Phishing Mail erhalten und Link geöffnet

juliaamon · 25.05.2014, 22:03

Hallo!

Habe ein Phishing Mail von Paypal bekommen und den Link angeklickt. Ich wurde dann auf die Google Seite weitergeleitet, habe also keine persönlichen Daten eingeben.
Ich bin mir aber nun nicht sicher, ob ich nicht durch das Öffnen des Links einen Virus auf meinem Laptop habe.
Vielen Dank für die Hilfe

Liebe Grüße
Julia

schrauber · 26.05.2014, 06:31

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

juliaamon · 26.05.2014, 08:15

Danke für die schnelle Antwort!
Hier sind die Dateien.

FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Julia (administrator) on JULIA on 26-05-2014 08:51:16
Running from C:\Users\Julia\Desktop
Platform: Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Dropbox, Inc.) C:\Users\Julia\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Abine Inc.) C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
(CallingID Ltd.) C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLight.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [65152 2012-08-07] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648056 2014-01-31] (Ask)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [684024 2012-10-17] (Cisco Systems, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)
HKU\S-1-5-21-42055825-4179203327-3647531362-1002\...\MountPoints2: {9a0fe524-267f-11e2-be75-20689d1e3473} - "F:\AutoRun.exe" 
Startup: C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Julia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM13/4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM13/4
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM - {B3474539-5EA2-4466-8794-A1292C835D7C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 - {B3474539-5EA2-4466-8794-A1292C835D7C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKCU - {211D9361-9FFF-4382-A4B7-D48592898DBD} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10263&src=kw&q={searchTerms}&locale=de_AT&apn_ptnrs=^AGU&apn_dtid=^YYYYYY^YY^AT&apn_uid=f0e2ac57-2a13-49ae-8fcc-f6e70a5cd0a1&apn_sauid=0E438FB1-3DC0-4334-9192-09564F2EEA31
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKCU - {B3474539-5EA2-4466-8794-A1292C835D7C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\8auc8n2b.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2014-01-24]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211072 2012-08-07] (Qualcomm Atheros Commnucations)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-07] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [1384608 2012-10-24] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-20] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140122.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-08-07] (Atheros)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-29] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-29] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20121230.018\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20121230.018\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-26 08:51 - 2014-05-26 08:54 - 00018737 _____ () C:\Users\Julia\Desktop\FRST.txt
2014-05-26 08:49 - 2014-05-26 08:51 - 00000000 ____D () C:\FRST
2014-05-26 08:44 - 2014-05-26 08:44 - 02066944 _____ (Farbar) C:\Users\Julia\Desktop\FRST64.exe
2014-05-25 15:38 - 2014-05-25 15:38 - 00000000 ___RD () C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-15 11:14 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-15 11:13 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-15 11:13 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-15 11:07 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 11:07 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 10:56 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 10:56 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 10:55 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 10:55 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 10:55 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-15 10:55 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-15 10:55 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 10:55 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 10:55 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 10:55 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-15 10:55 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 10:55 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 10:55 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-15 10:55 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-15 10:55 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 10:55 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 10:55 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 10:55 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 10:55 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 10:55 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-15 10:55 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 10:55 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 10:55 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 10:55 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 10:55 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 10:55 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 10:55 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 10:55 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 10:55 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-15 10:55 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 10:55 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 10:55 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 10:55 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 10:55 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 10:55 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-15 10:54 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 10:54 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 10:53 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 10:53 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 10:53 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 10:53 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 10:53 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-15 10:53 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-15 10:53 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-15 10:53 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-15 10:53 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-15 10:53 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-15 10:53 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-15 10:53 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-15 10:53 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-05-12 22:47 - 2014-05-12 22:47 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-05-07 10:55 - 2014-05-07 10:55 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\DropboxMaster
2014-05-06 10:18 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-05-06 10:18 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-06 10:18 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 10:18 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-06 10:18 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-05 15:13 - 2014-05-05 15:13 - 00000000 ___SD () C:\Users\Julia\Documents\Meine Datenquellen
2014-05-02 23:04 - 2014-05-02 23:05 - 00280024 _____ () C:\Windows\Minidump\050214-115237-01.dmp

==================== One Month Modified Files and Folders =======

2014-05-26 08:54 - 2014-05-26 08:51 - 00018737 _____ () C:\Users\Julia\Desktop\FRST.txt
2014-05-26 08:51 - 2014-05-26 08:49 - 00000000 ____D () C:\FRST
2014-05-26 08:44 - 2014-05-26 08:44 - 02066944 _____ (Farbar) C:\Users\Julia\Desktop\FRST64.exe
2014-05-26 08:44 - 2014-01-30 13:41 - 00029184 ___SH () C:\Users\Julia\Desktop\Thumbs.db
2014-05-26 08:10 - 2012-11-02 19:44 - 00000000 ____D () C:\Users\Julia\AppData\Local\CrashDumps
2014-05-26 08:03 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-26 08:02 - 2012-11-02 13:18 - 01326503 _____ () C:\Windows\WindowsUpdate.log
2014-05-26 00:51 - 2012-11-06 16:33 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4FD83DC4-D1D0-45C8-9D62-4B772D5E2B58}
2014-05-25 15:39 - 2013-01-18 17:40 - 00000000 ___RD () C:\Users\Julia\Dropbox
2014-05-25 15:39 - 2013-01-08 22:41 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\Dropbox
2014-05-25 15:38 - 2014-05-25 15:38 - 00000000 ___RD () C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-25 12:37 - 2013-01-23 20:23 - 00000000 ____D () C:\Users\Julia\AppData\Local\DoNotTrackPlus
2014-05-23 16:33 - 2012-08-17 21:13 - 00830120 _____ () C:\Windows\system32\perfh007.dat
2014-05-23 16:33 - 2012-08-17 21:13 - 00188224 _____ () C:\Windows\system32\perfc007.dat
2014-05-23 16:33 - 2012-07-26 09:28 - 01949368 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-23 16:25 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-21 10:47 - 2012-11-02 13:18 - 00000000 ____D () C:\Users\Julia
2014-05-19 15:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-17 12:44 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-05-17 09:08 - 2012-11-02 13:24 - 00000000 ___RD () C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 09:08 - 2012-11-02 13:24 - 00000000 ___RD () C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 09:08 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-17 09:02 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-05-17 00:21 - 2012-07-26 07:26 - 00786432 ___SH () C:\Windows\system32\config\BBI
2014-05-17 00:16 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-17 00:16 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-17 00:16 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-17 00:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-17 00:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-17 00:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 13:36 - 2012-11-13 15:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 13:35 - 2012-07-26 09:21 - 00038716 _____ () C:\Windows\setupact.log
2014-05-15 12:05 - 2013-12-26 22:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 11:59 - 2012-12-23 23:03 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 22:35 - 2013-01-18 17:40 - 00001014 _____ () C:\Users\Julia\Desktop\Dropbox.lnk
2014-05-13 22:35 - 2013-01-08 22:43 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-12 22:47 - 2014-05-12 22:47 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-05-12 22:41 - 2012-09-16 07:36 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-05-12 22:41 - 2012-09-16 07:34 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-05-12 22:40 - 2012-09-16 07:36 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-05-12 22:40 - 2012-09-16 07:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-05-12 22:34 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-05-07 10:55 - 2014-05-07 10:55 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\DropboxMaster
2014-05-06 07:14 - 2014-05-15 10:54 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 07:14 - 2014-05-15 10:54 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 05:48 - 2014-05-15 10:53 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:48 - 2014-05-15 10:53 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-06 05:37 - 2014-05-15 10:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:26 - 2014-05-15 10:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 15:13 - 2014-05-05 15:13 - 00000000 ___SD () C:\Users\Julia\Documents\Meine Datenquellen
2014-05-02 23:05 - 2014-05-02 23:04 - 00280024 _____ () C:\Windows\Minidump\050214-115237-01.dmp
2014-05-02 23:04 - 2013-02-22 15:47 - 00000000 ____D () C:\Windows\Minidump
2014-05-02 23:03 - 2013-02-22 15:47 - 552658140 _____ () C:\Windows\MEMORY.DMP
2014-05-02 23:02 - 2012-08-04 00:23 - 00253612 _____ () C:\Windows\PFRO.log
2014-05-01 23:30 - 2012-11-13 16:34 - 00000000 ____D () C:\Users\Julia\Studium
2014-05-01 22:37 - 2013-12-30 01:03 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:37 - 2013-12-30 01:03 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Julia\AppData\Local\Temp\AskSLib.dll
C:\Users\Julia\AppData\Local\Temp\avgnt.exe
C:\Users\Julia\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9deohj.dll
C:\Users\Julia\AppData\Local\Temp\Extract.exe
C:\Users\Julia\AppData\Local\Temp\ose00000.exe
C:\Users\Julia\AppData\Local\Temp\setup.exe
C:\Users\Julia\AppData\Local\Temp\SP60642.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-15 10:55] - [2014-04-12 11:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 16:19

==================== End Of Log ============================

--- --- ---

Addition.txt

Code:

ATTFilter

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Julia at 2014-05-26 08:55:36
Running from C:\Users\Julia\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{63ADEC24-A374-80A8-E89B-BE401C787F75}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0806.1156.19437 - Ihr Firmenname) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0806.1156.19437 - Ihr Firmenname) Hidden
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.31.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.4.4.57710 - Ask.com) <==== ATTENTION
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.01065 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.01065 - Cisco Systems, Inc.) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1.5407 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1926 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{8E7CB625-076C-4812-87B9-A2695C2CFABF}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{94BB4B4F-BD6D-4166-A580-F868C8384CA6}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
Mathematica Extras 9.0 (4092550) (HKLM\...\A-WIN-Extras 9.0.1 4092550_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Ihr Firmenname)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wolfram CDF Player (M-WIN-D 9.0.1 4092685) (HKLM-x32\...\M-WIN-D 9.0.1 4092685_is1) (Version: 9.0.1 - Wolfram Research, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {017646AE-1F55-4A8E-AB26-63A5F57E0008} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {12E792CF-EB0D-4401-A151-4D602BD9FB3B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3A521DD6-49A9-42B4-8F30-42628D2E31BB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2012-08-10] (Hewlett-Packard Company)
Task: {3E4FC98E-7700-487E-8171-B398408FA2AF} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {42C10F70-4206-4BD2-AA73-31FFB89FB722} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {4810B636-6906-469C-8224-FF4235C4B241} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {572F7201-4ED6-4C3A-84ED-1A3A78B5EEBF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {5BBF9787-248A-4F74-9311-5319CE7387E4} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {6E12ABF8-9784-490D-9C19-D42B815F44DA} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {94D524AC-A594-44D1-B867-DB7B2728ABCB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Tune-up Postponed => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {ABF0D901-5B6A-4D04-A0FA-E0D2E7B0D266} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {BA2788F8-E1A6-45C9-BD1D-0F3D81BF0A79} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2014-01-31] () <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D3A1638C-B453-4F24-ACB4-D0FD04090AA4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F0EA522C-0BD9-45B4-9198-E92AF520A309} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)

==================== Loaded Modules (whitelisted) =============

2012-08-06 12:09 - 2012-08-06 12:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-08-07 18:15 - 2012-08-07 18:15 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-07 18:11 - 2012-08-07 18:11 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-08-06 12:08 - 2012-08-06 12:08 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-06 11:54 - 2012-08-06 11:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-10-17 10:30 - 2012-10-17 10:30 - 00062968 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-01-23 16:09 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-09-16 07:23 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-05-25 15:38 - 2014-05-25 15:38 - 00041984 _____ () c:\users\julia\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9deohj.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Julia\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-11 00:39 - 2013-03-11 00:39 - 00227192 _____ () C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPButton.dll
2013-03-11 00:39 - 2013-03-11 00:39 - 00597880 _____ () C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPContentFilter.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/26/2014 08:16:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16537 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 8ac

Startzeit: 01cf78a827d69931

Endzeit: 2693

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID: 23b0e284-e49d-11e3-bedf-20689d1e3473

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/26/2014 08:10:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7
Name des fehlerhaften Moduls: combase.dll, Version: 6.2.9200.16420, Zeitstempel: 0x505a976e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00017032
ID des fehlerhaften Prozesses: 0x1e98
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (05/26/2014 01:52:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25693

Error: (05/26/2014 01:52:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25693

Error: (05/26/2014 01:52:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/26/2014 01:52:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24118

Error: (05/26/2014 01:52:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24118

Error: (05/26/2014 01:52:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/26/2014 01:52:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22558

Error: (05/26/2014 01:52:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22558


System errors:
=============
Error: (05/26/2014 01:51:01 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AtherosSvc erreicht.

Error: (05/25/2014 01:19:03 PM) (Source: DCOM) (EventID: 10016) (User: JULIA)
Description: AnwendungsspezifischLokalAktivierung{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}JuliaJuliaS-1-5-21-42055825-4179203327-3647531362-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (05/25/2014 01:18:59 PM) (Source: DCOM) (EventID: 10016) (User: JULIA)
Description: AnwendungsspezifischLokalAktivierung{A188DB29-2ABC-46CB-9A38-40B82CF5D051}{EA022610-0748-4C24-B229-6C507EBDFDBB}JuliaJuliaS-1-5-21-42055825-4179203327-3647531362-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (05/25/2014 09:59:47 AM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (05/24/2014 05:46:57 PM) (Source: DCOM) (EventID: 10010) (User: JULIA)
Description: Microsoft.Reader

Error: (05/24/2014 00:14:23 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (05/23/2014 04:32:28 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Norton Internet Security" wurde nicht richtig gestartet.

Error: (05/23/2014 04:29:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/23/2014 04:29:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HP Support Assistant Service erreicht.

Error: (05/23/2014 04:25:40 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎23.‎05.‎2014 um 15:52:59 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (05/26/2014 08:16:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe10.0.9200.165378ac01cf78a827d699312693C:\Program Files\Internet Explorer\iexplore.exe23b0e284-e49d-11e3-bedf-20689d1e3473

Error: (05/26/2014 08:10:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.16537512347f7combase.dll6.2.9200.16420505a976ec0000005000170321e9801cf78a83489151fC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\combase.dll5f3f2dfa-e49c-11e3-bedf-20689d1e3473

Error: (05/26/2014 01:52:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25693

Error: (05/26/2014 01:52:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25693

Error: (05/26/2014 01:52:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/26/2014 01:52:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24118

Error: (05/26/2014 01:52:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24118

Error: (05/26/2014 01:52:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/26/2014 01:52:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22558

Error: (05/26/2014 01:52:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22558


==================== Memory info =========================== 

Percentage of memory in use: 77%
Total physical RAM: 1626.25 MB
Available physical RAM: 359.81 MB
Total Pagefile: 6746.25 MB
Available Pagefile: 2812.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:283.43 GB) (Free:207.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.89 GB) (Free:1.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 37DACB8A)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber · 26.05.2014, 19:48

Adware & Co. deinstallieren

Lade Dir bitte von hier Revo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:

diesen Zusatz haben:
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

juliaamon · 26.05.2014, 22:51

Danke für deine Hilfe.

Ich habe nun alles durchgeführt.

mbam.txt

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 26.05.2014 21:25:25, SYSTEM, JULIA, Protection, Malware Protection, Starting, 
Protection, 26.05.2014 21:25:26, SYSTEM, JULIA, Protection, Malware Protection, Started, 
Protection, 26.05.2014 21:25:27, SYSTEM, JULIA, Protection, Malicious Website Protection, Starting, 
Protection, 26.05.2014 21:25:33, SYSTEM, JULIA, Protection, Malicious Website Protection, Started, 
Update, 26.05.2014 21:27:03, SYSTEM, JULIA, Manual, Rootkit Database, 2014.2.20.1, 2014.5.21.1, 
Update, 26.05.2014 21:27:11, SYSTEM, JULIA, Manual, Malware Database, 2014.3.4.9, 2014.5.26.3, 
Protection, 26.05.2014 21:27:14, SYSTEM, JULIA, Protection, Refresh, Starting, 
Protection, 26.05.2014 21:27:14, SYSTEM, JULIA, Protection, Malicious Website Protection, Stopping, 
Protection, 26.05.2014 21:27:16, SYSTEM, JULIA, Protection, Malicious Website Protection, Stopped, 
Protection, 26.05.2014 21:27:39, SYSTEM, JULIA, Protection, Refresh, Success, 
Protection, 26.05.2014 21:27:50, SYSTEM, JULIA, Protection, Malicious Website Protection, Starting, 
Protection, 26.05.2014 21:27:53, SYSTEM, JULIA, Protection, Malicious Website Protection, Started, 
Protection, 26.05.2014 22:41:57, SYSTEM, JULIA, Protection, Malware Protection, Starting, 
Protection, 26.05.2014 22:41:58, SYSTEM, JULIA, Protection, Malware Protection, Started, 
Protection, 26.05.2014 22:41:58, SYSTEM, JULIA, Protection, Malicious Website Protection, Starting, 
Protection, 26.05.2014 22:43:39, SYSTEM, JULIA, Protection, Malicious Website Protection, Started, 

(end)

AdwCleaner

Code:

ATTFilter

# AdwCleaner v3.211 - Bericht erstellt am 26/05/2014 um 23:05:02
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Julia - JULIA
# Gestartet von : C:\Users\Julia\Desktop\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\Julia\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Julia\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Julia\AppData\LocalLow\AskToolbar
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\8auc8n2b.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");

*************************

AdwCleaner[R0].txt - [8028 octets] - [26/05/2014 22:57:55]
AdwCleaner[S0].txt - [7464 octets] - [26/05/2014 23:05:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7524 octets] ##########

JRT.txt

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Julia on 26.05.2014 at 23:15:52,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{211D9361-9FFF-4382-A4B7-D48592898DBD}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B3474539-5EA2-4466-8794-A1292C835D7C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B3474539-5EA2-4466-8794-A1292C835D7C}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.05.2014 at 23:42:49,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Julia (administrator) on JULIA on 26-05-2014 23:43:16
Running from C:\Users\Julia\Desktop
Platform: Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dropbox, Inc.) C:\Users\Julia\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Thisisu) C:\Users\Julia\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [65152 2012-08-07] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [684024 2012-10-17] (Cisco Systems, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)
HKU\S-1-5-21-42055825-4179203327-3647531362-1002\...\MountPoints2: {9a0fe524-267f-11e2-be75-20689d1e3473} - "F:\AutoRun.exe" 
Startup: C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Julia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM13/4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM13/4
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKLM - {B3474539-5EA2-4466-8794-A1292C835D7C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\8auc8n2b.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2014-01-24]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211072 2012-08-07] (Qualcomm Atheros Commnucations)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-07] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [1384608 2012-10-24] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-20] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140122.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-08-07] (Atheros)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-29] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-29] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20121230.018\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20121230.018\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-26 23:42 - 2014-05-26 23:42 - 00001180 _____ () C:\Users\Julia\Desktop\JRT.txt
2014-05-26 23:15 - 2014-05-26 23:15 - 00000000 ____D () C:\Windows\ERUNT
2014-05-26 23:14 - 2014-05-26 23:14 - 01016261 _____ (Thisisu) C:\Users\Julia\Desktop\JRT.exe
2014-05-26 23:11 - 2014-05-26 23:11 - 00007624 _____ () C:\Users\Julia\Desktop\AdwCleaner[S0].txt
2014-05-26 23:11 - 2014-05-26 23:11 - 00000000 ___RD () C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-26 22:57 - 2014-05-26 23:05 - 00000000 ____D () C:\AdwCleaner
2014-05-26 22:56 - 2014-05-26 22:56 - 01327971 _____ () C:\Users\Julia\Desktop\adwcleaner_3.211.exe
2014-05-26 22:54 - 2014-05-26 22:54 - 00001594 _____ () C:\Users\Julia\Desktop\mbam.txt
2014-05-26 21:26 - 2014-05-26 23:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 21:24 - 2014-05-26 21:24 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-26 21:24 - 2014-05-26 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-26 21:23 - 2014-05-26 21:24 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-26 21:23 - 2014-05-26 21:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 21:23 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-26 21:23 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-26 21:23 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-26 21:20 - 2014-05-26 21:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Julia\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-26 21:09 - 2014-05-26 21:09 - 00000733 _____ () C:\Users\Julia\Desktop\Revo Uninstaller.lnk
2014-05-26 21:08 - 2014-05-26 21:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Julia\Desktop\revosetup95.exe
2014-05-26 08:55 - 2014-05-26 09:03 - 00033819 _____ () C:\Users\Julia\Desktop\Addition.txt
2014-05-26 08:51 - 2014-05-26 23:43 - 00016595 _____ () C:\Users\Julia\Desktop\FRST.txt
2014-05-26 08:49 - 2014-05-26 23:43 - 00000000 ____D () C:\FRST
2014-05-26 08:44 - 2014-05-26 08:44 - 02066944 _____ (Farbar) C:\Users\Julia\Desktop\FRST64.exe
2014-05-15 11:14 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-15 11:13 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-15 11:13 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-15 11:07 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 11:07 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 10:56 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 10:56 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 10:55 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 10:55 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 10:55 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-15 10:55 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-15 10:55 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 10:55 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 10:55 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 10:55 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-15 10:55 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 10:55 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 10:55 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-15 10:55 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-15 10:55 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 10:55 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 10:55 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 10:55 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 10:55 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 10:55 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-15 10:55 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 10:55 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 10:55 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 10:55 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 10:55 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 10:55 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 10:55 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 10:55 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 10:55 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-15 10:55 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 10:55 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 10:55 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 10:55 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 10:55 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 10:55 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-15 10:54 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 10:54 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 10:53 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 10:53 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 10:53 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 10:53 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 10:53 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-15 10:53 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-15 10:53 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-15 10:53 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-15 10:53 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-15 10:53 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-15 10:53 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-15 10:53 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-15 10:53 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-05-12 22:47 - 2014-05-12 22:47 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-05-07 10:55 - 2014-05-07 10:55 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\DropboxMaster
2014-05-06 10:18 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-05-06 10:18 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-06 10:18 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 10:18 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-06 10:18 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-05 15:13 - 2014-05-05 15:13 - 00000000 ___SD () C:\Users\Julia\Documents\Meine Datenquellen
2014-05-02 23:04 - 2014-05-02 23:05 - 00280024 _____ () C:\Windows\Minidump\050214-115237-01.dmp

==================== One Month Modified Files and Folders =======

2014-05-26 23:43 - 2014-05-26 08:51 - 00016595 _____ () C:\Users\Julia\Desktop\FRST.txt
2014-05-26 23:43 - 2014-05-26 08:49 - 00000000 ____D () C:\FRST
2014-05-26 23:42 - 2014-05-26 23:42 - 00001180 _____ () C:\Users\Julia\Desktop\JRT.txt
2014-05-26 23:15 - 2014-05-26 23:15 - 00000000 ____D () C:\Windows\ERUNT
2014-05-26 23:14 - 2014-05-26 23:14 - 01016261 _____ (Thisisu) C:\Users\Julia\Desktop\JRT.exe
2014-05-26 23:12 - 2013-01-18 17:40 - 00000000 ___RD () C:\Users\Julia\Dropbox
2014-05-26 23:12 - 2013-01-08 22:41 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\Dropbox
2014-05-26 23:11 - 2014-05-26 23:11 - 00007624 _____ () C:\Users\Julia\Desktop\AdwCleaner[S0].txt
2014-05-26 23:11 - 2014-05-26 23:11 - 00000000 ___RD () C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-26 23:09 - 2014-05-26 21:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 23:06 - 2012-08-04 00:23 - 00254850 _____ () C:\Windows\PFRO.log
2014-05-26 23:06 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-26 23:06 - 2012-07-26 07:26 - 00786432 ___SH () C:\Windows\system32\config\BBI
2014-05-26 23:05 - 2014-05-26 22:57 - 00000000 ____D () C:\AdwCleaner
2014-05-26 23:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-26 22:56 - 2014-05-26 22:56 - 01327971 _____ () C:\Users\Julia\Desktop\adwcleaner_3.211.exe
2014-05-26 22:54 - 2014-05-26 22:54 - 00001594 _____ () C:\Users\Julia\Desktop\mbam.txt
2014-05-26 22:53 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-26 22:49 - 2012-08-17 21:13 - 00830120 _____ () C:\Windows\system32\perfh007.dat
2014-05-26 22:49 - 2012-08-17 21:13 - 00188224 _____ () C:\Windows\system32\perfc007.dat
2014-05-26 22:49 - 2012-07-26 09:28 - 01949368 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-26 22:46 - 2012-11-02 19:44 - 00000000 ____D () C:\Users\Julia\AppData\Local\CrashDumps
2014-05-26 22:40 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\Help
2014-05-26 21:51 - 2012-11-06 16:33 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4FD83DC4-D1D0-45C8-9D62-4B772D5E2B58}
2014-05-26 21:49 - 2012-11-02 13:18 - 01372182 _____ () C:\Windows\WindowsUpdate.log
2014-05-26 21:24 - 2014-05-26 21:24 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-26 21:24 - 2014-05-26 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-26 21:24 - 2014-05-26 21:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-26 21:23 - 2014-05-26 21:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 21:20 - 2014-05-26 21:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Julia\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-26 21:09 - 2014-05-26 21:09 - 00000733 _____ () C:\Users\Julia\Desktop\Revo Uninstaller.lnk
2014-05-26 21:08 - 2014-05-26 21:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Julia\Desktop\revosetup95.exe
2014-05-26 15:30 - 2013-01-23 20:23 - 00000000 ____D () C:\Users\Julia\AppData\Local\DoNotTrackPlus
2014-05-26 09:03 - 2014-05-26 08:55 - 00033819 _____ () C:\Users\Julia\Desktop\Addition.txt
2014-05-26 08:44 - 2014-05-26 08:44 - 02066944 _____ (Farbar) C:\Users\Julia\Desktop\FRST64.exe
2014-05-26 08:44 - 2014-01-30 13:41 - 00029184 ___SH () C:\Users\Julia\Desktop\Thumbs.db
2014-05-21 10:47 - 2012-11-02 13:18 - 00000000 ____D () C:\Users\Julia
2014-05-19 15:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-17 12:44 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-05-17 09:08 - 2012-11-02 13:24 - 00000000 ___RD () C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 09:08 - 2012-11-02 13:24 - 00000000 ___RD () C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 09:02 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-05-17 00:16 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-17 00:16 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-17 00:16 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-17 00:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-17 00:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-17 00:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 13:36 - 2012-11-13 15:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 13:35 - 2012-07-26 09:21 - 00038716 _____ () C:\Windows\setupact.log
2014-05-15 12:05 - 2013-12-26 22:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 11:59 - 2012-12-23 23:03 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 22:35 - 2013-01-18 17:40 - 00001014 _____ () C:\Users\Julia\Desktop\Dropbox.lnk
2014-05-13 22:35 - 2013-01-08 22:43 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-12 22:47 - 2014-05-12 22:47 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-05-12 22:41 - 2012-09-16 07:36 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-05-12 22:41 - 2012-09-16 07:34 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-05-12 22:40 - 2012-09-16 07:36 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-05-12 22:40 - 2012-09-16 07:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-05-12 22:34 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-05-12 07:26 - 2014-05-26 21:23 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-26 21:23 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-26 21:23 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-07 10:55 - 2014-05-07 10:55 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\DropboxMaster
2014-05-06 07:14 - 2014-05-15 10:54 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 07:14 - 2014-05-15 10:54 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 05:48 - 2014-05-15 10:53 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:48 - 2014-05-15 10:53 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-06 05:37 - 2014-05-15 10:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:26 - 2014-05-15 10:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 15:13 - 2014-05-05 15:13 - 00000000 ___SD () C:\Users\Julia\Documents\Meine Datenquellen
2014-05-02 23:05 - 2014-05-02 23:04 - 00280024 _____ () C:\Windows\Minidump\050214-115237-01.dmp
2014-05-02 23:04 - 2013-02-22 15:47 - 00000000 ____D () C:\Windows\Minidump
2014-05-02 23:03 - 2013-02-22 15:47 - 552658140 _____ () C:\Windows\MEMORY.DMP
2014-05-01 23:30 - 2012-11-13 16:34 - 00000000 ____D () C:\Users\Julia\Studium
2014-05-01 22:37 - 2013-12-30 01:03 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:37 - 2013-12-30 01:03 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Julia\AppData\Local\Temp\AskSLib.dll
C:\Users\Julia\AppData\Local\Temp\avgnt.exe
C:\Users\Julia\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl1vrzw.dll
C:\Users\Julia\AppData\Local\Temp\Extract.exe
C:\Users\Julia\AppData\Local\Temp\ose00000.exe
C:\Users\Julia\AppData\Local\Temp\Quarantine.exe
C:\Users\Julia\AppData\Local\Temp\setup.exe
C:\Users\Julia\AppData\Local\Temp\SP60642.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-15 10:55] - [2014-04-12 11:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 16:19

==================== End Of Log ============================

--- --- ---

Danke nochmal für deine Hilfe.

Liebe Grüße
Julia

schrauber · 27.05.2014, 18:25

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

juliaamon · 27.05.2014, 22:33

Hier sind die weiteren Daten.

ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c4164ed6049aff4c84fd3f54192244c6
# engine=18432
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-27 09:18:51
# local_time=2014-05-27 11:18:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode=1799 16775165 100 96 45716 266648822 38217 0
# compatibility_mode=3591 16777213 100 91 398785 163822117 0 0
# compatibility_mode=5893 16776574 100 94 946942 60731643 0 0
# scanned=260054
# found=0
# cleaned=0
# scan_time=12274

Security Check

Code:

ATTFilter

Results of screen317's Security Check version 0.99.83  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop              
Windows Defender           
Norton Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Mozilla Firefox (26.0) 
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Julia (administrator) on JULIA on 27-05-2014 23:28:09
Running from C:\Users\Julia\Desktop
Platform: Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Dropbox, Inc.) C:\Users\Julia\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
() C:\Users\Julia\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [65152 2012-08-07] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [684024 2012-10-17] (Cisco Systems, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)
HKU\S-1-5-21-42055825-4179203327-3647531362-1002\...\MountPoints2: {9a0fe524-267f-11e2-be75-20689d1e3473} - "F:\AutoRun.exe" 
Startup: C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Julia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM13/4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM13/4
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKLM - {B3474539-5EA2-4466-8794-A1292C835D7C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\8auc8n2b.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2014-01-24]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211072 2012-08-07] (Qualcomm Atheros Commnucations)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-07] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [1384608 2012-10-24] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-20] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140122.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-08-07] (Atheros)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-29] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-29] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20121230.018\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20121230.018\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-27 23:28 - 2014-05-27 23:28 - 00017337 _____ () C:\Users\Julia\Desktop\FRST.txt
2014-05-27 23:22 - 2014-05-27 23:22 - 00854367 _____ () C:\Users\Julia\Desktop\SecurityCheck.exe
2014-05-27 19:51 - 2014-05-27 19:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-27 19:50 - 2014-05-27 19:50 - 02347384 _____ (ESET) C:\Users\Julia\Desktop\esetsmartinstaller_deu.exe
2014-05-27 10:36 - 2014-05-27 10:36 - 00000000 ___RD () C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-26 23:15 - 2014-05-26 23:15 - 00000000 ____D () C:\Windows\ERUNT
2014-05-26 23:14 - 2014-05-26 23:14 - 01016261 _____ (Thisisu) C:\Users\Julia\Desktop\JRT.exe
2014-05-26 22:57 - 2014-05-26 23:05 - 00000000 ____D () C:\AdwCleaner
2014-05-26 22:56 - 2014-05-26 22:56 - 01327971 _____ () C:\Users\Julia\Desktop\adwcleaner_3.211.exe
2014-05-26 21:26 - 2014-05-27 21:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 21:24 - 2014-05-26 21:24 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-26 21:24 - 2014-05-26 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-26 21:23 - 2014-05-26 21:24 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-26 21:23 - 2014-05-26 21:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 21:23 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-26 21:23 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-26 21:23 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-26 21:20 - 2014-05-26 21:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Julia\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-26 21:09 - 2014-05-26 21:09 - 00000733 _____ () C:\Users\Julia\Desktop\Revo Uninstaller.lnk
2014-05-26 21:08 - 2014-05-26 21:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Julia\Desktop\revosetup95.exe
2014-05-26 08:49 - 2014-05-27 23:28 - 00000000 ____D () C:\FRST
2014-05-26 08:44 - 2014-05-26 08:44 - 02066944 _____ (Farbar) C:\Users\Julia\Desktop\FRST64.exe
2014-05-15 11:14 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-15 11:13 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-15 11:13 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-15 11:07 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 11:07 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 10:56 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 10:56 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 10:55 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 10:55 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 10:55 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-15 10:55 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-15 10:55 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 10:55 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 10:55 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 10:55 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-15 10:55 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 10:55 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 10:55 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-15 10:55 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-15 10:55 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 10:55 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 10:55 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 10:55 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 10:55 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 10:55 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-15 10:55 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 10:55 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 10:55 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 10:55 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 10:55 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 10:55 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 10:55 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 10:55 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 10:55 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-15 10:55 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 10:55 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 10:55 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 10:55 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 10:55 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 10:55 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-15 10:54 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 10:54 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 10:53 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 10:53 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 10:53 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 10:53 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 10:53 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-15 10:53 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-15 10:53 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-15 10:53 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-15 10:53 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-15 10:53 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-15 10:53 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-15 10:53 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-15 10:53 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-05-12 22:47 - 2014-05-12 22:47 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-05-07 10:55 - 2014-05-07 10:55 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\DropboxMaster
2014-05-06 10:18 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-05-06 10:18 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-06 10:18 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 10:18 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-06 10:18 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-05 15:13 - 2014-05-05 15:13 - 00000000 ___SD () C:\Users\Julia\Documents\Meine Datenquellen
2014-05-02 23:04 - 2014-05-02 23:05 - 00280024 _____ () C:\Windows\Minidump\050214-115237-01.dmp

==================== One Month Modified Files and Folders =======

2014-05-27 23:29 - 2014-05-27 23:28 - 00017337 _____ () C:\Users\Julia\Desktop\FRST.txt
2014-05-27 23:28 - 2014-05-26 08:49 - 00000000 ____D () C:\FRST
2014-05-27 23:22 - 2014-05-27 23:22 - 00854367 _____ () C:\Users\Julia\Desktop\SecurityCheck.exe
2014-05-27 23:15 - 2012-11-06 16:33 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4FD83DC4-D1D0-45C8-9D62-4B772D5E2B58}
2014-05-27 23:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-27 21:50 - 2014-05-26 21:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-27 21:50 - 2012-11-02 13:18 - 01421358 _____ () C:\Windows\WindowsUpdate.log
2014-05-27 19:51 - 2014-05-27 19:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-27 19:50 - 2014-05-27 19:50 - 02347384 _____ (ESET) C:\Users\Julia\Desktop\esetsmartinstaller_deu.exe
2014-05-27 19:49 - 2012-08-17 21:13 - 00830120 _____ () C:\Windows\system32\perfh007.dat
2014-05-27 19:49 - 2012-08-17 21:13 - 00188224 _____ () C:\Windows\system32\perfc007.dat
2014-05-27 19:49 - 2012-07-26 09:28 - 01949368 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-27 18:46 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-27 10:37 - 2013-01-18 17:40 - 00000000 ___RD () C:\Users\Julia\Dropbox
2014-05-27 10:37 - 2013-01-08 22:41 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\Dropbox
2014-05-27 10:36 - 2014-05-27 10:36 - 00000000 ___RD () C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-26 23:15 - 2014-05-26 23:15 - 00000000 ____D () C:\Windows\ERUNT
2014-05-26 23:14 - 2014-05-26 23:14 - 01016261 _____ (Thisisu) C:\Users\Julia\Desktop\JRT.exe
2014-05-26 23:06 - 2012-08-04 00:23 - 00254850 _____ () C:\Windows\PFRO.log
2014-05-26 23:06 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-26 23:06 - 2012-07-26 07:26 - 00786432 ___SH () C:\Windows\system32\config\BBI
2014-05-26 23:05 - 2014-05-26 22:57 - 00000000 ____D () C:\AdwCleaner
2014-05-26 22:56 - 2014-05-26 22:56 - 01327971 _____ () C:\Users\Julia\Desktop\adwcleaner_3.211.exe
2014-05-26 22:53 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-26 22:46 - 2012-11-02 19:44 - 00000000 ____D () C:\Users\Julia\AppData\Local\CrashDumps
2014-05-26 22:40 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\Help
2014-05-26 21:24 - 2014-05-26 21:24 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-26 21:24 - 2014-05-26 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-26 21:24 - 2014-05-26 21:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-26 21:23 - 2014-05-26 21:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 21:20 - 2014-05-26 21:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Julia\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-26 21:09 - 2014-05-26 21:09 - 00000733 _____ () C:\Users\Julia\Desktop\Revo Uninstaller.lnk
2014-05-26 21:08 - 2014-05-26 21:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Julia\Desktop\revosetup95.exe
2014-05-26 15:30 - 2013-01-23 20:23 - 00000000 ____D () C:\Users\Julia\AppData\Local\DoNotTrackPlus
2014-05-26 08:44 - 2014-05-26 08:44 - 02066944 _____ (Farbar) C:\Users\Julia\Desktop\FRST64.exe
2014-05-26 08:44 - 2014-01-30 13:41 - 00029184 ___SH () C:\Users\Julia\Desktop\Thumbs.db
2014-05-21 10:47 - 2012-11-02 13:18 - 00000000 ____D () C:\Users\Julia
2014-05-17 12:44 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-05-17 09:08 - 2012-11-02 13:24 - 00000000 ___RD () C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 09:08 - 2012-11-02 13:24 - 00000000 ___RD () C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 09:02 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-05-17 00:16 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-17 00:16 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-17 00:16 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-17 00:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-17 00:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-17 00:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 13:36 - 2012-11-13 15:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 13:35 - 2012-07-26 09:21 - 00038716 _____ () C:\Windows\setupact.log
2014-05-15 12:05 - 2013-12-26 22:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 11:59 - 2012-12-23 23:03 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 22:35 - 2013-01-18 17:40 - 00001014 _____ () C:\Users\Julia\Desktop\Dropbox.lnk
2014-05-13 22:35 - 2013-01-08 22:43 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-12 22:47 - 2014-05-12 22:47 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-05-12 22:41 - 2012-09-16 07:36 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-05-12 22:41 - 2012-09-16 07:34 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-05-12 22:40 - 2012-09-16 07:36 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-05-12 22:40 - 2012-09-16 07:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-05-12 22:34 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-05-12 07:26 - 2014-05-26 21:23 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-26 21:23 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-26 21:23 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-07 10:55 - 2014-05-07 10:55 - 00000000 ____D () C:\Users\Julia\AppData\Roaming\DropboxMaster
2014-05-06 07:14 - 2014-05-15 10:54 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 07:14 - 2014-05-15 10:54 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 05:48 - 2014-05-15 10:53 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:48 - 2014-05-15 10:53 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-06 05:37 - 2014-05-15 10:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:26 - 2014-05-15 10:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 15:13 - 2014-05-05 15:13 - 00000000 ___SD () C:\Users\Julia\Documents\Meine Datenquellen
2014-05-02 23:05 - 2014-05-02 23:04 - 00280024 _____ () C:\Windows\Minidump\050214-115237-01.dmp
2014-05-02 23:04 - 2013-02-22 15:47 - 00000000 ____D () C:\Windows\Minidump
2014-05-02 23:03 - 2013-02-22 15:47 - 552658140 _____ () C:\Windows\MEMORY.DMP
2014-05-01 23:30 - 2012-11-13 16:34 - 00000000 ____D () C:\Users\Julia\Studium
2014-05-01 22:37 - 2013-12-30 01:03 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:37 - 2013-12-30 01:03 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Julia\AppData\Local\Temp\AskSLib.dll
C:\Users\Julia\AppData\Local\Temp\avgnt.exe
C:\Users\Julia\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptitjz6.dll
C:\Users\Julia\AppData\Local\Temp\Extract.exe
C:\Users\Julia\AppData\Local\Temp\ose00000.exe
C:\Users\Julia\AppData\Local\Temp\Quarantine.exe
C:\Users\Julia\AppData\Local\Temp\setup.exe
C:\Users\Julia\AppData\Local\Temp\SP60642.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-15 10:55] - [2014-04-12 11:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 16:19

==================== End Of Log ============================

--- --- ---

Vielen lieben Dank.

schrauber · 28.05.2014, 19:24

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

juliaamon · 28.05.2014, 19:58

Danke für deine Hilfe und deinen Zeitaufwand.

Ich habe jetzt alles durchgeführt, was noch in deiner letzten Antwort stand.
Werde jetzt sorgfältiger beim Internet surfen sein.

Danke.

Liebe Grüße
Julia

schrauber · 29.05.2014, 16:46

Gern Geschehen

29.05.2014, 16:46	#10
schrauber /// the machine /// TB-Ausbilder	Phishing Mail erhalten und Link geöffnet Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Phishing Mail erhalten und Link geöffnet

Plagegeister aller Art und deren Bekämpfung: Phishing Mail erhalten und Link geöffnet