013-04-24 20:13 - 2010-09-08 10:52 - 00036864 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPDFView.dll
2013-04-24 20:13 - 2010-04-27 15:20 - 00065536 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMStatus.dll
2013-04-24 20:13 - 2007-03-30 09:57 - 00034896 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Import.dll
2013-04-24 20:13 - 2010-11-26 10:45 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImageSplitter.dll
2014-02-15 16:53 - 2014-02-15 16:53 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll
2012-06-21 00:55 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-06-21 00:59 - 2012-02-08 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-04-03 20:23 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 51%
Total physical RAM: 3996.36 MB
Available physical RAM: 1931.63 MB
Total Pagefile: 7990.9 MB
Available Pagefile: 5393.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:277.83 GB) (Free:193.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:19.97 GB) (Free:2.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (JOY_04_2014) (CDROM) (Total:1.93 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D2E3023C)
Partition: GPT Partition Type.
==================== End Of Log ============================
Gib mir bitte wenn es geht schnell eine Rückmeldung, ob alles wieder ok und gut ist. Vielen dank im vorraus |
|
05.04.2014, 11:02
| #8 |
| /// the machine /// TB-Ausbilder | VIRUS Werbung bei lila unterstrichenen Wörtern Perfekt. Kontrollscans, kannst aber normal am Rechner arbeiten. Während dem Onlinescan aber bitte nit rum surfen im Netz. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.04.2014, 11:34
| #9 |
| | VIRUS Werbung bei lila unterstrichenen Wörtern Ab dem Schritt mit Explorer habe ich das nicht verstanden. Wenn ich den geöffnet habe was soll ich dann genau machen? |
|
06.04.2014, 11:59
| #10 |
| /// the machine /// TB-Ausbilder | VIRUS Werbung bei lila unterstrichenen Wörtern Windows Eplorer öffnen und das Logfile vom Onlinescan am angegebenen Platz suchen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.04.2014, 11:56
| #11 |
| | VIRUS Werbung bei lila unterstrichenen Wörtern HAbe C geöffnet aber da gibt es kein ESET bei den Programmen... Ok habe es gefunden: ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=44aefb49df01594b999eaf06f456266b # engine=17766 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-05 04:20:46 # local_time=2014-04-05 06:20:46 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 94 24494 3397182 17259 0 # compatibility_mode=3591 16777213 100 95 36119117 159311431 0 0 # compatibility_mode=5893 16776574 100 94 23227940 148344696 0 0 # compatibility_mode=9217 16776893 100 13 22881 776440 0 0 # scanned=168054 # found=0 # cleaned=0 # scan_time=20932 Security Check: Results of screen317's Security Check version 0.99.80 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop ZoneAlarm Antivirus Norton Internet Security Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 12.0.0.77 Adobe Reader XI Mozilla Firefox (28.0) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe CheckPoint ZoneAlarm vsmon.exe CheckPoint ZoneAlarm ZAPrivacyService.exe CheckPoint ZoneAlarm zatray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Freya-Sophie (administrator) on FREYA-SOPHIE-HP on 06-04-2014 13:40:03 Running from C:\Users\Freya-Sophie\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (HP) C:\Program Files (x86)\HP SimplePass\BioMonitor.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(4).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-13] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-02-24] (Synaptics Incorporated) HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation) HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2012-01-30] (EasyBits Software AS) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [B2C_AGENT] - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2012-03-28] (LG Electronics) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [PMSpeed] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-08-31] (Cisco Systems, Inc.) HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-03-18] (Check Point Software Technologies Ltd.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-12-13] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-12-13] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [Scan Buttons] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE [214360 2011-01-21] (NewSoft Technology Corporation) HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Run: [jSugLyCC] - wscript.exe //B "C:\Users\FREYA-~1\AppData\Local\Temp\jSugLyCC.vbs" <===== ATTENTION HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1595992211-3356558206-601454915-1000\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-1595992211-3356558206-601454915-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-12-13] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1595992211-3356558206-601454915-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-12-13] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1595992211-3356558206-601454915-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Scan Buttons] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE [214360 2011-01-21] (NewSoft Technology Corporation) HKU\S-1-5-21-1595992211-3356558206-601454915-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [jSugLyCC] - wscript.exe //B "C:\Users\FREYA-~1\AppData\Local\Temp\jSugLyCC.vbs" <===== ATTENTION HKU\S-1-5-21-1595992211-3356558206-601454915-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1595992211-3356558206-601454915-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableChangePassword] 0 Startup: C:\Users\Freya-Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} BHO: HP SimplePass Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: HP SimplePass Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Toolbar: HKLM - HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-06-21] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Freya-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\pigyqhry.default FF SearchEngineOrder.1: Search By ZoneAlarm FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: zonealarm.com - C:\Users\Freya-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\pigyqhry.default\Extensions\ffxtlbr@zonealarm.com [2014-04-03] FF Extension: Adblock Plus - C:\Users\Freya-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\pigyqhry.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-03] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [260424 2011-12-11] (HP) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation) S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [269640 2011-12-09] (AuthenTec, Inc.) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3558112 2014-03-18] (Check Point Software Technologies Ltd.) R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [81752 2014-02-23] (Check Point Software Technologies, Ltd.) ==================== Drivers (Whitelisted) ==================== S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.) S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.) S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.) S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20111201.001\BHDrvx64.sys [1157240 2011-11-28] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20111130.012\IDSVia64.sys [488568 2011-11-23] (Symantec Corporation) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-12-24] (Kaspersky Lab ZAO) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-12-24] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [489568 2013-12-24] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20111203.009\ENG64.SYS [117880 2011-12-03] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20111203.009\EX64.SYS [2048632 2011-12-03] (Symantec Corporation) S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.) R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-02-24] (Synaptics Incorporated) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-06-21] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-08-30] (Cisco Systems, Inc.) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451480 2014-03-18] (Check Point Software Technologies Ltd.) R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-04-03] (StdLib) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-06 13:39 - 2014-04-06 13:39 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(4).exe 2014-04-06 13:34 - 2014-04-06 13:34 - 00987442 _____ () C:\Users\Freya-Sophie\Downloads\SecurityCheck.exe 2014-04-06 13:25 - 2014-04-06 13:28 - 00000569 ____H () C:\Windows\SysWOW64\BTImages.dat 2014-04-05 12:29 - 2014-04-05 12:29 - 02347384 _____ (ESET) C:\Users\Freya-Sophie\Downloads\esetsmartinstaller_enu.exe 2014-04-04 20:18 - 2014-04-04 20:18 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(3).exe 2014-04-04 20:18 - 2014-04-04 20:18 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(2).exe 2014-04-04 20:15 - 2014-04-04 20:15 - 00000632 _____ () C:\Users\Freya-Sophie\Desktop\JRT.txt 2014-04-04 19:52 - 2014-04-04 19:52 - 01038974 _____ (Thisisu) C:\Users\Freya-Sophie\Downloads\JRT(1).exe 2014-04-04 19:46 - 2014-04-04 19:46 - 01426178 _____ () C:\Users\Freya-Sophie\Downloads\adwcleaner(2).exe 2014-04-04 19:41 - 2014-04-04 19:41 - 01426178 _____ () C:\Users\Freya-Sophie\Downloads\adwcleaner(1).exe 2014-04-04 19:38 - 2014-04-04 19:38 - 00001883 _____ () C:\Users\Freya-Sophie\Desktop\mbam.txt 2014-04-04 18:38 - 2014-04-06 13:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-04 18:38 - 2014-04-04 18:38 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-04 18:38 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-04 18:38 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-04 18:37 - 2014-04-04 18:38 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Freya-Sophie\Downloads\mbam-setup-2.0.0.1000(2).exe 2014-04-04 18:30 - 2014-04-04 18:30 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Freya-Sophie\Downloads\mbam-setup-2.0.0.1000(1).exe 2014-04-04 18:28 - 2014-04-04 18:29 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Freya-Sophie\Downloads\mbam-setup-2.0.0.1000.exe 2014-04-04 18:26 - 2014-04-04 18:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Freya-Sophie\Downloads\revosetup95(1).exe 2014-04-04 18:26 - 2014-04-04 18:26 - 00001224 _____ () C:\Users\Freya-Sophie\Desktop\Revo Uninstaller.lnk 2014-04-04 14:30 - 2014-04-04 14:30 - 00008972 _____ () C:\Users\Freya-Sophie\Desktop\Unbenannt 1.odt 2014-04-04 07:13 - 2014-04-04 07:13 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-04-03 22:07 - 2014-04-03 22:07 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-04-03 21:15 - 2014-04-03 21:15 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-04-03 21:15 - 2014-04-03 21:15 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-04-03 21:07 - 2014-04-03 21:07 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-04-03 21:07 - 2014-04-03 21:07 - 00000000 ____D () C:\ProgramData\McAfee 2014-04-03 20:43 - 2014-04-03 20:43 - 00431135 _____ () C:\Windows\system32\Drivers\vsconfig.xml 2014-04-03 20:42 - 2013-12-24 23:33 - 07717984 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2014-04-03 20:42 - 2013-12-24 23:33 - 00489568 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-04-03 20:42 - 2013-12-24 23:33 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-04-03 20:36 - 2014-04-03 20:42 - 00000000 ____D () C:\Program Files (x86)\CheckPoint 2014-04-03 20:36 - 2014-04-03 20:36 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Check Point Software Technologies LTD 2014-04-03 20:36 - 2014-04-03 20:36 - 00000000 ____D () C:\Program Files (x86)\Check Point Software Technologies LTD 2014-04-03 20:35 - 2014-04-03 20:35 - 03356760 _____ (Check Point Software Technologies Ltd.) C:\Users\Freya-Sophie\Downloads\zaSetupWeb_130_208_000.exe 2014-04-03 20:35 - 2014-04-03 20:35 - 00000000 ____D () C:\ProgramData\CheckPoint 2014-04-03 20:24 - 2014-04-03 20:24 - 00001107 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-03 20:24 - 2014-04-03 20:24 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Mozilla 2014-04-03 20:24 - 2014-04-03 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-03 20:23 - 2014-04-03 20:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-03 19:49 - 2014-04-03 19:49 - 01037734 _____ (Thisisu) C:\Users\Freya-Sophie\Downloads\JRT_6.1.2.exe 2014-04-03 18:27 - 2014-04-03 18:28 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(1).exe 2014-04-03 17:31 - 2014-04-03 17:31 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Avira 2014-04-03 17:30 - 2014-04-03 17:30 - 00002066 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-04-03 17:30 - 2014-04-03 17:30 - 00000000 ____D () C:\ProgramData\Avira 2014-04-03 17:30 - 2014-04-03 17:30 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-04-03 17:30 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-04-03 17:30 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-04-03 17:30 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-04-03 17:26 - 2014-04-03 17:26 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys 2014-04-03 17:25 - 2014-04-03 17:28 - 138607664 _____ () C:\Users\Freya-Sophie\Downloads\avira_free_antivirus_de_14.0.3.350.exe 2014-04-03 17:19 - 2014-04-03 17:20 - 25032080 _____ (Mozilla) C:\Users\Freya-Sophie\Downloads\Firefox_Setup_de28.0.exe 2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Local\cache 2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 ____D () C:\Users\Freya-Sophie\.android 2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 _____ () C:\Users\Freya-Sophie\daemonprocess.txt 2014-04-03 16:52 - 2014-04-03 19:54 - 00000000 ____D () C:\Program Files (x86)\PlurPush 2014-04-03 16:51 - 2014-04-03 16:51 - 00000000 ____D () C:\AuthLog 2014-04-03 16:43 - 2014-04-04 18:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-03 16:43 - 2014-04-03 16:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Freya-Sophie\Downloads\revosetup95.exe 2014-04-03 13:12 - 2014-04-04 18:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-26 09:56 - 2014-03-26 10:11 - 00025561 _____ () C:\Users\Freya-Sophie\Desktop\Drux Arbeit korrigiert.odt 2014-03-25 17:57 - 2014-03-28 11:46 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\BA Arbeit 2014-03-18 02:24 - 2014-03-18 02:24 - 00451480 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys 2014-03-17 23:18 - 2014-03-17 23:18 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Hamburg 2014-03-17 22:45 - 2014-03-17 22:45 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} 2014-03-13 14:36 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-13 14:36 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 14:36 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 14:36 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-13 14:36 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 14:36 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-13 14:36 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 14:36 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 14:36 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 14:36 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 14:36 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-13 14:36 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-13 14:35 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 14:35 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 14:35 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-13 14:35 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-13 14:35 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 14:35 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-13 14:35 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-13 14:35 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-13 14:35 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-13 14:35 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-13 14:35 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-13 14:35 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-13 14:35 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-13 14:35 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-13 14:35 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 14:35 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-13 14:35 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 14:35 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 14:35 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-13 14:35 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-13 14:35 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-13 14:35 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-13 14:35 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 14:35 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-13 14:35 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 14:35 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 14:35 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-13 14:35 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 14:35 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 14:35 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 14:35 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-13 14:35 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-13 14:35 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 14:35 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 14:34 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-13 14:34 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-09 18:42 - 2014-03-09 18:46 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Skype ==================== One Month Modified Files and Folders ======= 2014-04-06 13:40 - 2013-10-14 12:33 - 00023689 _____ () C:\Users\Freya-Sophie\Downloads\FRST.txt 2014-04-06 13:40 - 2013-10-14 12:31 - 00000000 ____D () C:\FRST 2014-04-06 13:39 - 2014-04-06 13:39 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(4).exe 2014-04-06 13:34 - 2014-04-06 13:34 - 00987442 _____ () C:\Users\Freya-Sophie\Downloads\SecurityCheck.exe 2014-04-06 13:32 - 2012-10-13 11:39 - 01275746 _____ () C:\Windows\WindowsUpdate.log 2014-04-06 13:28 - 2014-04-06 13:25 - 00000569 ____H () C:\Windows\SysWOW64\BTImages.dat 2014-04-06 13:28 - 2012-11-04 18:48 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-04-06 13:27 - 2013-03-17 16:01 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-04-06 13:25 - 2012-10-13 11:46 - 00003986 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{85A2C3B9-F210-4290-81FF-A833E868492A} 2014-04-06 13:22 - 2014-04-04 18:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-06 13:22 - 2013-10-15 18:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-05 19:51 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-04-05 16:39 - 2012-03-15 07:32 - 00700134 _____ () C:\Windows\system32\perfh007.dat 2014-04-05 16:39 - 2012-03-15 07:32 - 00149984 _____ () C:\Windows\system32\perfc007.dat 2014-04-05 16:39 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-05 12:29 - 2014-04-05 12:29 - 02347384 _____ (ESET) C:\Users\Freya-Sophie\Downloads\esetsmartinstaller_enu.exe 2014-04-05 11:37 - 2009-07-14 06:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-05 11:37 - 2009-07-14 06:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-05 11:31 - 2013-04-25 07:58 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\.oit 2014-04-05 11:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-05 11:27 - 2009-07-14 06:51 - 00108770 _____ () C:\Windows\setupact.log 2014-04-04 20:21 - 2013-10-14 12:32 - 00028157 _____ () C:\Users\Freya-Sophie\Downloads\Addition.txt 2014-04-04 20:18 - 2014-04-04 20:18 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(3).exe 2014-04-04 20:18 - 2014-04-04 20:18 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(2).exe 2014-04-04 20:15 - 2014-04-04 20:15 - 00000632 _____ () C:\Users\Freya-Sophie\Desktop\JRT.txt 2014-04-04 19:52 - 2014-04-04 19:52 - 01038974 _____ (Thisisu) C:\Users\Freya-Sophie\Downloads\JRT(1).exe 2014-04-04 19:48 - 2010-11-21 05:47 - 00315446 _____ () C:\Windows\PFRO.log 2014-04-04 19:47 - 2013-10-13 23:36 - 00000000 ____D () C:\AdwCleaner 2014-04-04 19:46 - 2014-04-04 19:46 - 01426178 _____ () C:\Users\Freya-Sophie\Downloads\adwcleaner(2).exe 2014-04-04 19:41 - 2014-04-04 19:41 - 01426178 _____ () C:\Users\Freya-Sophie\Downloads\adwcleaner(1).exe 2014-04-04 19:38 - 2014-04-04 19:38 - 00001883 _____ () C:\Users\Freya-Sophie\Desktop\mbam.txt 2014-04-04 18:38 - 2014-04-04 18:38 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-04 18:38 - 2014-04-04 18:37 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Freya-Sophie\Downloads\mbam-setup-2.0.0.1000(2).exe 2014-04-04 18:38 - 2014-04-03 13:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-04 18:30 - 2014-04-04 18:30 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Freya-Sophie\Downloads\mbam-setup-2.0.0.1000(1).exe 2014-04-04 18:29 - 2014-04-04 18:28 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Freya-Sophie\Downloads\mbam-setup-2.0.0.1000.exe 2014-04-04 18:26 - 2014-04-04 18:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Freya-Sophie\Downloads\revosetup95(1).exe 2014-04-04 18:26 - 2014-04-04 18:26 - 00001224 _____ () C:\Users\Freya-Sophie\Desktop\Revo Uninstaller.lnk 2014-04-04 18:26 - 2014-04-03 16:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-04 14:30 - 2014-04-04 14:30 - 00008972 _____ () C:\Users\Freya-Sophie\Desktop\Unbenannt 1.odt 2014-04-04 07:13 - 2014-04-04 07:13 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-04-04 01:27 - 2013-10-14 00:05 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Malwarebytes 2014-04-04 01:27 - 2013-10-14 00:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-04 01:27 - 2013-10-14 00:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-04-04 01:27 - 2012-11-28 23:49 - 00000000 ___HD () C:\Users\Freya-Sophie\Desktop\.picasaoriginals 2014-04-04 01:27 - 2012-10-26 12:31 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Bilder 2014-04-04 01:27 - 2012-06-21 09:44 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-04-04 01:27 - 2012-06-21 01:07 - 00000000 ____D () C:\ProgramData\Norton 2014-04-04 01:27 - 2012-03-14 23:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-04 01:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-04-04 01:26 - 2013-03-12 23:07 - 00000000 ____D () C:\Program Files (x86)\Cisco 2014-04-03 22:07 - 2014-04-03 22:07 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-04-03 21:16 - 2012-10-13 16:20 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Local\Adobe 2014-04-03 21:15 - 2014-04-03 21:15 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-04-03 21:15 - 2014-04-03 21:15 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-04-03 21:15 - 2012-03-14 23:29 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-03 21:07 - 2014-04-03 21:07 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-04-03 21:07 - 2014-04-03 21:07 - 00000000 ____D () C:\ProgramData\McAfee 2014-04-03 21:07 - 2013-10-15 18:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-03 21:07 - 2013-10-15 18:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-03 21:07 - 2013-10-15 18:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-03 20:53 - 2014-04-03 20:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-03 20:43 - 2014-04-03 20:43 - 00431135 _____ () C:\Windows\system32\Drivers\vsconfig.xml 2014-04-03 20:42 - 2014-04-03 20:36 - 00000000 ____D () C:\Program Files (x86)\CheckPoint 2014-04-03 20:36 - 2014-04-03 20:36 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Check Point Software Technologies LTD 2014-04-03 20:36 - 2014-04-03 20:36 - 00000000 ____D () C:\Program Files (x86)\Check Point Software Technologies LTD 2014-04-03 20:35 - 2014-04-03 20:35 - 03356760 _____ (Check Point Software Technologies Ltd.) C:\Users\Freya-Sophie\Downloads\zaSetupWeb_130_208_000.exe 2014-04-03 20:35 - 2014-04-03 20:35 - 00000000 ____D () C:\ProgramData\CheckPoint 2014-04-03 20:24 - 2014-04-03 20:24 - 00001107 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-03 20:24 - 2014-04-03 20:24 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Mozilla 2014-04-03 20:24 - 2014-04-03 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-03 19:54 - 2014-04-03 16:52 - 00000000 ____D () C:\Program Files (x86)\PlurPush 2014-04-03 19:54 - 2012-10-13 16:27 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\SoftGrid Client 2014-04-03 19:49 - 2014-04-03 19:49 - 01037734 _____ (Thisisu) C:\Users\Freya-Sophie\Downloads\JRT_6.1.2.exe 2014-04-03 19:40 - 2014-03-05 13:17 - 00020895 _____ () C:\Users\Freya-Sophie\Desktop\Sonderteil Drux.odt 2014-04-03 19:36 - 2012-03-14 23:16 - 00000000 ____D () C:\Program Files (x86)\HP Games 2014-04-03 19:35 - 2012-03-14 23:16 - 00000000 ____D () C:\ProgramData\WildTangent 2014-04-03 18:28 - 2014-04-03 18:27 - 02157056 _____ (Farbar) C:\Users\Freya-Sophie\Downloads\FRST64(1).exe 2014-04-03 17:49 - 2014-01-02 22:41 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForFreya-Sophie 2014-04-03 17:49 - 2014-01-02 22:41 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForFreya-Sophie.job 2014-04-03 17:31 - 2014-04-03 17:31 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Avira 2014-04-03 17:30 - 2014-04-03 17:30 - 00002066 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-04-03 17:30 - 2014-04-03 17:30 - 00000000 ____D () C:\ProgramData\Avira 2014-04-03 17:30 - 2014-04-03 17:30 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-04-03 17:28 - 2014-04-03 17:25 - 138607664 _____ () C:\Users\Freya-Sophie\Downloads\avira_free_antivirus_de_14.0.3.350.exe 2014-04-03 17:26 - 2014-04-03 17:26 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys 2014-04-03 17:20 - 2014-04-03 17:19 - 25032080 _____ (Mozilla) C:\Users\Freya-Sophie\Downloads\Firefox_Setup_de28.0.exe 2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Local\cache 2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 ____D () C:\Users\Freya-Sophie\.android 2014-04-03 16:53 - 2014-04-03 16:53 - 00000000 _____ () C:\Users\Freya-Sophie\daemonprocess.txt 2014-04-03 16:53 - 2012-10-13 11:39 - 00000000 ____D () C:\Users\Freya-Sophie 2014-04-03 16:51 - 2014-04-03 16:51 - 00000000 ____D () C:\AuthLog 2014-04-03 16:43 - 2014-04-03 16:43 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Freya-Sophie\Downloads\revosetup95.exe 2014-04-03 16:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help 2014-03-28 11:46 - 2014-03-25 17:57 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\BA Arbeit 2014-03-26 10:11 - 2014-03-26 09:56 - 00025561 _____ () C:\Users\Freya-Sophie\Desktop\Drux Arbeit korrigiert.odt 2014-03-25 20:25 - 2014-02-17 17:10 - 00046196 _____ () C:\Users\Freya-Sophie\Desktop\Ha Drux Fertig.odt 2014-03-25 17:56 - 2013-03-12 23:07 - 00000000 ____D () C:\ProgramData\Cisco 2014-03-18 02:24 - 2014-03-18 02:24 - 00451480 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys 2014-03-17 23:18 - 2014-03-17 23:18 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Hamburg 2014-03-17 22:47 - 2012-03-14 23:07 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2014-03-17 22:45 - 2014-03-17 22:45 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} 2014-03-17 22:43 - 2012-03-14 23:24 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2014-03-17 22:43 - 2011-02-10 21:23 - 00000000 ____D () C:\SWSetup 2014-03-16 23:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-03-14 10:10 - 2009-07-14 06:45 - 00311952 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-14 10:09 - 2013-03-15 21:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 10:09 - 2013-03-15 21:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-10 22:46 - 2013-07-04 12:13 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Uni 2014-03-10 22:46 - 2012-10-26 12:18 - 00000000 ____D () C:\Users\Freya-Sophie\Desktop\Musik 2014-03-09 18:46 - 2014-03-09 18:42 - 00000000 ____D () C:\Users\Freya-Sophie\AppData\Roaming\Skype Some content of TEMP: ==================== C:\Users\Freya-Sophie\AppData\Local\Temp\6_Offer_13.exe C:\Users\Freya-Sophie\AppData\Local\Temp\AskSLib.dll C:\Users\Freya-Sophie\AppData\Local\Temp\avgnt.exe C:\Users\Freya-Sophie\AppData\Local\Temp\Extract.exe C:\Users\Freya-Sophie\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\Freya-Sophie\AppData\Local\Temp\instruct.exe C:\Users\Freya-Sophie\AppData\Local\Temp\Quarantine.exe C:\Users\Freya-Sophie\AppData\Local\Temp\Resource.exe C:\Users\Freya-Sophie\AppData\Local\Temp\SP56942.exe C:\Users\Freya-Sophie\AppData\Local\Temp\sp58915.exe C:\Users\Freya-Sophie\AppData\Local\Temp\SP59202.exe C:\Users\Freya-Sophie\AppData\Local\Temp\sp64126.exe C:\Users\Freya-Sophie\AppData\Local\Temp\UninstallHPSA.exe C:\Users\Freya-Sophie\AppData\Local\Temp\ylb2mz36.dll C:\Users\Freya-Sophie\AppData\Local\Temp\_is3325.exe C:\Users\Freya-Sophie\AppData\Local\Temp\_is6F4A.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-16 23:11 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Freya-Sophie at 2014-04-06 13:41:04
Running from C:\Users\Freya-Sophie\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: ZoneAlarm Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: ZoneAlarm Firewall (Disabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
==================== Installed Programs ======================
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.5.0.165 - AuthenTec, Inc.) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Benutzerhandbuch EPSON BX535WD Series (HKLM-x32\...\EPSON BX535WD Series Useg) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04066 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04066 - Cisco Systems, Inc.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.3.5010 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.3.5010 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Download Navigator (HKLM-x32\...\{D0353B68-A142-4F89-A46E-1C9A7745D636}) (Version: 3.4.1 - SEIKO EPSON CORPORATION)
EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version: - SEIKO EPSON Corporation)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson E-Web Print (HKLM-x32\...\{695C8469-7822-4B31-A673-5ED84815B649}) (Version: 1.17.0000 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{7DA9DD7F-F4D9-40FB-BD27-69B7731DEDD9}) (Version: 5.1.3 - Hewlett-Packard)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{DB183033-C2DD-4A37-B43C-943DD4B28C77}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Security Assistant (HKLM\...\{D3AA8FD3-5FFA-4CFC-BA8E-99BFC6A41943}) (Version: 3.0.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP SimplePass PE (HKLM-x32\...\{880B5A98-B242-4B53-BD6F-41EA17495EAD}) (Version: 5.4.0.402 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.7.2.0 - LG Electronics)
LG USB WML Modem Driver (HKLM-x32\...\{FBA0CA60-8BF2-4381-B819-74F020E165A9}) (Version: 1.0 - LG Electronics)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Excel 2002 (HKLM-x32\...\{90160407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft PowerPoint 2002 (HKLM-x32\...\{90180407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2002 (HKLM-x32\...\{901B0407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netzwerkhandbuch EPSON BX535WD Series (HKLM-x32\...\EPSON BX535WD Series Netg) (Version: - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Presto! PageManager 9.03 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation)
Ralink RT5390R 802.11b/g/n 1x1 Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.12.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.51.116.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6577 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ZoneAlarm Antivirus (x32 Version: 13.0.208.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 13.0.208.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.0.208.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.0.208.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (HKCU\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar (HKLM-x32\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
==================== Restore Points =========================
17-03-2014 20:46:05 Installed HP Support Assistant
17-03-2014 20:48:58 Windows Modules Installer
17-03-2014 20:49:59 Windows Modules Installer
03-04-2014 14:31:25 Windows Modules Installer
03-04-2014 14:32:08 Windows Modules Installer
03-04-2014 14:44:51 Revo Uninstaller's restore point - Mozilla Firefox 27.0.1 (x86 de)
03-04-2014 14:46:22 Revo Uninstaller's restore point - Mozilla Firefox 27.0.1 (x86 de)
03-04-2014 14:51:35 Uniblue SpeedUpMyPC installation
03-04-2014 14:55:29 Revo Uninstaller's restore point - VO Package
03-04-2014 14:56:24 Revo Uninstaller's restore point - SpeedUpMyPC
03-04-2014 14:57:25 Revo Uninstaller's restore point - WebEnhance
03-04-2014 14:59:22 Revo Uninstaller's restore point - Windows Live Mesh ActiveX Control for Remote Connections
03-04-2014 15:00:47 Revo Uninstaller's restore point - Adobe Reader X (10.1.9) MUI
03-04-2014 15:02:46 Revo Uninstaller's restore point - Avira Free Antivirus
03-04-2014 17:37:50 Removed Cisco AnyConnect Secure Mobility Client
04-04-2014 16:31:59 Revo Uninstaller's restore point - Malwarebytes Anti-Malware Version 1.75.0.1300
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {18C7C69B-D51D-47DE-A239-83AD5CB45283} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {20F939D9-1A8C-40F9-AE9E-B1306BB65BCC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {3BE7C31D-EC71-4113-9CB3-E8E89A7D4274} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-03-25] (Hewlett-Packard)
Task: {5C9F6B69-247C-418F-BFE0-34A9400DA327} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-03] (Adobe Systems Incorporated)
Task: {747B5C5E-AD3D-4116-8DF7-F07ABC373D96} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {79712EB4-8C55-438E-A146-B83F7F83EEC7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {7E1AB936-B3C3-43F4-B709-E5FD3E90A1EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_backup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {964527E7-49EF-4396-9767-67E3D5879E39} - System32\Tasks\HPCeeScheduleForFreya-Sophie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {B33C62BE-0DE7-4F33-8CBD-7E0B34EA2503} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B4B5CF31-E967-42DA-8FCD-F6A159943364} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {BEA4A914-8432-4693-ABBE-C6427046EA76} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CA75F678-04B9-4525-B195-80D589153504} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-10] (CyberLink)
Task: {CCD2C709-BF9F-47DF-89AE-A3EADE5559EC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {F99EABE5-7105-470E-ACAD-CBD3542DE659} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForFreya-Sophie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2012-02-14 19:53 - 2012-02-14 19:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-19 23:34 - 2011-12-19 23:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2013-08-31 00:11 - 2013-08-31 00:11 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-04-03 17:30 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-24 20:13 - 2010-05-07 11:46 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PerformOcr.dll
2013-04-24 20:13 - 2010-12-23 13:17 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMISM.dll
2013-04-24 20:13 - 2007-03-30 10:24 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Qem.dll
2013-04-24 20:13 - 2010-12-29 17:52 - 00147456 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMCommon.dll
2013-04-24 20:13 - 2008-08-25 17:19 - 00069632 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PHooKDlg.dll
2013-04-24 20:13 - 2011-03-11 10:47 - 00151040 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ScanModule.dll
2013-04-24 20:13 - 2010-12-20 16:21 - 00098304 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\CategoryManager.dll
2013-04-24 20:13 - 2010-10-22 10:01 - 00139264 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSet.dll
2013-04-24 20:13 - 2010-10-22 10:22 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSave.dll
2013-04-24 20:13 - 2010-12-29 18:32 - 00614400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDB_N.dll
2013-04-24 20:13 - 2009-08-06 10:22 - 00421888 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\FT.dll
2013-04-24 20:13 - 2010-09-09 18:00 - 00061440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMINSO.dll
2013-04-24 20:13 - 2009-09-09 14:44 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMANO.dll
2013-04-24 20:13 - 2007-03-30 09:49 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ComClass.dll
2013-04-24 20:13 - 2010-08-03 10:44 - 00049152 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMOffice.dll
2013-04-24 20:13 - 2007-12-20 14:37 - 00176128 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\DocCate.dll
2013-04-24 20:13 - 2011-01-21 15:05 - 00258048 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMScnSet.dll
2013-04-24 20:13 - 2009-11-26 17:49 - 00081920 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NetFun2k.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-01-27 15:43 - 2014-01-27 15:43 - 00065936 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\Community.CsharpSqlite.SQLiteClient.dll
2013-04-24 20:13 - 2008-11-17 14:56 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\nsSign.dll
2013-04-24 20:13 - 2010-11-30 16:42 - 00352256 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMTree.dll
2013-04-24 20:13 - 2010-07-13 10:48 - 00106496 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMProp.dll
2013-04-24 20:13 - 2007-08-31 17:51 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMVoice.dll
2013-04-24 20:13 - 2010-09-08 17:10 - 00073728 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\OutlookVBA.dll
2013-04-24 20:13 - 2009-11-27 17:38 - 00331776 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAppBar.dll
2013-04-24 20:13 - 2010-11-26 10:33 - 04583424 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMView.dll
2013-04-24 20:13 - 2007-03-30 10:01 - 00038992 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NsOEMKey.dll
2013-04-24 20:13 - 2010-09-26 11:13 - 00430080 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPageVW.dll
2013-04-24 20:13 - 2010-03-02 15:09 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDocVW.dll
2013-04-24 20:13 - 2009-06-26 09:03 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMApSet.dll
2013-04-24 20:13 - 2010-08-03 10:51 - 01036288 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\SlideBarDLL.dll
2013-04-24 20:13 - 2009-12-04 17:20 - 00323584 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAnoSet.dll
2013-04-24 20:13 - 2010-09-26 11:13 - 00184320 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImgVW.dll
2013-04-24 20:13 - 2008-08-25 16:16 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMIEVW.dll
2013-04-24 20:13 - 2010-09-08 10:52 - 00036864 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPDFView.dll
2013-04-24 20:13 - 2010-04-27 15:20 - 00065536 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMStatus.dll
2013-04-24 20:13 - 2007-03-30 09:57 - 00034896 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Import.dll
2013-04-24 20:13 - 2010-11-26 10:45 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImageSplitter.dll
2014-02-15 16:53 - 2014-02-15 16:53 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll
2012-06-21 00:55 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-06-21 00:59 - 2012-02-08 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-04-03 20:23 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/06/2014 01:28:07 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/05/2014 07:51:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4702587
Error: (04/05/2014 07:51:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4702587
Error: (04/05/2014 07:51:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/05/2014 01:20:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15632
Error: (04/05/2014 01:20:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15632
Error: (04/05/2014 01:20:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/05/2014 00:29:26 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/05/2014 00:29:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/05/2014 11:27:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (04/05/2014 11:29:20 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde nicht richtig gestartet.
Error: (04/04/2014 08:35:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/04/2014 08:32:56 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht.
Microsoft Office Sessions:
=========================
Error: (04/06/2014 01:28:07 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (04/05/2014 07:51:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4702587
Error: (04/05/2014 07:51:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4702587
Error: (04/05/2014 07:51:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/05/2014 01:20:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15632
Error: (04/05/2014 01:20:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15632
Error: (04/05/2014 01:20:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/05/2014 00:29:26 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Freya-Sophie\Downloads\esetsmartinstaller_enu.exe
Error: (04/05/2014 00:29:23 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Freya-Sophie\Downloads\esetsmartinstaller_enu.exe
Error: (04/05/2014 11:27:45 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 59%
Total physical RAM: 3996.36 MB
Available physical RAM: 1616.46 MB
Total Pagefile: 7990.9 MB
Available Pagefile: 5130.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:277.83 GB) (Free:193.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:19.97 GB) (Free:2.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (JOY_04_2014) (CDROM) (Total:1.93 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D2E3023C)
Partition: GPT Partition Type.
==================== End Of Log ============================
Ist nun alles ok mit dem pc? LG Und wenn ja kann ich die programme löschen und wenn ja wie? Und kannst du mir eben bitte sagen dass das normal ist dass wenn der nach all den Programmen das erste was wieder hoch fährt etwas länger brauch und auch kurz schwarz ist ? hatt ich sonst nämlich nicht.. =(... |
|
07.04.2014, 12:01
| #12 |
| /// the machine /// TB-Ausbilder | VIRUS Werbung bei lila unterstrichenen Wörtern War das mit dem Hochfahren jetzt nur einmal oder immer beim Hochfahren? Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.04.2014, 12:10
| #13 |
| | VIRUS Werbung bei lila unterstrichenen Wörtern Das ist immer beim hochfahren so =( Was kann man da machen bzw was kann das sein? # DelFix v10.6 - Datei am 07/04/2014 um 13:07:50 erstellt # Aktualisiert am 11/11/2013 von Xplode # Benutzer : Freya-Sophie - FREYA-SOPHIE-HP # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) ~ Aktiviere die Benutzerkontensteuerung ... OK ~ Entferne die Bereinigungsprogramme ... Gelöscht : C:\FRST Gelöscht : C:\AdwCleaner Gelöscht : C:\Users\Freya-Sophie\Downloads\Addition.txt Gelöscht : C:\Users\Freya-Sophie\Downloads\adwcleaner(1).exe Gelöscht : C:\Users\Freya-Sophie\Downloads\adwcleaner(2).exe Gelöscht : C:\Users\Freya-Sophie\Downloads\adwcleaner.exe Gelöscht : C:\Users\Freya-Sophie\Downloads\adwcleaner_3.0.0.7(1).exe Gelöscht : C:\Users\Freya-Sophie\Downloads\adwcleaner_3.0.0.7.exe Gelöscht : C:\Users\Freya-Sophie\Downloads\esetsmartinstaller_enu.exe Gelöscht : C:\Users\Freya-Sophie\Downloads\FRST.txt Gelöscht : C:\Users\Freya-Sophie\Downloads\FRST64(1).exe Gelöscht : C:\Users\Freya-Sophie\Downloads\FRST64(2).exe Gelöscht : C:\Users\Freya-Sophie\Downloads\FRST64(3).exe Gelöscht : C:\Users\Freya-Sophie\Downloads\FRST64(4).exe Gelöscht : C:\Users\Freya-Sophie\Downloads\FRST64.exe Gelöscht : C:\Users\Freya-Sophie\Downloads\JRT(1).exe Gelöscht : C:\Users\Freya-Sophie\Downloads\JRT.exe Gelöscht : C:\Users\Freya-Sophie\Downloads\JRT_6.1.2.exe Gelöscht : C:\Users\Freya-Sophie\Downloads\SecurityCheck.exe Gelöscht : HKLM\SOFTWARE\AdwCleaner ~ Erstelle ein Backup der Registrierungsdatenbank ... OK ~ Lösche die Wiederherstellungspunkte ... Gelöscht : RP #79 [Installed HP Support Assistant | 03/17/2014 20:46:05] Gelöscht : RP #80 [Windows Modules Installer | 03/17/2014 20:48:58] Gelöscht : RP #81 [Windows Modules Installer | 03/17/2014 20:49:59] Gelöscht : RP #82 [Windows Modules Installer | 04/03/2014 14:31:25] Gelöscht : RP #83 [Windows Modules Installer | 04/03/2014 14:32:08] Gelöscht : RP #84 [Revo Uninstaller's restore point - Mozilla Firefox 27.0.1 (x86 de) | 04/03/2014 14:44:51] Gelöscht : RP #85 [Revo Uninstaller's restore point - Mozilla Firefox 27.0.1 (x86 de) | 04/03/2014 14:46:22] Gelöscht : RP #86 [Uniblue SpeedUpMyPC installation | 04/03/2014 14:51:35] Gelöscht : RP #87 [Revo Uninstaller's restore point - VO Package | 04/03/2014 14:55:29] Gelöscht : RP #88 [Revo Uninstaller's restore point - SpeedUpMyPC | 04/03/2014 14:56:24] Gelöscht : RP #89 [Revo Uninstaller's restore point - WebEnhance | 04/03/2014 14:57:25] Gelöscht : RP #90 [Revo Uninstaller's restore point - Windows Live Mesh ActiveX Control for Remote Connections | 04/03/2014 14:59:22] Gelöscht : RP #91 [Revo Uninstaller's restore point - Adobe Reader X (10.1.9) MUI | 04/03/2014 15:00:47] Gelöscht : RP #92 [Revo Uninstaller's restore point - Avira Free Antivirus | 04/03/2014 15:02:46] Gelöscht : RP #93 [Removed Cisco AnyConnect Secure Mobility Client | 04/03/2014 17:37:50] Gelöscht : RP #94 [Revo Uninstaller's restore point - Malwarebytes Anti-Malware Version 1.75.0.1300 | 04/04/2014 16:31:59] Ein neuer Wiederherstellungspunkt wurde erstellt ! ~ Stelle die Systemeinstellungen wieder her ... OK ########## - EOF - ########## |
|
07.04.2014, 12:13
| #14 |
| /// the machine /// TB-Ausbilder | VIRUS Werbung bei lila unterstrichenen Wörtern http://www.trojaner-board.de/126216-...epair-aio.html Bitte mal das laufen lassen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.04.2014, 14:22
| #15 |
| | VIRUS Werbung bei lila unterstrichenen Wörtern Gleiches Problem immernoch da, jetzt hat er gerade sogar 30 sek gebraucht um vom schwarzen bildschirm zum normalen desktop zu wechseln..... das log finde ich leider unter dem angegebenen pfad nicht... Habe nur das über die Suche gefunden: System Variables -------------------------------------------------------------------------------- OS: Windows 7 Home Premium OS Architecture: 64-bit OS Version: 6.1.7601 OS Service Pack: Service Pack 1 Computer Name: FREYA-SOPHIE-HP Windows Drive: C:\ Windows Path: C:\Windows Current Profile: C:\Users\Freya-Sophie Current Profile SID: S-1-5-21-1595992211-3356558206-601454915-1000 Current Profile Classes: S-1-5-21-1595992211-3356558206-601454915-1000_Classes Profiles Location: C:\Users Profiles Location 2: C:\Windows\ServiceProfiles Local Settings AppData: C:\Users\Freya-Sophie\AppData\Local -------------------------------------------------------------------------------- System Information -------------------------------------------------------------------------------- System Up Time: 0 Days 00:11:20 Process Count: 93 Commit Total: 1,95 GB Commit Limit: 7,80 GB Commit Peak: 2,13 GB Handle Count: 24683 Kernel Total: 339,73 MB Kernel Paged: 245,28 MB Kernel Non Paged: 94,45 MB System Cache: 1,99 GB Thread Count: 999 -------------------------------------------------------------------------------- Memory Before Cleaning with CleanMem -------------------------------------------------------------------------------- Memory Total: 3,90 GB Memory Used: 1,71 GB(43,7609%) Memory Avail.: 2,19 GB -------------------------------------------------------------------------------- Cleaning Memory Before Starting Repairs... Memory After Cleaning with CleanMem -------------------------------------------------------------------------------- Memory Total: 3,90 GB Memory Used: 1,37 GB(35,2189%) Memory Avail.: 2,53 GB -------------------------------------------------------------------------------- Starting Repairs... Start (07.04.2014 14:42:42) 01 - Reset Registry Permissions 01/03 HKEY_CURRENT_USER & Sub Keys Start (07.04.2014 14:42:42) Running Repair Under Current User Account Done (07.04.2014 14:42:47) 01 - Reset Registry Permissions 02/03 HKEY_LOCAL_MACHINE & Sub Keys Start (07.04.2014 14:42:47) Running Repair Under System Account Done (07.04.2014 14:43:56) 01 - Reset Registry Permissions 03/03 HKEY_CLASSES_ROOT & Sub Keys Start (07.04.2014 14:43:56) Running Repair Under System Account Done (07.04.2014 14:44:37) 02 - Reset File Permissions: C: C: & Sub Folders Start (07.04.2014 14:44:37) Running Repair Under System Account Done (07.04.2014 14:53:46) 02 - Reset File Permissions: D: D: & Sub Folders Start (07.04.2014 14:53:46) Running Repair Under System Account Done (07.04.2014 14:53:55) 02 - Reset File Permissions: Q: Q: & Sub Folders Start (07.04.2014 14:53:55) Running Repair Under System Account Done (07.04.2014 14:53:58) 02 - Reset File Permissions: All Profiles C:\Users & Sub Folders Start (07.04.2014 14:53:58) Running Repair Under System Account Done (07.04.2014 14:55:09) 02 - Reset File Permissions: Current Profile C:\Users\Freya-Sophie & Sub Folders Start (07.04.2014 14:55:09) Running Repair Under System Account Done (07.04.2014 14:55:24) 02 - Reset File Permissions: Cleanup Repairing Restricted Folders Permissions To Avoid Infinite Loops Start (07.04.2014 14:55:24) Running Repair Under System Account Processing ACL of: <\\?\C:\Documents and Settings> SetACL finished successfully. Processing ACL of: <\\?\C:\ProgramData\Application Data> SetACL finished successfully. Processing ACL of: <\\?\C:\ProgramData\Desktop> SetACL finished successfully. Processing ACL of: <\\?\C:\ProgramData\Documents> SetACL finished successfully. Processing ACL of: <\\?\C:\ProgramData\Favorites> SetACL finished successfully. Processing ACL of: <\\?\C:\ProgramData\Start Menu> SetACL finished successfully. Processing ACL of: <\\?\C:\ProgramData\Templates> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\All Users\Application Data> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\All Users\Desktop> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\All Users\Documents> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\All Users\Favorites> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\All Users\Start Menu> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\All Users\Templates> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default User> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\Application Data> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\Cookies> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\Local Settings> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\My Documents> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\NetHood> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\PrintHood> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\Recent> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\SendTo> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\Start Menu> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\Templates> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Application Data> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\AppData\Local\History> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\AppData\Local\Temporary Internet Files> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\Documents\My Music> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\Documents\My Pictures> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Default\Documents\My Videos> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Public\Documents\My Music> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Public\Documents\My Pictures> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Public\Documents\My Videos> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Administrator\Application Data> Reading the SD from <\\?\C:\Users\Administrator\Application Data> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Processing ACL of: <\\?\C:\Users\Administrator\Cookies> Reading the SD from <\\?\C:\Users\Administrator\Cookies> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Processing ACL of: <\\?\C:\Users\Administrator\Local Settings> Reading the SD from <\\?\C:\Users\Administrator\Local Settings> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Processing ACL of: <\\?\C:\Users\Administrator\My Documents> Reading the SD from <\\?\C:\Users\Administrator\My Documents> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Processing ACL of: <\\?\C:\Users\Administrator\NetHood> Reading the SD from <\\?\C:\Users\Administrator\NetHood> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Processing ACL of: <\\?\C:\Users\Administrator\PrintHood> Reading the SD from <\\?\C:\Users\Administrator\PrintHood> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Processing ACL of: <\\?\C:\Users\Administrator\Recent> Reading the SD from <\\?\C:\Users\Administrator\Recent> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Processing ACL of: <\\?\C:\Users\Administrator\SendTo> Reading the SD from <\\?\C:\Users\Administrator\SendTo> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Processing ACL of: <\\?\C:\Users\Administrator\Start Menu> Reading the SD from <\\?\C:\Users\Administrator\Start Menu> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Processing ACL of: <\\?\C:\Users\Administrator\Templates> Reading the SD from <\\?\C:\Users\Administrator\Templates> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Processing ACL of: <\\?\C:\Users\Administrator\AppData\Local\Application Data> Reading the SD from <\\?\C:\Users\Administrator\AppData\Local\Application Data> failed with: Das System kann den angegebenen Pfad nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann den angegebenen Pfad nicht finden. Processing ACL of: <\\?\C:\Users\Administrator\AppData\Local\History> Reading the SD from <\\?\C:\Users\Administrator\AppData\Local\History> failed with: Das System kann den angegebenen Pfad nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann den angegebenen Pfad nicht finden. Processing ACL of: <\\?\C:\Users\Administrator\AppData\Local\Temporary Internet Files> Reading the SD from <\\?\C:\Users\Administrator\AppData\Local\Temporary Internet Files> failed with: Das System kann den angegebenen Pfad nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann den angegebenen Pfad nicht finden. Processing ACL of: <\\?\C:\Users\Administrator\Documents\My Music> Reading the SD from <\\?\C:\Users\Administrator\Documents\My Music> failed with: Das System kann den angegebenen Pfad nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann den angegebenen Pfad nicht finden. Processing ACL of: <\\?\C:\Users\Administrator\Documents\My Pictures> Reading the SD from <\\?\C:\Users\Administrator\Documents\My Pictures> failed with: Das System kann den angegebenen Pfad nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann den angegebenen Pfad nicht finden. Processing ACL of: <\\?\C:\Users\Administrator\Documents\My Videos> Reading the SD from <\\?\C:\Users\Administrator\Documents\My Videos> failed with: Das System kann den angegebenen Pfad nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann den angegebenen Pfad nicht finden. Processing ACL of: <\\?\C:\Users\Freya-Sophie\Application Data> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Freya-Sophie\Cookies> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Freya-Sophie\Local Settings> Reading the SD from <\\?\C:\Users\Freya-Sophie\Local Settings> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Processing ACL of: <\\?\C:\Users\Freya-Sophie\My Documents> Reading the SD from <\\?\C:\Users\Freya-Sophie\My Documents> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Processing ACL of: <\\?\C:\Users\Freya-Sophie\NetHood> Reading the SD from <\\?\C:\Users\Freya-Sophie\NetHood> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Processing ACL of: <\\?\C:\Users\Freya-Sophie\PrintHood> Reading the SD from <\\?\C:\Users\Freya-Sophie\PrintHood> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Processing ACL of: <\\?\C:\Users\Freya-Sophie\Recent> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Freya-Sophie\SendTo> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Freya-Sophie\Start Menu> Reading the SD from <\\?\C:\Users\Freya-Sophie\Start Menu> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Processing ACL of: <\\?\C:\Users\Freya-Sophie\Templates> Reading the SD from <\\?\C:\Users\Freya-Sophie\Templates> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Processing ACL of: <\\?\C:\Users\Freya-Sophie\AppData\Local\Application Data> Reading the SD from <\\?\C:\Users\Freya-Sophie\AppData\Local\Application Data> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Processing ACL of: <\\?\C:\Users\Freya-Sophie\AppData\Local\History> Reading the SD from <\\?\C:\Users\Freya-Sophie\AppData\Local\History> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Processing ACL of: <\\?\C:\Users\Freya-Sophie\AppData\Local\Temporary Internet Files> SetACL finished successfully. Processing ACL of: <\\?\C:\Users\Freya-Sophie\Documents\My Music> Reading the SD from <\\?\C:\Users\Freya-Sophie\Documents\My Music> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Processing ACL of: <\\?\C:\Users\Freya-Sophie\Documents\My Pictures> Reading the SD from <\\?\C:\Users\Freya-Sophie\Documents\My Pictures> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Processing ACL of: <\\?\C:\Users\Freya-Sophie\Documents\My Videos> Reading the SD from <\\?\C:\Users\Freya-Sophie\Documents\My Videos> failed with: Das System kann die angegebene Datei nicht finden. SetACL finished with error(s): SetACL error message: The call to GetNamedSecurityInfo () failed Operating system error message: Das System kann die angegebene Datei nicht finden. Done (07.04.2014 14:55:31) 03 - Register System Files Start (07.04.2014 14:55:43) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 14:56:22) 04 - Repair WMI Start (07.04.2014 14:56:22) Running Repair Under Current User Account Done (07.04.2014 14:58:47) 05 - Repair Windows Firewall Start (07.04.2014 14:58:47) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 14:59:27) 06 - Repair Internet Explorer Start (07.04.2014 14:59:27) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:00:24) 07 - Repair MDAC/MS Jet Start (07.04.2014 15:00:24) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:00:48) 08 - Repair Hosts File Start (07.04.2014 15:00:48) Running Repair Under System Account Done (07.04.2014 15:00:50) 09 - Remove Policies Set By Infections Start (07.04.2014 15:00:50) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:00:55) 10 - Repair Missing Start Menu Icons Removed By Infections Start (07.04.2014 15:00:55) Running Repair Under System Account Done (07.04.2014 15:00:57) 11 - Repair Icons Start (07.04.2014 15:00:57) Running Repair Under Current User Account Done (07.04.2014 15:01:00) 12 - Repair Winsock & DNS Cache Start (07.04.2014 15:01:00) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:01:22) 13 - Remove Temp Files Start (07.04.2014 15:01:22) Running Repair Under System Account Done (07.04.2014 15:01:29) 14 - Repair Proxy Settings Start (07.04.2014 15:01:29) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:01:34) 15 - Unhide Non System Files Start (07.04.2014 15:01:34) C:\ - Total Files Unhidden: 632 - Check Unhidden_Files.txt for list of files unhidden D:\ - Total Files Unhidden: 0 - Check Unhidden_Files.txt for list of files unhidden Q:\ - Total Files Unhidden: 0 - Check Unhidden_Files.txt for list of files unhidden Done (07.04.2014 15:02:43) 16 - Repair Windows Updates Start (07.04.2014 15:02:43) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:03:14) 17 - Repair CD/DVD Missing/Not Working Start (07.04.2014 15:03:14) iTunes was found, adding UpperFilters for iTunes Reg Key UpperFilters added?: True Done (07.04.2014 15:03:14) 18 - Repair Volume Shadow Copy Service Start (07.04.2014 15:03:14) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:03:23) 19 - Repair Windows Sidebar/Gadgets Start (07.04.2014 15:03:23) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:03:28) 20 - Repair MSI (Windows Installer) Start (07.04.2014 15:03:28) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:03:43) 21 - Repair Windows Snipping Tool Start (07.04.2014 15:03:43) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:03:48) 22.01 - Repair bat Association Start (07.04.2014 15:03:48) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:03:52) 22.02 - Repair cmd Association Start (07.04.2014 15:03:53) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:03:57) 22.03 - Repair com Association Start (07.04.2014 15:03:57) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:04:02) 22.04 - Repair Directory Association Start (07.04.2014 15:04:02) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:04:07) 22.05 - Repair Drive Association Start (07.04.2014 15:04:07) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:04:11) 22.06 - Repair exe Association Start (07.04.2014 15:04:12) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:04:16) 22.07 - Repair Folder Association Start (07.04.2014 15:04:16) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:04:21) 22.08 - Repair inf Association Start (07.04.2014 15:04:21) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:04:26) 22.09 - Repair lnk (Shortcuts) Association Start (07.04.2014 15:04:26) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:04:31) 22.10 - Repair msc Association Start (07.04.2014 15:04:31) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:04:35) 22.11 - Repair reg Association Start (07.04.2014 15:04:35) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:04:40) 22.12 - Repair scr Association Start (07.04.2014 15:04:40) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:04:45) 23 - Repair Windows Safe Mode Start (07.04.2014 15:04:45) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:04:50) 24 - Repair Print Spooler Start (07.04.2014 15:04:50) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:05:05) 25 - Restore Important Windows Services Start (07.04.2014 15:05:05) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:05:36) 26 - Set Windows Services To Default Startup Start (07.04.2014 15:05:36) Running Repair Under Current User Account Running Repair Under System Account Done (07.04.2014 15:05:49) Skipping Repair. Repair is for Windows v6.2 (Windows 8 & Newer) or higher. Current version: 6.1 Skipping Repair. Repair is for Windows v6.2 (Windows 8 & Newer) or higher. Current version: 6.1 Cleaning up empty logs... All Selected Repairs Done. Done (07.04.2014 15:05:49) Total Repair Time: 00:23:09 ...YOU MUST RESTART YOUR SYSTEM... Running Repair Under Current User Account |
|
| Themen zu VIRUS Werbung bei lila unterstrichenen Wörtern |
| browser, doppel, doppelt, doppelt unterstrichen, firefox, liebe, mobogenie, mobogenie entfernen, nervt, probleme, pup.optional.plurpush, pup.optional.snapdo.a, schnell, seite, seiten, tagen, unterstrichen, verweise, virus, werbung, wörter |
Linear-Darstellung
